From: Matt Paulsen Date: Sat Jul 27, 2002 4:25am Subject: NIST - Acquisition of Design, Procurement and Installation of Wireless Data Network to Support a Digital Video Management System Somehow this is funny sad funny. http://www.eps.gov/spg/DOC/NIST/AcAsD/SB1341-02-Q-0596/SynopsisP.html D -- Acquisition of Design, Procurement and Installation of Wireless Data Network to Support a Digital Video Management System Modification 01 - Posted on Jul 10, 2002 Solicitation 01 - Posted on Jul 16, 2002 Amendment 01 - Posted on Jul 17, 2002 Amendment 02 - Posted on Jul 18, 2002 Amendment 03 - Posted on Jul 23, 2002 General Information Document Type: Presolicitation Notice Solicitation Number:SB1341-02-Q-0596 Posted Date:Jul 01, 2002 Original Response Date:Jul 23, 2002 Current Response Date:Jul 29, 2002 Original Archive Date:Aug 13, 2002 Current Archive Date:Aug 13, 2002 Classification Code:D -- Information technology services, including telecommunications services Set Aside:Total Small Business Contracting Office Address Department of Commerce, National Institute of Standards and Technology (NIST), Acquisition and Logistics Division, 100 Bureau Drive, Building 301, Room B129, Mail Stop 3571, Gaithersburg, MD, 20899-3571 Description This is a presolicitation notice for a competitive Request for Quotations (RFQ) to be conducted under Federal Acquisition Regulation (FAR) Part 13, Simplified Acquisition Procedures. The acquisition is a 100% small business set aside. The Government estimate for this acquisition is no more than $29,000.00. The scope of the acquisition requires a Contractor to design, procure and install a wireless data network that will support a Digital Video Management System providing 24 hour surveillance of Gate "F" of the U. S. Department of Commerce, National Institute of Standards and Technology's (NIST) Gaithersburg, Maryland campus that allows real time review capability to the NIST security office; and to provide a minimal amount of training for use of the system. The competitive RFQ, RFQ amendments, and all questions and answers related to this acquisition will be made available via the Internet at http://www.fedbizops.gov/. The RFQ is anticipated to be released to the vendor community on or about July 16, 2002 and will only be released and made available via the Internet at the above web site. Potential offerors are responsible for accessing the web site. Interested parties must respond to the RFQ in order to be considered for award of any resultant purchase order. There is no written "hard copy" RFQ document available, telephone requests will not be honored, and no bidders list will be maintained. Potential offerors are requested to direct all questions via email to Joseph.Widdup@n.... All responsible Offerors may submit a quotation. Quotation submission instructions will be included in the RFQ that is posted to the FedBizOps web site. Original Point of Contact Joseph Widdup, Contract Specialist, Phone (301) 975-6324, Fax (301) 975-8884, Email joseph.widdup@n... Current Point of Contact Joseph Widdup, Contract Specialist, Phone (301) 975-6324, Fax (301) 975-8884, Email joseph.widdup@n... 5854 From: James M. Atkinson Date: Sat Jul 27, 2002 6:49pm Subject: You can paint my porch A blonde, wanting to earn some money, decided to hire herself out as a 'handy-woman' and started canvassing a nearby well-to-do neighborhood. She went to the front door of the first house and asked the owner if he had any odd jobs for her to do. "Well, you can paint my porch," he said, "How much will you charge me?" The blonde, after looking about, responded, "How about $50?" The man agreed and told her that the paint and other materials that she might need were in the garage. The man's wife, inside the house, heard the conversation and said to her husband, "Does she realize that the porch goes all the way around the house?" The man replied, "She should; she was standing on it. Why...do you think she's dumb?" Humbled by her initial reaction, his wife said, "No. I guess I'm just guilty of being influenced by all the 'dumb blonde' jokes I've been hearing." A short time later, the blonde came to the door to collect her money. "You're finished already?" the husband asked. "Yes," the blonde replied, "and I had paint left over, so I gave it two coats." Impressed, the man reached into his pocket for the $50.00 and handed it to her. "And by the way," the blonde added, "it's not a Porch, it's a Lexus." -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 381-9111 Granite Island GroupFax: 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@tscm.com -------------------------------------------------------------------------------------------------- Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. - Sun Tzu -------------------------------------------------------------------------------------------------- [Non-text portions of this message have been removed] 5855 From: James M. Atkinson Date: Sat Jul 27, 2002 6:51pm Subject: Hoorah for Dennis Miller Hoorah for Dennis Miller! He said recently on his show, regarding the judges who declared the Pledge of Allegiance unconstitutional: "So, Your Honor, the Pledge is unconstitutional because it says 'Under God.' Guess that means when you were sworn in with your hand on a Bible, and at the end of your oath repeated, 'So Help Me God,' that makes your job unconstitutional, therefore you have no job, which means your ruling doesn't mean shit." -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 381-9111 Granite Island GroupFax: 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@tscm.com -------------------------------------------------------------------------------------------------- Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. - Sun Tzu -------------------------------------------------------------------------------------------------- 5856 From: Andre Holmes <1ach@g...> Date: Sun Jul 28, 2002 0:56am Subject: Emailing: abamoneylaundering2000 (2) Your files are attached and ready to send with this message. [Non-text portions of this message have been removed] 5857 From: Andre Holmes <1ach@g...> Date: Sun Jul 28, 2002 0:58am Subject: Emailing: abamoneylaundering2000 Money Laundering Pretext Identity Theft Social Engineering Robert Douglas American Privacy Consultants PrivacyToday.comT Global Privacy Issues At The Click Of Your MouseT Official website of American Privacy Consultants, Inc.T Home Contact Us Privacy News APC News Services Speeches -------------------------------------------------------------------------------- Privacy and Anti-Money Laundering Prevention: How To Handle Statutory Inconsistencies and Customer Expectations Money Laundering Enforcement Seminar American Bankers Association American Bar Association October 31, 2000 Emerging Threats To Financial Information Security: Identity Theft, Pretext, Social Engineering, Forgery, and Impersonation In The Information Age Robert Douglas, CEO American Privacy Consultants, Inc. (www.privacytoday.com) © 2000 Robert Smith Douglas, III More hi-tech methods of access to confidential customer account information are being developed by the financial services industry every day. At the same time threats to information security systems are on the rise. The challenge for the financial services industry, security professionals, law enforcement and Congress is to find the appropriate balance between ease of access for legitimate customers to their confidential information and the passage and enforcement of legislation designed to thwart the growing threats to customer information security. Access To Confidential Financial Information There can be no doubt that confidential customer account information is being accessed and sold every day. In fact, hundreds of web sites, newspapers, magazines, legal and investigative trade journals offer the sale of confidential financial information by private investigators and "information brokers". (For a detailed examination of fraud and access to financial information see Appendix I: Testimony of Robert Douglas before the U.S. House of Representatives, September 13, 2000) As an example, the following web page is from docusearch.com: Bank Account Search Search Price $249.00 Availability National Approximate Return Time 10-18 Business Days* Requires Subject's Full Name, Complete Street Address, Social Security Number* Search Description Given a Subject's full name, complete address and social security number, this search will return the bank name and address, account type, account number, (if available) and approximate current balance of all located personal accounts. We access a proprietary database and identify open accounts using the Subject's SSN, however this search will only identify accounts in the Subject's primary state the business resides. If you suspect accounts exist in more than the primary residing state, a separate search request for each state is required, and should include the Subject's address in that state. *This search requires the Subjects social security number. If the SSN is unknown, we will find it for the purposes of this search but it will not be included in your search result. NOTE: This search uses the Subject's social security number as the account identifier, so only primary account holders are returned. Also, be sure to include any additional information you may have, such as the Subject's home & work telephone, birthdate, mother's maiden name, etc, in the additional comments section. This will greatly increase the odds of a successful search. Responsible Purpose For Search This search may return sensitive, confidential, and/or private information. For this reason, DOCUSEARCH.COM requires an explanation stating the purpose for requesting this search, its' intended use and supporting documentation. Additionally, we reserve the right to decline to perform any search which we deem not to be for a legitimate legal purpose or may cause emotional or physical harm. ImportantDisclaimer Financial searches are for informational purposes only, and are not acceptable as an exhibit or as evidence. Every effort is made to provide a complete & thorough search result. However, no method of research is 100% fool-proof and no firm can offer an absolute guarantee that every account will be found. *This search requires many hours of research and can't be rushed, as we want to return thorough, accurate results. Therefore, this is an approximate return time. (End) In addition to the sale of account information, advertisements offer mechanical devises designed to thwart information security technology. As an example, the following pages list items for sale at hackershomepage.com: SECTION#8 FINANCIAL HACKING 800b MAGNETIC STRIPE CARD READER/WRITER MAGNETIC STRIPE CARD READER/WRITER This device will allow you to change the information on magnetic stripe cards, on ALL 3 tracks, both high and low coercivity. It connects to your computer, either personal or laptop, and runs using supplied software. You must be running Windows 95, 98 or higher and have 8mb of RAM. Using this device is simple. Turn on your computer and run the supplied software. Now, swipe a card through the machine and all the information on the card will be displayed on the computer including account number, credit available, balance, name, etc. Next, using your keyboard, change any and all the information you'd like. Once complete, re-swipe the card through the machine and now your card will have the new information recorded onto the magnetic stripe. You can change any information you'd like including balance and credit information. Magnetic stripe cards are easily recognizable by the brown or black stripe and are found on credit cards, ATM cards, transportation cards, security access cards, etc. For a device that will change the information on smart cards check out item #177. See Photo! Bonus! 802 "Pin Code Hacker",853...............................................ASSEMBLED...$1,500.00 800c BLANK MAGNETIC STRIP CARDS These cards are able to be programmed using the above devices...................................ASSEMBLED...$5.00 each. 800e CARD PRINTING MACHINE This machine will print to all kinds of plastic cards including, credit cards, ATM cards, drivers licenses, smart cards, etc. All software is included to print graphics and text. TECHNICAL SPECIFICATIONS: Technology: Thermal Transfer, Resolution: 300 DPI, Printing Speed: 70 per/hr, Printing Orientation: 0o,90o,180o,270o. ,Printing Area: Full card size, software: IMAGO for Windows or for Macintosh, interface: Serial RS 232, Communication Protocol: ACK/NACK, Baud Rate: 9600/ 19200/38400, Bar Codes: EAN 8-EAN 13-2/5S-2/5I-CODE 39-UPCA-Monarc, Card Size: ISO CR-80 86 x 54mm, Card Thickness :0.27 to 0.80mm (self adapting), Card Material: PVC. ABS, POLYESTER, Power Source : 110-120V, 220-240V, +/- 10%, 50-60 Hz, Weight: 6 Kg, Dimensions: 230mm x 190mm x 190mm. See Photo! Bonus! 853.ASSEMBLED.$4,500.00 800f CARD EMBOSSING MACHINE This machine embosses all kinds of plastic cards, raising the numbers and lettering perfectly just like on credit cards. See Photo! Bonus! 853..................................................................ASSEMBLED...$4,500.00 800h PORTABLE 100 CARD READER This is the device you've heard about and everyone has been asking me to offer. Some waitresses and store clerks are using this device at work. It will store 100 credit card and magnetic stripe card swipes to memory and is powered by lithium camera batteries. The size of this device makes it easily concealable in your pocket. Device can download the information from the swipes to your computer using the supplied cable and software. The software will also easily write the information to any magnetic stripe card using item #800b (sold separately). Download and write to a card in under 20 seconds. Some people have been known to charge as much as $8,000.00 for this device, but we think that's too much. This device can be shipped COD to anywhere in the US. Customers outside of the US must prepay before it can be shipped. All instructions are included. See Photo! Bonus! 802 "Pin Code Hacker", 853.......................................................ASSEMBLED...$1,500.00 800x CREDIT CARD BUSINESS PACKAGE DEAL Purchase the following 3 items together at a remarkably discounted price and get in on the lucrative credit card business. Includes: #800b MAGNETIC STRIPE CARD READER/WRITER, #800h PORTABLE 100 CARD READER, and #828 CREDIT & CALLING CARD NUMBER CAPTURING SYSTEM. All completely assembled, with instructions and software. Save $650.00. Bonus! 802 "Pin Code Hacker", 853................ASSEMBLED...$3,300.00 801 UNIVERSAL INTERFACE HACKING DEVICE The Universal interface is used to connect various devices like GSM phones, amateur radios, radio scanner, smart cards, smart card emulators, EEPROM's, PIC's, organizers, magnetic stripe readers/writers to the PC. The Universal interface has to be connected to a free 25 pin Serial/COM port. In case your PC has only 9 pin Serial/COM ports, a 9pin-to-25pin Adapter is needed, which you can find at any computer or office supply store. In order to connect it to various devices, you need only additional connectors and cables. We are offering as accessories a small range of various connectors and cables for multiple applications but will be expanding this accessory product line in the future. The greatest advantage is the modularity that the interface has. It has accessories for various applications, that can be combined or used separately. The needed power supply is taken from the COM/RS232 port and so it is perfectly suitable for mobile applications (Laptops and Notebooks). You don't have to carry everything with you, only the accessories that you will need. The interface was developed for mobile applications. It measures ONLY 55mm*17mm*66mm. The voltage supply (5V) is taken from the serial port. In the interface is also an integrated 3.579545MHz oscillator, this makes it possible to use the it as a smart card reader/writer. An inverter is additional integrated, so the possibility exists to invert all or individual lines. Thus highest compatibility is ensured, for current and future applications, by the most diverse adjustment possibilities. With this ability the interface can be used with a multiplicity of freeware, shareware as well as commercial software applications. It is suitable for 5V and also for 3.0V applications, full-duplex (3 lines) is supported as well as half-duplex (2 lines), with and without handshake. See Photo! .................................................................................ASSEMBLED...