Identity Theft

You never think it will happen to you. The data you sent to buy that whiz-bang new application over the Internet will never come back to haunt you. You’ve dealt with reputable company. All critical information was transferred through a page under HTTPS protocols.

All’s well and good. 

Or you think all is good. Until ‘the’ call comes. Some unknown voice wanting to ‘confirm’ the personal information you sent to the software company. And the caller identifies themselves as a representative of the software company you just did business with.

You refuse to give them the info they request. They get angry and demand that you provide them with your personal information. This, not being you first rodeo, you refuse to provide the caller with the information he wants and, abruptly, he hangs up.

Then, coincidentally, you go to your online banking webpage and try to log in. The password doesn’t worth. It doesn’t even recognize your login name.

By now, you are starting to put two and two together and coming up with five. The call was an attempted ‘social engineering’ call. Or, as many states call it, a felony. It’s when someone contacts another by phone or other telephone device using a false pretense to get information out of them they are not entitled to.

Of course, this happened on a week-end, so I couldn’t call the bank to cancel credit or debit cards. Or find out if they had hit my credit card accounts.

Monday approaches with some degree of anxiety. First thing I did is call the bank to discuss what happened.

I bank with a relatively small, local bank. They farm out the actual server hosting and online banking software management from another firm, that shall remain nameless.  I never thought about how secure the bank’s online security was. Like most people I know, I just took it for granted without really thinking about it.

When this happened, I started to wonder exactly how well their security would protect my money.

Apparently, pretty well. There had been three attempts at getting into my account. After the third incorrect attempt, the bank’s software locked them out and wouldn’t let them back in. 

I am betting that whomever was attempting to get into my account didn’t realize that the only way to unlock the account was to call the bank and go through some pretty thorough authentication before they would even talk about passwords or unlocking my account.

Then we spent about half an hour looking for any unusual transactions. [I seldom write checks for this very reason.] And figuring out what the account balance was, etc.

After going through all this, both the bank and I were satisfied that the people who had called me, hadn’t managed to get past their security. 

I consider myself a pretty savvy computer users. I have run very large computer networks. I made tons of money certifying that the large network installations I was running were “Y2K” compliant. I’ve read a pelthora of books about online security. I know about people trying ‘social engineering’ by calling people and asking them to confirm information they had no right to have in the first place. 

So, I didn’t give them any information. My bank had a much more robust security system than I thought it did. Even if had told them what they wanted to know, they still wouldn’t have been able to get into the bank’s system.

Changing everything after this attempt was a complete pain in the butt. But, I guess that is life in the 21^st century.

The rules that are out there about computer security tend to be taken pretty lightly – Passwords get written a sticky note and stuck to the bezel of your monitor for everyone to see. You use the same password for multiple accounts. You go years between changing your passwords. You use your birthday, address or telephone numbers for passwords.

And, despite our somewhat lacks attitude about security, most of the time, we get away with it.

I have about a dozen accounts I use on various different systems. All highly secure passwords that get changed often. All written down and stored separately from the computers – then encrypted with PGP.

So, nothing really happened because the bank’s security system kept them out and I wouldn’t answer any questions about my personal data to help them figure out my password at the bank.

But, it was a wakeup call. You can’t afford to get complacent with your passwords and/or to give out your personal data to strangers that call you out of the blue, on a weekend and casually ask you to confirm ‘some details”. (They know, if they can get into the account before Monday, the legitimate card holder can’t tell anyone that their identity might have been stolen. And they have the rest of the weekend to drain your account.)

It isn’t that the bank wouldn’t absorb the loss. They would have. But, even without anyone getting into my bank’s computer, it cost me about 8 hours on the phone. Plus cancelling all my plastic money. I cannot image how long it would have taken to deal with this, if they had gotten in and stole everything.

The moral of the story is that you should take everything your IT gal/guy says about security seriously. If s/he says change passwords, every month and don’t use your dog’s name as your password, s/he isn’t just flapping her/his jaws. In a networked system, where it could effect a large number of users, servers, etc any breach of security could cost thousands of dollars in lost time while your IT guy/gal goes through every component of the system to make sure none were penetrated.

