30 December 2008

Jews Chill Out - Zbigniew Brzezinski : Rockets Were "Provocative, Harrasing, Annoying But Not Lethal"

There are few antiJews in the world such as Zbigniew Brzezinski who can speak from one side of their mouth, stating the obvious that Hamas "provoked" Israel into the current offensive and has "harassed" Israel with rockets and then almost immediately thereafter do a logical flip - toss in the proportional force argument along with a moral equivalence claim. ZB thinks that because Israel has done significant damage to Hamas "does that mean punishment has to be on that scale? 400 killed 1,400 wounded? (Scarborough asks: What would you recommend) I would recommend a process by which you limit such casualties and limit them very significantly." In other words, you Jews must not seek to deter those who want to kill you. Extend your necks like your ancestors did in the old days.

Zbig went on to engage in historical revisionism to defend Arafat at Camp David, glorify Clinton and blame Bush for failure to "exert" US diplomatic strength in the conflict. Zbig believes Condi Rice did too little to engage in the peace process. I wonder where all those photos with Abu Mazen came from?

Zbig thinks that the US should be at the forefront in forcing a peace process and states in the interview that the middle east "political consequences and moral consequences" are impacted by Israel's response. (I guess that means that Hamas and Hezbollah do not need to worry about political and moral consequences. Maybe ZB is correct here. Barbarians aren't held accountable to political and moral consequences).

But alas, its Israel's fault for defending herself. Zbig recalls that the 2,000 missile, rocket, and mortar attacks have been "provocative, harassing, annoying but not lethal". Not lethal, and therefore presumably not intended to be in his antiJew mind. It was of course game playing really. We send a rocket and you send a jet fighter while CNN keeps score.

While the entire interview is breathtakingly absurd, at 6:02 Joe Scarborough asks "What do we do the next time Israel is attacked from an outside force? What do we do at that point?"

ZB: That's the wrong question.
JS: No ,that's not the wrong question because... because...
ZB: That's not the question I am trying to answer(mumbles....)
JS: We never get the condemnation of Hamas or Hezbollah its always after Israel responds to defending itself .....
ZB: No its not... The problem is that this conflict has lasted for years and the US has been largely passive. The right question is not what do we do when things breakdown. the right question is what do we do to avoid a breakdown by being engaged seriously in the peace process. And for the last eight years we haven't been, and that's why we have the mess like we have right now on our hands.

Here is classical antiJew speak. The problem, the conflict, needs to be addressed by the US with the prestige of the president since both sides are guilty. Zbig began the interview by pointing out that both sides are suffering by making reference to the front page of the Washington Post, (grieving arab woman - lost 5 daughters: grieving Israeli woman because Hamas rocket hit town where she lives _ZB interpretation).

Zbig is calling for Obama to inject himself directly and with all his might into the conflict. Remember that Zbig was/is an advisor to Obama. Is this why the president-elect has been silent during the conflict, not to play his hand so soon?

Stumble Upon Toolbar

Israel Attacks Hamas: Euphoria Matured - Reality Settling In

Of course the attack on Gaza was the proper course of action. It is the moral thing to do when you are being fired upon indiscriminately to stop the ability of the one firing on you to continue doing so. The situation had become untenable. It is too much to ask border towns to “just deal with it”. Too much to ask school children, easily frightened into inaction and elderly unable to react with vigor to take cover in 15 seconds for mortars (up to 90 seconds for rockets) after the tseva adom siren.(Color Red/Red Dawn). Find shelter the alarm says, anywhere – incoming. More importantly it is a mitzvah to preserve innocent life even by taking the life of the rodef. Is anything more important? It does not matter that most of the rockets and mortars failed to kill or maim. They were supposed to. Most military objectives are multi-faceted. If you don’t kill anyone, that’s okay the launcher thinks. Terrorize them, make us look important. Make them fear us. Challenge them to find us, come and get us.

All but the most steadfast antiJew would have to sympathize with the plight of innocents under fire, even president-elect Obama as Bibi Netanyahu has explained now to the American media would not tolerate such a life for his girls – or so he said during his visit to S’derot.

Transitioning from desire and righteousness of acting to goals of acting is not quite so easy. It now is becoming quite clear that the year plus build up of anticipating an attack on Iran’s nuclear program was merely a diversion to shield spying eyes from the true target of the Israeli security apparatus – Hamas in Gaza. I suppose in terms of immediate threats, it was a good call. No one could have any doubt after the destruction of Israeli Gaza – Gush Katif- and villages of chalutzim in Yosh that Israel rarely considers morality in policy making. Otherwise one would have to ask “why did it take so long to act?” Taking years under fire to react in a legitimate way, one that could be interpreted by an observer to proclaim 'Jewish life has value'is a little extreme in the wrong direction. Was it really necessary to prove beyond that much shadow of a doubt that continued bombardment of innocents would not be tolerated?

Well, at least one benefit can be discerned from the inaction, a negative turned into a positive to Israel’s advantage. How many “toothless tiger” allegations have been made in recent years? How many Israeli warnings of a pending assault have been filed under “lost credibility” or more precisely “lost balance of power deterrent”? What causes armed conflict – on paper that is? It is a perception that the opponent will not or cannot fight back. This classically is understood as a failure of deterrence.

Israel was clearly guilty of the offense of failing in deterrence – for failing to utilize the powerful assets at its disposal in a meaningful way and thus create either balance of power or a perception that attacking Israel will result in an overwhelmingly strong response. How many times did you read stories within the last year that Israeli military officials were hinting or pointing toward a Gaza operation? How many times did Ehud Barak make threats to that effect? Yet, none were believable. Too many “toothless tiger” times in the past the threats were merely words not followed up with a significant action. One could claim that the 2006 Lebanon war was a result of “toothless tiger syndrome”. Yet this time, the presumption of Israeli inaction worked in Israel’s favor. Hamas seems to have been caught off guard. The best evidence is the large number of bombings and casualties on the first day of Operation Cast Lead.

But what now? Back to our earlier idea – what is victory and what does it look like? Both Samson Blinded and Sultan Knish have written about possible results of the war where Israel is clearly not benefited. The negative results include legitimizing Hamas and strengthening the terror organization both politically, strategically and tragically militarily and deeply impacting the Israeli political elections.

Failure to eliminate Hamas results in one not very favorable outcome (see the blogs above) and complete victory a different sort of not favorable result. As of now, I cannot find any Israeli leader in a position of power who asserts Israeli hegemony in Gaza. There appears at this time no interest in planning for a re-conquering of Gaza or of driving the barbarians into the Egyptian Sinai – most likely a discussion point between Israel and Egypt prior to the attack. Victory in the war as translated by complete elimination of Hamas foretells a future where the PA will be invited back to Gaza, given the pieces that are left, promised hundreds of billions in aid, and rushed to make a treaty with Israel while the power vacuum is still being filled with the exit of Hamas and before the the nationalist opposition can make the argument that 'Gaza is Israel' can occur. Essentially, complete military victory means a defeat for Zionism and international Jewry. A PA state will come into being rather quickly and who knows what will be the cost in Yosh for the treaty.

In the end, we can usually count on the arabians making decisions which prolong the conflict. What if some surviving Hamas official, who claims to be speaking for the organization makes a plea to through the international media and claims that “yes of course we will stop shooting at Israel, stop supporting the shooting at Israel and facilitating the shooting at Israel”. What then? Where does Israel’s international support go, what there is of it? What if it is Hamas that asks for UN observers or peace keepers? What if Hamas pulls a Hezbollah, never agrees to stop arming itself, only to stop shooting at Israel (for now)? Within a couple of days if not hours you can count on the offensive to stop and Israel’s chance to defeat Hamas will go by the wayside. This outcome leaves everything at a standstill. (see the Sultan Knish article above).

Yes, perhaps the rocket and mortar attacks will end under that scenario (for a while). But yes, Hamas will still be there and Israel has possibly contributed to re-building deterrent credibility. What doesn’t happen is an instant treaty with the PA and the idea of Israeli Gaza is still on the table. On the other hand it is likely that Hamas will return to firing rockets into Israel eventually or use the time honored defense that the attacks are coming from “rogue” elements or some other group. But this time, international observers will be in a better position to block Israeli self-defense tactics - perhaps. What is the better outcome for Israel in this conflict? It is a tough call. But what is also true is that the Torah demands we defend our lives at least as I read it. And even more so, we must defend Jewish sovereignty in Eretz Yisroel, again at least as I understand the Jewish role. If I am correct, the outcome then is not one in which we should be too concerned. We must do our part and the Aibishter will does His. Maybe, just maybe the political winds will shift and complete victory can be obtained.

Stumble Upon Toolbar

29 December 2008

Gaza War Message Confusion (what is the Goal?)

What is the message coming out of Israel? I am getting the feeling that the Government of Israel has not exactly decided what the goals are or how victory will be defined. A quick glance at some of the English speaking reports leads me to ask this question.

Barak: This is 'all-out war' on Hamas is an example. Maybe it is a badly worded title by JPOST but maybe not. In this article we find the unfortunate typical Israeli voice of indecisiveness.