$595.00 ACCESSORIES for 801 801a SMARTCARD READER/WRITER ATTACHMENT (Compatible with DumbMouse, Phoenix, SerProg, SmartMouse, PC/SC driver available) Includes both large and small card slots. This product, in combination with product #801, is exactly the same as products #177 and #500, except that it includes both the normal-sized and smaller-sized card sockets, and will also work with software designed for parallel programmers. The greater advantage with this product is that it is expandable and compatible with upcoming future technologies. By using the various settings the interface offers, it is compatible with the mostly used smart card readers/writers like the Phoenix interface (mostly used in SatelliteTV applications), DumbMouse, SerProg, SmartMouse and others. With this compatibility the interface is working with a wide range of freely available software and drivers. With the interface and the included software and PC/SC driver, you are able to read/write almost all SmartCards like: * Memory SmartCards: TeleCards, I2C, 2-wire, 3-wire , MicroWire * CPU SmartCards: T=0, T=1, and all asynchrone SmartCards with 3.58 MHz clock. Like: GSM Sim cards, Cashcards, DSS, CryptoFlex, CyberFlex, GPK2000, MPCOS, MultiFlex, PayFley, Starcos, * White Wafer Cards (with a PIC16X84), Gold Wafer Cards (PIC16X84+EEPROM 24LC16), MM2 and other compatible. The disadvantage of most commercial readers/writers is that in most cases they are using a PIC or similar CPU to communicate with the smart card. In such cases you are only able to use software that you get with the reader/writer, and 3rd party software that explicitly supports that particular reader/writer. The software uses a driver/API that will in most cases not allow you to use or try some nonstandard commands. This is a limitation, not appreciated by software developers. Not to mention that you will not be able to use a wide range of application software available on the Internet. The interface is a direct reader/writer, communicating directly with the smart card, without drivers, you can directly and without any limitation access every card. The interface is the only available smart card reader/writer capable of programming wafer cards without a power supply. You can program the PIC16X84 and the EEPROM from the Wafercard using your notebook. Includes software on CD-ROM. See Photo!....ASSEMBLED...$195.00 801b & 801c SMARTCARD EMULATOR/DATALOGGER ATTACHMENT (compatible with: Season7, ASIM, and datalogger) Emulates: GSM, Irdeto, VideoCrypt I+II, EuroCrypt, D2Mac, Cashcards. The smart card emulator is a development tool for the hardware and software developer. The PCB has the standard smart card dimensions. It is inserted into the MasterDevice, instead the smart card, and the other end is connected to the PC, using the interface. With the proper use of emulator software the PC can emulate a smart card. The connection is Season7 and ASIM compatible. All 8 ISO contacts are taken to the socket, so the PCB can also be used to emulate/analyze non-standard smart cards. It can also be connected to the parallel port, in order to be used with software written for the parallel port. Beside the "Normal ISO 7816" version we also offer a "small" SIM version. This version is used mostly for GSM/PCN applications, for phones that are using the Small SIM format. The smart card emulator/datalogger can also be used on any device where smart cards are used, like satellite and network tv decoders and other applications. Includes software on CD-ROM. 801b Normal ISO 7816 version. See Photo!...................ASSEMBLED...$150.00 801c Small SIM version. See Photo!.......................................KIT...$100.00 828 CREDIT & CALLING CARD NUMBER CAPTURING SYSTEM This system is just like the one recently featured on TV news that is currently being used at airports and shopping malls, and netting millions of dollars for its operators. This all-in-one hardware system will allow you to remotely capture unlimited credit card and calling card numbers (including PIN numbers and expiration dates) when entered into pay telephones. You can even capture the names and billing addresses of the card holders. The system can be used remotely from the comfort of your home, a payphone, or a cell phone. Information is stored in memory and displayed via LCD. A REAL money-making system that can net you millions without ever being caught, and can pay for itself after just a few minutes of use. You can literally capture hundreds of valid numbers and related information every day, whenever you want. Can be used in conjunction with #800b to write your own credit cards. All instructions included. See Photo! Bonus! 802 "Pin Code Hacker", 853...........................................................................ASSEMBLED...$950.00 857 BILL CHANGER & VENDING MACHINE HACKER/JACKPOTTER This handheld, concealable device will cause various affects on different machines including BILL CHANGER MACHINES. It's portable, battery powered, and measures 2-1/4 inches by 4 inches. Included are complete instructions on how to obtain free products and to jackpot machines of coins by a simple push of a button. Many vending machines hold in excess of $50.00 change, while bill changer machines can hold in excess of $500.00. Device will work on both 120 and 220 volt systems, making it effective anywhere in the world. We've now combined features from our now-discontinued Soda Machine Hacker. Not only will this device jackpot the soda machine, but in many instances will cause cans of soda to drop down the chute. Bonus! 853..................ASSEMBLED...$375.00 867 EMP MANIPULATION DEVICE This device is so controversial that we can't tell you what it can be used for except for the general information in this description. However, ALL instructions are included with the purchase of this device. This device drastically affects ALL electronic machines when brought into close proximity (Within 1 meter or 36 inches approx.) The highly directional pulsed signal can make you RICH if used in an illegal fashion, which, of course, we do not recommend. This system includes a "general" antenna but several specialized antennas are also available. See Photo! Bonus! ...................................................ASSEMBLED*...$775.00 OPTIONAL ANTENNA PACKAGE FOR ITEM# 867 867a Antenna the width of paper currency (works in most countries). 867b Antenna the width of a coin (works in most countries). 867c Antenna the width of a credit card (works in ALL countries). See Photo! Kit and instructions to build ALL 3 antennas (no soldering required)...KIT...$175.00 We WILL NOT answer emails from anyone asking about illegal activities, or how to use our products for illegal activities...they will automatically be deleted. All products are designed for testing and exploring the vulnerabilities of CUSTOMER-OWNED equipment, and no illegal use is encouraged or implied. We WILL NOT knowingly sell to anyone with the intent of using our products for illegal activities or uses. It is your responsibility to check the applicable laws in your city, state, and country. (END) There also can be no doubt that traditional methods of identity theft coupled with information age ease of access to citizens biographical information is contributing to increases in both the number of cases resulting in financial losses and the size of the losses. Reuters recently reported a dramatic example of identity theft coupled with financial fraud resulting in substantial losses: Man pleads guilty to stealing executives' personal data Tuesday September 26, 5:27 pm Eastern Time By Gail Appleson, Law Correspondent NEW YORK, Sept 25 (Reuters) - A Tennessee man has pleaded guilty to using credit card and bank information stolen from top executives at major corporations to buy diamonds and Rolex watches, federal prosecutors said on Tuesday. James Rinaldo Jackson, 39, of Memphis pleaded guilty to 29 counts of conspiracy, credit card, mail, wire and bank fraud. Prosecutors said he entered his plea during a hearing on Monday in Manhattan federal court. Among the victims were John Alm, president of Coca-Cola Enterprises, the largest bottler of Coke; Richard Fuld, chief executive officer of Lehman Brothers Holdings; Stephen Bollenbach, chief executive of Hilton Hotels Corp., and Gorden Teter, the former CEO of Wendy's International, who is now deceased. Other victims included Dr. James Klinenberg, former administrator of Cedars-Sinai Medical Centre in Los Angeles and Nackey Loeb, former president of the Union Leader Corp. and publisher of the Union Leader and New Hampshire Sunday News. Teter, Klinenberg and Loeb had died shortly before the information was stolen. Jackson faces a possible maximum sentence of 30 years in jail and $1 million fine on each of 27 bank, mail and wire fraud charges; five years in prison and a $1 million fine on the the conspiracy charge, and 20 years in prison and $250,000 fine on the credit card fraud charge. The diamonds and Rolex watches he tried to buy were worth a total of more than $730,000. During the hearing, Jackson admitted that between December 1999 and last February he stole financial information about his victims. Impersonating the victims, he then contacted their banks and credit card companies to arrange for their billing addresses to be changed to various hotels in the Memphis, Tenn. area. He explained to the court that he had obtained the information by researching his victims in ``Who's Who In America'' and in some cases used the Internet to obtain personal information about the executives. Jackson admitted that he obtained information about Teter by deceiving Wendy's into believing that he was a potential franchisee. He learned through the Internet that Teter had died and then obtained personal information about the deceased executive through a variety of means including the funeral home. Using the names of his victims, he contacted jewelry dealers throughout the United States and bought diamonds and Rolex watches that he had seen on the dealers' Internet Web sites. Jackson paid for purchases by either charging them to the victims' credit card numbers, having banks wire money from the victims' bank accounts or mailing the dealers fraudulent checks. He then had the jewelry dealers ship the diamonds and watches to the Memphis-area hotels. Jackson then made reservations at the hotels in the victims' names and notified the hotels to expect a package delivery. He, sometimes along with an accomplice, then picked up the packages. Jackson was arrested on Feb 25 near Memphis by FBI agents who watched him trying to pick up a package addressed to one of his victims. (END) This case may be dramatic but does not stand alone. Recent figures have placed identity theft coupled with financial fraud as one of the fastest growing crimes in the United States today. Current estimates place the figure at 500,000 cases each year with an average loss of $17,000 per case. Indeed, the United States Secret Service has begun to note the presence of organized criminal activity in the area of identity theft and financial fraud. (see Appendix II: Testimony of Bruce A. Townsend, Special Agent In Charge, U.S. Secret Service - Financial Crimes Division; before the U.S. House of Representatives, September 13, 2000) Statutory Inconsistencies Create Hurdles To Law Enforcement Given the reality of the growing threat to the protection of customer account information, the challenge ahead is for the United States Congress and state legislatures to pass laws empowering state and federal law enforcement to combat these threats without choking off legitimate technological advances and ease of access for legitimate consumers to their own account information. With the passage of Gramm-Leach-Bliley Congress took a major step in trying to define who will have access to confidential and personal information and at the same time attempted to thwart the use of fraud by identity thieves to illegally access customer information. The federal regulatory agencies are in the process of enacting regulations to enforce the provisions of Gramm-Leach-Bliley as we meet here today. It is too early to determine how Gramm-Leach-Bliley and the subsequent regulations now under consideration will impact many important areas of privacy surrounding financial information. However, it is not too early to recognize that Gramm-Leach-Bliley has failed in thwarting the efforts of disreputable private investigators and "information brokers" in the advertising and sale of confidential account information as demonstrated above and in my numerous appearances before Congress. Section 521 of Gramm-Leach-Bliley has a child support exemption provision allowing for the use of fraud against financial institutions in order to obtain customer account information under certain conditions. This one exemption has allowed private investigators to continue to advertise the sale of confidential financial information and has created a hurdle for law enforcement in enforcing Gramm-Leach-Bliley. Gramm-Leach-Bliley needs to be amended at once. The narrowly crafted child-support exemption for the use of fraud is being used as an advertising shield by private investigators to hide behind while continuing the covert sale of financial information that falls outside of the GLB exemptions. The provisions of GLB that allow for pretext in a child support situation state as follows: Sec. 521 (g) NONAPPLICABILITY TO COLLECTION OF CHILD SUPPORT JUDGMENTS- No provision of this section shall be construed to prevent any State-licensed private investigator, or any officer, employee, or agent of such private investigator, from obtaining customer information of a financial institution, to the extent reasonably necessary to collect child support from a person adjudged to have been delinquent in his or her obligations by a Federal or State court, and to the extent that such action by a State-licensed private investigator is not unlawful under any other Federal or State law or regulation, and has been authorized by an order or judgment of a court of competent jurisdiction. The operative language is: "No provision of this section shall be construed to prevent any State-licensed private investigator.from obtaining customer information of a financial institution...to collect child support from a person adjudged to have been delinquent in his or her obligations by a Federal or State court...AND has been authorized by an order or judgment of a court of competent jurisdiction." This language clearly means from both the legislative history of the act and the plain face of the statute that a judge (Court) must specifically authorize the use of pretext to obtain customer information of "a financial institution". I am not aware of a single case where a Court has authorized a private investigator to intentionally deceive a financial institution in order to obtain customer information. It is easy to understand why this has not happened and most likely never will. The presumptive evidentiary burden that would be required to obtain such an order would easily support the issuance of a subpoena to the institution that the information is being sought from and is being contemplated for pretext. Unless Congress has evidence that financial institutions routinely falsify responses to subpoenas it is hard to fathom why this provision was placed in GLB. Further, this section states: "to the extent reasonably necessary to collect child support from a person adjudged to have been delinquent in his or her obligations by a Federal or State court." The legislative history of this exemption was a claim made by some representatives of the private investigative industry that pretext was needed as there was no other method available to locate the financial institution holdings of deadbeat parents who lie to the Courts. This claim was not true at the time, as there are many lawful ways to pursue overdue non-custodial child support payments and many taxpayer funded agencies designed to fill that role. However, even if this argument is accepted as a legitimate historical reason for the exemption, there is no longer any legislatively justifiable reason to maintain the exemption given the provisions of the Personal Responsibility and Work Opportunity Reconciliation Act of 1996 which are now in effect and mandate that all financial institutions cooperate with the government by providing the financial information of delinquent child support parents directly to the Federal government for asset forfeiture. The following excerpt describing this procedure is from a front-page article written by Robert O'Harrow, Jr. in the Sunday, June 27, 1999 edition of the Washington Post: As part of a new and aggressive effort to track down parents who owe child support, the federal government has created a vast computerized data-monitoring system that includes all individuals with new jobs and the names, addresses, Social Security numbers and wages of nearly every working adult in the United States. Government agencies have long gathered personal information for specific reasons, such as collecting taxes. But never before have federal officials had the legal authority and technological ability to locate so many Americans found to be delinquent parents -- or such potential to keep tabs on Americans accused of nothing. The system was established under a little-known part of the law overhauling welfare three years ago. It calls for all employers to quickly file reports on every person they hire and, quarterly, the wages of every worker. States regularly must report all people seeking unemployment benefits and all child-support cases. Starting next month, the system will reach further. Large banks and other financial institutions will be obligated to search for data about delinquent parents by name on behalf of the government, providing authorities with details about bank accounts, money-market mutual funds and other holdings of those parents. State officials, meanwhile, have sharply expanded the use of Social Security numbers. Congress ordered the officials to obtain the nine-digit numbers when issuing licenses -- such as