http://stlouis.cbslocal.com/2013/10/21/thieves-pose-as-truckers-to-steal-huge-cargo-loads/
WICHITA, Kan. (AP) — To steal huge shipments of valuable cargo, thieves are turning to a deceptively simple tactic: They pose as truckers, load the freight onto their own tractor-trailers and drive away with it.
It’s an increasingly common form of commercial identity theft that has allowed con men to make off each year with millions of dollars in merchandise, often food and beverages. And experts say the practice is growing so rapidly that it will soon become the most common way to steal freight.
A generation ago, thieves simply stole loaded trucks out of parking lots. But the industry’s widening use of GPS devices, high-tech locks and other advanced security measures have pushed criminals to adopt new hoaxes.
Helping to drive the scams, experts say, is the Internet, which offers thieves easy access to vast amounts of information about the trucking industry. Online databases allow con men to assume the identities of legitimate freight haulers and to trawl for specific commodities they want to steal.
Besides hurting the nation’s trucking industry — which moves more than 68 percent of all domestic shipments — the thefts have real-world consequences for consumers, including raising prices and potentially allowing unsafe food and drugs to reach store shelves.
News reports from across the country recount just a few of the thefts: 80,000 pounds of walnuts worth $300,000 in California, $200,000 of Muenster cheese in Wisconsin, rib-eye steaks valued at $82,000 in Texas, $25,000 pounds of king crab worth $400,000 in California.
The Hughson Nut Co. fell victim twice last year, losing two loads valued at $189,000. Each time, the impostor truckers showed up at the Livingston, Calif., nut processor on a Friday with all the proper paperwork to pick up a load of almonds.
On the Monday following the second theft, a customer called to complain that the almonds had never arrived in Arizona. The company’s quality assurance manager, Raquel Andrade, recalled getting a sinking feeling: “Uh-oh. I think it happened again.”
The thefts are little-known and seldom discussed outside the world of commercial trucking. Companies that have been victimized are often reluctant to talk about their losses. But crime reports and Associated Press interviews with law enforcement and industry leaders reveal an alarming pattern that hurts commerce, pushes up consumer prices and potentially puts Americans’ health and safety at risk.
“In the end, the consumer winds up paying the toll on this,” said Keith Lewis, vice president of CargoNet, a theft-prevention network that provides information to the insurance industry.
The economic results go beyond adding a few nickels or dimes to retail prices. The “consequential damages” from stolen cargo easily run into the millions of dollars, far exceeding the value of the lost shipments. For example, a stolen load of pharmaceuticals might necessitate a worldwide recall of every drug with that lot number to ensure none of the product ends up back in the market in case it gets tampered with.
Stolen food shipments pose similar health concerns.
“It might be low value, but that load of poultry could be high-risk,” Lewis said, explaining that if it spoils and gets back into the supply chain, hundreds or thousands of people could get sick.
The scheme works like this: Thieves assume the identity of a trucking company, often by reactivating a dormant Department of Transportation carrier number from a government website for as little as $300. That lets them pretend to be a long-established firm with a seemingly good safety record. The fraud often includes paperwork such as insurance policies, fake driver’s licenses and other documents.
Then the con artists offer low bids to freight brokers who handle shipping for numerous companies. When the truckers show up at a company, everything seems legitimate. But once driven away, the goods are never seen again.
The thieves target mostly shipments of food and beverages, which are easy to sell on the black market and hard to trace. Some end up on the shelves of small grocery stores. Others go to huge distribution warehouses like the one authorities raided in August in North Hollywood, Calif. It was filled with stolen steaks, shrimp, energy drinks, ice cream and other frozen foods.
Last year, carriers reported nearly 1,200 cargo thefts of all kinds nationwide, about the same as the previous year, according to CargoNet, a division of Verisk Crime Analytics, which estimated losses that year at nearly $216 million. Since many thefts go unreported, the real figure is almost certainly far higher.
The most common crime is still the “straight theft” of trailers left unattended in parking lots or at truck stops. But CargoNet says the new trucking scams are growing at a rapid 6 percent each quarter. Of the average three to five truckloads stolen each day in the United States, at least one involves what are known in the industry as fraudulent or fictitious pickups.
The thefts emerged three or four years ago and are now “the latest, greatest thing” for organized groups seeking to steal freight, said J.J. Coughlin, vice president for law enforcement services at LoJack SCI, a supply chain protection company.
LoJack examined 947 cargo thefts last year and identified 45 of them as fictitious pickups. So far this year, the number of fictitious pickups has probably already doubled, Coughlin said. The average loss last year was more than $170,000 per incident.