"This operation will be extended and deepened as we find necessary. Our goal is to strike Hamas and stop the attacks on Israel. Hamas controls Gaza and is responsible for everything happening there and for all attacks carried out from within the Strip. The goals of this operation are to stop Hamas from attacking our citizens and soldiers," said Barak.
. This is a far cry from:
UN ambassador: Israel seeks to 'destroy' Hamas

NEW YORK (AP) — Israel's ambassador to the United Nations says the goal of the current offensive in the Gaza Strip is much broader than ending Palestinian rocket attacks. She says Israel wants to destroy Gaza's ruling Hamas movement.

In an interview Tuesday, Ambassador Gabriela Shalev said Israel's main goal is to "destroy completely" what she called a "terrorist gang."

She would not explicitly say that Israel wants to topple the Hamas government. But she said a return to the terms of a recent six-month truce would not be enough.

Shalev says Israel wants stronger assurances that the rocket fire will stop. Israeli leaders have said they do not want to reoccupy Gaza.

More than 300 Palestinians have died in the three-day air offensive.

Here, I was all ready to post about how Israel seems to have a strong public message about the war, specifically the remarks of Tzipi Livni Israel Slams Media Bias, Netanyahu Joins PR Efforts, Netanyahu joins Gaza op PR effort and this contradiction hit me. How on one hand does the Israeli Ambassador to the UN talk about destroying Hamas and the PM, DM and opposition leader speak as if the mission is merely to hold Hamas responsible for rocketing sovereign Israel until they either promise to stop their bad behavior or have been temporarily separated from the ability to do so.

I can only hope that the words from the Knesset are merely for consumption by the world press while the Amb. are closer to the truth. That would seem to be the reverse however of what a hasbara campaign would call for. One can only hope that the message disconnect is planned for some reason. I fear that it isn't. See The Gaza Picture Show - Sultan Knish for more. Israel should not accept anything less than destruction of Hamas's ability to govern if not exist. To return to some form of manageable cease fire is ludicrous.

Update The Jpost article referenced above "Barak: This is 'all-out war' on Hamas" has been changed by Jpost to "MKs trade volleys over Gaza op". The same quote I inserted above from Barak is still in the article.
new article.
CNN has picked up the same quote from Barak which is all over the web now. This quote seems to be political grandstanding by Barak.

Stumble Upon Toolbar

Gaza War in the Eyes of the BBC and Me

The BBC selected to publish the following annotations from commentaries around the middle east. In general, the media coverage from the non-arabian world has been honest. It will take a few days for the MSM to find a reason to turn on Israel. Maybe it will be the disproportionate force case Yid With Lid has written about. Maybe it will be something else.

My guess is that playing along hand in hand with the "disproportionate force" argument we will soon hear and read the argument that the continued assault on hamas will work to damage peace efforts instead of improving them. In theory, if you are a real peacenik, dismantling hamas should cause you to rejoice. Israel would, after all, this demented logic dictates, make peace with the PA/Fatah, but hamas is in the way.

At some point we will hear the "extreme" argument. That one goes something like, Israel's credibility is so low now amongst the arabians that the PA cannot make peace without jeopardizing it's ability to lead. blah blah blah. In the minds of the antiJew, Israel has no right of self-defense and any action taken to defend herself is either "disproportionate" or damages the "peace process". The immorality of this illogical position should be apparent to everyone. It promotes continual, long-term low-scale attack and reprisal conflict. This sort of conflict fits the arabian mentality nicely but not the Jewish one. War should be conducted to win, win decisively and win quickly. The IDF can do this if the government of Israel lets the generals run the war.

A few APRPEH comments follow the newspaper editorials (as usual, APRPEH comments are in the dark blue). Unfortunately, I can understand what the arabians are saying more so than the Israelis. I do not sympathize with them but they more clearly play the part of outside sympathetic observer than the Israeli lack of will portrayed below.

Mideast papers on Gaza - BBC

Commentators in the West Bank-based Palestinian press are united in dismay at the Israeli operation in Gaza, condemning it as an "ugly massacre".

Some also voice their fury at what they see as the inaction of the region's Arab states and the West's support for Israel, while one commentator fears the operation will only drive more of Gaza's young men into the arms of radical Islamists.

In Israel, press commentators are broadly supportive of the army operation, and insist that it is up to Hamas to stop the violence, by ending firing of rockets from Gaza into southern Israel. One writer, however, disagrees, terming the operation a "crime against humanity".


As the Arab and international silence continues, the credibility of Europe, the United States and the Arab regimes is collapsing. It is becoming very clear that the Palestinians are required to be a broken people... However, they forget that the many massacres to which our people in the Gaza Strip have been exposed will only increase their steadfastness.

The West's credibility increases by not siding with terrorists. Maybe there is a message here for the so-called 'palis'. You are the ones with no credibility.


The Israeli aggression against the Gaza Strip is an ugly massacre. However, the public protests by the Arab countries are not enough on their own. We have become used to being massacred and to dying under the rubble while hearing statements of condemnation and the commotion of demonstrations. However, after a day or two they disappear only to leave the sounds of shells and missiles.

If the arabian countries had spoken up earlier and condemned the daily rocket and mortar fire at civilians within Israel, Gaza would not have faced the brunt of the IDF. As it is, collateral damage has been minimal. The reporters must be embedded with hamas.


What is happening now is the ideal situation for the recruitment of the angry young men who feel collectively insulted. The picture that the Islamists on the streets are painting is that Israel, supported by the West, is waging a war of extermination against the Palestinian people as powerless Arab regimes watch idly.

Yep, blame the victim. It is Israel's fault that Islamists exist. That picture may well be educational. Angry, young Islamists are the problem not the cure.


The main objective of the Israeli operation is not to destroy Hamas's rule [in Gaza], because this would entail a land invasion and lengthy occupation of the Gaza Strip. What it wants is to deal Hamas and the resistance a painful and effective blow in the Gaza Strip, in order to weaken the resistance and force it to accept a truce according to Israel's conditions.

Sounds like this reporter has a direct line to Olmert. Olmert may well be thinking this. Barak may also be thinking this even thought he is saying otherwise. I don't trust either of them. Let's hope Israel shows the fortitude for the full scale ground offensive.


This is a strange, unique war. It has no defined borders. There is no occupation and no victory. It could end in an hour or in a year. The way in which it develops will be dictated to a large extent by the Palestinians: They stop firing, we will also stop firing. They'll continue? Their end will be bitter.

They will stop firing hopefully because the offensive has been successful in destroying the enemy ability to fire. Please think before you print. (no offense intended)


The ground operations are due at some point. At some point it will be possible to take control of territory in Gaza and effect great damage. Hamas can halt the whole affair at any given moment if it agrees to renew the truce on acceptable terms. Meanwhile, Hamas is conveying stubbornness.

Stubborness? You must be kidding? These are blood thirsty hamites. They are not stubborn. They are at war as we, the Jews must understand. Any renewal of the truce is an acceptance of defeat at this point. Hamas must be rooted out or at the very least left with a few underlings and some broken PCs.


Just like in the first days of the Second Lebanon War, we are again in euphoria. The media, like then, is full of prattle about the morality of the war. Have we not learned that every war, no matter how justified, is a crime against humanity? Most of the public is united around the only consensus we have ever had: war and bereavement, Holocaust and disasters.

This is so sick. All war is a crime against humanity? And when you must fight to defend yourself, your rights, your home and your children and refuse to do so, is this not also a crime against humanity?


Re-establishing the ceasefire on better terms and with better supervision is a reasonable goal. Toppling the Hamas regime, or eradicating the last rocket factory where the last Hamas member is making the last Qassam rocket, are not reasonable goals, in part because they are unachievable without a prolonged presence on the ground in Gaza.

Not attempting to destroy Hamas is not a reasonable use of force. Even if the goal is not achieveable it must be a goal and it must be attempted. There will be no balance of power otherwise. I don't recall daily rocket fire and mortar fire falling into Israel when there was a "prolonged presence on the ground in Gaza.


In order to stop the firing [of rockets] there is a need to reach a settlement, and in order to convince Hamas to reach a settlement we are now breaking its bones - in part to ensure that the price it demands is not high. However, we have not yet decided what price we are ready to pay. It is worth our while to decide quickly so that others may not decide for us.

These are the terms: no rockets ever, no mortars ever, no missiles ever, no kidnapping of Israelis ever, no importation of weapons ever, no Al-qaeda presence ever, no Iranian training or weapons ever, no leaving Gaza or entering Gaza ever without full security check ever, no tunneling to Egypt ever, etc. These are the terms take it or leave it. If you take it, maybe we will tolerate your presence. Maybe.

BBC Monitoring selects and translates news from radio, television, press, news agencies and the internet from 150 countries in more than 70 languages. It is based in Caversham, UK, and has several bureaux abroad.

Stumble Upon Toolbar

24 December 2008

Bah - Enough 'Interfaith' December Dilemma Stories

{this post is dedicated to the thousands of Jewish children (many of whom both you and I know personally), holy and pure Jewish neshamas, who have been placed into the world in the custody of parents who know not what they do and will be tested both this year as in previous years and future years to overcome the environments in which they live. HaShem should have rachmonus on them and put into the hearts of their Jewish parents wisdom and knowledge but mostly the ability to do teshuva}

The first lesson that a Jew really should learn about Chanukah is that the "holiday" exists because Jews were willing to fight for Torah at all costs. That is the revealed understanding of the holiday. At a deeper level, the more important understanding is that Jewish commitment to Torah drew down divine intervention in the war against the Assyrian Greek occupiers and sanctioned the war as holy. HaShem gave the oil miracle to the Jewish people when the Temple was re-dedicated to Jewish rites and thus presented an enduring symbol of Jewish redemption to the world. After having been used by the Helenists for pagan worship, true and authentic Jewish worship returned to Jerusalem.