I am not going to say what software company let my personal information get out in the wild. I will give them a chance to make it right and tell me how they are going to fix their system so it can’t get hacked, again. Or, I will stop buying stuff from them.

This is the same attitude any customer should take when dealing with a company, retailer, etc. that insists their system is “safe”.

Everybody’s site is safe, until it isn’t. And even though the bank will go after a hacker, if enough money is involved, it is better for you and your bank if you follow the rules your IT manager lays out. And follow them at home, as well as at work.

[1] The company I bought the software from is on the other side  of the world. They would not, casually, call me up and ask these questions. This was my first tip off that something was wrong. Here it was in the middle of the weekend, but there it was probably mid-day on Monday.

I worked with tech support to handle some problems on another brand of laptop. Their tech support was in the Philippines. The person I talked to was, clearly, not an native English speaker. He couldn’t answer my questions and, instead, explained to me how to set up my computer so he could control it from the Philippines.

Now, depending on how you look at it - this is very cool or very, very scary. 

It was clear the customer service rep in the Philippines had no idea what was going on. He just wandered around in the laptop for about a half an hour, seemingly clicking on whatever he encountered. When he did accidentally discover the reason the trackpad wasn’t working, he didn’t know how to fix it.

So, I took the laptop back and got back the money that paid for it.

OBL

OBL is like the Energizer Bunny, the news articles just keep on rolling in. He's in the emails I get from the NYTimes; the Miami Herald[1]; Salon; & Slate every day.


Being buried with 'news' about OBL makes it difficult to focus on any one particular issue. And of course there is the fallout from the fallout brought to us by the US DoD; DoJ; and the US army. The government is having trouble keeping track of individual departments, who has said what about what and what is being 'leaked' in either verbal or written form. 


So, what is the truth? Who knows? And should anybody care?


The army put Pat Tillman's family through hell in their attempt to 'hero-ize' his death. They did the same thing with Jessica Lynch at the start of this cluster fuck. Now, they are trying hard to make OBL and the rest of the people in the "compound" look like the bad guys and cast the SEALs[2] as heroes. For going into house and shooting unarmed civilians.


And they still cannot get their stories straight.


When things like this happen, I always wonder whether our masters are aware that nothing stops the Internet. Nothing. Not even China. Every thing will, eventually, get put on the Internet. EVERYTHING. Whether it is someone trying to find out what happened to their families to government 'leakers' to information warriors like Julian Assange. And it will NEVER go away and they cannot control it. Sometimes I believe our government thinks it is the Mormon Church - who strictly controls all information about the church - but it is actually, the Laurel & Hardy show. And slapstick is not the thing you look for when considering how our government runs and how our military is deployed. 


Unfortunately, slapstick is what we get... Slapstick that results in murder if you are on the government's hit list - without due process or other constitutional niceties to stop the US government from killing you.


When I was growing up, back in the day when, if you got four channels on your TV if you were lucky and I was learning to type on a forty year old typewriter, my mother told me a truism - that a lie can be half way around the world before the truth can get its boots on. In those times, she was right. A lie could out run the truth. It still can, but the truism has evolved... Now, a lie, a truth, facts or opinions move about the internet at the speed of light. No government or corporation can ever hope to control information that finds its way on the Internet. That means they pretty much can't control anything. And we are left with an information overload that, eventually, we grow weary of. And, then, stop paying attention to.


Which may be exactly what the government wants to happen.


Was the government wrong in what it did? Who knows. The stories change ever hour, sometimes from minute to minute. Or, whenever someone figures out a way to make the other 'side' look bad.


On September eleventh, 1857 a group of Mormons, some dressed as native Americans, massacred 120 men, women and children a place called 'Mountain Meadows'. There is no historical doubt that the massacre was planned and undertaken by Mormons with the full knowledge and consent of Bringham Young who was implicated in the subsequent attempt to cover it up. Then he sacrificed John D. Lee, the leader of the force that committed the massacre, as a scapegoat for  the US government to prosecute and, eventually, to hang.


