If you are having trouble viewing this email, click here to view this online



   ISSUE 50

29 September 2015

Article of the Month  Around the World

Identity Theft 101 - Stop It, Catch It, Kill It


We’ve touched on the subject of identity theft (specifically, medical identity theft) before. But as one of the most damaging outcomes of an information security failure, it’s worth taking a closer look at.


What is identity theft? If a person pretends to be someone else, to obtain goods, services or cash in the victim’s name…. Simply put, it’s fraud.

Identity theft can be used to achieve a variety of ends. For example to obtain loans or take out contracts in the victim’s name, thereby damaging their credit record (fraudsters don’t usually bother to make payments, go figure). It may also, as in the case of medical identity theft, be used to access services, consuming benefits that the victim has paid for. If the criminal is able to access a victim’s bank accounts, they’ll drain those too.

The trick (from a criminal’s point of view) is obtaining enough detail about a person to enable them to pass for the intended victim in the eyes of a bank, creditor, insurance company and so on. In the olden days this was often achieved by rifling through bins looking for intact paperwork containing names, birthdates, addresses, policy numbers, account numbers, etc. amongst the rotting veg and tea bags.

Advancements in technology largely mean that fraudsters needn’t get their hands as dirty as they used to. Even so, it’s worth investing in a good crosscut shredder to destroy sensitive documents, after all, why take the risk? Also, you’ll never have to buy hamster bedding again.


Look at it this way, any item or piece of information you use to prove who you are, can be used to fake your identity, and must be jealously guarded. Not only does this make identity theft less likely, but being sensible with your personal details improves the chances that the cost of any fraud will be covered by the company involved.
In practice, this includes keeping track of any forms of ID, such as passports, drivers’ licenses, ID cards and visas. Report any lost or stolen identity documents to the relevant authority promptly. The same goes for debit and credit cards. Also bear in mind that utility bills and bank statements, aside from being data goldmines in their own right, can be used as proof of address – make sure they’re properly destroyed before disposal.

But how does our modern non-dumpster-diving fraudster come by details to abuse? Most of the time, they simply ask. A well – or even badly – written phishing email or smooth phone call can work wonders.

At this point, one might write, “Beware of emails claiming to be from your bank, insurance company, creditor, etc.” But realistically, the best thing to do is to be wary of all emails. That may sound a little over blown, we don’t want you living in a permanent fog of anxiety, too terrified to open your inbox. However, consider for a moment – anyone can send you a perfectly legitimate looking email with very little effort. In the same way, anyone who can access your phone number (say, from your Facebook account) can call you and spin whatever story they like.


For instance, the person contacting you claims to be from your bank. You choose not to trust them, or act on their instructions, until you can verify that this is the case. You contact your bank via an independent and trusted route (like, you know, actually going into the branch) and discover that no such communication was sent. Congratulations, you’ve thwarted the scammers!
But what if they tell you it’s an urgent matter, needing your attention right now. That should ring even louder alarm bells, as it’s a common tactic used to illicit a knee jerk response from the victim, depriving them of the chance to dig deeper.

The point is, while much specific advice is very sensible (e.g. never give out your PIN) the best way to protect yourself is to cultivate a mindset of vigilance. Protect your details, they are what represent you in the digital space.

And, just in case anyone was wondering, fraud is never a victimless crime. Even if the victim is made whole by the institution involved, this cost will simply be recouped in the shape of higher prices for services levied on legitimate users. Not to forget the cost in time, effort and stress on the part of the victim while they unpick the mess left behind.

We’ve discussed what identity theft is, and how to defend against it. In part two we’ll cover how to spot if the worst has happened, and what to do about it!


However you find out, don’t panic, but be sure to act swiftly. As with everything in life, ignoring the problem isn’t going to help. Contact the institution involved immediately to inform them that you believe you have been a victim of fraud, they may advise you to report the matter to the police.

If you haven’t already done so, obtain an up-to-date copy of your credit report. Check the report thoroughly for any fraudulent transactions and challenge them.

