So after my last blog “Hackers are at Again” it left wondering who is protecting us the public. I can understand that some attacks are inevitable, but what about others that could have been prevented if the organization would have taken the appropriate measures. You will be glad to know that yes, there is an organization that is looking out for us the public and is call Federal Trade Commission.
In a testimony in 2003 the FTC Commissioner Orson Swindle addressed the House Commerce, Trade, and Consumer Protection Subcommittee, to discuss the importance of preventing information security breaches. Swindle stated that good security is an ongoing process of assessing risks and vulnerabilities. In addition, companies must assess risks they face on an ongoing basis and make constant adjustments to reduce those risks. Well apparently some companies have not paid attention, like Wyndham hotels.
Recently the FTC filed a suit against Wyndham Worldwide Corporation and three of its subsidiaries for alleged data security failures that led to three data breaches at Wyndham hotels in less than two years. In 2008 hackers gained access to breach the network in AZ in one of their branded hotels, the intruders were able to install “memory scraping” malware and access the corporate mainframe, which allow them access to other property. The end result 500,000 payment credit card accounts were extracted to a domain in Russia. There were two more incidents one in the first part of 2009 which they were able to access 50,000 credit accounts and later in 2009 accessing 69,000 consumer accounts.
In addition the FTC reach goes further. I think at one point or another all of us have receive a message on a computer saying that is infected and to click on the banner or seen an advertisement offering a free scan . Well us in the IT business we know better and we know is a scam. Unfortunately millions of American falls for these types of scams, for example recently AARP publish an article titled "FEDS Crack Down on Tech Fix-it Scam” where the FTC issued 14 restraining orders against 14 companies that were scamming users. In this scam the “fake” tech support person would call code a consumer and pretend to be from Hewlett-Packard, Microsoft, amongst others. They would tell the user they received notification that they computer was infected. Once the scammer removed the bogus malware of course after a generous fee the scammer also got access to the system taking personal information or leaving a program that would allow them back door access to that computer.
There are more cases like this one, like in 2008 the FTC requested the courts to impose a $163 million dollar judgment against Kristy Ross (the defendant) for using “scare ware” tactics, making users think their PC were infected. The list just goes on, as we can see the government is finally doing something good, unfortunately I don’t think is enough. I know this because the number of scammers keeps growing, so either we need more than one agency or group protecting consumers or the fines or penalties imposed are not enough to deter scammers. I think in the meantime all I can suggest is to better educate the public in the dangers that lurk in cyberspace.
References:FTC Working to Protect Consumers and Businesses From Information Security Breaches. (2003, November 19). Retrieved October 16, 2012, Federal Trade Commission
FTC Case Results in $163 Million Judgment against “Scareware" Marketer. (2012, October 2). Retrieved October 18, 2012, from FTC
Kirchheimer , S. (2012, October 3). Feds Crack Down on Tech Fix-it Scam. Retrieved October 18, 2012, from AARP
l
No comments:
Post a Comment