In America today, Chanukah has become a holiday to celebrate religious freedom. This idea fits very nicely with American culture. Our Jewish ancestors, the Maccabees however did not really care whether or not Taoists could be Taoists. They only cared that the most holy place on earth, the Temple's sanctuary - had been defiled, that the holy Torah was being re-interpreted to fit within a Helenistic framework and the socially popular thing to do was to act like the goyim who were occupying Judea.

In December, it is very common to see articles in print and to see and hear stories in the electronic media with titles such as:

All of these were uncovered merely by searching on Google News "interfaith families". If you do a Google News search on "December Dilemma", the list is too long to reproduce.

Quite honestly, I really would like these stories to go away. Trying to make interfaith couples (which means out of faith thanks to the wonders of the English language) comfortable with the life choices they have made is not really on my agenda. I have no intent while writing this to offend anyone mind you. If you are Jewish and living with or without a legal arrangement to a person of a religious tradition different than your own and feel offended thus far, please choose a different article or blog to read.

Some people are concerned that one religion or another loses out in out of faith relationships. But, its not the religions that lose. Religions are religions - larger entities made up of believers. Its the children who lose. If you try to have everything you end up with nothing. Whether you are "more Jewish" or "more Christian" (whatever that means), it is not possible in a meaningful way to mix holiday observances. The children grow up with a minimal understanding of either religion because in their minds, the religious aspects are merged. To find a universal message consistent with both Jewish and Christian teachings and then make it the focal point of the season is doing justice to neither religious tradition, certainly not to the Torah or yiddishkeit.

Respecting others rights to observe what they want to does not mean assembling a family tradition of selected observances, sort of a 'best of' collection from various cultures or religions. Observance without the underlying meaning is game playing and a symptom of a society of takers - a society which demands acceptance not just the right to do as you please or believe what you wish, but a demand for acceptance -just because. The message is I will make my observance the way I want it to be and it is every bit as legitimate as any other. The one creating the observance will become it's adherent; religious creativity/creating religion. One could easily envision ornaments for idol trees in the shape of a chanukiah and dreidels or sufganiyot served as a dessert option at a big family Christmas dinner, freshly cooked latkes in the morning to accompany present opening before church. How could this empty symbolism be meaningful? After all, every Chanukah symbol has to do with Torah and Judaism overcoming the enemy, an enemy which sought to strip faith in the Giver of the Torah away from the Torah itself.

What was forbidden by the Helenists? To the extent that certain Jewish practices could be removed from the 'religion' such as bris milah, Shabbos, and Rosh Chodesh, Judaism would be allowed to co-exist with the Greek culture - be a working sub-set even. Essentially, the belief that Torah was given by HaShem and that man must be subservient to his Creator (note here the illogical premise that Creator and created could be the same being) was the problem. These rites all testify to the fact that HaShem is in charge, not Greek logic. Greek gods would not equate to HaKadosh Baruch Hu for the heroes of the story.

Now, let's take a look again at how Chanukah and Christmas are being merged. Chanukah, as anyone reading the above undoubtedly understands is about upholding the Jewish way of life even against the odds, even if it means heading for hills as the Maccabees did. That way of life is defined by and interpreted through Torah lenses.

Adding Christian observances and recognition of non-Jewish rites runs 100% contrary to the message of the Maccabees and Chazal. To the extent that Chanukah can be understood solely as a holiday of religious freedom and Christmas about presents, idol trees and fat guys in red suits there is no problem merging the two except that the season is as empty as the red suit without the extra padding. The real Chanukah cannot co-exist with Christmas and still carry with it the light of Torah. Chanukah must be about bringing the light of Torah into the world even to a world which resists its message. The Chanukah lights must carry the message as portrayed in what is now a Chabad classic the Fifth Candle story as having the ability to illuminate even the deepest darkness. Christmas observers may try to make the same claim as to their holiday. But for Jews, as it is attributed to the Rebbe in the Fifth Candle story - 'every Jew is like an only child of G-d'. Torah observance, Judaism cannot be compartmentalized. The Maccabee's war was to rid compartmentalizing from Judea and the Jewish future. A Jew must illuminate the world with the radiance of Torah, not put out its flame. Chanukah and Christmas cannot co-exist in one home. Christmas is for Christians. Chanukah is for Jews.

Stumble Upon Toolbar

22 December 2008

FTC Report: Social Security Numbers and Identity Theft

The Federal Trade Commission has issued a report which doesn't break much new ground on protecting American citizen's Social Security Numbers. It does make official the call for new regulations intended to end unnecessary use of the Social Security Number (SSN) and provide for the privacy concerns of consumers when it is used. As the report makes clear, the genie cannot be stuffed back into the bottle. The SSNs of Americans are used, filed, stored, and accessed everywhere for business and identification purposes. That's pretty amazing for a number which is not officially an identification number.

Think about this. SSNs are assigned almost immediately after the birth of a baby. A basic paper card with few security provisions is given to the parents of the baby. The Social Security Administration will be happy to re-issue a card to a consumer as many as 10 times over a life time, not including legal name changes. If the card is lost or stolen, that is too bad. Apply for a new card - same number. No changes to your number will occur. Small wonder why identity theft is so easy to perpetrate. One of the basic pieces of information needed to commit identity frauds of all sorts is unprotected and is rarely changed even after it is exploited for criminal purposes.

Because so many functions of business though rely on the SSN for day to day operations, it will not go away anytime soon. Especially now as we boldly head into uncertain economic times, businesses cannot afford the cost of re-tooling from an obsolete identification system to a technologically safer credentialing system which matches stored card data to knowledge based authentication (KBA), PIN and/or biometrics. Many people are rightfully very concerned about these technologies and the implications they pose for consumer privacy. What cannot continue however is the current unabated abuse of the SSN which results in costly and time consuming identity restoration for consumers and billions of dollars in costs due to fraud; all facilitated by the SSNs inherent lack of safety. I am certainly not a proponent for national identity cards but the current system of using SSNs as a primary ID has to be put out to pasture. This is a subject we will need to visit again in the future.

FTC Issues Report on Social Security Numbers and Identity Theft excerpts

The Commission believes that the most effective course of action is to strengthen the methods by which businesses authenticate new and existing customers. Stronger authentication would make it more difficult for criminals to use stolen information, including SSNs, to impersonate consumers, thus devaluing the SSN to identity thieves and reducing the demand for it.

Limiting the supply of SSNs that are available to criminals, as a complement to improved authentication, although important, is more complex. SSNs already are available from many sources, including public records, and it may be impossible to “put the genie back in the bottle.” Moreover, there is a danger that reducing the availability of SSNs would have unintended, adverse consequences. A number of important functions in our economy depend on access to SSNs. Businesses routinely rely on SSNs to ensure that the information they use or share with other organizations is matched to the right individual. Still, we believe it is feasible to reduce the availability of SSNs to identity thieves, such as by eliminating unnecessary public display, while preserving the legitimate and beneficial uses and transfers of SSNs. The Commission’s five recommendations, detailed below in Section III, are:

  • Improve consumer authentication;

  • Restrict the public display and the transmission of SSNs;

  • Establish national standards for data protection and breach notification;

  • Conduct outreach to businesses and consumers; and

  • Promote coordination and information sharing on use of SSNs.

This dual use of the SSN as identifier and authenticator has created significant identity theft concerns. SSNs often are described as the “keys to the kingdom,” because an identity thief with a consumer’s SSN (and perhaps other identifying information) may be able to use that information to convince a business that he is who he purports to be, allowing him to open new accounts, access existing accounts, or obtain other benefits in the consumer’s name. Unfortunately, SSNs have become
increasingly available to identity thieves, at least in part because they are so widely used as identifiers.

“Authentication” is the process of verifying that someone is who he or she claims to be. It is distinguished from “identification,” which simply matches an individual with his or her records, but does not prove that the individual is who he or she purports to be.


Given that the widespread use and availability of SSNs cannot be completely reversed,33 the Commission believes that the central component of the solution is to reduce the demand for SSNs by minimizing their value to identity thieves. This could be achieved by encouraging or requiring entities that have consumer accounts that can be targeted by identity thieves to adopt more effective authentication procedures, thereby making it more difficult for wrongdoers to use SSNs to open new accounts,
access existing accounts, or otherwise impersonate a consumer.

1. Improve Consumer Authentication
The Commission recommends that Congress consider establishing national consumer authentication standards covering all private sector entities that maintain consumer accounts other than financial institutions subject to the jurisdiction of the bank regulatory agencies, which already are subject to such requirements. These standards, which should be consistent with those covering financial institutions, should require private sector entities to create a written program that establishes
reasonable procedures to authenticate new or existing customers. This “reasonable procedures” approach, which should be fleshed out through agency rulemaking, should be technology-neutral and provide flexibility to private sector entities to implement a program that is compatible with their size, the nature of their business, and the specific authentication risks they face.