drivers', doctors' and outdoorsmen's -- in order to revoke the licenses of delinquents. Enforcement officials say the coupling of computer technology with details about individuals' employment and financial holdings will give them an unparalleled ability to identify and locate parents who owe child support and, when necessary, withhold money from their paychecks or freeze their financial assets. (End of excerpt) (Emphasis added by Robert Douglas) O'Harrow went on to describe in more detail how the new system operates: Next month, financial institutions that operate in multiple states -- such as Crestar Financial Corp., Charles Schwab & Co. and the State Department Federal Credit Union -- will begin comparing a list of more than 3 million known delinquents against their customer accounts. Under federal law, the institutions are obligated to return the names, Social Security numbers and account details of delinquents they turn up. The Administration for Children and Families will then forward that financial information to the appropriate states. For security reasons, spokesman Kharfen said, the agency will not mix the financial data with information about new hires, wages and the like. Bank account information will be deleted after 90 days. In a test run this spring, Wells Fargo & Co. identified 72,000 customers whom states have identified as delinquents. NationsBank Corp. found 74,000 alleged delinquents in its test. Later this year, smaller companies that operate only in one state will be asked to perform a similar service. Officials say most of these institutions will compare their files against the government's. But some operations that don't have enough computing power -- such as small local banks, credit unions and securities firms -- will hand over lists of customers to state officials for inspection. States can then administratively freeze the accounts. In California, more than 100 financial institutions have already handed over lists of all their depositors to state officials, including names, Social Security numbers and account balances, a state official said. (End of excerpt) (Emphasis added by Robert Douglas) Finally, the exemption places GLB in direct conflict with other federal statutes outlawing wire and mail fraud and unfair and deceptive trade practices. The exemption also places GLB in direct conflict with many State laws and creates nothing short of a judicial quagmire. Simply put, there is no legitimate reason to continue the child support exemption to Gramm-Leach-Bliley. There is a legitimate reason to strike it from the statute as companies are using it as pretence to advertise their ability to locate financial institution customer information. All the ad need say is the request must be in compliance with applicable laws and that all requests are performed on that basis. Conclusion Threats to information security systems of the financial services industry abound. With advancing technology we see the re-emergence of traditional methods of identity theft, pretext and fraud on the rise again. Law enforcement must be aggressive in combating these crimes before citizens become concerned about the safety and integrity of the industry. Congress should not be in the business of creating hurdles to effective law enforcement protection of customers of the financial services industry. Congress should be in the business of assisting the industry and consumers by empowering law enforcement to aggressively prosecute identity thieves of all types. © 2000 Robert Smith Douglas, III Appendix I Statement by Robert Douglas before the Committee on Banking and Financial Services United States House of Representatives Hearing On Identity Theft and Related Financial Privacy Issues September 13, 2000 My name is Robert Douglas and I am the co-founder and Chief Executive Officer of American Privacy Consultants, Inc. located in Alexandria, Virginia (www.privacytoday.com). American Privacy Consultants assists organizations and businesses understand and implement appropriate privacy policies, strategies, defenses, educational programs, training, and auditing. I appreciate the opportunity to appear before this committee once again to address the issue of identity theft, "pretext calling", and other deceptive practices still in use by some "information brokers", private investigators, judicial judgment collectors and identity thieves to illegally access the personal and confidential information of customers of financial institutions. Unfortunately, in spite of the enactment of legislation drafted by this Committee to outlaw such practices, these methods not only survive but also continue to grow in volume, scope, and methodology. Chairman Leach, I want to personally thank you and the Committee for your continued willingness and desire to address this serious issue first by crafting and passing much needed legislation and now in an oversight capacity. I am personally aware of the amount of time the Committee members and staff have invested in this problem over the last three years and as a citizen applaud the Committee's willingness to tackle these issues. I also would like to single out for recognition Jim Clinger, the Committee's Senior Counsel and Assistant Staff Director. Over the last three years I have had the unique pleasure of working with Jim on a regular basis and he is a true credit to this Committee and to the United States Congress. Above all he is a true gentleman. Finally, I would like to thank John Forbes, Special Agent - United States Customs Service; and, Alison Watson, Professional Staff Member of the Committee for their work over the last month in preparation for this hearing. H.R. 4311 Although I was specifically asked to address the use of pretext and other deceptive techniques to access confidential financial information, I would like to make a few brief observations concerning HR 4311. There can be little doubt that identity theft is one of the fasting growing crimes in the United States today. Each year hundreds of thousands of Americans fall prey to identity thieves. The financial and credit damage implications are severe for the individual who is the victim of identity theft. Additionally, retailers and financial institutions suffer financial losses as a result of identity theft. Finally, the nation as a whole suffers in increased prices for retail products and financial services including the cost of credit. The advent of the World Wide Web has brought increased opportunities for identity thieves through ease of access to personal, biographical data needed to perpetrate identity crimes and facilitates ordering merchandise absent a face-to-face encounter with a store clerk. These facts require that we examine areas of weakness that identity thieves exploit. In 1998 I demonstrated for this Committee the ease with which an individual can purchase private and confidential financial information. It is even easier to obtain the name, address, date of birth, social security number, mother's maiden name, phone number, and often the employment of any individual in the United States today. All of this information is for sale on the web. In a nutshell, all the information needed to steal a citizen's identity and create financial havoc is available on the Internet for little or no cost. The largest source of up-to-date personal, biographical information is credit bureaus. The sale and resale of credit header information by credit bureaus to private investigators, information brokers and judicial judgment collection professionals results in this information being accessible to anyone for a fee. This is big business. Several large companies make millions of dollars each year reselling personal information gathered by the credit bureaus. When citizens apply for credit or enter into a credit transaction they do not know that their personal, biographical information is then resold to any individual with a few bucks and a web browser. If the level of trust in the Internet is ever to rise from the relatively low position it now occupies, the sale of personal information must be brought under control. A good place to begin is by curtailing the sale of credit header information absent a permissible purpose as defined currently within the FCRA. For that reason I believe Section 8 of HR 4311 is long overdue. Pretext and other Deceptive Practices July 1998 through September 2000 On July 28, 1998, while appearing before this Committee, I stated: "All across the United States information brokers and private investigators are stealing and selling for profit our fellow citizens personal financial information. The problem is so extensive that no citizen should have confidence that his or her financial holdings are safe." Sadly, I return today to inform this Committee that my statement of 1998 remains true today. While the illegal access of financial information continues, progress has been made. When we last met in July of 1998 four steps were required in order to stop these practices. First, the financial services industry needed to understand and take affirmative steps to combat the threat posed by unscrupulous information brokers, private investigators, and identity thieves. Second, tough federal legislation was needed to outlaw the use of pretext and deception as a means to access confidential financial information. Third, appropriate federal regulatory agencies needed to create standards and regulations designed to assist institutions in the safeguarding of financial information and to reflect the legislative intent encompassed within any legislation enacted by Congress. Finally, aggressive prosecution of individuals and companies who steal, buy, and/or sell personal financial information was required to signal that the integrity of our nation's financial system is a law enforcement priority. The first three sides of the square have been completed. The financial services industry has made significant progress in beginning to combat identity theft and pretext through a sober recognition that this is not a problem that can be ignored if the industry wishes to maintain a reputation for providing confidentiality to customers. This recognition has been acted upon through the use of training programs and educational materials to begin the education of financial services industry professionals to the threats posed by identity thieves of all types. Many financial institutions have begun to enact internal standards designed to identify and thwart the practices of identity thieves and infobrokers. Is there more to do? Absolutely. Is the financial services industry taking the confidentiality of the records it safeguards on behalf of customers seriously enough to continue to move forward in this area? I believe so. This Committee and Congress moved quickly to pass legislation designed to punish those who would impersonate others in order to gain access to private financial records. With the passage of Gramm-Leach-Bliley, there is now federal law outlawing the use of pretext and other deceptive techniques to gain access to personal financial information absent several narrowly defined and commonly misunderstood exceptions. The federal regulatory agencies with direct supervisory function of the financial services industry moved quickly in 1998, by means of an advisory letter and other steps, to alert all institutions to the practices of identity thieves and information brokers. These same agencies are continuing as we meet here today to develop standards and regulations in keeping with the intent of Gramm-Leach-Bliley. With the first three sides of the box either erected or under construction, it is now time to build the final wall through aggressive enforcement action. With the enactment of Gramm-Leach-Bliley last November, I assume that the Federal Trade Commission and appropriate criminal enforcement agencies are now preparing to use the tools Congress and the President handed them. To my knowledge there has been one federal enforcement action brought by the FTC against an information broker. That civil action was begun prior to the enactment of Gramm-Leach-Bliley under laws designed to thwart "unfair and deceptive trade practices". Several states, notably Massachusetts, have aggressively pursued illegal information brokers. Again, these actions were taken prior to GLB and under state laws against illegal trade practices. It is time for tough nationwide enforcement of the civil and criminal provisions contained within Gramm-Leach-Bliley. In the invitation letter I received from the Committee to testify today I was asked to specifically address three areas: 1) The extent to which the use of pretext and other deceptive means continue in spite of the passage of Gramm-Leach-Bliley; 2) The effectiveness of efforts by the financial services industry to deter and detect fraudulent attempts to obtain confidential account information; and, 3) Other threats to financial privacy emerging today. The Extent To Which Deceptive Practices Continue Post Gramm-Leach-Bliley The use of pretext and other means of deception to trick financial institution employees and customers into disclosing personal and confidential financial information that I testified about two years ago continue unabated. Books have been written about pretext to teach and share common methods. Discussion groups abound on the Internet with the trading of new and improved techniques almost on a daily basis. Classes are held in which pretext methods are shared for a price. The techniques are becoming more complex and refined. Advertisements on the World Wide Web have doubled in the past two years. Here is a typical example: Bank Account Search Search Price $249.00 Availability National Approximate Return Time 10-18 Business Days* Requires Subject's Full Name, Complete Street Address, Social Security Number* Search Description Given a Subject's full name, complete address and social security number, this search will return the bank name and address, account type, account number, (if available) and approximate current balance of all located personal accounts. We access a proprietary database and identify open accounts using the Subject's SSN, however this search will only identify accounts in the Subject's primary state the business resides. If you suspect accounts exist in more than the primary residing state, a separate search request for each state is required, and should include the Subject's address in that state. *This search requires the Subjects social security number. If the SSN is unknown, we will find it for the purposes of this search but it will not be included in your search result. NOTE: This search uses the Subject's social security number as the account identifier, so only primary account holders are returned. Also, be sure to include any additional information you may have, such as the Subject's home & work telephone, birthdate, mother's maiden name, etc, in the additional comments section. This will greatly increase the odds of a successful search. Responsible Purpose For Search This search may return sensitive, confidential, and/or private information. For this reason, DOCUSEARCH.COM requires an explanation stating the purpose for requesting this search, its' intended use and supporting documentation. Additionally, we reserve the right to decline to perform any search which we deem not to be for a legitimate legal purpose or may cause emotional or physical harm. ImportantDisclaimer Financial searches are for informational purposes only, and are not acceptable as an exhibit or as evidence. Every effort is made to provide a complete & thorough search result. However, no method of research is 100% fool-proof and no firm can offer an absolute guarantee that every account will be found. *This search requires many hours of research and can't be rushed, as we want to return thorough, accurate results. Therefore, this is an approximate return time. (End) This advertisement is remarkable in many regards. The ad claims to "access a proprietary database and identify open accounts using the subjects SSN", yet "this search requires many hours of research and can't be rushed, as we want to return thorough, accurate results" and the search may require "10-18 business days". There is no proprietary database available to private investigators or information brokers that by use of the SSN (social security number) banking information can be obtained. In fact this ad used to say the company accessed a "federal database" to obtain the information. The ad further states: "Also, be sure to include any additional information you may have, such as the Subject's home & work telephone, birthdate, mother's maiden name, etc, in the additional comments section. This will greatly increase the odds of a successful search." Why would a database accessed by SSN require this personal information? It wouldn't. But pretext does. Many financial institutions use the mother's maiden name as a password. Further, some institutions will ask for your home or work phone numbers to verify the account holder. Finally, the phone numbers are often required as part of a pretext contact made directly to the account holder. The ad also states: "Additionally, we reserve the right to decline to perform any search which we deem not to be for a legitimate legal purpose or may cause emotional or physical harm." Perhaps this is an attempt to signify