Take a look at a recent attempt of a couple of U.K. thieves to steal a Tesla Model S. They’re smart enough to actually gain entrance to the vehicle without the fob but they’re not smart enough to unplug the charger!
The owner of the vehicle does admit to not doing a couple of things that could have actually prevented the bad guys from gaining entrance including setting a PIN and using a Faraday pouch for the fob (while would block fob’s signal).
But it just goes to show that even “sophisticated” criminals who use technology aren’t always the brightest.
Late last week, TurboTax, the online tax return filing software, turned off its state filing feature for all states after the discovery that fraudulent returns had been filed, according to USA Today. Stolen personal data had been used to file fake state returns allowing criminals to claim tax refunds.
TurboTax’s state filing feature has resumed after an investigation found that the fake returns were not a result of TurboTax’s systems, but a result of data stolen elsewhere.
“We are taking this issue very seriously and from the moment it emerged it has been all-hands-on-deck,” says Brad Smith, CEO of TurboTax parent company Intuit. “I am more than pleased we were able to resume transmission for our customers within about 24 hours.”
According to USA Today, two customers from Minnesota logged onto TurboTax to find their state returns already filed, prompting the state of Minnesota to no longer accept electronically submitted filings using TurboTax. In addition, the state of Utah discovered 28 fraud attempts.
The fear of personal data breaches is heightened after last week’s Anthem Health Insurance hack, where the names, addresses, email addresses, social security numbers, and income levels of 80 million people were stolen. According to MarketWatch, this kind of data makes it easy for a criminal to file a fake tax return. Much of this data is sold on the black market in bulk. Criminals will set up in a hotel room and file return after return.
Fraudulent tax returns are all too common. In 2013, the IRS paid $5.2 billion in refunds to fraudulent identities.
SSNDOB (hacker helmd identity theft service) compromised several servers at major US data brokers. The hacked into some major data aggregators at LexisNexis and Dun & Bradstreet, just to name a couple.
More than 4 million Americans could have their identities compromised as the customers of SSNDOB paid to look up their Social Security numbers, birthdays, driving records, and used that information to obtain background reports.
SSNDOB got its information from a small botnet that it operates. That botnet appears to have access to compromised servers at some of the largest data brokers in the United States. Some of these data brokers include LexisNexis, Dun & Bradstreet, and Kroll Background America. Another real danger is that none of the 46 top anti-malware tools detected the malicious software.
LexisNexis currently maintains one of the world’s largest legal and public record databases. Kroll/Hireright uses their services for running employment background, drug, and health screening services. Dun & Bradstreet are a credit/purchase data holder.
“All three victim companies said they are working with federal authorities and third-party forensics firms in the early stages of determining how far the breaches extend, and whether indeed any sensitive information was accessed and exfiltrated from their networks,” Krebs said. –expose.su
After examination of SSNDOB’s records Krebs stated that they have sold mor than 1.02 million social security numbers and close to 3.1 million records regarding date of birth.
The hacker group/organization sells records for anywhere from 50 cents to $2.50 per record and $5 to $15 for background check records. There is evidence that some of the users that pay for this service are in fact identity theft services. The FBI investigation is on-going.