Why am I talking about the Mountain Meadows Massacre?  It is unlikely that most people have any idea where Mountain Meadows is; how the members of the Fancer-Baker party were killed; and the role of the Mormon Church in those murders. Or how the Church has attempted - and still is attempting - to control information about an event that happened over 150 years ago.


If you talk to a member of the LDS church, you will most likely find that very few know anything about the Mountain Meadows Massacre or the church's subsequent attempt at covering it up. I was to able to draw one member of the Mormon church into discussing the church's role in re-shaping the history of what really happened at Mountain Meadows. His version of the 'facts' was that nobody knows what really happened at Mountain Meadows. 


It is scary, but I think he actually believed what he was saying. This is a good example of how people can made to believe that history is a fairy tale that can be changed at the whim of those who don't like the original version. And, how, if you blow enough bullshit in their faces, people will get tired of listening to you and give up even thinking about it.


In the case currently under review, the Mormon church equates to the US government and Obama is Bringham Young. Both are willing to kill unarmed civilians, without due process of law. Both have concocted outlandish stories to cover up what really happened.


Unfortunately, what is happening inside the government as they try to spin this pretty directly compares to Bringham Young's actions in response to the Mountain Meadows Massacre. 


Unfortunately, we will never know, for certain, what the truth is the case of OBL. And the accounts and the reason for the them is completely obscured. So completely that people will give up on ever knowing the truth and the long term implications of what happened in Abbottabad.


If we cannot know the truth, we cannot think critically about the methods our government uses to kill people and the lengths they will go to cover up the truth. All we've got is a couple of thousand newspaper/Internet reporters flapping their jaws in some kind of frenzy. One information source cannot be outdone by another source's reporting on OBL's potty training.


Result? Information overload. People quit trying to understand what has happened, and what will happen. They just quit trying to figure out what happened and whether it was 'good' or 'bad'. Which may be what our overlords want to happen. Actually, what I think is happening.


I wish I had a clear picture of what happened that night. The truth is, however, that I have heard so much rhetoric that even I, a news junkie of some repute, cannot figure out what happened that night in Abbottabad and what has happened  since. I wish I could go down a list and point out when things happened and why, but the truth is completely overwhelmed by speculation and innuendo.


The government has decided to conduct foreign policy by murdering people without due process. I guess they think, if they kill enough people, our 'enemies' will give up and take up knitting or something. And, apparently, they believe that what they are saying will be accepted by the populace.


Give me a break. Can these people be that clueless? If the answer is 'yes' than we can look forward to assassination as a tool of our foreign policy for quite some time in the future. Until the government sees that what it did was wrong - morally, ethically and legally - there really isn't a good reason for them to stop and think about what they are doing, or going to do.


Don't hold your breath. It will definitely get worse before it gets better. If it ever gets better...


Update: If you are a Mormon, or Mormon apologist, and think I have said things about the church that are demonstrably incorrect please let me know what you think I said that is  false. Please be prepared to produce definitive answers published in peer reviewed publications or books.


The Book of Mormon; the Doctrine and Covenants; et cetera are not - despite what your bishop tells you - primary sources for information. Forgetting their bias, all of these documents have undergone significant revision in order to fit into the history the LDS wants you to believe.


If you produce information that shows I am wrong, I will enter a retraction and an apology.


[1]The Miami Herald has shown the most constraint with their coverage of OBL. They have not allowed stories of cops shooting unarmed people; people shooting armed cops; and the vast number of ways that South Florida politicians are corrupt to be crowded out by 'The OBL story of the day."


[2] What, exactly, the SEALs did, upon who's orders and under who's authority they acted is, like everything else, cloudy. I have no doubt the SEALs acted upon orders from higher ups. That they were given rules of engagement that specified who was a legitimate target and who wasn't. And that they acted in good faith on those orders. But, and here's where it gets kind of murky - were the orders lawful and was it up to the SEALs to question them in accordance with military standards? That's hard to say. Moral choices aren't always clear in the heat of battle. A lot of things don't turnout as planned. 


I have no doubt the SEALs who raided the compound thought their orders were legitimate and that the ROE was appropriate. I, also, doubt that the SEALs are bloodthirsty killers who kill for sport.


Even if they didn't understand the political and human rights questions their action would cause. [Which I think they most probably do.]