that a search request must satisfy GLB and other applicable State and Federal laws. Perhaps not. Here is the transcript of an email contact I had with Docusearch: From: DOCUSEARCH.COM To: email address deleted Subject: Re: Information Request Sent: Mon 3/20/00 1:41 PM You will first have to locate his address in the current residence state. This may be accomplished with a Locate by Previous Address Search. Then you can order the Bank Account Search. At 01:38 PM 3/20/00 , you wrote: >------------Begin, Information Request from visitor----------- >My Name Is : Rob Douglas >My Email Address Is : (deleted) >My Telephone Number Is : (deleted) >My Question Pertains To : Other: Explain Below >Comments : I have a client who is owed a substantial amount of money >by a potential defendant who left the area and closed his personal and >corporate bank accounts. I have an old home address for the potential >defendant and know what state he moved to. What searches would you >recommend to locate the potential defendant and his personal and >corporate bank accounts? >------------End, Information Request from visitor ----------- The ">" portions represent the email I sent to Docusearch using their on-line request form. Three minutes later I received the reply that I could order the bank account search in a situation that would clearly be illegal under GLB if pretext were used. I would hope that members of this Committee would find the services offered and language of the advertisements by Docusearch to be as disturbing as I do. I suspect many of the members of this Committee would wonder why this firm is allowed to operate in this fashion given the provisions of GLB and the applicable "unfair and deceptive trade practice" sections of Federal law. The excuse might be offered that this is just one company that no one in a position of responsibility to address these practices was aware of. That excuse would ring hollow. Docusearch is the company that sold personal information concerning Amy Boyer to a stalker that resulted in the murder of Ms. Boyer and the suicide of the stalker. Amy's parents have testified before Congress and have been widely covered in the media. In fact, Amy's death has led to consideration of legislation by this Congress to outlaw the sale of social security numbers. Throughout all this attention Docusearch has made one change to the web site where it advertises. Docusearch no longer publicly advertises the sale of social security numbers. But Docusearch continues to do business selling personal and confidential information. The attention to Docusearch does not end there. Docusearch was the cover story for Forbes magazine on November 29, 1999. This was seventeen days after President Clinton signed GLB into law. In the article Dan Cohn of Docusearch literally bragged about his abilities to obtain personal information about a subject. Here is the opening quote from the Forbes cover story: THE PHONE RANG AND A STRANGER CRACKED SING-SONGY AT THE OTHER END OF the line: "Happy Birthday." That was spooky--the next day I would turn 37. "Your full name is Adam Landis Penenberg," the caller continued. "Landis?" My mother's maiden name. "I'm touched," he said. Then Daniel Cohn, Web detective, reeled off the rest of my "base identifiers"--my birth date, address in New York, Social Security number. Just two days earlier I had issued Cohn a challenge: Starting with my byline, dig up as much information about me as you can. "That didn't take long," I said. "It took about five minutes," Cohn said, cackling back in Boca Raton, Fla. "I'll have the rest within a week." And the line went dead. In all of six days Dan Cohn and his Web detective agency, Docusearch.com, shattered every notion I had about privacy in this country (or whatever remains of it). Using only a keyboard and the phone, he was able to uncover the innermost details of my life--whom I call late at night; how much money I have in the bank; my salary and rent. He even got my unlisted phone numbers, both of them. (End of excerpt) One might wonder who Dan Cohn is and whom he sells this information to. Forbes answered that as well: Cohn operates in this netherworld of private eyes, ex-spooks and ex-cops, retired military men, accountants and research librarians. Now 39, he grew up in the Philadelphia suburb of Bryn Mawr, attended Penn State and joined the Navy in 1980 for a three-year stint. In 1987 Cohn formed his own agency to investigate insurance fraud and set up shop in Florida. "There was no shortage of work," he says. He invented a "video periscope" that could rise up through the roof of a van to record a target's scam. In 1995 he founded Docusearch with childhood pal Kenneth Zeiss. They fill up to 100 orders a day on the Web, and expect $1 million in business this year. Their clients include lawyers, insurers, private eyes; the Los Angeles Pension Union is a customer, and Citibank's legal recovery department uses Docusearch to find debtors on the run. Cohn, Zeiss and 13 researchers (6 of them licensed P.I.s) work out of the top floor of a dull, five-story office building in Boca Raton, Fla., sitting in cubicles under a fluorescent glare and taking orders from 9 a.m. to 4 p.m. Their Web site is open 24 hours a day, 365 days a year. You click through it and load up an on-line shopping cart as casually as if you were at Amazon.com. (End of excerpt) Amazingly, Cohn admits to the use of fraud and bribery: The researchers use sharp sifting methods, but Cohn also admits to misrepresenting who he is and what he is after. He says the law lets licensed investigators use such tricks as "pretext calling," fooling company employees into divulging customer data over the phone (legal in all but a few states). He even claims to have a government source who provides unpublished numbers for a fee, "and you'll never figure out how he is paid because there's no paper trail." (End of excerpt) The following excerpt reveals methods used by Cohn directly relevant to today's hearing and HR 4311: Cohn's first step into my digital domain was to plug my name into the credit bureaus--Transunion, Equifax, Experian. In minutes he had my Social Security number, address and birth date. Credit agencies are supposed to ensure that their subscribers (retailers, auto dealers, banks, mortgage companies) have a legitimate need to check credit. "We physically visit applicants to make sure they live up to our service agreement," says David Mooney of Equifax, which keeps records on 200 million Americans and shares them with 114,000 clients. He says resellers of the data must do the same. "It's rare that anyone abuses the system." But Cohn says he gets his data from a reseller, and no one has ever checked up on him. Armed with my credit header, Dan Cohn tapped other sites. A week after my birthday, true to his word, he faxed me a three-page summary of my life. He had pulled up my utility bills, my two unlisted phone numbers and my finances. (End of excerpt) And should there be any question as to the ability of a determined criminal to gain access to confidential information including financial information, the following excerpt is on point: He had my latest phone bill ($108) and a list of long distance calls made from home--including late-night fiber-optic dalliances (which soon ended) with a woman who traveled a lot. Cohn also divined the phone numbers of a few of my sources, underground computer hackers who aren't wanted by the police--but probably should be. Knowing my Social Security number and other personal details helped Cohn get access to a Federal Reserve database that told him where I had deposits. Cohn found accounts I had forgotten long ago: $503 at Apple Bank for Savings in an account held by a long-ago landlord as a security deposit; $7 in a dormant savings account at Chase Manhattan Bank; $1,000 in another Chase account. A few days later Cohn struck the mother lode. He located my cash management account, opened a few months earlier at Merrill Lynch &Co. That gave him a peek at my balance, direct deposits from work, withdrawals, ATM visits, check numbers with dates and amounts, and the name of my broker. (End of excerpt) Cohn is even willing to lead officials to believe he is a law enforcement officer as this excerpt demonstrates: How did Cohn get hold of my Merrill Lynch secrets? Directly from the source. Cohn says he phoned Merrill Lynch and talked to one of 500 employees who can tap into my data. "Hi, I'm Dan Cohn, a licensed state investigator conducting an investigation of an Adam Penenberg," he told the staffer, knowing the words "licensed" and "state" make it sound like he works for law enforcement. Then he recited my Social Security, birth date and address, "and before I could get out anything more he spat out your account number." Cohn told the helpful worker: "I talked to Penenberg's broker, um, I can't remember his name...." "Dan Dunn?" the Merrill Lynch guy asked. "Yeah, Dan Dunn," Cohn said. The staffer then read Cohn my complete history--balance, deposits, withdrawals, check numbers and amounts. "You have to talk in the lingo the bank people talk so they don't even know they are being taken," he says. (End of excerpt) But the Forbes reporter (Penenberg) did some further digging and uncovered what appears to be direct evidence of the use of impersonation and pretext in the following excerpt: Sprint, my long distance carrier, investigated how my account was breached and found that a Mr. Penenberg had called to inquire about my most recent bill. Cohn says only that he called his government contact. Whoever made the call, "he posed as you and had enough information to convince our customer service representative that he was you," says Russ R. Robinson, a Sprint spokesman. "We want to make it easy for our customers to do business with us over the phone, so you are darned if you do and darned if you don't." Bell Atlantic, my local phone company, told me a similar tale, only it was a Mrs. Penenberg who called in on behalf of her husband. I recently attended a conference in Las Vegas but don't remember having tied the knot. (End of excerpt) Finally, Cohn believes he is justified in what he does: Daniel Cohn makes no apologies for how he earns a living. He sees himself as a data-robbing Robin Hood. "The problem isn't the amount of information available, it's the fact that until recently only the wealthy could afford it. That's where we come in." (End of excerpt) I have one question. Why are Dan Cohn and Docusearch still in business? Docusearch is not alone. There are now more information brokers and private investigators openly advertising their ability to obtain and sell financial information then there were in 1998. These ads continue to be found on the World Wide Web, in the yellow pages and in legal and investigative trade journals. In fact, there has been an ad running in the local edition of the Legal Times that can be found in many law firms and federal offices here in Washington. I suspect copies can be found at the FBI, U.S. Attorney's Office, the Department of Justice, and the Federal Trade Commission. One phone call to this company determined they offer the ability to locate an address for an individual for $65 if the social security number is provided and $115 if the social security number is not provided. Further, and more to the point, for $200 they will supply the name of the bank, the type of account maintained and the balance in the account for the individual specified. There was a further offer extended by the company to confirm that the funds are available and there would be no charge if there were only minimal funds in the account. The scenario presented to the company fell squarely within the four corners of Gramm-Leach-Bliley that would make the request and provision of the banking information illegal if accomplished by pretext. The company was informed that a woman was trying to locate a current address for a live-in boyfriend who had skipped town with money from her checking account. There was nothing in the scenario presented that even began to come close to the exceptions enacted as part of Gramm-Leach-Bliley. In fact, as the committee is aware, on August 30th Committee Senior Counsel Jim Clinger, Special Agent John Forbes, Committee Staff Member Alison Watson and I called numerous private investigators and information brokers around the country in an effort to determine how many would sell bank account information and under what circumstances. We decided that we would survey the first ten companies that we could reach by phone. The companies were selected randomly by Special Agent Forbes based upon their advertisements. All of the companies were presented with the scenario outlined above. In less than three hours the first ten companies we reached were all willing to sell us personal bank account information detailed enough to raise the educated belief that the information would be obtained by pretext or other deceptive means. Not a single company we reached turned us down. Not one. More to the point, two of the companies' representatives made specific mention of "privacy laws" and "federal statutes" being a hindrance to their ability to provide the information. However, we were told, they could still succeed but just "don't tell anybody" that we had obtained the information. One individual referred to the fact that he had 11 years banking experience and guaranteed that he could find the bank and that 80% of the time he could get the account number and balance. Several of the companies stated that they could get us individual transaction records including deposit information. One offered to teach us how to determine the amount in the account once he located the bank and account number. One company stated that it would check the Federal Reserve section for the part of the country where the individual was located. This same company claimed to work for "hundreds and hundreds of attorneys and collection agencies". Further, they stated that they had found $1.2 million dollars in an account just the previous day for an attorney. They advised us to wait for the banking information before going to Court. Another company stated they would locate the information if we had a "Court filing judgment" or a letter from an attorney giving the name of the person the account information was being sought for and the reason. This company stated they could find local bank information for $200 and statewide information for $500 including account numbers and balances. Several of the companies offered to locate safety deposit box locations and securities related information. One company charges $175 to locate the name and address of the bank if you have a judgment. However, the same company offered for $250 to locate all accounts, account numbers, balances, mutual funds, names on the accounts, dates of closure if an account was closed, and safety deposit box information if we didn't have a judgment. Here is just one example of the type of advertising we found: Welcome to (name omitted). We can perform bank account and investment searches anywhere in the USA and the World. Bank account searches can be used to collect judgements, verify net worth of individuals and companies, or any other purposes. We can search: Bank Accounts Checking Savings Investments Stocks Bonds Commodities Mutual Funds Safety deposit boxes And much, much more. We can search by: State Country Offshore account searches also available. Disclaimer: We limit retrieval to documents or information available from a public entity or public utility which are intended for public use and do not further elaborate on that information contained in the public entity or public utility records. Must Be 18 or Older for a Consultation or Record Search. We take no responsibility and assume no liability for any privacy claims as we neither utilize, reveal, nor attempt to access any confidential information concerning the parties involved in the search. We are not a licensed private investigator, and we do not engage in any activities for which a license is required. (End of excerpts) The disclaimer is amazing in light of the fact that this company offered to sell us the amount located in a checking account and the deposit history to the account for $275. I cannot fathom a single way that account balance and deposit transaction records could be "intended for public use". Indeed this would be a direct revelation of "confidential information". No company we reached asked any questions that would logically follow from the passage of Gramm-Leach-Bliley, even when they had disclaimers in the advertisements suggesting that there were restrictions on who could obtain banking information and under what circumstances. Further, in addition to the overt remarks made by several companies to the minor obstacles presented by "federal statutes" and "privacy laws" the advertisements and telephonic presentations bore all the classic signs of pretext operations. These include no-hit/no-fee guarantees; length of time required to complete the search; higher pricing; and types of information being sold. These results are troubling and point to the inescapable conclusion that there are now criminals hiding behind professional titles such as "information broker", "private investigator", and "judicial judgment collector". I do not make this statement lightly as I was a