|
Ultrasaur Blog
Keeping track of exciting new threats to your digital records.
Posts Tagged ‘fraud’
Thursday, July 23rd, 2009
If you ask a random person on the street if digital photos can be trusted, the answer is probably going to be a no — even though many prints live most of their lives digitally.
Adobe and others are working on software to heuristically tell if a photo has been altered. From a mathematical perspective, I find this software fascinating, but in a sense it’s self defeating:
- No matter how much the software costs, I suspect that phot forgers are also software pirates, so they’re going to have this software
- You can now iterate on your forged imaged until it passes the test
So essentially a tool for detecting forgeries is a perfect tool for creating forgeries.
Tags: digital media, fraud
Posted in misc | No Comments »
Saturday, June 27th, 2009
We normally focus on the bigger stuff, but fake expense receipts are a reminder that insider fraud does happen.
Some random thoughts on expense receipts:
- I’ve taken taxis for work where the driver offers to increase the receipt $10 or so, if I’d pay in cash.
- They offer perverse incentives, the bus system in Seattle is often easier than a taxi, but I could get a receipt for the taxi making it free (vs $2 to take the bus).
- When I lived in China, outside most subway stops were vendors selling taxi receipts. The idea again being that the subway was cheaper (and often faster), but you could still get reimbursed for a (more expensive) fictional taxi trip.
- The real cost is repeated over and over in the comments, if you need to ask for too much verification, you’re “making all trips cost an extra half day’s productivity for each traveler”
Tags: fraud, old timey ways, records
Posted in record falsification | No Comments »
Thursday, June 11th, 2009
Not entirely counter-intuitive, but there’s a new study out showing that different industires suffer data breaches in different proportions (but still suffer them).
The Health Care and Social Assistance sector reported a larger than average proportion of lost and stolen computing hardware, but reported an unusually low proportion of compromised hosts. Educational Services reported a disproportionally large number of compromised hosts, while insider conduct and lost and stolen hardware were well below the proportion common to the set as a whole. Public Administration’s proportion of compromised host reports was below average, but their proportion of processing errors was well above the norm. The Finance and Insurance sector experienced the smallest overall proportion of processing errors, but the highest proportion of insider misconduct. Other sectors showed no statistically significant difference from the average, either due to a true lack of variance, or due to an insignificant number of samples for the statistical tests being used.
Source: Interhack (Full study as a PDF)
Tags: attacks, fraud, hacking, statistics
Posted in hackers | No Comments »
Friday, May 29th, 2009
Shorter version:
Waste Management sued SAP, for $100 million since the product didn’t live up to the demo. Nobody claims to have a copy of the demo that the case rests on.
My question is, why should Waste Management believe that SAP would necessarily produce the original demo?
I agree that it “would be wise to preserve a copy of product demonstrations as they form new license agreements with vendors” but having given and received demos, I don’t think I’ve ever seen that happen.
Tags: court case, demo, fraud
Posted in fingerprinting, record falsification | No Comments »
Tuesday, May 5th, 2009
One interesting aspect of this discussion about a copied website, is that no-one has a solution.
http://www.wxbh-lrj.gov.cn/ is the copy, http://www.lokad.com/Technology.ashx is the original.
The funny things are:
* plenty of “left-over” on the Chinese website from the original one.
* imaginative ways of recycling irrelevant illustrations.
* it’s a .gov.cn website, that is to say an official Department of the Government of China.
Tags: china, fraud, stub
Posted in record falsification | No Comments »
Tuesday, April 7th, 2009
One wouldn’t think that copying websites would be a large problem, after all the originals are just a click away. But much as stealing blog content for ad-clicks is a right of passage (even I’ve had it), complete website copies are common enough to spawn a community that tracks them down.
Recently there was a very active Rob Morris’ site. Often it’s easy to figure out which one is the copy… it’s the one where the the text hasn’t been 100% updated:
“private organizations in North America and Europe including [...] the Australian National University [...] and Sports Medicine Australia“
and where some of the links are broken. Since generally the copiers copy the best because they don’t have the skills themselves. However, there are cases where it isn’t clear.
Amusingly enough, there are examples of the original author being pursued by the derivative’s author. In one case on YouTube, a timelapse video of clouds was put into the public domain, then used in the background of another video — and the original author’s was taken down:
This is to notify you that your video “Timelapse Clouds Compilation” from your Google Video account has been disabled because it has been identified by our Content Identification tools as potentially lacking the necessary copyright authorization for use on the Google Video site. Content Identification is a program that analyzes similarities in audio or video between user videos and a library of reference content provided to us by copyright owners. When a video matches a reference file, that video is automatically disabled.
Tags: fraud, funny, originals
Posted in record falsification | No Comments »
Saturday, April 4th, 2009
This is somewhat breaking news, but apparently the FBI has seized the servers of 50 companies because they were hosted in the same building as a company suspected of leaking an unreleased movie.
“[Owner of Core IP Networks, Matthew] Simpson claims nearly 50 businesses are without access to their email and data. Some of those clients provide internet services to car dealers and other companies.”
It appears that primarily web sites and email were affected this time, but it might be setting a dangerous precedent from our perspective: If you keep backups of your records offsite, the FBI may take them at any time if they think some entity also using that site is involved with movie piracy.
Aside: Remember our pitch, we never make copies of your records, if the FBI takes our servers all they can do is verify your files if you give them to them.
Update from CBS 11 News in Dallas:
CBS 11 News has uncovered new information about FBI raids against Dallas companies that provide web servers for dozens of businesses in North Texas and across the country.
Court documents show it’s all part of an alleged massive fraud scheme against AT&T and Verizon.
Court records show Verizon first went to the FBI this past January, alleging some North Texas web server providers were cheating them and AT&T out of millions of dollars.
Tags: crime, forensics, fraud, police
Posted in legal | No Comments »
Saturday, March 7th, 2009
For a fun twist on record falsification from Connecticut:
“labels for high-end name brands glued onto less-expensive coats. …
This is double-labeling, so you’re selling a fake product,”
Fake goods are common enough, but rarely is it the trademark owners selling the fake products.
source: Consumerist
Tags: fraud
Posted in record falsification | No Comments »
Tuesday, January 20th, 2009
From Hattiesburg, Mississippi:
They handed a credit card with no financial backing to the clerk which when swiped was rejected by the cash register’s computer. The suspects then informed the clerk that this rejection was expected and to contact the credit card company by phone to receive a payment approval confirmation code.
It should be obvious how this was a scam, the same person who provided the flawed credentials provided the method to verify them (the phone number). Predictably the person at the phone number was an accomplice who vouched for the credit card and the suspect made off with $8000 worth of merchandise.
Moral of the story: don’t trust the source of data to vouch for it.
source, via Schneier on Security
Tags: fraud
Posted in record falsification | No Comments »
Thursday, December 18th, 2008
Technical details are scarce, but Greenpeace UK claims records were altered concerning logging permits.
Source: The Register via Schneier on Security
Tags: fraud, records
Posted in record falsification, worldnews | No Comments »
|
|
