WE HAVE MOVED - CHECK OUT OUR NEW HOME!

Please hold the line........the caller knows you are waiting and we are trying to connect you........

Saturday, 30 October 2010

Identity Fraud – The Plague of the 21st Century?

As promised below is a very interesting subject from one of our guest bloggers - Graeme Forward.

As a fraud analyst sitting down to pen his first offering for a security blog it seems to me there is only one topic I can kick off with if I want to seem hip and with it and on the pulse – yes, I speak of course of identity fraud. Identity fraud is the current ‘du jour’ crime, a terrifying new plague where just a few minutes trawling through a wheelie bin arms your local hoodie with sufficient ‘data’ to steal your money, your friends and family, your cat, your dog, your tv remote, and most importantly your self confidence and self esteem. Or so your average tabloid would have you believe.

“This ID Fraud is a menace” I hear you cry, “why not have a whole week devoted to making people more aware of it?” Good idea. So they did. It was called National Identity Fraud Prevention Week (unsurprisingly) and ran last week (17th-23rd Oct). You didn’t miss it did you?
Who is using your identity?
Now don’t get me wrong, I do think ID fraud is a problem, of course it is, and it’s only right that there are groups working to make people aware of how to prevent it. ID fraud does need to be put into perspective though. The reason it gets so much press is that it is one of the only large scale frauds which is perpetrated against individuals rather than businesses. Crime against business is rarely news.

ID fraud can take many guises but invariably the aim is to gain access to money by posing as another – thus making them responsible for it. (This begs the question why is it now possible for me to get a loan in less than 10 mins via an iPhone app or over the internet with precious little in the way of security checks? – the costs of this are already becoming apparent though, and this is a topic for another day.)

ID fraud is commonly perceived as a crime against an individual, but this is a matter for debate. If a victim of ID fraud has taken reasonable steps in their day-to-day activities to mitigate the risk then in the majority of instances the bank/building society etc will be responsible for picking up the bill, and so the party left out of pocket is rarely an individual. And with that we come to the crux. National Identity Fraud Prevention Week is not the selfless, philanthropic event it seemed at first glance – businesses understand that if they can get you to do all the hard work for them they can save themselves an awful lot of money. This is corporate fraud prevention on a national scale and I have to admit I’m impressed. Just as we were all starting to feel sorry for those poor banks again.

Worryingly, in this modern world of social networking, professional hackers and spyware, the main message to come out of National Identity Fraud Prevention Week was “get a shredder”. Conveniently, most of the companies involved in the awareness drive are able to supply you with one at a very reasonable price.

Overall, NIFPW didn’t quite achieve what it set out to. As so often is the case with these initiatives, it was the security and fraud professionals who were most aware of it – yet another case of our industries preaching to the converted. Unfortunately as with so many things, it’s not until someone becomes a victim of this kind of crime that they sit up and take notice, but by then it’s too late. So maybe fraud prevention on a macro scale isn’t quite as impressive as I first thought. Guess it’s back to the drawing board. Maybe we’d more successful if we stopped trying to preach to people and allowed them to use some common sense. Protecting yourself from ID crime is after all just about being aware and being sensible about what you do with your personal information, whether it’s online or on paper.

One final thought – There was one genuinely alarming statistic to come out of NIFPW. It seems that almost a third of all ID frauds are committed by someone the victim knows – most often a member of the family. Maybe NIFPW’s message should really have been – take your chances with the wheelie bin hoodies- rather that than leave your info lying around on the bottom of the stairs where your auntie or uncle might pick it up.

My top 5 tips to help prevent you becoming a victim of ID fraud:

- Be careful how you deal with credit/debit cards particularly when out and about. Never write down pin numbers or let your card out of your site when making a transaction.
- Think carefully about the information you display on social networking sites – your settings may only let your ‘friends’ see your information, but these 250 or so people you spoke to once at school 20 years ago are not always quite as ‘friendly’ as their supposed status would suggest
- Never give any bank details out in response to unsolicited phone calls or emails. Fraudsters are very good at forging documents or presenting themselves as a bonafide company, but your bank will never ask you to provide your pin no or the whole of your password.
- Don’t stress about it, just be sensible. Use your common sense and be mindful of how personal information could be interpreted or used.
- Get a shredder.

Friday, 29 October 2010

So can the secret Ring of Steel save the City from terrorism?

The following is all about an exhibition I recently visited following reading an article by Kieron Long in the Evening Standard. the exhibition was at Hanbury Hall near Brick Lane, E1. 'Allegedly' it was a photographic trip in time and Hostile Vehicle Mitigation (HVM). It wasn't, but still interesting just the same.


The article in the Evening Standard by Kieron Long was about a phenomenon that had been relatively covert, until documentary photographer Henrietta Williams and cartographer and trainee architect George Gingell began their project ‘Entering the Panopticon’: a study of the Ring of Steel, earlier this year.
In essence Williams and Gingell attempt to take us on a journey of how their research revealed one of the most significant transformations of an urban planning anywhere in London, 17 years of alterations to the public realm that have fundamentally changed the way the city meets the rest of the city. Or in layman terms and as we security people know designing out the hostile vehicle attack through Hostile Vehicle Mitigation (HVM).
The project now complete and their comprehensive mapping and photographic survey of every element of the ring of steel ready for show, I with a couple of colleagues attended.
The article stated that Williams and Gingell's work had documented a landscape of explicit security measures, such as new chicanes in roads manned by armed police, security cameras and bollards, as well as more subtle segments of the ring. The pictures reveal decorative water features and planters that are in fact built solidly enough to prevent car-bomb attacks. They also showed many places that were once streets but are now private property that staffed by security guards who move on homeless people, prevent photographers from taking pictures and stop kids skateboarding.
Unfortunately the exhibition did not translate well, and what Williams and Gingell were probably attempting to communicate was lost in its surroundings. There were a limited amount of pictures on display and some of them were not any type of HVM, the bollards in one of the pictures were that of a different London borough and were not HVM and this was disappointing.
I was unable to attend and walk the planned tour earlier in the day, but I doubt that any commentary would have helped me in understanding the point as the exhibition had already lost any credibility through obvious mistakes.
The Ring of Steel itself as quoted by Kieron Long is 6.5 miles of bollards, police boxes, CCTV cameras and other more subtle obstructions that has transformed the capital since it was conceived in 1993. It is the City of London's defence against car-borne terrorism, an unbroken security cordon that encircles London's financial heart.
What I would say is Williams and Gingell's had a fascinating idea and as a topic is ignored daily and although the exhibition is now over, I would suggest visiting the square mile and playing eye spy the HVM. I personally believe both the City of London and the Capital as a whole can offer the modern day counter terror security advisor some great examples of how best to mitigate this increasing threat around in the world. Maybe next time walking around the capital I'll get my camera out and take some pictures, introduce myself to some security staff and have a argument about the risk and the right to take pictures in public (that of course is a whole other argument nowadays and one not for me).

Friday, 22 October 2010

Thank you!

Hello, we have seen our readership rapidly increase and have received some very positive feedback from security professionals all over the world.
We receive emails from our readers but please do feel free to post these as comments so everyone can read and take part in the discussions.
Recently we have added a 'jobsite widget' which displays security jobs (still needs a little tweaking) being advertised by the site, but please contact us if you have a role to advertise and we will happily add it to the site (and yes this includes agencies).
Over the next couple of months we will continue to add new content, but we will be asking a couple of guest bloggers to contribute also........so please watch this space!
Our aim has always been to openly chat about security (hence the name), provide upto date security news and to hopefully give you, our readers some advice which might help you in your day job.

And finally a big fat thank you for reading and contributing to Chatback Security. Regards, Paul and Richard.

Tuesday, 19 October 2010

Securing Britain in an Age of Uncertainty: The Strategic Defence and Security Review

The Government has published its Strategic Defence and Security Review: Securing Britain in an Age of Uncertainty [PDF, 800KB] which sets out how it will deliver the priorities identified in the National Security Strategy [PDF, 375KB]. It describes how HMG will equip our armed forces, our police and intelligence agencies to tackle the threats we face today and in the future.
National security is the first duty of Government. Britain as a country continues to have global responsibilities and global ambitions. We will remain a first rate military power.
National security depends upon economic security, and vice versa. Bringing the defence programme back into balance has required some tough decisions but is a vital part of both how we tackle the deficit and how we protect our national security.
Faced with these challenges, the Government has been determined to make the right decisions for the long term defence and prosperity of the country.
This Review will equip the UK with modern defences: Armed Forces and equipment fit for the 21st century; strong security and intelligence agencies; and diplomats and development aid which can help us prevent threats before they become a reality. We will double the amount of aid we spend in conflict countries, tackling threats at their source.
We will continue to invest in our security and intelligence agencies. And we will establish a transformative national programme to protect ourselves in cyberspace, backed by £650m of new funds.

Wednesday, 6 October 2010

Beer Googles!

Some of the Internet Search Engines
I recently read an article (its here) which mentions some of the pitfalls when using the Internet to search for information (including pictures) for potential recruiters. I think this is a very interesting subject and I would recommend reading the article and the subsequent comments at the end which offer both arguments for and against from the HR professionals prospective.

Any information posted on the internet is in the public domain so surely I/you shouldn't put anything on here that you don't want others to potentially see (for whatever reason), however the issue then comes when someone else puts something on the internet without your knowledge and which could potentially lead to reputational damage for you! Obviously the privacy settings within social networking sites could help here, but these are only as good as the users awareness of these and also your friends of a friend of a friends awareness of these also!!

My personal view (as is all of the content on this site) is that a Google search (or Yahoo! for that matter) is a tool which can be utilised with caution within the pre-employment screening process for certain roles. For example security sensitive positions where an internet search may highlight information which would prompt you to ask some more probing questions during the interview stage i.e. you may find that someone worked for company XYZ, wasn’t sacked but mentions on their social networking profile how they were able to procure £2000 fraudulently and further more this role doesn’t appear on their CV within the employment history section.

From a legal or DPA prospective I am not too sure what the view on this is(but I can guess that it’s not particularly pro). Now with my security hat on surely advising a candidate at the initial stages that an internet search may take place will potentially deter the candidates who could pose a problem................in the current climate good candidates are a plenty, we all want to recruit the best, but we also don't want to recruit the candidate within the accounts department who has previous for fraud (but never convicted) or the candidate who has links to a terrorist organisation that joins your business to gain valuable intelligence and pose an insider threat.....or the person that lacks integrity and is clearly not a team player!

Update 7/10/10: Sal Remtulla, Head of Employee Screening at Risk Advisory has recently circulated some snapshots of recent CV liars. You can read her analysis here

Saturday, 2 October 2010

Don't Put Your Life Online!


I have this available in PDF format. If required send me an email.