Review your bank and credit card statements; if you spot anything unusual, inform the relevant financial institution immediately. And while you’ve got your paperwork out, make sure you’ve actually received all of the correspondence you would normally expect, if not, contact the company involved to ensure they have your correct details. Well-organized personal records not only make it easier to pick up on illegitimate actions, but will also help simplify the task of investigation if things go wrong.If you suspect the fraudster has accessed online services in your name, reset your passwords from a known-safe device. Be sure to pick a strong password, unique from any you use elsewhere or previously. Ideally, the password should be as long and near-random as the site in question will allow, password safes are a convenient way of storing passwords that aren’t memorable. If the service offers two factor authentication (for example, a password plus a code that will be texted to your phone), all the better.

Reference: Team Cymru

















When attribution in cyberspace is debated and discussed, most of the focus has been on whether the U.S. government should take an offensive strike against cyberattackers. But recently, a different angle has surfaced:


'....When Facebook posts and tweets blamed Ukrainian rebels for downing a Malaysian jet there last year, U.S. spies studied social media trend lines to gauge public opinion of the Kiev-Moscow conflict....'




'...Although the language of thinking is deliberate—let me think, I have to do some thinking—the actual experience of having thoughts is often passive. Ideas pop up like dandelions; thoughts occur suddenly and escape without warning. People swim in and out of pools of thought in a way that can feel, paradoxically, mindless......'

It Takes the Federal Government Two Years to Process a Refugee Application from Syria


'...More than four million Syrians have left their homes since civil war broke out in 2011, with roughly three million fleeing to neighboring countries, such as Jordan and Turkey. ..'

How to kill Remote Access Trojans

'...Detecting Remote Access Trojans can be very challenging because they mimic legitimate commercial remote administration tools, open legitimate network ports, and perform very surgical operations that don’t resemble typical malware techniques, says Udi Shamir, CSO and head of SecurityLabs, SentinelOne.....’

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in August 2015
 Statistics - Sri Lanka CERT|CC

Study Reveals the Most Common Attack Methods of Data Thieves

'....Learning more about your attackers helps to improve your security profile and reduce the possibility of a breach.

Sophisticated criminals using advanced techniques are behind most of the recent security breaches, targeting small network openings and user weaknesses left vulnerable by even the latest shiny new technology. ..'

Make things happen from an Android Wear watch with this app

'...Got an Android Wear watch? Then you can create one-touch shortcuts on it for very specific actions thanks to the folks at IFTTT, or If This, Then That.

The company launched its DO Button app earlier this year; a simple programmatical way to create actionable shortcuts. Now...'

Telstra, Vodafone compete on mobile data, plan inclusions

'...Both Telstra and Vodafone Australia have unveiled new mobile plans over the last week, with each telco offering either much larger data allowances for post-paid users or the ability to roll over unused data on prepaid plans to draw in and retain customers as competition grows in the increasingly data-focused industry....'




'....With its defiant response Thursday to Europe's long-running antitrust investigation into its search practices, Google is betting potentially billions of dollars that it can convince the continent that, true to its mantra, it is not evil.....'

Agencies Can Boost Savings with the Hybrid Cloud



'"....Many agencies could be saving money by making better use of the cloud, but what about all of the data and functions that simply can't go virtual?

Going hybrid could be the answer.

Download this report to get 3 tips for federal managers to go hybrid. ....'

Notice Board
  Training and Awareness Programmes - September 2015
03/09/15 Computer Laboratory ,ICT Branch, Ministry of Education IDM Nations Campus E-Plus Exam Programme
- 16/09/15 Committee room, Ministry of Education Safe Use of Internet
18/09/15 Committee room, ICT Branch, Ministry of Education Monthly progress review meeting with Provincial ICT Coordinators
27/09/15 to 30/09/15 National Aquaculture Development Authority of Sri Lanka Capacity Development training for teachers
28/09/15 to 01/10/15 IPICT Institute Training programme on IPICT
31/08/15 to 02/09/15 CHPB Pelawatta Video lesson Development for grade 10 New Sylabus
21/09/15 to 23/09/15 Construction Training & Development Center Pelawatta Video lesson Development for grade 10 New Sylabus

Brought to you by: