Tag Archives: big government

AT&T/T-Mobile Merger Blocked by DOJ

PBS Nightly Business Report
August 31, 2011

The giant merger between AT&T (NYSE: T) and T-Mobile got disconnected today. Susie, the Justice Department filed a lawsuit to block this $39 billion deal.

But in the end, the government called the deal bad for consumers, saying “price, quality and innovation would be diminished if the merger between the number two and number four wireless carriers took place.”

Now today’s lawsuit by the Department of Justice is the biggest challenge yet to this merger, which has faced earlier criticism. The FCC, for one, echoed concerns about competition. AT&T (NYSE: T) stock did fall on the news, down almost 4 percent today. The bulls, though, came calling for Sprint, the competitor here, sending its stock up nearly 6 percent.

AT&T (NYSE: T) tied up its merger with T-Mobile with a pretty political bow. There were promises to build out wireless broadband in rural America, an Obama administration priority. Labor unions were part of the team, 5,000 call center jobs would be brought back to the United States.

But today, Justice Department anti-trust lawyers bucked the political pressure and decided four mobile phone companies was as low as they would go.

There’s a quip from a famous old anti-trust lawyer that used to say the difference between Republicans and Democrats after all the fancy econometrics is Democrats want to see four competitors and Republicans are satisfied with three. I don’t know if that’s true, but that’s where we’ve gotten with this case, is a determination that we need to at least now have four national players with this level of competition.

To continue reading click here.

UWM computers hacked; data on 75,000 exposed

Stanley A Miller II
August 10, 2011
Milwaukee Journal Sentinel

A computer system at the University of Wisconsin-Milwaukee was hacked and bugged with malicious software, potentially exposing the names and Social Security numbers of about 75,000 students, faculty and staff, the school announced Wednesday.

UWM officials said, however, that investigators have no evidence that data was viewed or stolen, and the school is sending letters Wednesday to those potentially affected by the security breach.

“Talking to the forensic experts, we don’t believe the motive was identity theft,” said Tom Luljak, UWM’s vice chancellor for university relations. “We are a research institution with a significant number of projects under way. It is theorized that this may have been an attempt to look at work being done.”

The school’s technology staff discovered on May 25 that software allowing backdoor access into a UWM database was lurking on a system used for scanning and viewing documents. That system, Luljak said, is an image bank used by several departments for managing a variety of documents, including applications processing.

Luljak said the school isn’t sure how long the malicious software sat on the system before being discovered, but officials think it was for a “short period of time.” The malicious software was installed remotely, Luljack said, and the infected server was immediately shut down.

“We don’t believe anyone got access to the image bank,” Luljak said. “There is no evidence that the hackers actually looked at or retrieved any information.”

The school contacted local and federal law enforcement authorities soon afterward and discovered June 30 that a database had been exposed. Luljak said that although the data included names and Social Security numbers, it didn’t contain any financial data or academic information such as student grades.

“Because of the nature of the malware, our concern was it would provide access to other servers,” Luljak said. “We think it might have been more of a fishing operation.”

Luljak said it took time to determine the specifics of the security breach, noting the school’s experts worked “virtually around the clock.”

“Our responsibility, we believe, is to be completely transparent to those affected,” Luljack said.

The school has set up a website at www.computersecurity.uwm.edu with information about the security breach, as well as a hotline at (800) 349-8518.

Thieves Found Citigroup Site an Easy Entry

Nelson D. Schwartz and Eric Dash
New York Times
June 13, 2011

Think of it as a mansion with a high-tech security system — but the front door wasn’t locked tight.

Using the Citigroup customer Web site as a gateway to bypass traditional safeguards and impersonate actual credit card holders, a team of sophisticated thieves cracked into the bank’s vast reservoir of personal financial data, until they were detected in a routine check in early May.

That allowed them to capture the names, account numbers, e-mail addresses and transaction histories of more than 200,000 Citi customers, security experts said, revealing for the first time details of one of the most brazen bank hacking attacks in recent years.

The case illustrates the threat posed by the rising demand for private financial information from the world of foreign hackers.

In the Citi breach, the data thieves were able to penetrate the bank’s defenses by first logging on to the site reserved for its credit card customers.

Once inside, they leapfrogged between the accounts of different Citi customers by inserting vari-ous account numbers into a string of text located in the browser’s address bar. The hackers’ code systems automatically repeated this exercise tens of thousands of times — allowing them to capture the confidential private data.

The method is seemingly simple, but the fact that the thieves knew to focus on this particular vulnerability marks the Citigroup attack as especially ingenious, security experts said.

One security expert familiar with the investigation wondered how the hackers could have known to breach security by focusing on the vulnerability in the browser. “It would have been hard to prepare for this type of vulnerability,” he said. The security expert insisted on anonymity because the inquiry was at an early stage.

The financial damage to Citigroup and its customers is not yet clear. Sean Kevelighan, a bank spokesman, declined to comment on the details of the breach, citing the ongoing criminal investigation. In a statement, he said that Citigroup discovered the breach in early May and the problem was “rectified immediately.” He added that the bank had initiated internal fraud alerts and stepped up its account monitoring.

The expertise behind the attack, according to law enforcement officials and security experts, is a sign of what is likely to be a wave of more and more sophisticated breaches by high-tech thieves hungry for credit card numbers and other confidential information.

That is because demand for the data is on the rise. In 2008, the underground market for the data was flooded with more than 360 million stolen personal records, most of them credit and debit files. That compared with 3.8 million records stolen in 2010, according to a report by Verizon and the Secret Service, which investigates credit card fraud along with other law enforcement agencies like the Federal Bureau of Investigation.

Now, as credit cards that were compromised in the vast 2008 thefts expire, thieves are stepping up efforts to find new accounts.

As a result, prices for basic credit card information could rise to several dollars from their current level of only pennies.

“If you think financially motivated breaches are huge now, just wait another year,” said Bryan Sartin, who conducts forensic investigations for Verizon’s consulting arm.

The kind of information the thieves are able to glean is shared in online forums that are a veritable marketplace for criminals. Networks that three years ago numbered several thousands users have expanded to include tens of thousands of hackers.

“These are online bazaars,” said Pablo Martinez, deputy special agent in charge of the Secret Service’s criminal investigation division. “They are growing exponentially and we have seen the entire process become more professional.”

For example, some hackers specialize in prying out customer names, account numbers and other confidential information, Mr. Martinez said. Brokers then sell that information in the Internet bazaars. Criminals use it to impersonate customers and buy merchandise. Finally, “money mules” wire home the profits through outlets like Western Union or MoneyGram.

“It’s like ‘Mission Impossible’ when they select the teams,” said Mark Rasch, a former prosecutor who is now with CSC, an information technology services firm. “And they don’t know each other, except by hacker handle and reputation.”

In the Citi attack, the hackers did not obtain expiration dates or the three-digit security code on the back of the card, which will make it harder for thieves to use the information to commit fraud.

Not every breach results in a crime. But identity theft has ranked first among complaints to the Federal Trade Commission for 11 consecutive years, with 1.34 million in 2010, twice as many as the next category, which is debt collection.

Many of these attacks have their origins in Eastern Europe, including Russia, Belarus, Ukraine and Romania. In fact, the security expert familiar with the Citi breach said it originated in the region, though he would not specify the country.

In Russia, Xakep.ru, is one of the larger forums for Eastern European hackers today, with nearly 13,300 registered members, according to Cyveillance. HackZone.ru is larger, and has more than 58,000 members. In addition, attacks by Romanian hackers have grown noticeably more advanced recently, according to security experts.

On HackZone, one seller who called himself “zoloto” promised “all cards valid 100%” and that they would be sold only one time.

Underscoring the multinational nature of these rings, American law-enforcement agencies have also been putting more investigators overseas.

“The only way to address a global issue is to address it globally with your partners,” said Gordon M. Snow, assistant director of the F.B.I.’s Cyber Division.

The Secret Service established a presence in Tallinn, Estonia, last month, and has embedded agents with Ukrainian authorities since the beginning of the year. The F.B.I. has embedded agents in the Netherlands, Estonia, Ukraine and Romania, and works closely with its counterparts in Australia, Germany and Britain.

But even officials at these agencies acknowledge that as fast as they move, the hackers’ strategies are evolving at Silicon Valley speed.

“With every takedown, they regroup,” said J. Keith Mularski, a supervisory special agent with the F.B.I.

DOT Sells Drivers’ Personal Information

Channel 3000
June 3, 2011

There are about 4.5 million drivers in Wisconsin, and more than half may not know their personal information is being sold by the state Department of Transportation.

There are laws but almost no oversight to how the Wisconsin DOT uses drivers’ information.

In all, the state makes millions of dollars by selling drivers’ information, WISC-TV reported.

Before a person becomes an official Wisconsin driver and gets his or her license, there’s time to consider two decisions at the Department of Motor Vehicles.

One is whether that person wishes to be recorded as a potential organ donor.

But drivers are also asked to check a box if they wish to have their name and address “withheld from the list the department sells.”

About 2.5 million Wisconsin drivers didn’t check the box to withhold their information. By not doing so, those drivers allow the DOT to sell their information on a monthly basis.

Some may not have noticed the other inquiry.

“It was kind of small (on the form). I didn’t really notice it at first,” said Sierra Scott, a Madison resident.

