Tuesday, May 7, 2013, the DOJ issued a press release. Corey Thompson was sentenced to serve 30 months in prison for his involvement in a sophisticated stolen identity refund fraud conspiracy, the Justice Department and the Internal Revenue Service (IRS) announced. In July 2012, Thompson pleaded guilty to one count of conspiracy to file false claims and to one count of aggravated identity theft.
Corey Thompson and his co-conspirators filed at least 27 fraudulent 2011 tax returns that requested a total of $91,304 in refunds. Shockingly, Thompson and his co-conspirators obtained the means of identification from a prison guard and from an employee at a debt collection agency.
Thompson installed cable and internet access. Hijacking the internet service of customers for whom he had performed work, Thompson used his laptop and his specialized knowledge and equipment to take over the customer’s internet. Thompson would then file false tax returns using the hijacked internet which made it appear as if the false tax returns were being filed by the customer. Thompson directed the tax refunds to be placed on pre-paid debit cards which were intercepted by the U.S. Postal Service.
For more information click here.
There are many ways to protect yourself on the internet. LifeLock alerts you whenever they detect your personal information being used to apply for wireless services, retail credit, utilities, and mortgage loans within our extensive network. If you become a victim of identity theft while you are a LifeLock member they will spend up to $1 million to hire experts, lawyers, investigators, consultants and whoever else it takes to help your recovery.
NEW YORK (CNNMoney.com) — Identity theft is on the rise and increased Internet use, whether on a PC or a handheld device, may be to blame. 16% of American households with the Internet reported some kind of identity theft last year, according to a recent survey by Consumer Reports.
If you access the Internet at home via a wireless network, having a firewall is a must. This helps to form a barrier between your trusted network and any untrusted networks trying to access your computer.
Its a cruel irony in information security that many of the features that make using computers easier or more efficient and the tools used to protect and secure the network can also be used to exploit and compromise the same computers and networks. This is the case with packet sniffing.
In its simple form a packet sniffer simply captures all of the packets of data that pass through a given network interface. Typically, the packet sniffer would only capture packets that were intended for the machine in question. However, if placed into promiscuous mode, the packet sniffer is also capable of capturing ALL packets traversing the network regardless of destination.
By placing a packet sniffer on a network in promiscuous mode, a malicious intruder can capture and analyze all of the network traffic. Within a given network, username and password information is generally transmitted in clear text which means that the information would be viewable by analyzing the packets being transmitted.
How Can Users Protect Themselves?
A scary aspect of these tools is who can, and will, use them. As stated earlier, sniffers can be used for both legitimate and illegitimate purposes. For instance, a network manager can use them to monitor the flow of traffic on the network to ensure that the network is operating efficiently. However, sniffers can also be used by malicious users to obtain valuable personal information. Whether it is passwords or private communication, both crackers and co-workers can benefit from reading your data. Defending against sniffers, as with any other threat, needs to start from the top and filter down to the user. As on any network, administrators need to secure individual machines and servers. A sniffer is one of the first things a cracker will load to see what is taking place on and around their newly compromised machine.
Another method of protection involves tools, such as antisniff, that scan networks to determine if any NICs are running in promiscuous mode. These detection tools should run regularly, since they act as an alarm of sorts, triggered by evidence of a sniffer.
A switched network is also a good deterrent. In the non-switched environment, packets are visible to every node on the network, in a switched environment, packets are only delivered to the target address. While more expensive than hubs, the cost of switches have fallen over time, bringing them within reach of most budgets. Unlike hubs, switches only send frames to the designated recipient; therefore a NIC in promiscuous mode on a switched network will not capture every piece of local traffic. But programs such as dsniff, allow an attacker to monitor a switched network with a technique known as arp-spoofing. Although it uses different methods, arp-spoofing can provide results similar to sniffing, i.e. compromised data. Is there anything that can truly protect your data once it reaches the network?
Encryption is the best protection against any form of traffic interception. It is reasonable to assume that at some point along a path, data can always be compromised. Therefore, your best defense is to ensure that traffic is essentially unreadable to everyone but the intended receiver. This isn’t difficult to do, since many organizations have deployed services that make use of Secure Socket Layers (SSL), Transport Layer Security (TLS) and other methods that provide secure messaging, web browsing and more. Only the payloads are scrambled, ensuring that packets reach the correct destinations. So an attacker can see where traffic was headed and where it came from, but not what it carries.
Additional information about the Tax Division and its enforcement efforts may be found at www.justice.gov/tax.
This has been another objective review.