private investigator for seventeen years and was very proud of my profession. There are thousands of good, honest private investigators, information brokers, and collection professionals working everyday in this country to assist citizens and attorneys at all levels of our judicial system. I receive emails everyday from investigators and brokers who are upset and demoralized because of the practices of some who feel it is easier to steal information instead of using the lawful means that all others who obey the law do. The good, honest professionals are looking to their government to step in and stop these criminals. Further, many of the information brokers, private investigators, and judicial judgment collectors belong to national trade associations. In fact, many of these association members and their leaders can be found in Internet chat areas trading pretext methods. This begs the question: What are these associations doing to police their membership? The Effectiveness Of Efforts By The Financial Services Industry To Deter And Detect Fraudulent Attempts To Obtain Confidential Account Information The financial services industry has for many years utilized various methods of combating fraud and protecting the confidentiality of customer information. As I stated in my testimony two years ago, I believe the industry was not aware of the techniques being used by information brokers and investigators to penetrate their security protocols by means of pretext and impersonation. Indeed, most Americans remain ignorant of the practices of unscrupulous information brokers. The financial services industry is traditionally between a rock and a hard place when it comes to information security. Customers want their information to remain confidential. At the same time, they want easy access twenty-four hours a day to that same confidential information. It is this very dilemma that criminals exploit. The financial services industry is starting to move aggressively to combat the methods and deceptive practices used by identity thieves and infobrokers that seek to illegally gain access to confidential information and in many cases to steal the funds of institution customers. Upgraded and newly developed computer systems and programs work to oversee billions of transactions each day in an effort to identify potentially fraudulent activity. Education and training programs are being modified and instituted to teach all institution employees the signs of identity theft and fraud and what steps to take. Institutions that have taken steps to determine if information brokers are attempting to access confidential information have found that this is indeed the case. More and more institutions are moving to institute passwords and personal identification numbers (PINS) that provide true access protection. But, many more need to move in that direction. Customers are starting to be notified by institutions concerning the reason and need for certain security protocols. Again, more needs to be done in this area. There is much education, training and work that remains. I am convinced the financial services industry is up to the task. I have had a birds-eye view of the response of the financial services industry over the past two years. I have worked directly with institutions and professional associations to educate them on the issue of pretext and other deceptive practices used to penetrate information security systems. In each instance I have found that the privacy, administrative and security leaders in the institutions and at association meetings are genuinely concerned about solving this problem and are moving to do so. The financial services industry relies on a reputation for confidentiality to survive. Recent well publicized cases of institutions not protecting customer information both here and abroad illustrate the harm that will quickly be realized by an institution that does not protect customers. This concern has led, in one instance, to the American Bankers Association distributing to the entire membership an education and basic training program on pretext calling I was asked to author at the association's initiative. The portion I authored was just a small part of a comprehensive three part series the ABA has distributed to the membership to address the subject of identity theft and privacy in detail over the course of this past year. I believe these materials will aid in thwarting the practices of the Dan Cohns of this world. I have been asked to speak on a number of occasions to groups of bankers to demonstrate to them how to spot pretext calls, how to educate financial services employees about pretext, and what steps to take at the institution level to thwart information security intrusions. Indeed, you would be hard pressed to find a gathering of bankers anywhere today where the subject of privacy is not addressed at length as a major topic of discussion. Further, the financial services industry did not wait for the passage of GLB to address the issue of pretext. Almost immediately after my testimony in 1998 the ABA was distributing materials and videotapes to any institution concerning pretext and updated information security practices. It is too early to tell how effectively the defenses now being installed by financial institutions are working to thwart pretext. However, judging by the number of firms advertising the ability to obtain financial information there is still more to be done. However, unless we end legitimate customer access to account information, there will always be criminals who will attempt to steal that information. The financial services industry needs a helping hand from law enforcement. These criminals must be prosecuted. The message needs to be sent that Federal law enforcement is serious about protecting financial institution customers. It is time to act. Emerging Threats To Financial Privacy While the traditional methods of pretext presented before this Committee two years ago continue, there are new emerging threats to the security of information within financial institutions. Those who use creative means to obtain personal information are not resting and waiting to see what Congress or law enforcement will do next to protect the privacy and confidentiality of U.S. citizens. These individuals and companies continue to develop methods to locate citizens and their confidential information. There is much fear that the loss of routinely accessed credit headers will diminish the ability to easily access personal biographical information used as part of a pretext. Therefore, some who seek that information are moving to develop other "sources" and "methods" to develop personal information needed to begin a successful pretext. The fastest growing method used to "skiptrace" for the current address and other personal information of an individual is to obtain the information from the phone company. Most United States citizens believe that their phone records are private unless obtained by subpoena or other form of Court order. This is especially true for the millions of Americans who pay extra to have a non-published or unlisted phone number. Most citizens would further think that who they call and how long they talk is also a private matter. Most citizens would be wrong. For years I have seen the sale of private telephone information on the web and in investigative and legal trade journals. These services include the acquisition and sale of non-published and unlisted phone numbers and records; long distance toll records; cellular phone records; pager records; fax records; the current phone number and address for the owner of a disconnected phone, and much more. While these practices are bad enough, and need to be addressed by Congress and/or law enforcement, the latest development is equally worrisome. Currently, there are presentations of closed, highly secure classes for private investigators and information brokers, teaching the inner workings of the telecommunications industry. These classes are being coupled with databases being developed in the private investigative community to assist in obtaining information held by telecommunications companies. Once obtained this data can then be sold and/or used as part of further identity theft and pretexts used in any number of scenarios, but certainly as the starting point for information gathered as part of a pretext against a financial institution or directly against the financial consumer. Here is an advertisement being widely distributed for these classes: NOW! COMING TO LOS ANGELES! Telecom Secrets Seminar or Using Telecom as a new way to skiptrace and locate. by Michele "Ma Bell" Yontef, CMI Telecom Investigations Specialist, Licensed Private Investigator, Paralegal, Server of Process, Notary, Constable of Court ******************************************************************************************** This is a seminar that will take you from being someone who uses a phone in investigations, to someone who uses the whole telecommunications system to further your investigations. You will gain a comprehensive understanding of the phone system, and how to use that system to get the information you need to close the case. With so many of our "tools of the trade" being taken from us by recent privacy laws, this is a "must attend" seminar. Using Michele's completely legal methods we can continue to obtain the information that is vital to us and to our clients. Don't let yourself or your clients down, learn new and better ways to increase your services and your income. No recording of any kind will be permitted. There will be extensive security measures. Please contact Vicki for details. All attendees will be required to sign a non-disclosure agreement. West Coast Professional Services reserves the right to refuse admittance. These techniques are completely legal, but are being taught only to Investigators and Law Enforcement Officers. Restrictions apply. ************************************************************************************************ A statement from Michele regarding the content: I will be talking about everything from how to make totally anonymous calls to finding the carrier of any type of line. I will be explaining how things in the Telecom work, so that you will know how to legally maneuver around any obstacle. I will show you how to skip trace and locate like never before, by using the Telecom as a database. I will tell you what the operator knows about you, who can hear you talking on the phone, how to perform all types of procedures, and I will be giving you a ton of vital information in my booklets that accompany the seminar. I will also introduce a new form of searching for skips and will open to you first, my brand new database, that encompasses EVERY numerical search you have ever seen online, plus many more new search ideas that I can teach you about in the seminar as well. For example, did you know that the type of switching your telephone company has you hooked into can allow a listen in on your lines...I will explain how to tell what kind of switching you have, and how it can either lend to the listen in, or block it. I can also show you how to use my database to find that switching for any party, and use it to trace a number to CNA, without ever picking up the phone to pretext anyone! I have brought home missing children, using the secret searches I will disclose to all of you that attend. (End)(Emphasis added) Here is another widely distributed reference: Here's an unedited letter from (name deleted), who just experienced the Telecom Secrets Seminar by Michele "Ma Bell" Yontef... Colleagues: There are currently three days to prepare yourself, if you are attending the Los Angeles version of the "Telecom secrets" Seminar. You need to practice taking notes, and be ready to absorb the information like a sponge. There is a lot of it, but it's actually very easy to learn. Michele teaches you about how the entire telecommunications system works, then gives you the secrets of how you can use it to do your own non-pubs, CNA's and disconnects, as well as the rationale that leads you to be able to determine the location of some of the toughest skiptrace assignments and locates, you have ever attempted. I sat in awe, writing as furiously as I could, through the six hour session with the Iowa Association of Private Investigators, (IAPI), provided by Michele, on Friday afternoon. I cannot tell you how valuable this seminar will be to me, in the coming weeks and months, as I develop my skills, using her technique. The best part is that I'd never even thought of most of this stuff. It is all new, and a wonderful way to expand one's skiptracing skills. It will take practice, but she has given us all a true treasure chest, (and she knows how I love treasure chests! --), and all the other tools to do the job. The price is an absolute bargain, too! Please pay particular attention to the reason for her disclaimers and nondisclosure forms. With all the movement and political wrangling of the privacy advocates, (READ - "reactionaries"), we can't afford to have this excellent legal source tainted by the people who would strangle our profession, and shut off all our sources. End)(Emphasis added) The reference to "CNA's" means customer name and address. The reference to "non-pubs" means the ability to obtain the non-published phone number for an individual. The reference to "disconnects" means the ability to locate the new phone number, name and address for someone who disconnected a phone in addition to determining the owner of a previously disconnected phone number. The database being designed to aid in the acquisition of information maintained by the telecommunications industry has been named "The Last Treasure". The choice of this name is intentional. It was chosen to mean that this database will be the last method available to locate the overwhelming majority of citizens should the carte blanche acquisition of credit header information be restricted. As with the pretext of financial institutions two years ago, the presenters of these classes and the developers of this database claim that this is all legal. I will leave that to others to decide. As a citizen of this country I am dismayed that my phone records can be bought and sold on the Internet. As a former private investigator that has handled several stalking cases I am well aware of the damage that can be done through the acquisition and sale of this information. As a privacy consultant, I am well aware of the fact that information obtained from the phone company can and is often used to start a financial pretext. Should there be any doubt concerning the problems that can be created when confidential phone information is obtained, one look no further then a September 9, 2000 article by Lindsey A. Henry for The Des Moines Register: A West Des Moines woman contends that her ex-husband tracked her down and threatened her after MCI WorldCom gave out her phone number and other information. Peggy Hill, 33, is suing the long-distance company in federal court in Des Moines. The lawsuit says her ex-husband in Georgia called MCI at least 10 times in June 1999 asking for her billing information and the numbers she had called. MCI representatives gave him the information and even changed her calling plan at his request, the lawsuit said. (End of Excerpt) Here was a woman being stalked by her ex-husband and taking precautions, only to be thwarted by the ease with which her phone records were accessed: Hill thought she had protected herself, her lawsuit says. She moved several times after her divorce in 1992. She paid for an unlisted number. She asked MCI to keep her information confidential, according to the lawsuit. Only after Hill called to complain did MCI employees flag her account with a warning, according to subpoenaed MCI files. "Please do not look up numbers for him or give him names of where numbers are dialed to," the notation said. "Peggy is in danger!!!!!! . . . MCI should not have given this man any information!!!!!!" (End of excerpt) The following claim of rarity when it comes to the release of confidential phone records is laughable given the ease with which Infobrokers buy and sell phone company customer records every day and widely advertise their ability to do so on the Internet: Sandy Kearney, an investigator for the Iowa attorney general's office, said Hill's situation was rare. "I hear all the time from telephone companies claiming to not release information without permission," she said. Hill's lawyer, George LaMarca, said the lawsuit should remind companies of their obligation to protect customers. "We can't get services without entrusting our most confidential and personal information to companies," LaMarca said. "When we do that, we expect confidentiality. When that trust is breached, companies should expect to pay the consequences." (End of excerpt) Just as this husband was able to allegedly access his ex-wife's customer records, identity thieves, private investigators, information brokers and judicial judgment collectors use similar techniques everyday to access these same records. All they need do is impersonate the customer or the relative of a customer. This common knowledge amongst identity criminals is being used as the starting point for access to personally identifiable information that can then