In developing authentication standards, Congress should consider several factors. First, the cost of implementing new authentication procedures should be evaluated in determining what is “reasonable.” Second, consumer convenience is a critical concern and also should be weighed in the reasonableness determination. Consumers are likely to resist authentication requirements that are too time-consuming or difficult, or that require the memorization or retention of too much information. Third, more robust authentication procedures that require consumers to provide additional information about themselves raise potential privacy concerns. For instance, some
businesses have developed authentication methods that require consumers to provide additional personal information either at the time the account is established or when the consumer later attempts to access the account. Many businesses use knowledge-based authentication in which they ask challenge questions, the answers to which are likely to be known only by the true individual. Although this method of authentication can overcome concerns about the unreliability of documentary evidence of identity45 and the lack of personal interaction in telephone or online transactions, challenge questions may require consumers to provide increasing amounts of information to businesses that are linked together in ways that may be unsettling to some.

2. Restrict the Public Display and the Transmission of SSNs
Although SSNs are valuable as a means of linking consumers with their information, much can be done to reduce the availability of SSNs to identity thieves by eliminating the unnecessary display and transmission of SSNs by the private sector. Restricting the display of SSNs on publicly-available documents and identification cards, and limiting the circumstances and means by which they can be transmitted, would make it more difficult for thieves to obtain SSNs, without hindering their use for legitimate identification and data matching purposes.

The Commission recommends that Congress consider creating national standards for the public display and the transmission of SSNs.64 Federal legislation would establish a nationwide approach to Federal Trade Commission reducing unnecessary display and transmission of SSNs, while addressing concerns about a patchwork of state laws with varying requirements. National standards should prohibit private sector entities
from unnecessarily exposing SSNs. The precise standards should be developed in rulemaking by appropriate federal agencies (i.e., agencies that oversee organizations that routinely transmit or display SSNs), and should include, for example, prohibitions against:

  • publicly posting or displaying SSNs;

  • placing SSNs on cards or documents required for an individual to access products or services provided by a covered entity, including student ID cards, employee ID cards, and insurance cards;

  • transmitting (or requiring an individual to transmit) an SSN over the Internet, unless the connection is secure from unauthorized access, e.g., by encryption or other technologies that render the data generally unreadable;

  • printing an individual’s SSN in materials mailed to the individual; and

  • printing an individual’s SSN on the outside of an envelope or other mailer, or in a location that is visible without opening the envelope or mailer.

3. Establish National Standards for Data Protection and Breach

The Commission has previously expressed support for national data security standards that would cover SSNs in the possession of any private sector entity, and numerous commenters and workshop participants voiced similar support. Such standards, which would be implemented in rulemaking by federal agencies that oversee entities that routinely use and transfer sensitive consumer information, could be modeled after the Safeguards Rules and cover all entities that maintain sensitive consumer information.

The Commission also reiterates its support of its prior recommendation that Congress consider establishing national data breach notification standards requiring private sector entities to provide public notice when the entity suffers a breach of consumers’ personal information and the breach creates a significant risk of identity theft or other harms. These standards would also be implemented in rulemaking by appropriate federal agencies. Most states now have breach notification laws, but currently there is no across-the-board federal requirement. Commenters and workshop participants noted that, in addition to alerting affected consumers to protect themselves, these laws have had the indirect benefit of motivating companies to weigh their need to collect SSNs against the potential cost and liability that may ensue if the SSNs are compromised. Participants also noted that many businesses
have strengthened their safeguards practices to avoid data breaches, at least in part as a result of breach notification requirements. The state laws differ in various respects, however, complicating compliance.

4. Conduct Outreach to Businesses and Consumers
The Commission recommends increasing education and guidance efforts as additional steps to help reduce the role of SSNs in facilitating identity theft.

This type of guidance would be especially useful to small businesses and could include the following messages:
  • the importance of collecting SSNs only when necessary and storing them only as long as necessary;

  • steps businesses can take to reduce the use of SSNs as internal identifiers;

  • proper disposal of SSNs;

  • the importance of securing SSNs (such as by encrypting them) during their transmission; and

  • limiting employee access to SSNs and conducting employee screening and training.

5. Promote Coordination and Information Sharing on Use of SSNs
Many private sector entities, from large multi-nationals and universities to small businesses and health care systems, have described the difficulties and expense of removing SSNs from computer systems and files, as well as the challenges of keeping up with the sophisticated and changing methods of identity thieves.

The Commission recommends that appropriate governmental entities explore helping private sector organizations establish a clearinghouse of best practices, enabling those organizations to share approaches and technologies on SSN usage and protection, fraud prevention, and consumer authentication.

Text of the Commission Report

Stumble Upon Toolbar

Looking Back - 2008 Data Breaches

Hurray, another end of the year list. This one though (from Bank Info Security) is not reviewing the top movies, songs, celebrities but, the miserable failures in data security of 2008. With nine more days until the end of 2008, this post could be pre-mature. Data breach threats show no regard for end of the year holiday parties and frivolities.

The data breach incidents of 2008 include the old stand-bys of lost tapes and data due to mistake and theft but also reveals an increased use of break in technologies to steal information from data bases. Numerous "hacking" incidences and infected computer systems not only resulted in millions of dollars in cost to businesses but exposed large numbers of consumers to fraud. Stolen data has to go some where and can be held in reserve for use at a later time, possibly changing hands often before reaching a perpetrator. Data is a commodity. After all, identity theft is a business - suppliers, middle men and end users are the norm, just like in any business.

At least one of these breaches began in 2007 and continued into 2008 due to law enforcement action. Last year's breaches while not lacking of hacking incidents, were focused more on missing data. For comparison purposes, below the top 10 list find links to stories looking back on 2007 and a link to a comprehensive multi-year listing. APRPEH is currently taking predictions of data loss stories for the end of 2009.

For accuracy purposes, it is important to recognize the difference between lost back up tapes or disks and stolen computers, hard drives or data devices and must be further differentiated from data lost due to hacking, viruses, malware - any active invasion of data storage systems for the purpose of stealing information. It is this last category with its obviously pernicious intent to steal data (vis a vis hardware) which represents a greater threat equation for consumers. The 'how was it stolen' question makes a huge difference in predicting whether or not consumers are likely or unlikely to become victims of identity theft.

Top 10 Security Breaches of 2008 - Bank Info Security
Ghost of Christmas Past (TJX) Still Casts Specter on Present and Future
Linda McGlasson, Managing Editor
December 22, 2008

From Hannaford to Countrywide to the Bank of New York Mellon, 2008 has been a year of high-profile security breaches in or impacting the financial services industry. Here's our list of the top 10 - and lessons that should be learned, so we aren't back revisiting these issues in '09.

1. TJX Case Winds Up, Arrests Made

Earlier this year, The TJX Companies (parent of retailer TJ Maxx) settled in federal court and paid out millions to its federal regulator, the Federal Trade Commission, banking institutions, credit card companies and consumers to bring to a close the court cases that had threatened to overwhelm the company.

The August arrest of 11 alleged hackers accused of stealing more than 40 million credit and debit cards brings law enforcement closer to closing what is still the largest hack ever. The U.S. Department of Justice brought charges against 11 alleged hackers from around the globe. Some of the hacking gang were nabbed and brought to the U.S. to face trial alongside three U.S.-based defendants. Two of the defendants, Christopher Scott and Damon Patrick Toey, have already pled guilty in the case. Others including the ringleader, Alberto Gonzalez, await trial.

Lesson Learned: The wide-range of the perpetrators brings to light something that those in the cyber intelligence realm have known for some time: Criminal hackers are part of a very mature and multi-billion dollar industry that reaches around the world. No organization is immune to the threat.

2. Bank of New York Mellon

An unencrypted backup tape with 4.5 million customers of the Bank of New York Mellon went missing on Feb. 27, after it was sent to a storage facility. The missing tape contains social security numbers and bank account information on 4.5 million customers - including several hundred thousand depositors and investors of People's United Bank of Connecticut, which had given Bank of New York Mellon the information so it could offer those consumers an investment opportunity.

Lesson Learned: For Bank of New York Mellon, know that when data is released to a third-party that their security is as good or better than yours. Encryption isn't just something that is good for the data held at an institution; it's also something to consider for data that leaves the institution.

3. Hannaford Data Breach

In March, the Maine-based Hannaford Brothers grocery store chain announced that 4.2 million customer card transactions had been compromised by the hackers. More than 1800 credit card numbers were immediately used for fraudulent transactions.

The affected banks and credit unions were forced to reissue the credit and debit cards. Within two days of the breach announcement, two class action suits had been filed on behalf of customers against the retailer. The retailer claims its systems were PCI-compliant and had passed a PCI assessment shortly before the hack was discovered.

Lesson Learned: The case is still open, and forensic reports by security investigators brought in by Hannaford have not been made public. The PCI Security Council has pledged that if the PCI requirements are found to be wanting in light of the report, they will make changes to tighten the requirements. Cases such as Hannaford may be the impetus behind legislation to require prompt notification of a data security breach.

4. Countrywide Insider Theft

In August, a former Countrywide Financial Corp. senior financial analyst, Rene Rebollo, was arrested and charged by the FBI for stealing and selling sensitive personal information of an estimated 2 million mortgage loan applicants. How he did it over a two-year period was to download about 20,000 customer profiles each week onto flash drives, working on Sunday nights, when no one else was in the office. Rebollo then took the excel spreadsheets to business center stores to email to buyers.