But it’s not just a person’s name and addresses. The driver record file includes a person’s name, address, date of birth, gender, driver’s license number and driving status.

The entire driver record file containing information on 2.5 million drivers can be purchased for $250.

“We produce a CD containing the record file and then we send that. Those funds are sent to the registration fee trust,” said Taqwanya Smith, director for the DMV’s Bureau of Driver Services.

In 2010, the DOT made $22,250 selling driver record files.

“I think the cost is representative of the amount of effort it takes to produce the records,” Smith said.

Smith, who administers state and federal laws at the Wisconsin Department of Transportation, said that anyone can buy the driver record file, getting access to information for the drivers who haven’t opted out.

“Wisconsin is an open records state, and by that Wisconsin presumes that the public has a right to know about information contained within government records,” Smith said.

Federal law defines who can get the information and how they can use it.

“The (Drivers Privacy Protection Act) authorizes us to disclose to anyone meeting that criteria,” Smith said.

But no state or federal agency tracks who is buying drivers’ information or what they use it for. If people check the right box, they get the information, with no questions asked and no follow up, WISC-TV reported.

To read more click here.

Lawmakers find time to tackle economic growth

By Tom Still
Milwaukee Journal Sentinel
May 7, 2011

A bill that would modernize Wisconsin’s telecommunications laws and open the door for investment in improved broadband and wireless networks was the topic of public hearings last week before Assembly and Senate committees. While some details remain to be worked out, lawmakers appear on their way to embracing a plan that would spur economic growth – particularly in rural areas where e-commerce, telemedicine and distance learning are more concepts than reality.

Traditional phone companies are regulated under rules that stem from an era when telecommunications was defined as two-way, voice-grade, analog wireline service. In short, telecom was a plain black telephone hanging on the wall.

Today, telecom is defined broadly to reflect a tidal wave of change in the age of digital computing and the Internet. The early 21st century meaning of telecom is the transmission and distribution of multiple forms of data – voice, text, video, images, music and more – through a variety of means.

Rethinking regulatory barriers tied to the landline era is part of Wisconsin’s effort to ensure that its telecom systems are world-class and that all regions of Wisconsin, from its major cities to its rural areas, have a chance to compete in the global marketplace.

If the reform package passes, Wisconsin could see job growth across a number of business sectors due to opportunities created by better telecom connections.

To read the entire article, click here.

We are all being tracked now. What should we do about that?

By Bob Sullivan
April 28,2011

Apple took its turn in the privacy hot seat this week, but it was a short stay.  Before the company could press-release its way out of trouble over its location-tracking iPhones, Sony grabbed that spotlight with a far more serious data transgression.

When Sony’s PlayStation disaster distracted us from Apple’s geolocation fiasco, we lost much more than 77 million accounts’ worth of data.  We lost a tremendous learning opportunity, a chance to focus on the greatest privacy question of our time, or perhaps any time:

Should we let corporations and governments know where we are all the time?

When researchers discovered last week that there was enough information in a file on most iPhones to determine the owner’s whereabouts dating back several months, disturbing location maps began appearing all over the Internet. But really, they were just visual representations of something most of us already knew deep inside: Cell phone companies know where we are all the time.  We also know grocery stores track what we eat and that governments know when we drive through toll booths.

The problem is this: We’ve never talked about whether this is a good or a bad idea.  We are all being tracked now, and our whereabouts logged.  But what should we do about it?

To continue reading click here.

Payday lender monitoring system now in place

By Shamane Mills
Superior Telegram
March 30,2011

A Wisconsin database overseeing all payday lenders is now up and running. It’s how regulators will make sure quick-loan companies are complying with a law that took effect Jan. 1.

The database operated by the Division of Banking will record every payday loan transaction. That way, regulators can track the number of times a loan is rolled over and whether customers are taking out loans they can’t afford; the new law says customers can be liable for no more than 35 percent of their monthly income.

Bob Andersen is with Legal Action of Wisconsin; the organization helps low income people with legal matters in 39 counties. He says the state database will shine some light on an industry that has more than 500 locations around Wisconsin and made $1.6 million of loans last year. Andersen says “unfortunately, we know from experience in other states that payday loan organizations have found ways to circumvent the law. That’s what we’re looking for (through this database) we’re hoping this works.”

The new regulations on payday lenders do not cap interest rates but if that or other practices pose undue burdens for customers, Andersen says the database information will bear that out. He says “for the first time it actually collects information on what’s actually taking place out there and that will be the basis for people to decide are there some other things that should be done as far as regulation.”

The law on payday lenders prevents vehicles being used as collateral and loans must be at least 90 days long. The disclosure agreement has to be in both English and Spanish.