be used to access financial information. This committee will recall the testimony of one of the "Godfathers" of the information broker industry in this very room two years ago. Al Schweitzer instructed us all at that time that one of the most common financial pretexts begins with either a pretext call to the consumer impersonating someone from the phone company, or a pretext call to the phone company to develop personal information to be used as part of a further pretext against the consumer and/or financial institution. The problem continues today and is growing in scope and sophistication. I would like to ring one final warning bell concerning the use of pretext and deceptive information security penetration practices. These are the very techniques that are used by individuals engaged in corporate espionage. Every day these techniques are used to steal our nation's corporate and military trade secrets and other forms of confidential information. I know that our military is aware of this as representatives of the Pentagon asked me to present a private briefing after my last appearance here in 1998. I will not disclose in an open forum what I was able to demonstrate in that briefing other than to state that I believe it confirmed concerns on the part of the officials I met with in relation to a threat that could easily put our country at a disadvantage during a time of crisis. This Committee, which oversees the safety and soundness of our Nation's financial system, should be concerned about the threat that corporate espionage, both domestic and foreign, poses to the financial well being of our country. This is the "Information Age" and our country is the leader in that regard. It is precisely that leadership position which is driving this unprecedented economic boom we are all witnessing. Information technology advantages are paramount to our continued economic success. This is why information security is all-important to that success. Companies are discovering the need for computer system firewalls, yet are woefully unprepared when it comes to social engineering security penetrations and a laissez faire attitude concerning who information is disclosed to telephonically and otherwise. Simply put. Loose lips do sink the corporate ships of today and tomorrow. The most infamous computer "hacker" on the planet, Kevin Mitnick, obtained the plans for an unreleased Motorola product by direct "pretext" phone calls to Motorola employees who then faxed him the plans to his home! If you speak to Mr. Mitnick, you will learn that he obtained just as much confidential information via "dumpster diving" and social engineering (pretext) as he ever did by a true computer hack attack. Another method that is becoming more common is the use of a "Trojan check". An investigator or broker will create a fictitious business name and open a checking account in that business name. A small check will be mailed to the target as a "rebate" or "prize" stamped on the back "for deposit only". Once the check has been deposited and is returned to the fictitious company the banking information obtained on the back of the check can be used to further the pretext to determine the amount of funds held in the account. There is great debate in the investigative and broker communities as to the legality of this practice given Gramm-Leach-Bliley and the deceptive trade practices statutes. While the debate continues, so does the practice. Informal networks of investigators, infobrokers, judgment collectors, and collection professionals are found all over the Internet. It is not uncommon to see requests for "contacts" in financial services institutions. Some collection professionals openly advertise their ability to provide information maintained within their files. Routinely, there are account and file numbers along with the names of targets placed on the Internet for inspection by others to determine if information can be traded or obtained. Vehicle tracking devices are being offered for sale in order to follow or record the travels of citizens. While not directly relevant to the pretext of financial information, it demonstrates the length that some will go to in order to obtain information on citizens in the United States today. If law enforcement agencies of State and Federal governments were caught doing these practices absent a constitutionally permissible purpose and/or Court order there would be rioting in the streets. Yet every day these events are carried out by private investigators, information brokers and judgment collectors who have no authority above that of a private citizen and no one blinks. From where I sit, my privacy is just as violated whether the intrusion comes from a person with a badge or not. What Needs To Be Done I would like to make some suggestions concerning what needs to be done to continue the battle against the use of fraud and deception to access financial information. First, we need swift, aggressive, nationwide action by law enforcement to begin criminal investigation and prosecution of those who are thumbing their noses at the provisions of Gramm-Leach-Bliley and other appropriate statutes. I hope the information I provided in 1998 and today supports this conclusion. Second, GLB needs to be amended. The narrowly crafted child-support exemption for the use of pretext is being used as an advertising shield by private investigators to hide behind while continuing the covert sale of financial information that falls outside of the GLB exemptions. The provisions of GLB that allow for pretext in a child support situation state as follows: Sec. 521 (g) NONAPPLICABILITY TO COLLECTION OF CHILD SUPPORT JUDGMENTS- No provision of this section shall be construed to prevent any State-licensed private investigator, or any officer, employee, or agent of such private investigator, from obtaining customer information of a financial institution, to the extent reasonably necessary to collect child support from a person adjudged to have been delinquent in his or her obligations by a Federal or State court, and to the extent that such action by a State-licensed private investigator is not unlawful under any other Federal or State law or regulation, and has been authorized by an order or judgment of a court of competent jurisdiction. The operative language is: "No provision of this section shall be construed to prevent any State-licensed private investigator.from obtaining customer information of a financial institution...to collect child support from a person adjudged to have been delinquent in his or her obligations by a Federal or State court...AND has been authorized by an order or judgment of a court of competent jurisdiction." This language clearly means from both the legislative history of the act and the plain face of the statute that a judge (Court) must specifically authorize the use of pretext to obtain customer information of "a financial institution". I am not aware of a single case where a Court has authorized a private investigator to intentionally deceive a financial institution in order to obtain customer information. It is easy to understand why this has not happened and most likely never will. The presumptive evidentiary burden that would be required to obtain such an order would easily support the issuance of a subpoena to the institution that the information is being sought from and is being contemplated for pretext. Unless Congress has evidence that financial institutions routinely falsify responses to subpoenas it is hard to fathom why this provision was placed in GLB. Further, this section states: "to the extent reasonably necessary to collect child support from a person adjudged to have been delinquent in his or her obligations by a Federal or State court." The legislative history of this exemption was a claim made by some representatives of the private investigative industry that pretext was needed as there was no other method available to locate the financial institution holdings of deadbeat parents who lie to the Courts. This claim was not true at the time, as there are many lawful ways to pursue overdue non-custodial child support payments and many taxpayer funded agencies designed to fill that role. However, even if this argument is accepted as a legitimate historical reason for the exemption, there is no longer any legislatively justifiable reason to maintain the exemption given the provisions of the Personal Responsibility and Work Opportunity Reconciliation Act of 1996 which are now in effect and mandate that all financial institutions cooperate with the government by providing the financial information of delinquent child support parents directly to the Federal government for asset forfeiture. The following excerpt describing this procedure is from a front-page article written by Robert O'Harrow, Jr. in the Sunday, June 27, 1999 edition of the Washington Post: As part of a new and aggressive effort to track down parents who owe child support, the federal government has created a vast computerized data-monitoring system that includes all individuals with new jobs and the names, addresses, Social Security numbers and wages of nearly every working adult in the United States. Government agencies have long gathered personal information for specific reasons, such as collecting taxes. But never before have federal officials had the legal authority and technological ability to locate so many Americans found to be delinquent parents -- or such potential to keep tabs on Americans accused of nothing. The system was established under a little-known part of the law overhauling welfare three years ago. It calls for all employers to quickly file reports on every person they hire and, quarterly, the wages of every worker. States regularly must report all people seeking unemployment benefits and all child-support cases. Starting next month, the system will reach further. Large banks and other financial institutions will be obligated to search for data about delinquent parents by name on behalf of the government, providing authorities with details about bank accounts, money-market mutual funds and other holdings of those parents. State officials, meanwhile, have sharply expanded the use of Social Security numbers. Congress ordered the officials to obtain the nine-digit numbers when issuing licenses -- such as drivers', doctors' and outdoorsmen's -- in order to revoke the licenses of delinquents. Enforcement officials say the coupling of computer technology with details about individuals' employment and financial holdings will give them an unparalleled ability to identify and locate parents who owe child support and, when necessary, withhold money from their paychecks or freeze their financial assets. (End of excerpt) (Emphasis added by Robert Douglas) O'Harrow went on to describe in more detail how the new system operates: Next month, financial institutions that operate in multiple states -- such as Crestar Financial Corp., Charles Schwab & Co. and the State Department Federal Credit Union -- will begin comparing a list of more than 3 million known delinquents against their customer accounts. Under federal law, the institutions are obligated to return the names, Social Security numbers and account details of delinquents they turn up. The Administration for Children and Families will then forward that financial information to the appropriate states. For security reasons, spokesman Kharfen said, the agency will not mix the financial data with information about new hires, wages and the like. Bank account information will be deleted after 90 days. In a test run this spring, Wells Fargo & Co. identified 72,000 customers whom states have identified as delinquents. NationsBank Corp. found 74,000 alleged delinquents in its test. Later this year, smaller companies that operate only in one state will be asked to perform a similar service. Officials say most of these institutions will compare their files against the government's. But some operations that don't have enough computing power -- such as small local banks, credit unions and securities firms -- will hand over lists of customers to state officials for inspection. States can then administratively freeze the accounts. In California, more than 100 financial institutions have already handed over lists of all their depositors to state officials, including names, Social Security numbers and account balances, a state official said. (End of excerpt) (Emphasis added by Robert Douglas) Finally, the exemption places GLB in direct conflict with other federal statutes outlawing wire and mail fraud and unfair and deceptive trade practices. The exemption also places GLB in direct conflict with many State laws and creates nothing short of a judicial quagmire. Simply put, there is no legitimate reason to continue the child support exemption to Gramm-Leach-Bliley. There is a legitimate reason to strike it from the statute as companies are using it as pretence to advertise their ability to locate financial institution customer information. All the ad need say is the request must be in compliance with applicable laws and that all requests are performed on that basis. Once the investigator is comfortable that the requestor is not law enforcement running a sting operation-they sell any information in complete disregard of the law. Our survey proved this ten times over. Third, financial institutions must continue the work they have started to take every precaution necessary to teach all banking employees about the methods associated with identity theft and pretext so that employees can spot fraudulent acts and know what to do when an act is detected. This will require regular and ongoing education, training and auditing programs to maintain the highest level of information security possible. Infobrokers and identity thieves are constantly developing new techniques and methods. The financial services industry must work to stay abreast of these techniques. Fourth, the federal regulatory agencies must also continue to stay abreast of information security threats and implement appropriate standards and regulations. Audits need to assess the effectiveness of programs in place. Finally, this Committee must continue on a regular basis to exercise the appropriate oversight functions necessary to ensure that agencies of the federal government continue to take every step available to stop illegal access of personal and confidential customer information. I know that we are late in the Congressional session and that Chairman Leach will be passing the baton next year. I also am aware that when the baton passes there may be changes in the staff of the Committee. I genuinely hope that no matter who takes up the leadership of the Committee and no matter from which side of the aisle, that there will continue an institutional memory to follow this issue. I truly believe it is of profound import to the health of our financial services industry in this country. Conclusion In closing, when I appeared before this Committee in 1998 I recited a long laundry list of the dangers posed by the deceptive methods in use by some private investigators and information brokers to gain illegal access to confidential and protected information. There were some who found it hard to believe that what I claimed was true or as serious as I presented the problem. However, those in the investigative and information broker industries who were practicing these techniques knew that I had spoken honestly and were not pleased to have sunshine illuminating their practices. I soon began fielding phone calls from across the country. The hearing had been carried on C-SPAN. In brief, the attention to these techniques was not well received by some. I was condemned by many and even received two death threats. I mention this because the information being obtained illegally is in many cases both quite serious and lucrative for those buying and selling it and often places others in physical danger. One needs to look no further than the case of James and Regina Rapp of Touch Tone Services to see that this is true. They were running a million dollar a year operation in Denver Colorado with numerous employees when Denver and Los Angeles law enforcement officers caught up with them along with the FTC. Why so many agencies? A short list of the Rapp's alleged activities points to the answer. The following allegations were reported: Touch Tone had accessed and sold information concerning undercover Los Angeles police detectives including their private unlisted phone and pager records to a member of the "Israeli mafia", placing the lives of the officers, the officers' families, the officers' confidential informants, and active organized crime investigations in danger. Touchtone accessed and sold information concerning the murder of Ennis Cosby, son of famed comedian Bill Cosby. Touchtone accessed and sold personal and confidential information regarding the Columbine High School massacre victims and families including home addresses, unlisted home telephone numbers, banking, and credit card records. Touchtone inserted itself into the Jon Benet Ramsey investigation. Here is a list written by James Rapp to a California private investigator outlining the Rapp's work in the Jon Benet Ramsey murder investigation: Here is a list of all Ramsey cases we have been involved with during the past lifetime (sic). 