Countrywide, now owned by Bank of America, was already facing money and reputation issues because of the subprime loan meltdown before it faced the insider threat of Rebollo.

Lesson Learned: While Countrywide and Bank of America now know firsthand what a rogue insider can do, other institutions need to do a better job of monitoring their employees and creating asset controls. As the economy continues to produce layoffs, this threat may become even more so, as fearful employees look to cash in on their trusted status and take data just in case they face unemployment.

5. GE Money Backup Tape Goes AWOL

Early in January, Iron Mountain said it could not find a backup tape that belonged to GE Money, containing information on J.C. Penney customers and 100 other retailers.

The tape was stored in an Iron Mountain vault, says an Iron Mountain statement issued about the loss, and had been requested by GE Money in October 2007. The tape contained the personal information of about 650,000 J.C. Penney customers and the other 100 retailers. GE Money processes credit cards for those retailers. As a records and archive company that specializes in records management, Iron Mountain was at a loss to explain the tape's whereabouts.

Iron Mountain said it was an unfortunate case of a misplaced tape, but asserts that there was no evidence that the information was obtained and used by unauthorized persons. The missing tape also included about 150,000 social security numbers.

Lesson Learned: While GE Money paid for credit monitoring for the 650,000 credit card holders, Iron Mountain may have learned to better monitor where media is located. For the rest of companies that hold information of a personally identifiable nature, there is another reason to keep it safe from prying eyes. The cost of an average data breach can hit a company's bottom line. According to a study conducted by the Ponemon Institute, an independent information security and privacy research group, data breaches are costing businesses an average of $197 per customer record, up from $182 in 2006.

6. RSA Report: Half-Million Banking ID's Stolen

In November, security vendor RSA said it found a single Trojan that had taken more than 500,000 online banking accounts credentials, credit cards and other resources. The company's Fraud Action Research Team added that the hacking gang behind the Trojan may have been operating for as long as three years. The compromised data came from hundreds of financial institutions around the world.

Lesson Learned: The Trojan Sinowal is so tricky that the average institution or customer would not even know that they are infected with it. Taking a professional, defense-in-depth approach to protecting a network and customers is the best remedy.

7. Compass Bank Hard Drive Stolen, 1 Million Accounts Taken

At the sentencing of a former bank programmer at Compass Bank in Birmingham, AL. in March, it was revealed that the accused had stolen a hard drive with 1 million customer records and used it to commit debit-card fraud. James Kevin Real is now serving a 42-month sentence and was ordered to pay back the more than $32,000 that he and an accomplice withdrew from Compass Bank customer accounts. The bank claimed that the customer records contained limited information, but Real was able to create 250 counterfeit debit cards. He used 45 of them to access and withdraw cash before being arrested.

At the time of Real's sentencing, Alabama was one of 11 states that didn't require companies to automatically notify customers of data breaches.

Lesson Learned: Compass Bank dodged a bullet in terms of cost on this breach. It would have had to notify all 1 million customers of the compromise of their data had the hard drive theft been in a state that requires notification. Other than the 250 customers that Real took money from, no other customers were notified of the data loss. That means that 999,750 of the other 1 million customers weren't notified of the potential risk.

8. Ski Resort Okemo Suffers Hannaford-Like Data Breach

In an attack similar to what hit Hannaford Brothers in March, the Okemo Ski Resort in Vermont said in April it had been hit by hackers that installed malicious software to capture credit card data as it was being processed at the resort. Law enforcement officials at the time said they were investigating as many as 50 other similar incidents in the Northeast.

Lesson Learned: PCI compliance is like a driver's license -- it may mean that a retailer has passed the test for compliance, but doesn't necessarily mean it is in compliance.

9. Retailer Montgomery Ward

Six months after a breach happened at the parent company of the Montgomery Ward website, the company Direct Marketing Services finally began notifying customers that their credit card information was stolen in the hack. At least 51,000 records were stolen out of a database in December, 2007.

Direct Marketing said it had promptly contacted its payment processor and Visa and MasterCard, and it also notified the U.S. Secret Service.

Lesson Learned: Direct Marketing Services was forced into contacting the customers after the company CardCops, an investigative firm that tracks credit card thefts for the financial services industry, found more than 200,000 payment cards being offered for sale on an Internet chat room often visited by card thieves. Better to take the public relations role and confess the breach than possibly face data breach notification lawsuits by consumers and state attorney generals.

10. More Than $5 Million Taken By ATM Capers

The Automatic Teller Machine capers are hitting everywhere. In June, two men were charged with making hundreds of withdrawals from New York City ATMs, grabbing $750,000 in the process, using stolen information from a previous computer intrusion into a Citibank server that processes ATM withdrawals. One of the same accused also allegedly took $5 million in withdrawals from iWire prepaid MasterCard accounts.

Lesson Learned: While Citibank denied the indictment's charge that their server had been breached and blames a third-party transaction processor for the compromise, it still meant it had to notify and reissue new debit cards to those customers that the bank believed were exposed to increased risk.

The Top 10 Data Breaches of 2007 - CSO Online

2007 Data Breaches Not As Bad As We Think - Baseline Mag

Data breaches: 2007 IT failure superstar - ZDnet

Chronology of Data Breaches from Privacy Rights Clearing House

Stumble Upon Toolbar

16 December 2008

Social Networking Safety III - Lives of the Happy Holiday Hackers

Social networking is highly valued by many people including regular users who update their "personal" sites with all the details of their comings and goings. Growing accustomed to such World Wide Webizing of their lives brings some of these people great fulfillment. It's true - social networking can be highly addictive. Why? Often, it's for good reasons. Users find it a convenient way to stay in touch with their family and friends. Little thought is given to the consequences of regular use or what could happen if someone fraudulently acquires your log in information.

The value of the service, in the eyes of the user is based upon what the service can do for me. For hackers, scammers, fraudsters and internet thieves, the value is measured by it's resale price. According to the article below based upon research by Trend Micro, the value of the login information for criminal purposes is nothing, maybe not even enough for your favorite Starbucks. Now, that can mean two things (supply and demand). One, the market for login information is slow. OR, two -the information is SO easy to come by EVERYONE can steal it and does steal it.

APRPEH's previous posts Dangers of Social Networking Sites and More Dangers of Social Networking on this subject documented the criminal aspects, what users of login information actually do with it.

Below is a little different angle: the free market for stolen logins.

Facebook hacking increases as logins sold cheaply - SC Magazinee UK
Dan Raywood, December 16, 2008

Hackers are stealing Facebook login details and selling them on for just 89p each.

According to research by Trend Micro, logins for MySpace, Skype and online computer games are also sold on to gangs for £1 a time, a set of credit card details is sold for £25 while internet banking logons cost £35 each.

Rik Ferguson, senior security advisor at Trend Micro, told The Sun: “We give away a huge amount of personal information on social networking sites. Hordes of cyber criminals are drawn to them. Whether you're going online to use Facebook, or for banking or Christmas shopping, you should be aware that hacking and identity theft tends to increase at certain times of the year.”

Gary Clark, VP EMEA at SafeNet, said: “Organisations need to take responsibility for their customers, and protect them from anyone looking to exploit a weakness in the system. This could be account details on Facebook, personal financial data used in internet banking, or credit card details disclosed when shopping online. Website owners should be able to guarantee security, or expect people to go elsewhere.

“At the very least, all data must be encrypted. Plus, any sites dealing with financial details need to comply with the appropriate regulations, such as the Payment Card Industry Data Security Standard (PCI DSS). There's is nothing we can do to stop the scammers trying their scams, aside from educating users not to fall for them. But when it comes to data, websites owners need to up their game and provide the appropriate safety measures.”

another look from the Daily mail

Stumble Upon Toolbar

12 December 2008

Data Breaches and Customer Loyalty

Below is a discussion concerning whether or not businesses or organizations suffer any consumer based ramifications from a data breach. Here is my two cents. As the Stillsecure blog alludes to, breaches need to be defined based upon what was lost. There is a huge difference between losing sales based information ie. credit card or debit card account information (further sub-divided by adding checking account routing and account numbers) and actual personal identifying information (PII). One way to think about the loyalty question is to frame it within an understanding of the consequences to the consumer. When credit card or debit card numbers are lost in a breach what typically happens? Either the consumer or pro-actively the credit card issuer will cancel the card and mail the consumer a new one. Big deal. This is a minor cost to the consumer and while it may be an inconvenience, it will hardly affect the behavior of too many consumers.

Let's face it. Financial data is free flowing and many hands touch it. A consumer should expect that his/her credit and debit information will be stolen a few times during their adult life. If the credit or debit information were actually used, that is a slightly greater inconvenience. The consumer calls the issuer, denies knowing about the transaction and in 95% of the cases the charge to the consumer is written off as fraud. This still doesn't affect the loyalty too much. Throw in some credit monitoring and most consumers have very little reason to be concerned.