Although cargo thieves prey on companies across the nation, the hot spots are places with shipping ports or rail hubs. California leads the nation. Large numbers of thefts have also been reported in Texas, Florida, New Jersey, Michigan, Illinois, Georgia, Pennsylvania and Tennessee.
Scott Cornell, national manager of a special investigation group focusing on supply chain security at the insurance company Travelers, said the thieves take advantage of the Internet, which allows them to do “so many things online where nobody sees you,” including setting up a company and bidding on loads.
Within a few years, Lewis said, identity theft-related scams are expected to become the most prevalent method of cargo theft.
Experienced thieves know where the major manufacturers are located. And some are savvy enough to pick out which brand of electronics or appliances to steal by bidding on loads posted online. Someone wanting to steal a truckload of copper, for instance, would target shipments coming out of Carrollton, Ga., where a major copper-wire manufacturer is located.
Food and beverages were the most commonly stolen items, accounting for 23 percent of all thefts last year, followed by metals at 16 percent, and electronics and household goods at 12 percent each. Other products made up the remaining 37 percent, including pharmaceuticals at 3 percent, according to CargoNet’s 2012 report.
One reason food shipments are popular targets is because they have a lower value than electronics or pharmaceuticals, which are often more heavily protected. Plus, food generally does not have any serial numbers to trace.
The loads are also difficult to recover. Companies often do not know they have been scammed until their shipments fail to show up, usually four to five days after they were stolen, Coughlin said.
By that time, the goods have probably already been sold on the black market.
The trucking and insurance industries are fighting back, urging freight brokers to take extra precautions, such as checking information before awarding shipping contracts to unfamiliar truckers.
The California Farm Bureau Federation warns about clues that could indicate a suspicious hauler: temporary name placards or identification numbers on the truck, abrupt changes in the time of the pickup and lack of a GPS tracking system on the truck.
Another suggestion is to get a thumbprint from the truck driver.
“This is growing at such a rapid, scary rate,” said Sam Rizzitelli, national director for transportation at Travelers Inland Marine Division. “It warrants a lot of attention.”
http://observer.com/2013/10/lost-in-the-supermarket-bowery-whole-foods-robbed-of-60000/
Lost in the Supermarket: Gunmen Rob $60,000 from Bowery Whole Foods
The Bowery Whole Foods Market (Photo: Google Maps)
Something not-so-all-natural went down at a Manhattan Whole Foods Market on Sunday.
The NYPD has confirmed that two armed robbers stole $60,000 from the Bowery Whole Foods Market on the Lower East Side.
According to DNAInfo, a group of store employees were transporting the cash to the store’s second floor around 10p.m. When the elevator doors opened, the employees were met by a gun-wielding robber, who ordered them onto the ground. Another robber tied one of the employee’s hands behind his back, according to the Huffington Post. The two men then reportedly grabbed the money, exited the store through a service door, and ran south down Chrystie Street.
“I can confirm that Sunday night, Whole Foods Market’s Bowery store at 95 East Houston Street in New York City was robbed at gunpoint,” Whole Foods spokesperson Michael Sinatra told The Observer, “Whole Foods Market has no additional confirmed details at this time.”
Still, rumors are abounding as to whether the robbery might have been an inside job.
A Whole Foods worker, whose coworker saw the culprits, told The New York Post that “[the robbers] ran from the receiving door which no one outside the store knows about…They know parts of the store that we only know.”
Police told The Observer they couldn’t yet confirm either way whether the robbery was an inside job.
The gunman was reportedly six feet tall, wore his hair in dreadlocks, and sported a brown coat. The other robber reportedly also had dreadlocks, and was wearing a black sweater. The police have asked that anyone with information call Crime Stoppers at 1-800-577-tips (8477).
Following the robbery, we expect the two thieves were able to purchase approximately two-and-a-half days’ worth of gluten-free flatbreads and carob powder. #WholeFoodsIsPricey
http://www.detroitnews.com/article/20131022/METRO/310220046/Detroit-police-chief-almost-carjacking-victim
October 22, 2013 at 5:13 pm
Detroit police chief almost a carjacking victim
Detroit Police Chief James Craig greets carjacking victim Jessie Rutledge before sharing his own story of a near-carjacking. (Elizabeth Conley / The Detroit News)
Detroit — Detroit Police Chief James Craig told a crowd gathered Monday evening for an anti-carjacking program that he narrowly avoided a carjacking himself on a recent Friday night while driving an unmarked police car.
Craig detailed a stop at a red light two weeks ago on Jefferson Avenue.