1. Cellular toll records, both for John & Patsy. 2. Land line tolls for the Michigan and Boulder homes. 3. Tolls on the investigative firm. 4. Tolls and home location on the housekeeper, Mr. & Mrs. Mervin Pugh. 5. Credit card tolls on the following: a. Mr. John Ramsey, AMX & VISA b. Mr. John Ramsey Jr., AMX. 6. Home location of ex-wife in Georgia, we have number, address & tolls. 7. Banking investigation on Access Graphics, Mr. Ramsey's company, as well as banking information on Mr. Ramsey personal. 8. We have the name, address & number of Mr. Sawyer & Mr. Smith, who sold the pictures to the Golbe (sic), we also have tolls on their phone. 9. The investigative firm of H. Ellis Armstead, we achieved all their land and cellular lines, as well as cellular tolls, they were the investigative firm assisting the Boulder DA's office, as well as assisting the Ramseys. 10. Detective Bill Palmer, Boulder P.D., we achieved personal address and numbers. 11. The public relations individual "Pat Kroton" (sic) for the Ramseys, we achieved the hotel and call detail where he was staying during his assistance to the Ramseys. We also have his direct cellular phone records. 12. We also achieved the son's John Jr.'s SSN and DOB. 13. During all our credit card cases, we acquired all ticket numbers, flight numbers, dates of flights, departing times and arriving times. 14. Friend of the Ramseys, working with the city of Boulder, Mr. Jay Elowskay, we have his personal info. Of course, all the above have been repeatedly asked for over and over again. Let me know if I can be of further assistance in this or any matter. (End of letter) This one company, Touchtone, had a client list of more than 1,200 spread across the country. Another local Montgomery County, Maryland private investigator admitted to obtaining the phone records of Kathleen Willey, a witness in the criminal investigation of President Clinton. These are just two companies. There are dozens of companies still in operation today. There can be little doubt as to the serious implications of the activities of these companies. Mr. Chairman and members of the Committee, as I leave you today, I hope that the time and effort I have placed in this testimony will serve as a blueprint for further examination by this Congress of matters deserving attention. Thank you. Appendix II U.S. Secret Service Testimony of Mr. Bruce A. Townsend Special Agent in Charge - Financial Crimes Division For Presentation to the Committee on Banking and Financial Services U.S. House of Representatives September 13, 2000 Mr. Chairman, members of the Committee, thank you for the opportunity to address the Committee on the subject of identity theft and the Secret Service's efforts to combat this problem. I have prepared a comprehensive statement that will be submitted for the record, and with the Committee's permission, I will summarize my statement at this time. In addition to providing the highest level of physical protection to our nation's leaders, the Secret Service exercises broad investigative jurisdiction over a variety of financial crimes. As the original guardian of our nation's financial payment systems, the Secret Service has a long history of pursuing those who would victimize our financial institutions and law-abiding citizens. In recent years, the combination of the information technology revolution and the effects of globalization have caused the investigative mission of the Secret Service to evolve in a manner that cannot be overstated. Today we are faced with a new challenge--that of identity theft. The Secret Service views identity theft as a disturbing combination of old schemes and abuse of emerging technologies. However, it should be clear--this crime is about more than the theft of money or property. This crime is about the theft of things that cannot be so easily replaced--a person's good name, a reputation in the community--years of hard work and commitment to goals. Make no mistake about it; this crime is a particularly invasive crime that can leave victims picking up the pieces of their lives for months or even years afterward. Mr. Chairman, we in the Secret Service applaud your efforts in convening this hearing today. We stand ready to work with you and all the members of the committee in attacking the crime of identity theft. It is our belief that hearings such as this will be the catalyst to bring together the resources of both state and Federal Governments in a unified response to the identity theft problem. Congress has already taken an important step in providing increased protection for the victims of identity theft through the enhancements made to Title 18, United States Code, Section 1028, by the Identity Theft and Assumption Deterrence Act, which was signed into law in October of 1998. This law accomplished four things simultaneously. First, it identified people whose credit had been compromised as true victims. Historically with financial crimes such as bank fraud or credit card fraud, the victim identified by statute, was the person, business or financial institution that lost the money. All too often the victims of identity theft, whose credit was destroyed, were not even recognized as victims. This is no longer the case. Second, this law established the Federal Trade Commission (FTC) as the one central point of contact for these victims to report all instances of identity theft. This collection of all information involving ID theft cases allows us to identify systemic weaknesses and enables law enforcement to retrieve all investigative data from one central location. It further allows the FTC to provide people with the information and assistance they need in order to take the steps necessary to correct their credit records. Third, this law provided increased sentencing potential and enhanced asset forfeiture provisions. These enhancements help to reach prosecutorial thresholds and allow for the repatriation of funds to victims. Lastly, this law closed a loophole in Title 18, United States Code, Section 1028, by making it illegal to steal another person's personal identification information with the intent to commit a violation. Previously, under Section 1028, only the production or possession of false identity documents was prohibited. With advances in technology such as E-Commerce and the Internet, criminals today do not need actual documents to assume an identity. We believe the enactment of this legislation is an important component in bringing together both the federal and state government, in a focused and unified response to the identity theft problem. Today, law enforcement and regulatory and community assistance organizations have joined forces through a variety of working groups, task forces, and information sharing initiatives to assist the victims of identity theft. Victims no longer have to feel abandoned, with no where to turn. Policies and procedures are being initiated to expedite the reporting of this crime. Civil remedies are also being created allowing for victims to seek restitution. The Secret Service "Victim Witness Assistance Program" aids identity theft victims by providing resources and contact information for credit bureaus and service programs. The financial community continues to design and implement security measures that minimize the exploitation of true persons names and identification information. The Secret Service has broad investigative responsibilities relating to financial crimes. Today, some type of false identification is a prerequisite for nearly all financial fraud crimes. False ID's provide anonymity to criminals and allow for repeat victimization of the same individual while perpetrating a variety of fraud schemes. Often, in their attempt to remain anonymous, criminals may randomly assume the identity of another individual through the creation of false identification documents. In these cases, the goal may not be to target an individual for the purposes of stealing his or her identity. Yet, by coincidence, that individual's identity has been compromised through the criminal's use of their personal identifiers. False identification documents, either altered, counterfeited, or fraudulently obtained, are routinely used with loan and check fraud schemes, and almost all credit card fraud schemes. Ironically, the credit industry through capital investments over the past 10 years has strengthened the integrity of the system through security measures, which effectively thwart some types of direct counterfeiting. Subsequently, criminals no longer simply create names and identities; they must more often rely on the identifiers of real people. As we enter the next century, the strength of the financial industry has never been greater. A strong economy, burgeoning use of the Internet and advanced technology, coupled with increased spending has led to fierce competition within the financial sector. Although this provides benefits to the consumer through readily available credit, and consumer oriented financial services, it also creates a rich environment for today's sophisticated criminals, many of whom are organized and operate across international borders. In addition, information collection has become a common byproduct of the newly emerging e-commerce. Internet purchases credit card sales and other forms of electronic transactions are being captured, stored, and analyzed by entrepreneurs intent on increasing their market share. This has led to an entirely new business sector being created which promotes the buying and selling of personal information. With the advent of the Internet, companies have been created for the sole purpose of data mining, data warehousing, and brokering of this information. These companies collect a wealth of information about consumers, including information as confidential as their medical histories. Consumers routinely provide personal, financial and health information to companies engaged in business on the Internet. Consumers may not realize that the information they provide in credit card applications, loan applications, or with merchants they patronize, are valuable commodities in this new age of information trading. Data collection companies like all businesses are profit motivated, and as such, may be more concerned with generating potential customers rather than the misuse of this information by unscrupulous individuals. This readily available personal information in conjunction with the customer friendly marketing environment has presented ample opportunities for criminals intent on exploiting the situation for economic gain. The Secret Service has investigated numerous cases where criminals have used other people' s identities to purchase everything from computers to houses. Financial institutions must continually practice due diligence or they will fall victim to the criminal who attempts to obtain a loan or cash a counterfeit check using someone else's identity. As financial institutions and merchants become more cautious in their approach to "hand to hand" transactions the criminals are looking for other venues to compromise. Today, criminals need look no further than the Internet. For example, an Internet fraud investigation conducted by the secret service, Department of Defense, Postal Inspection Service, and the Social Security Administration Inspector General's Office highlighted the ease with which criminals can obtain personal information through public sources. These defendants accessed a web site that published the promotion list of high ranking military officers. This site further documented personal information on these officers that was used to fraudulently obtain credit, merchandise, and other services. In this particular case the financial institution, in an effort to operate in a consumer friendly manner issued credit over the Internet in less than a minute. Approval for credit was granted after conducting a credit check for the applicant who provided a "true name" and matching "true Social Security Number." All other information provided such as the date of birth, address and telephone number, that could have been used for further verification, was fraudulent. The failure of this bank to conduct a more comprehensive verification process resulted in substantial losses and more importantly a long list of high-ranking military officers who became victims of identity fraud. The Internet provides the anonymity criminals desire. In the past, fraud schemes required false identification documents, and necessitated a "face to face" exchange of information and identity verification. Now with just a laptop and modem, criminals are capable of perpetrating a variety of financial crimes without identity documents through the use of stolen personal information. The Secret Service has investigated several cases where cyber criminals have hacked into Internet merchant sites and stolen the personal information and credit card account numbers of their customers. These account numbers are then used with supporting personal information to order merchandise to be mailed throughout the world. Most account holders are not aware that their credit card account has been compromised until they receive their billing statement. Time and time again, criminals have demonstrated the ability to obtain information from businesses conducting commerce on the Internet. This information has been used to facilitate account takeover schemes and other similar frauds. It has become a frightening reality that one individual can literally take over another individual's financial identity without the true victim's knowledge. Cyber criminals are also using information hacked from sites on the Internet to extort money from companies. It is not unprecedented for international hackers to hack into business accounts, steal thousands of credit card account numbers along with the accompanying personal identifiers, and then threaten the companies with exposure unless the hackers are paid a substantial amount of money. The Secret Service continues to attack identity theft by aggressively pursuing our core violations. It is by the successful investigation of criminals involved in financial and computer fraud that we are able to identify and suppress identity theft. As stated earlier, identity theft, and the use of false identification has become an integral component of most financial criminal activity. In order to be successful in suppressing identity theft we believe law enforcement agencies should continue to focus their energy and available resources on the criminal activities that incorporate the misuse or theft of identification information. The Secret Service has achieved success through a consistent three -tiered process of aggressive pro-active investigations, identification of systemic weaknesses, and partnerships with the financial sector to adopt fixes to these weaknesses. The Secret Service's investigative program focuses on three areas of criminal schemes within our core expertise. First, the Secret Service emphasizes the investigation of counterfeit instruments. By counterfeit instruments, I refer to counterfeit currency, counterfeit checks, both commercial and government, counterfeit credit cards, counterfeit stocks or bonds, and virtually any negotiable instrument that can be counterfeited. Many of these schemes would not be possible without the compromise of innocent victim's financial identities. Second, the Secret Service targets organized criminal groups that are engaged in financial crimes on both a national and international scale. Again, we see many of these groups; most notably the Nigerian and Asian organized criminal groups, prolific in their use of stolen financial and personal information to further their financial crime activity. Finally, we focus our resources on community impact cases. The Secret Service works in concert with the state, county, and local police departments to ensure our resources are being targeted to those criminal areas that are of a high concern to the local citizenry. Further, we work very closely with both federal and local prosecutors to ensure that our investigations are relevant, topical and prosecutable under existing guidelines. No area today is more relevant or topical than that of identity theft. It has been our experience that the criminal groups involved in these types of crimes routinely operate in a multi-jurisdictional environment. This has created problems for local law enforcement that generally act as the first responders to their criminal activities. By working closely with other federal, state, and local law enforcement, as well as international police agencies we are able to provide a comprehensive network of intelligence sharing, resource sharing, and technical expertise which bridges jurisdictional boundaries. This partnership approach to law enforcement is exemplified by our financial crimes task forces located throughout the country. Each of these task forces pools the personnel and technical resources and to maximize the expertise of each participating law enforcement agency. A number of these task forces are focused on the Nigerian criminal element operating in this country. As mentioned earlier, this particular ethnic criminal group has historically been involved in a myriad of financial crimes, which incorporate false identification and identity theft. In addition to