Now, what if what was lost was PII or medical records or tax/employment earnings records? That is a totally different matter, one which generates anger and fear in the minds of customers and yes brings to question loyalty. Is there another vendor I could patronize instead of the one who didn't take proper pre-cautions to guard my information? I have a cartoon on my desk which reads "I didn't say it was your fault. I said I'm going to blame it on you". Whether or not the data management of the organization was well crafted or not, the impression is that 'you lost it, its your fault' despite what could have been the best efforts of the organization to protect their records. And if the breach results in identity theft victims, the affected company had better prepare itself to cover the expense of identity restoration. While it does indeed matter what the relationship between the consumer and organization was before the breach, chances are the affected consumer is still going to re-think his/her relationship with the company after becoming a victim of fraud which is tied back to the organization's breach.

But this is business. An organization which experiences a data breach of PII MUST REACT PROPERLY, QUICKLY AND EFFECTIVELY by notifying the affected consumers and offering them some sort of compensation. This action is only partly to reduce the liability which could result in class action suits, but also Attorney General investigations. Call me cynical, but reacting properly to the breach is more important for the customers that you do not as of yet have than for the customers that the business currently has. Re-building reputation is potentially far more expensive than the costs of a proper response to data breach.

Do data breaches really cost companies customers? - Still Secure After All These Years Blog

Adam Dodge writing on the Security Catalyst blog (another great SBN member site) writes about how data breaches have a substantial impact on companies losing customers. Adam points out that nothing will make a company take security more seriously than hits to the bottom line. Adam cites two recent studies to prove how data breaches make customers lose faith in the breached companies and how a substantial amount (30% or more) terminate their relationship.

I don't buy this for a second. In fact I think for many kinds of breaches, it doesn't effect bottom line or customer loyalty at all. DSW Shoes,TJX, Best Buy - none of these retailers had any lingering effect to the bottom line or their stock prices as a result of data breaches. Adam's evidence from two studies are both sponsored by companies that make their living in id management and identity protection. These are hardly neutral parties.

I can understand if the data breach was your banking institution, but when it comes to retail at least, I don't think people stop shopping there. That is not to say that they don't get upset and on a short term basis bitch and moan about it. But long term the next time DSW has shoes on sale or Best Buy is running a great deal on HD TV, consumers will be lining up to buy. Also the fact that stock prices are not effected is not lost on executive management of these companies.

The fact is until there are real hits to the bottom line from these high profile breaches, as a business plan it may be cheaper to absorb the cost of a breach than to try to lock it down and prevent them.

* The two studies Adam mentions are here:

Javelin Research

Ponemon Study

Stumble Upon Toolbar

11 December 2008

More - Dangers of Social Networking

Back on December 1 APRPEH posted The Dangers of Social Networking Sites. Since then, I have become aware of other articles besides the one included in my post which assert that 2009 may be the year of the attack on social networking.

As I stated in the December 1 post, I don't believe people will flee from social networking, and if so, expect an increase in infected computers, networks and friends lists. The malware and spyware installations in American computers will continue to contribute to identity theft, increasing the percentage of people who may fall victim to fraud due to computers and internet. People have long been concerned about becoming a victim of identity theft due to their computer usage but this has not been, at least until now, one of the primary reasons consumers fall victim. Granted, technology makes the commission of consumer type fraud easier but is usually not the initial source for personal identifying information (PII) being stolen.

What makes infecting computers and for that matter identity theft easier on social networking sites is the fact that "networking" inherently is a low-threat, high-trust environment. And even someone inclined to be more security minded will lower their defenses when they perceive that the environment is safe. Such presumptions are the foundation upon which fraud is built. This very same idea is what makes a reasonably well educated adult respond to an email asking for highly personal or sensitive information.

Information you should know

In order to be a successful at spreading malware through disguised links or stealing PII through email phishing two things must be present:
1) the consumer believes that failure to act will result in a loss which causes
2) the consumer to lower their defenses or skepticism (or over rule it) and act imprudently. In the case of malware and what should be suspicious links in a different environment the 'failure to act will result in a loss' equation is replaced by an equally strong impulse that 'failure to act will result in not acquiring the perceived benefit'.

Best advice

Watch what you click.
Never reply to an email asking for PII.
Verify with the "friend" any suspicious email asking you to follow a link into their site before clicking.
The email may not have originated from your friend but by malware forwarding messages from an infected friends list.

Too Late to Save Facebook?
A slew of security vendor reports on risks to expect in 2009 point to Facebook, Myspace and other such sites as increasingly tempting targets among hackers looking to dupe people out of their sensitive information. PDF and Flash files, once considered safe, are now a threat as well.

Danger lurks behind social networking
What's the top threat to data security going to be in 2009? According to the GTISC Emerging Cyber Threats Report for 2009 out of Georgia Tech's Information Security Center, the answer is malware specifically disguised as "benign social networking links."

Young workers' use of social networking sites concerns IT staffs
By Steve Johnson

Mercury News.com

Posted: 12/04/2008 12:03:58 PM PST
Social-networking sites such as Facebook and MySpace are being targeted so often by cybercrooks and other mischief-makers that half of the information-technology specialists surveyed recently by Intel expressed concern about workers under 30, who disproportionately use such sites.

Of the 200 corporate and government IT professionals in the United States and Canada who were surveyed, 13 percent said they regard so-called Generation Y employees as "a major security concern," and 37 percent tagged them as "somewhat of a security concern." The biggest worry they mentioned was the tendency of many Gen Yers to frequent social-networking sites like Facebook and MySpace.

Among other problems, the IT executives said employees using such sites may download viruses that wind up on their employer's computers or reveal information about themselves on the networking sites that compromises their employer's business secrets. To prevent such problems, some companies, including Intel, ban their workers' access to social networking sites.

"Their wide-ranging use of the Internet can expose the company to malicious software attacks," said Mike Ferron-Jones, who directs an Intel program that monitors new computing trends. "This is a big deal now, and it's going to get bigger as more Gen Yers come into the workforce."

On the positive side, the IT executives noted that Gen Yers tend to be computer savvy and are brimming with new ideas, which are highly desirable corporate qualities.

MySpace executives didn't respond to a Mercury News request for comment on the report. But Facebook spokesman Barry Schnitt acknowledged that his site has seen increasing cyberassaults.

"The more a site grows, the more it becomes a target of bad guys," he said. Nonetheless, he stressed that Facebook "acts aggressively and proactively to protect our users."

Among other things, Facebook does statistical analysis of how often people send messages to identify scammers targeting large numbers of its users. And while he declined to provide data on how many scams are launched against the site each year, he said "only a very small percentage of users have been impacted by security issues."

Even so, the threat posed by identity thieves, con artists and malevolent hackers is considerable and growing, other experts have concluded.

On Tuesday, cybercrime specialists at the security software company McAfee in Santa Clara said they had discovered a link for a movie posted on Facebook. After the link is clicked, a so-called worm detours the user's Internet searches to certain Web-based ads, according to McAfee threat researcher Craig Shmugar.

McAfee's list of top 12 Christmas scams also warns that people on some social-networking sites have been receiving messages that say "You've got a new friend." When clicked, the messages downloads software that steals their financial information.

Increasing numbers of employees access social-networking sites at their job or while using a personal computer linked to work. And the problems they encounter on those sites can turn into big headaches for their employers, according to experts.

In a study earlier this year, security firm Sophos said, "Organizations are facing the dual concerns of social-networking Web sites causing productivity issues by distracting employees from their work" as well as viruses or other malicious computer code "being introduced to the workplace."

Sophos warned employers to be particularly wary of the common tendency of people to use the same password for every site they access. If a crook successfully guesses the person's social-network password, the study said, "They may well be guessing it for the company network, too."

Users of social-networking sites tend to be unusually trusting and willing to share information, said Scott Mitic, chief executive of TrustedID in Redwood City, which offers identity-theft protection services. While they would never dream of leaving their trash cans out when going on vacation, they often seem unconcerned about revealing details of planned trips on social-networking sites.

"I can tell you right now of my friends on Facebook whose house I should be breaking into," he said. "I know who's in Russia now. I know who's on a business trip to L.A."

Because some of Intel's computer chips can block viruses and other security threats, the company may be able to use the research to promote its technology, said Ferron-Jones. But he added that Intel — like other companies — also benefits from its employees using sites like Facebook to confer with customers or business associates.

That poses a big dilemma for businesses grappling with the social-networking phenomenon, he said, adding, "how do you harness all of the good, but avoid the bad?"

Stumble Upon Toolbar

Chevron - Home of the Patriarchs but not Their Children

Isn't it funny how so much of the world cries when they hear the proverbial Arabian story that "my grandmother" or "my grandfather" still has the key to this home or that building in Jerusalem or Haifa or Beer Sheva if only the Zionists didn't throw them out of this house they would still live there to this day. Even though it is pretty worn out and dollars to donuts a lie much of the time, it still provokes anger and creates tears from the gullible anti-Jew. How easy it is to create animosity towards Jews. What happens when it is the Jew who claims ownership of a building or home taken over by others in Israel? And what if that Jew uses legal means to re-claim his family property? All the more so, what if that property is in the politically charged environment of Chevron, home of the patriarchs - the Jewish patriarchs and matriarchs who indeed might cringe at the thought of Arabian-Muslims claiming them as their own?

But what can you say to the argument that, "this is merely a law enforcement matter"? The court ordered the building emptied until the conclusion of a legal process to determine ownership of the property is taken up in court? Send in the army. How many courts of law in the civilized world can have the authority and access to military special forces in order to carry an expulsion order? A simple hearing to view the video tape or audio tape would resolve the legal matter quickly. There was no need for the blood and guts drama of the building invasion. A better country and government would have already conducted hearings into the governments actions in this case.