“There are certain cars each suspect tends to (be attracted) to, and I guess they liked my police car — a police car with lights,” Craig said. “And one suspect jumped out and began running toward the passenger side of my vehicle ... As soon as I saw the suspect running to my car, I accelerated out of harm’s way.
“And then, candidly, I got angry ... I said, ‘I can’t believe this just almost happened.’”
Craig told more than 50 people gathered for the anti-carjacking program that thugs are doing more than scaring them. They are sizing them up, seeking out who’s vulnerable and aware of the best spots to pounce.
Craig said when he began his post in July, he found carjacking was “almost like a way of life in Detroit.”
As of Monday, there have been 582 carjackings in Detroit, a 1 percent decrease compared the same period in 2012, according to Detroit police spokeswoman Kelly Miner.
It takes about seven seconds to consider victims at red lights, train crossings, fast food and other drive-throughs, and parking lots, especially vehicles parked farther from the store, offer the most attractive spots, Detroit police Detective Brian Fountain said.
Police also noted that when carjackers aim a gun, there’s an 85 percent chance they’ll shoot.
“The carjackers are prepared — that’s why they have a gun,” Fountain said. “And they are prepared to use that gun, so you have to pay attention.”
Using video footage of real carjackings, Fountain pointed out how many victims telegraph to thieves they are vulnerable. Footage showed people talking on their cellphones, distracted or not aware of their surroundings and failing to notice suspicious characters loitering nearby.
Jesse Rutledge told the crowd he was carjacked in front of his barber shop on Detroit’s east side in March.
“The youngest one, 15 years old, had the gun,” Rutledge said. “He said, ‘I’ll kill you. Give me your keys.’”
They were caught a half-hour later by Eastpointe police.
“The saddest thing,” he said, “was they had done it before.”
Police and prosecutors also said carjackers use common tactics such as the “bump and rob,” where suspects hit a victim’s car from behind, waits for the victim to exit the vehicle, then the carjacker or helper drives off in it.
Fountain recommends drivers involved in an accident where they feel uncomfortable remain in their vehicle, signal the other driver to follow them to the nearest police station.
“Carjackers are getting younger, they’re getting bolder and most of all they are usually armed,” said Terri Miller, executive director of Help Eliminate Auto Thefts (H.E.A.T.), a prevention program that offers rewards for tips leading to an arrest through a confidential hotline.
“And cars are harder to steal with newer technology now, so they have to turn to carjacking. That’s why we are seeing the rash of carjacking crimes in the city.”
Another anti-carjacking measure is VIN-etching, engraving the vehicle identification number into the car’s windshield, which provides helpful information for law enforcement searching for the car while reducing the value of the car to thieves because auto parts retailers won’t buy items with a VIN number, Fountain said.
Detroit police are offering free VIN-etching from 11 a.m. to 2 p.m. Saturday at a mobile command unit at Joy Road and Evergreen in Detroit.
http://techland.time.com/2013/10/04/8-things-we-know-so-far-about-adobes-customer-data-breach/
8 Things We Know So Far About Adobe’s Customer-Data Breach
Here's a quick explainer, along with Adobe's recommendations.
Hello again friends, welcome back to the show that never ends: another massive corporate data raid, millions more user accounts and login credentials and payment details potentially compromised, and top secret source code on the loose.
Welcome to the club, Adobe! You probably know Bank of America, Heartland Payment Systems, Epsilon, Sony, Valve, the U.S. government, the Canadian government, PayPal, the Iranian government, Foxconn, Farmers Insurance, MasterCard and all the rest whose names I haven’t memorized yet. Just have a seat on the floor, because we’re out of chairs.
We’re early days into this latest hacker debacle — Adobe just confirmed the breach on Wednesday — but if you want the CliffsNotes version of what happened and where things stand, here’s the concise explainer:
Hackers broke into Adobe Systems, Inc. and accessed source code and user data.
Brian Krebs of cybersecurity blog Krebs on Security, working with security firm Hold Security, LLC, says it learned of the source code leak last week, when Krebs and Hold…
If these guys knew last week, why didn’t they let us know then?
Presumably to give Adobe a better shot at nabbing the ne’er-do-wells, though it sounds like Adobe was aware of the problem since mid-September. Krebs says he sent Adobe screens of the pilfered source code last week, and that Adobe responded to him on October 3 by confirming it had been investigating a possible network breach since September 17. When Krebs spoke with Adobe about the breach specifics, he says Adobe told him it believes the source code was accessed back in mid-August.
What sort of user data was compromised?
According to Adobe, the hackers accessed the credit card information of around three million customers, as well as the login information of an unknown number of customers.
Any products we know about specifically?
Krebs says the hackers grabbed source code for “an as-yet undetermined number of software titles, including [Adobe's] ColdFusion Web application platform, and possibly its Acrobat family of products.” Adobe confirms this, listing the products illicitly accessed as “Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products.”
Did anyone goof with the source code?
This matters more if you’re on the development side, but Krebs says Adobe told him that the company “has undertaken a rigorous review of the ColdFusion code shipped since the code archive was compromised,” and that it’s confident code shipped since the incident occurred is solid.
As for the rest of the source code potentially compromised, Adobe says its investigation is ongoing.
I have an Adobe account. Am I at risk?
In a security announcement issued on Thursday, Adobe writes that “the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.” It says that information — specifically user account passwords and credit card details — was encrypted, and that it believes the attackers didn’t remove “decrypted credit or debit card numbers” from its systems.
In other words, yes, you’re at risk: believing something’s the case isn’t the same as knowing. But that risk, according to Adobe, is very low.
Do I need to do anything?
Yes. Even were Adobe claiming it knew the information extracted was innocuous, you need to take basic precautions. Adobe concurs in its security announcement, writing that it’s dispatching emails to anyone whose account was potentially compromised. If you receive such an email, follow Adobe’s instructions to reset your password. And as Adobe notes, if you’ve used the same user ID and password with any other website or service, you’ll want to change the password there as well.
Anything else Adobe’s doing to rectify the problem?
The company says it’s giving customers whose credit/debit card info might have been compromised “the option of enrolling in a one-year complimentary credit monitoring membership where available.” The company says it’s also notified any banks that process Adobe-related customer payments, and that it’s pulled in federal law enforcement to help with its investigation.
and.....
Data Breach Roundup: September 2013
A surprising number of last month's data breaches involved the theft or loss of laptops or hard drives.
This month eSecurity Planet takes a look back at the data breaches we covered in September, providing an admittedly unscientific but potentially interesting overview of the current breach landscape.
What follows is a list of such breaches by category, noting what happened, what data was exposed, and what (if anything) the organization is doing to help those affected – along with a few comments by industry experts.
Burglary/Loss
A surprising proportion of the breaches in September resulted from the theft or loss of laptops or hard drives, many of them unencrypted. Chester Wisniewski, senior security advisor at Sophos, says unencrypted laptops at this point are simply gross negligence. "We should have zero tolerance for this behavior in 2013," he says.
Buckeye Check Cashing A laptop was stolen from a vehicle, exposing an undisclosed number of names, addresses, bank account information and/or Social Security numbers. All those affected were offered one year of Experian'sProtectMyID Alert service.
Dr. Hankyu Chung. A password-protected laptop was stolen, exposing an undisclosed number of patients' names, phone numbers, birthdates and medical records, including visit dates, complaints, physical examination notes, diagnoses, and testing and medication information.
Edgewood Partners Insurance Center. Five password-protected but unencrypted laptops were stolen, exposing an undisclosed number of names, addresses, birthdates, driver's license numbers, benefits information and Social Security numbers, along with some bank account information and health information. All those affected were offered one year of Experian's ProtectMyID Alert service.
InterContinental Mark Hopkins San Francisco. A hard drive was accessed but not stolen during a burglary, potentially exposing an undisclosed number of guests' names, mailing addresses, email addresses, phone numbers and credit/debit card numbers.
NHC Healthcare. An unencrypted backup tape was discovered missing. The backup tape contained an undisclosed number of patients’ names, Social Security numbers, birthdates, home addresses and medical information.
Olson & White Orthodontics. Password-protected computers were stolen. Ten thousand patients' names, addresses, x-rays, photos and diagnostic findings were exposed, along with parents' or insured parties' names, email addresses, Social Security numbers and credit scores.
St. Anthony's Medical Center. A password-protected laptop and flash drive were stolen, providing the thieves with access to 2,600 patients' names and birthdates, and possibly their medical records.
UTHealth. An unencrypted laptop was discovered missing. The laptop contained 596 patients' names, birthdates and medical record numbers.
Employee Error
Columbia University Medical Center. A hidden column in a widely emailed spreadsheet contained personal data, exposing 407 medical students' names and Social Security numbers. All those affected were offered one year of Experian's ProtectMyID Alert service.
Georgia Department of Labor. An employee mistakenly emailed a spreadsheet containing 4,457 people's names, Social Security numbers, phone numbers and email addresses to approximately 1,000 people. All those affected are being offered credit monitoring services from Equifax.