The use of brutal force to evict what arguably, (if his story is accurate and there is no reason to believe it is not) those residing in the property with the permission of the rightful owner of the property merely because the politics dictates it, is a huge violation of civil rights and possibly falls under the definition of Crimes Against Humanity as my meager understanding of the term permits.

It is no secret that the Olmert/Livni/Barak regieme has systematically thwarted and at the very least made difficult Jewish residence and life in Yosh. The legal rights of individuals has been shoved to the back of the bus in favor of politically contrived definitions of national interest which are agreed to by few and certainly are not universal. Majority agreement and general approval are guide posts directing strategic necessity and generate what is called "national interest". There is no such mandate within Israel or Jewry that Chevron should be left in a vacuum.

Peace House Purchaser Feels Connected to Hevron

Kislev 14, 5769, 11 December 08 12:19by IsraelNN Staff(IsraelNN.com) What motivated philanthropist and New York businessman Morris Abraham to buy Hevron’s Peace House? In an interview with the weekly Jewish periodical, Mishpacha Magazine, Abraham explains, “It was very simple. I had a bar mitzvah there almost thirty years ago. We’re very connected through the Torah.”

However, Abraham’s Hevron connection goes back to the 1920’s, when his Iraqi-born great-grandfather, Yechezkel Abraham, settled the town of the Jewish Patriarchs. He was one of the eight hundred Jewish survivors expelled in the 1929 Arab pogrom. Yechezkel Abraham subsequently resettled in Jerusalem, learning in the Porat Yosef Yeshivah. “He was lucky to be alive,” Abraham adds, “I feel very connected. We were driven out once before. Maybe that’s why I’m still connected.”

The Abraham family connection to the Land of the Biblical Abraham is even more recent, with nearly tragic consequences. Morris Abraham’s father is a major benefactor to the Navat Yisrael schools run by Rabbi Nissim Zeev, a Knesset Member (Shas) since 1999. In 1989, Morris Abraham’s parents and two sisters were being driven by Nissim Zeev to pray at the Tomb of the Patriarchs. While driving through Hevron’s narrow streets, they were boxed in by two Arab cars. A few Hamas terrorists with black masks surrounded the car and started stoning it. Zeev tried driving away, but hit a dead end. Jumping out of the car, Zeev begged an Arab taxi driver to drive the group to IDF troops. Although Zeev’s car was torched, their lives were spared.

MK Nissim Zeev moved into Peace House about a month ago. Rabbi Zeev was encouraged by his rabbinic mentor, Rabbi Ovadia Yosef to remain. “Continue fighting for the house and continue living in the house,” Rabbi Yosef told his disciple.

Peace House residents cannot go to their neighbors to borrow milk, since their next-door-neighbors are Arab. “No one ever thought to move far from existing Jewish homes in Hevron. Five years ago, someone mentioned to me that houses were available,” Abraham explains, “But I wanted something that could make a difference.” Abraham rejected property offers until he came across the present Beit HaShalom. “It was risky without knowing the outcome,” he states, explaining that he was concerned with the risk of pioneering in a new area. “There were the issues of security, but NOT legal issues,” Abraham reiterates, “It was just as much of a legal issue to move next to an existing Jewish property as this property.”

“I gave the go-ahead. The property is actually in quite a strategic area as the home gives more protection to the area,” Abraham clarifies.

“We knew what we’d be facing - that whichever Arab would sell it would subsequently deny it, because, as you know, there’s a death penalty to an Arab who sells property to a Jew. So, we made sure that the sale was well-documented, with video and cassettes, and we made sure that every ‘i’ was dotted in the contract.” Abraham states.

Although Abraham’s legal team documented the sale, Rajbi, the Arab seller actually changed his story three times. He first claimed that he didn’t sell the property. He later claimed that he sold the home but didn’t receive money for it. His last claim was that he sold the Peace House and received payment, but he wants to retroactively cancel the sale.

In the tape documenting the sale, Rajbi admits that he sold the building to Abraham’s agents. Abraham feels that his fight is not for the building, itself. “It’s about a Jew’s right to live in the Land of Israel,” he added, “The government isn’t interested in legalities. They are interested in agendas, being it’s so close to elections.”

Abraham was disheartened to hear of the eviction the very day that ongoing negotiations between Defense Minister Ehud Barak and pro-Land of Israel representatives were taking place.

However, Abraham will not give up his fight. On Sunday, the Hevron Jewish Community filed preliminary proceedings against the IDF for damages. “With all the legalities, I’m confident that we’ll succeed. Although it’s a corrupt system – a very socialistic society – I’m confident that we’ll win,” Abraham stated, mentioning his intention to continue to purchase more homes in the Land of his Forefathers.

Stumble Upon Toolbar

03 December 2008

Mumbai Memorial

I have refrained so far from commenting about the events that occurred in Mumbai, India. I just didn't have what to add to that which was being written nor did I feel that any contribution of mine could change what occurred nor ease anyone's pain. Then today, I read the article below and decided that no comments from me were necessary. This says it all.

No last respects for martyred couple - Shmais
by Rabbi Shimon Posner
Within less than a week they went from virtually unknown to Rabbi and Mrs. Gavriel and Rivkah Holtzberg, directors of Chabad of Mumbai to 'the Holtzbergs' to Gabi and Rivkie. His smile was infectious and as someone who never knew him I recognized that smile immediately: it was on the faces of dozens of young men just like him who have walked through my doors in the last twelve years.

Showing up to spend Shabbat with us, often on break from yeshiva, they showed up with that smile and an open handshake and within minutes "what needs to be done?'' And I put them to work. Because they made you feel that by their helping they owed you a favor, not you them. And by the time we sat down to the Shabbat meal they would have our two- year-old (whichever child it was at the time) on their knees and the other kids clamoring for them and basking in their attention. And they always left after Shabbat with a place in our hearts.

And slowly, between bombardments of horror issuing from India, details of their lives came out: Rivkie liked jasmine tea with with fresh mint leaves. Rivkie was debating what color to paint her Chabad House, and had asked her friend – the Chabad rebbetzin of Nepal – for advice.

Like his biblical antecedent, baby Moshe'le was plucked from the river by a woman. In the biblical case the Nile turned to blood eight decades later, the Holtzberg's Moshe came out of Nariman House with his pants dripping with blood hours before his second birthday. Sandra Samuel is now a household word – at least in my house.

Their funeral was packed with dignitaries and those who flew from afar -- the media clips added the words 'to pay their last respects'. The media were wrong.

There is no 'last' from Gabi and Rivkie, their bodies may well be on the mountain where their ancestors and mine lie buried, but Gabi and Rivkie won't be ensconced in a memorial. The death of a tyrant ends his reign; the death of martyr begins his. For just as surely as the bloodbath off Colaba Causeway ended their lives it did not herald their end. Gabi and Rivkie have now entered the hallowed halls of people who lived lives greater than themselves, connected to something enduring -- and with that they have become eternal.

It is customary – mandatory – for us to comfort the mourners, the family. What can we say other than that there is nothing to say? I trust you know well, that we the people mourn with you. We don't for a minute assume our pain is the same as yours, but we see your pain, we wish we could alleviate it somehow and more than that, we see ourselves in Gabi and Rivkie.

We know they were not singled out because they were Holtzbergs and Rosenbergs; we know they were singled out because they were Jews. We know they weren't singled out because of their ideology; they were singled out for their decency. And because they were in a place we don't associate with terror we see our own fantasy-induced immunity threatened by their deaths. We have been indecently stripped of our it-can't-happen-to-us invulnerability without the slightest vestige of honor and decency. So we share – in our own way – your pain.

Do I now have to turn to Moshe'le? Men cringe and women weep when you cry for mommy. And watching you, thinking of you, we too cannot sense the comforting presence of our Father in Heaven here on earth. Like you, we are full of questions and cannot articulate them; don't even realize what they are.

Sandra; you deserved Rivkie and Gabi and they deserved you. In a moment of terror-induced panic your basic human decency and love kicked in and you rescued a crying boy.

What a refutation you are of those who sought to harm you! Where they show cowardice, you showed courage. They are afraid to attack soldiers, so they attack mommies and babies. They hide behind children when they shoot soldiers. You save babies and run towards the soldiers. You are the freedom fighter; they are the frustrated mamma-boy wusses who clearly cannot be called neither soldiers, nor fighters nor even men.

I wish politicians would pay more attention to you instead of paying homage to you. Without knowing you, I feel your courage is contagious and that would help them deal with a problem they should have and could have dealt with long ago.

Forgive me. I didn't mean to bring that up just yet; but now that it is here I will not take it away.

Gabi and Rivkie, strangers are already naming their children after you for you are strangers to us no longer. Your smile is infectious and we are catching your disease and feel healthier for it. As Velvel Green once described the likes of you "I don't think you're crazy for moving to the places you do and living the lives you do. I think you are crazy because you enjoy it!"

Revenge is what I want, and I like my revenge sweet. And the sweetest revenge is good living. Rivkie and Gabi you didn't live well; you lived good. And now I see with inevitability if not clairvoyance that a generation will be raised in your glow and be starting homes like yours, houses that echo our father Abraham and Sarah.

Maybe I'm crazy, maybe I'm a prophet, maybe I'm both, maybe I'm just ranting, but you heard it here first; one day the children of those who sought harm will benefit from the legacy that Gabi and Rivkie left behind. That will be the sweetest revenge of all.

So we bury you, we salute you, we mourn you and we emulate you. We respect you and (pray the Al-mighty give us strength and focus and health to do so) we will live with you. But you little kids gunned down before you could grow grey, sorry guys, you will continue to live more than most ever will. So the one thing we cannot and will not give you is last respects. Instead, the respect for you will be lasting.

Mumbai Relief Funds

Stumble Upon Toolbar

01 December 2008

The Dangers of Social Networking Sites

I do not suppose this article will keep people from logging into their favorite social networking site nor do I expect that people with established profiles on Facebook or MySpace or any other similar site will alter their profile to prevent being scammed.

For those people considering using a social networking site, please bear in mind the very informed opinion of Mike Elgan below. Social networking can be lots of fun and very useful for keeping in touch with our pasts and for planning our futures. While searching for old friends and making new ones, know that whatever pictures you post, information you add to your site, comments you make on your friend’s sites, emotions you share and schedules you make public cannot be retracted. You cannot recall what you post. Even if you delete the post or even the profile itself someone may still have saved the post or profile on their computer, printed it or shared it with others. One “bad” friend means your information has been shared with all the “bad” friend’s friends. Somewhere online, the information is still there.

The best bet for social networkers is to only permit new friends whom you already know and that you know from outside the network are online. Use an outside source to verify the authenticity of a new “old” friend. Most importantly, do not use your “real” name or a picture which would qualify for an ID card on your profile. Yea, this takes much of the fun out of social networking but in terms of secure usage, it works. Elgan explains below how scammers and criminals can take advantage of those who choose to ignore his advice.

Elgan: Why you can't trust 'friends' on Facebook

November 26, 2008 (Computerworld) Every form of communication, from snail-mail to e-mail, chat and others, is subject to fraud and scams. But social networks like Facebook are subject to new, more dangerous opportunities for fraud.

With e-mail and IM spam and Internet scams, the whole social-engineering game is to get you to trust a stranger. But social networks are different. The goal there is to get you to believe the fraudster is a friend whom you already trust.

If you're on Facebook, you've no doubt got a bunch of friends. And if you're like most Facebook users, you're certain those friends are exactly who they say they are. And you might be right. Or you could be wrong. They could be scammers posing as your friends.

How hard is that, exactly? It turns out to be hideously easy to do.
If this kind of false-identity fraud hasn't been attempted against you in the past, I can assure you it will be in the future. Scammers are quickly realizing that posing as another person is a foolproof way to get around the age-old trust issue that can ruin a good con.

How to steal friends and influence people
I'm going to tell you exactly how someone can trick you into thinking they're your friend. Now, before you send me hate mail for revealing this deep, dark secret, let me assure you that the scammers, crooks, predators, stalkers and identity thieves are already aware of this trick. It works only because the public is not aware of it. If you're scamming someone, here's what you'd do:
Step 1: Request to be "friends" with a dozen strangers on MySpace. Let's say half of them accept. Collect a list of all their friends.

Step 2: Go to Facebook and search for those six people. Let's say you find four of them also on Facebook. Request to be their friends on Facebook. All accept because you're already an established friend.

Step 3: Now compare the MySpace friends against the Facebook friends. Generate a list of people that are on MySpace but are not on Facebook. Grab the photos and profile data on those people from MySpace and use it to create false but convincing profiles on Facebook. Send "friend" requests to your victims on Facebook.

As a bonus, others who are friends of both your victims and your fake self will contact you to be friends and, of course, you'll accept. In fact, Facebook itself will suggest you as a friend to those people.

(Think about the trust factor here. For these secondary victims, they not only feel they know you, but actually request "friend" status. They sought you out.)

Step 4: Now, you're in business. You can ask things of these people that only friends dare ask.

"Let's meet for drinks -- bring your new car!"

"I'm in Nigeria on vacation, got robbed and need $500 to get home!"

"I see you'll be away for the holidays, but I want to send you a Christmas card anyway. What's your home address again?"

Facebook represents a perfect storm of fraud factors. The whole "friend" system creates trust, but the reality of social networks prevents verification that people are who they say they are.

How to meet new people and rob them blind
While some Facebook fraud involves strangers posing as existing "friends," other types involve making new "friends."

I'm being "scammed" right now by someone on Facebook (I won't give you names or other details because, truth be told, I'm only 95% sure it's a scam). Here's how it's going so far.

Some pretty young woman in Indonesia sent me a friend request two weeks ago. I've been researching Facebook scams for this article, so I assumed it was a setup, played along and added her as a friend. Checking her profile, I found exactly what I expected to find: All her friends were male and most closer to my age than hers; her profile was brand-new; photos showed her only with a bunch of other women. (After a fellow male dupe posted on her wall that it was strange she had only male friends, suddenly a couple of female friends emerged -- probably from other fraudulent profiles set up by the scammer.) Every few days, I get a wall post or a chat session.

This profile was almost certainly set up by someone out to steal something, and who has probably set up dozens of such scam profiles all over Facebook. He's (statistically speaking, it's most likely a "he") using flattery to make friends and generate interest, and innocuous chit-chat to establish trust, which will be cashed in later when the real scam hits. The "girl" will eventually need to borrow money or something like that. Or it could just be a way to establish and maintain a "friend" connection so the scammer can target my friends. Who knows? I'm not planning to find out. I've now reported my new "friend" to Facebook, and will unfriend "her" as soon as I submit this column.

While pretty women can be dangled in front of thirtysomething and fortysomething men in order to separate them from their money, Dateline NBC's Chris Hansen can tell you that men target girls for crimes far worse. A growing number of police investigations are targeting men with fake Facebook profiles and fake photos, which always show the perp to be closer to the age of the victim. They strike up "friendships" with underage girls. One 32-year-old Canadian man is currently being investigated for targeting 146 girls (most between the ages of 11 and 15), and trying to get them to agree to an in-person meeting.

Similar to this is stalkers of all stripes who use fake profiles to keep tabs on their victims. There's even a tongue-in-cheek "Stalkers" application on Facebook.

How to wreck Facebook
One reason people enjoy Facebook is that e-mail has become polluted with spam, and it's more pleasant to converse without unsolicited garbage. That's why purveyors of unsolicited garbage find Facebook so appealing as well.

This week, Facebook won an $873 million judgment (filed under the CAN-SPAM Act) against a spammer. Hooray for Facebook! But this high-profile legal victory points to the sudden attention being paid to Facebook by spammers large and small. For every big fish caught, a thousand little fish get away. Of course, the spam on Facebook comes in the form of "groups" and "gifts" and "applications," as well as wall posts and other such communication.

Facebook is also becoming a focus point for hate speech. After a South Park episode where a character claims all redheads are evil, some Canadian teenager created a group on Facebook called "National Kick a Ginger Day." Which led, of course, to actual kids getting kicked at school. This passes for a hate crime in Canada.

In Italy, someone or some group posted a series of "neo-Nazi" Facebook pages that reportedly called for violence against gypsies.

All of these malicious activities, from fake friends to spam to hate speech, are aggressively dealt with by Facebook once people complain. But the Internet is always Darwinian. As Facebook's defenses evolve, the spammers will find a way to deceive. And deception is oh so easy on Facebook.

Eventually, I predict that fraud will become so widespread that signing up for Facebook will require a verified cell phone number. But in the meantime, difficult-to-detect fraud is exploding on Facebook, and you would be well-advised to verify every friend.

Mike Elgan writes about technology and global tech culture. He blogs about the technology needs, desires and successes of mobile warriors in his Computerworld blog, The World Is My Office. Contact Mike at mike.elgan@elgan.com, follow him on Twitter or his blog, The Raw Feed.

Stumble Upon Toolbar

What Words Offend Arabs? The Truth.

Children's Poetry Booklet Recalled After Arabs Complain
(Israeli censorship kowtows to Arabs.
When Will We Tell The Truth Without Fear)

(IsraelNN.com 7 Sivan 5768/June 10, '08) Ynet's web site and Arab complaints against a ten-year-old boy's poem about terrorists has resulted in the recall of all of the Nes Ziona municipality's children's poetry booklets.

Ynet boasts that its coverage of the poem resulted in its being recalled.

The text of the poem (Ynet's translation):

Ahmed's bunker has surprises galore: Grenades, rifles are hung on the wall. Ahmed is planning another bombing!What a bunker Ahmed has, who causes daily harm.Ahmed knows how to make a bomb. Ahmed is Ahmed, that's who he is, so don't forget to be careful of him.We get blasted while they have a blast!Ahmed and his friends could be wealthy and sunny, if only they wouldn't buy rockets with all their money.

Poetry competition director Marika Berkowitz, who published the booklet, was surprised at the protests and told Ynet: "This is the boy's creation and this is what he wanted to express. Of course there should be a limit, but I think the there is no racism here. 'Ahmed' is a general term for the enemy. These are the murmurings of an innocent child."

The Education Ministry told Ynet: "The local authority that published the booklet should have guided the students in a more correct manner through the schools. The district will investigate the issue with the local authorities."
4Torah.com Search from Pre-Approved Torah sites only
Custom Search

Twitter Updates

    follow me on Twitter