Hill Air Force Base. An employee forwarded sensitive data to an unprotected email address in order to work from home, potentially exposing 525 Air Force employees' names and Social Security numbers.
PLS Financial. A programming error exposed customers’ names, addresses, email addresses and Social Security numbers. All those affected were offered one year of Experian's ProtectMyID Alert service.
Virginia Department of Human Resources Management. A Conexis employee mistakenly sent 13,000 state employees' personal information, including names and Social Security numbers, to 11 state employees. Free credit monitoring and identity theft protection services are being provided to all those affected.
Hackers
BEL USA LLC. A server was breached, exposing an undisclosed number of customers' names, addresses, phone numbers, credit or debit card numbers, expiration dates and CVV codes.
Bell Helicopter. A database was breached, exposing an undisclosed number of email addresses along with some credit card numbers. All those affected were offered one year of Experian's ProtectMyID Alert service.
Creative Banner Assemblies. The company’s website was hacked and infected with malware, providing the hackers with access to 232 customers' names, addresses, phone numbers and credit card information. All those affected were offered one year of credit monitoring and identity theft protection through ITAC Sentinel Plus.
ICG America. The company’s payment processing system was hacked, exposing an undisclosed number of customers’ names, addresses, email addresses, credit/debit card numbers, expiration and CVV codes.
NetCologne. The company’s website was hacked via SQL injection. The hackers published a list of 15 user names, encrypted passwords, email addresses, registration dates and display names.
Outdoor Network, LLC. The company’s website was hacked and infected with malware, providing the hackers with access to an undisclosed number of customers' names, addresses, credit card numbers, expiration dates and CVV codes.
Unique Vintage. The company’s website was hacked and infected with malware, providing the hackers with access to an undisclosed number of customers’ names, email addresses, phone numbers and credit card numbers.
Virginia Tech. A server in the university’s human resources department was hacked, exposing 144,963 job applicants’ names, addresses, employment history, education history and prior convictions, along with 16,642 applicants’ driver’s license numbers.
Insider Attack
These types of attacks are particularly preventable, according to Camouflage Software president and CEO Kevin Duggan, because they’re often the result of personnel having access to sensitive data that’s not required for them to do their jobs.
"The main question these organizations need to be asking is: Did the individuals from whom the data was stolen really need access to the sensitive portion of the data in order to do their jobs? In many cases, the answer is a resounding no," Duggan says.
Other methods of mitigating insider threat risks include creating effective data loss prevention policies, such as restricting data access by file type and/or user privilege level; encrypting data; and investing in software that monitors, analyzes and potentially stops files containing sensitive data from moving out of the business network.
State Farm. A call center employee stole customers’ credit card numbers. Nearly 700 customers were potentially affected.
Vodafone Germany. The company says the breach was only made possible through insider access. Two million customers' names, addresses, birthdates, genders, bank sort codes and account numbers were accessed.
Partner Company Hacked
Medical University of South Carolina. Credit card processor Blackhawk Consulting Group was hacked, exposing 7,000 customers' names, billing addresses, email addresses, credit/debit card numbers, expiration dates and CVV numbers. All those affected are being offered one year of credit protection from Experian.
Paymast'r Services. A website hosted by the company’s service partner was hacked, exposing an undisclosed number of names, addresses, Social Security numbers, driver's license numbers and payroll card numbers.
Windhaven Investment Management. A third-party vendor’s Web server was hacked, exposing an undisclosed number of clients’ names, account numbers, custodians, and investment positions. All those affected were offered one year of credit monitoring from Equifax.
Spear Phishing
Spear phishing attacks can occur by getting employees to open malicious email attachments. While email gateways and anti-virus scanners can detect many of those attachments, experts see an increase in spear phishing attacks in which fraudsters instead entice people to click on links that take them to websites that attempt to exploit common security vulnerabilities.
To decrease the likelihood that these attacks will occur, it's a good idea to train staff to recognize both suspicious attachments and links. Some vendors also offer products that help companies gauge the effectiveness of education efforts by allowing companies to send simulated spear phishing emails to employees after they have received training.
U.S. House of Representatives. A spear phishing attack appears to have provided hackers with access to five names, email addresses, encrypted passwords, IP addresses and photos.
Morning Fred,
ReplyDeleteI enjoyed the "money scam" video, makes Bitcoin look super legit in comparison. You have a lot of good information this morning but running late this morning. Have a good one.
Morning Kev - have a great day ! Message of the day is despite the New Normal and " blossoming recovery " , crime is booming in new ways every day....
ReplyDeleteInteresting blog. It would be great if you can provide more details about it.Adobe Technical Support.......
ReplyDeleteAdobe Support