our inter-dependant working relationship with law enforcement on all levels, our partnership with the private sector has proved invaluable. Representatives from numerous commercial sectors to include the financial, telecommunications, and computer industries have all pledged their support in finding ways to ensure consumer protection while minimizing corporate losses. The secret service has entered into several cooperative efforts with members of the financial sector to address challenges posed by new and emerging technologies. These initiatives have created some new and innovative approaches to identification verification in business. Automated teller machines, E-Commerce, online banking, online trading, smart cards, all once considered futuristic concepts, are now a reality. Each of these technologies lends themselves to creating a "faceless society". In order for businesses to be successful, they can no longer rely upon personal contact as a means of identity verification. One innovative approach that appears to address the problems of identity verification for Internet commerce has been developed and introduced by a member of the financial community. This new product is the first commercial venture by the credit card industry to provide the public with an on line authentication process using chip technology and encryption. Although this product may not end credit card fraud on the Internet, it is the first step in providing a more secure environment in which to conduct Internet commerce. Efforts such as these provide a foundation by which law enforcement and the private sector can build upon. By applying the technologies used in this product and others being developed for the same purpose, we can systemically eliminate the weaknesses in our economic infrastructure, which allow for the misuse of personal information. In conjunction with these technological advances, the Secret Service is actively involved with a number of government sponsored initiatives. At the request of the Attorney General, the Secret Service joined an interagency identity theft subcommittee that was established by the Department of Justice. This group, which is made up of federal and state law enforcement, regulatory agencies, and professional agencies meets regularly to discuss and coordinate investigative and prosecutive strategies as well as consumer education programs. In addition, under the direction of the President, the Treasury Department, with the assistance of the Secret Service, convened a national summit on the subject of identity theft. This summit brought together various federal, state, and private sector entities to discuss and develop policies that will help to prevent identity theft crimes. Follow-up workshops are scheduled for October of this year to focus on ways of assisting consumers and preventing identity theft. As you have heard in this testimony some very positive steps are being taken to address and combat identity theft. The Secret Service will always encourage both business and law enforcement to work together to develop an environment in which personal information is securely guarded. In this age of instant access, knowledge is power. We cannot allow today's criminals to abuse the very systems that were created for the betterment of society. The emotional toll on the lives of those whose identities have been compromised cannot be fully accounted for in dollars and cents. It is all of our responsibilities to protect personal information. The Secret Service acknowledges that identity theft is a very real problem and pledges its support in the Federal Government's efforts to eliminate it. This concludes my prepared statement. I would be happy to answer any questions that you or any other member of the committee may have. Thank you. Home Contact Us Privacy News APC News Services Speeches [Non-text portions of this message have been removed] 5858 From: Andre Holmes <1ach@g...> Date: Sun Jul 28, 2002 0:58am Subject: Emailing: abamoneylaundering2000 Money Laundering Pretext Identity Theft Social Engineering Robert Douglas American Privacy Consultants PrivacyToday.comT Global Privacy Issues At The Click Of Your MouseT Official website of American Privacy Consultants, Inc.T Home Contact Us Privacy News APC News Services Speeches -------------------------------------------------------------------------------- Privacy and Anti-Money Laundering Prevention: How To Handle Statutory Inconsistencies and Customer Expectations Money Laundering Enforcement Seminar American Bankers Association American Bar Association October 31, 2000 Emerging Threats To Financial Information Security: Identity Theft, Pretext, Social Engineering, Forgery, and Impersonation In The Information Age Robert Douglas, CEO American Privacy Consultants, Inc. (www.privacytoday.com) © 2000 Robert Smith Douglas, III More hi-tech methods of access to confidential customer account information are being developed by the financial services industry every day. At the same time threats to information security systems are on the rise. The challenge for the financial services industry, security professionals, law enforcement and Congress is to find the appropriate balance between ease of access for legitimate customers to their confidential information and the passage and enforcement of legislation designed to thwart the growing threats to customer information security. Access To Confidential Financial Information There can be no doubt that confidential customer account information is being accessed and sold every day. In fact, hundreds of web sites, newspapers, magazines, legal and investigative trade journals offer the sale of confidential financial information by private investigators and "information brokers". (For a detailed examination of fraud and access to financial information see Appendix I: Testimony of Robert Douglas before the U.S. House of Representatives, September 13, 2000) As an example, the following web page is from docusearch.com: Bank Account Search Search Price $249.00 Availability National Approximate Return Time 10-18 Business Days* Requires Subject's Full Name, Complete Street Address, Social Security Number* Search Description Given a Subject's full name, complete address and social security number, this search will return the bank name and address, account type, account number, (if available) and approximate current balance of all located personal accounts. We access a proprietary database and identify open accounts using the Subject's SSN, however this search will only identify accounts in the Subject's primary state the business resides. If you suspect accounts exist in more than the primary residing state, a separate search request for each state is required, and should include the Subject's address in that state. *This search requires the Subjects social security number. If the SSN is unknown, we will find it for the purposes of this search but it will not be included in your search result. NOTE: This search uses the Subject's social security number as the account identifier, so only primary account holders are returned. Also, be sure to include any additional information you may have, such as the Subject's home & work telephone, birthdate, mother's maiden name, etc, in the additional comments section. This will greatly increase the odds of a successful search. Responsible Purpose For Search This search may return sensitive, confidential, and/or private information. For this reason, DOCUSEARCH.COM requires an explanation stating the purpose for requesting this search, its' intended use and supporting documentation. Additionally, we reserve the right to decline to perform any search which we deem not to be for a legitimate legal purpose or may cause emotional or physical harm. ImportantDisclaimer Financial searches are for informational purposes only, and are not acceptable as an exhibit or as evidence. Every effort is made to provide a complete & thorough search result. However, no method of research is 100% fool-proof and no firm can offer an absolute guarantee that every account will be found. *This search requires many hours of research and can't be rushed, as we want to return thorough, accurate results. Therefore, this is an approximate return time. (End) In addition to the sale of account information, advertisements offer mechanical devises designed to thwart information security technology. As an example, the following pages list items for sale at hackershomepage.com: SECTION#8 FINANCIAL HACKING 800b MAGNETIC STRIPE CARD READER/WRITER MAGNETIC STRIPE CARD READER/WRITER This device will allow you to change the information on magnetic stripe cards, on ALL 3 tracks, both high and low coercivity. It connects to your computer, either personal or laptop, and runs using supplied software. You must be running Windows 95, 98 or higher and have 8mb of RAM. Using this device is simple. Turn on your computer and run the supplied software. Now, swipe a card through the machine and all the information on the card will be displayed on the computer including account number, credit available, balance, name, etc. Next, using your keyboard, change any and all the information you'd like. Once complete, re-swipe the card through the machine and now your card will have the new information recorded onto the magnetic stripe. You can change any information you'd like including balance and credit information. Magnetic stripe cards are easily recognizable by the brown or black stripe and are found on credit cards, ATM cards, transportation cards, security access cards, etc. For a device that will change the information on smart cards check out item #177. See Photo! Bonus! 802 "Pin Code Hacker",853...............................................ASSEMBLED...$1,500.00 800c BLANK MAGNETIC STRIP CARDS These cards are able to be programmed using the above devices...................................ASSEMBLED...$5.00 each. 800e CARD PRINTING MACHINE This machine will print to all kinds of plastic cards including, credit cards, ATM cards, drivers licenses, smart cards, etc. All software is included to print graphics and text. TECHNICAL SPECIFICATIONS: Technology: Thermal Transfer, Resolution: 300 DPI, Printing Speed: 70 per/hr, Printing Orientation: 0o,90o,180o,270o. ,Printing Area: Full card size, software: IMAGO for Windows or for Macintosh, interface: Serial RS 232, Communication Protocol: ACK/NACK, Baud Rate: 9600/ 19200/38400, Bar Codes: EAN 8-EAN 13-2/5S-2/5I-CODE 39-UPCA-Monarc, Card Size: ISO CR-80 86 x 54mm, Card Thickness :0.27 to 0.80mm (self adapting), Card Material: PVC. ABS, POLYESTER, Power Source : 110-120V, 220-240V, +/- 10%, 50-60 Hz, Weight: 6 Kg, Dimensions: 230mm x 190mm x 190mm. See Photo! Bonus! 853.ASSEMBLED.$4,500.00 800f CARD EMBOSSING MACHINE This machine embosses all kinds of plastic cards, raising the numbers and lettering perfectly just like on credit cards. See Photo! Bonus! 853..................................................................ASSEMBLED...$4,500.00 800h PORTABLE 100 CARD READER This is the device you've heard about and everyone has been asking me to offer. Some waitresses and store clerks are using this device at work. It will store 100 credit card and magnetic stripe card swipes to memory and is powered by lithium camera batteries. The size of this device makes it easily concealable in your pocket. Device can download the information from the swipes to your computer using the supplied cable and software. The software will also easily write the information to any magnetic stripe card using item #800b (sold separately). Download and write to a card in under 20 seconds. Some people have been known to charge as much as $8,000.00 for this device, but we think that's too much. This device can be shipped COD to anywhere in the US. Customers outside of the US must prepay before it can be shipped. All instructions are included. See Photo! Bonus! 802 "Pin Code Hacker", 853.......................................................ASSEMBLED...$1,500.00 800x CREDIT CARD BUSINESS PACKAGE DEAL Purchase the following 3 items together at a remarkably discounted price and get in on the lucrative credit card business. Includes: #800b MAGNETIC STRIPE CARD READER/WRITER, #800h PORTABLE 100 CARD READER, and #828 CREDIT & CALLING CARD NUMBER CAPTURING SYSTEM. All completely assembled, with instructions and software. Save $650.00. Bonus! 802 "Pin Code Hacker", 853................ASSEMBLED...$3,300.00 801 UNIVERSAL INTERFACE HACKING DEVICE The Universal interface is used to connect various devices like GSM phones, amateur radios, radio scanner, smart cards, smart card emulators, EEPROM's, PIC's, organizers, magnetic stripe readers/writers to the PC. The Universal interface has to be connected to a free 25 pin Serial/COM port. In case your PC has only 9 pin Serial/COM ports, a 9pin-to-25pin Adapter is needed, which you can find at any computer or office supply store. In order to connect it to various devices, you need only additional connectors and cables. We are offering as accessories a small range of various connectors and cables for multiple applications but will be expanding this accessory product line in the future. The greatest advantage is the modularity that the interface has. It has accessories for various applications, that can be combined or used separately. The needed power supply is taken from the COM/RS232 port and so it is perfectly suitable for mobile applications (Laptops and Notebooks). You don't have to carry everything with you, only the accessories that you will need. The interface was developed for mobile applications. It measures ONLY 55mm*17mm*66mm. The voltage supply (5V) is taken from the serial port. In the interface is also an integrated 3.579545MHz oscillator, this makes it possible to use the it as a smart card reader/writer. An inverter is additional integrated, so the possibility exists to invert all or individual lines. Thus highest compatibility is ensured, for current and future applications, by the most diverse adjustment possibilities. With this ability the interface can be used with a multiplicity of freeware, shareware as well as commercial software applications. It is suitable for 5V and also for 3.0V applications, full-duplex (3 lines) is supported as well as half-duplex (2 lines), with and without handshake. See Photo! .................................................................................ASSEMBLED...$595.00 ACCESSORIES for 801 801a SMARTCARD READER/WRITER ATTACHMENT (Compatible with DumbMouse, Phoenix, SerProg, SmartMouse, PC/SC driver available) Includes both large and small card slots. This product, in combination with product #801, is exactly the same as products #177 and #500, except that it includes both the normal-sized and smaller-sized card sockets, and will also work with software designed for parallel programmers. The greater advantage with this product is that it is expandable and compatible with upcoming future technologies. By using the various settings the interface offers, it is compatible with the mostly used smart card readers/writers like the Phoenix interface (mostly used in SatelliteTV applications), DumbMouse, SerProg, SmartMouse and others. With this compatibility the interface is working with a wide range of freely available software and drivers. With the interface and the included software and PC/SC driver, you are able to read/write almost all SmartCards like: * Memory SmartCards: TeleCards, I2C, 2-wire, 3-wire , MicroWire * CPU SmartCards: T=0, T=1, and all asynchrone SmartCards with 3.58 MHz clock. Like: GSM Sim cards, Cashcards, DSS, CryptoFlex, CyberFlex, GPK2000, MPCOS, MultiFlex, PayFley, Starcos, * White Wafer Cards (with a PIC16X84), Gold Wafer Cards (PIC16X84+EEPROM 24LC16), MM2 and other compatible. The disadvantage of most commercial readers/writers is that in most cases they are using a PIC or similar CPU to communicate with the smart card. In such cases you are only able to use software that you get with the reader/writer, and 3rd party software that explicitly supports that particular reader/writer. The software uses a driver/API that will in most cases not allow you to use or try some nonstandard commands. This is a limitation, not appreciated by software developers. Not to mention that you will not be able to use a wide range of application software available on the Internet. The interface is a direct reader/writer, communicating directly with the smart card, without drivers, you can directly and without any limitation access every card. The interface is the only available smart card reader/writer capable of programming wafer cards without a power supply. You can program the PIC16X84 and the EEPROM from the Wafercard using your notebook. Includes software on CD-ROM. See Photo!....ASSEMBLED...$195.00 801b & 801c SMARTCARD EMULATOR/DATALOGGER ATTACHMENT (compatible with: Season7, ASIM, and datalogger) Emulates: GSM, Irdeto, VideoCrypt I+II, EuroCrypt, D2Mac, Cashcards. The smart card emulator is a development tool for the hardware and software developer. The PCB has the standard smart card dimensions. It is inserted into the MasterDevice, instead the smart card, and the other end is connected to the PC, using the interface. With the proper use of emulator software the PC can emulate a smart card. The connection is Season7 and ASIM compatible. All 8 ISO contacts are taken to the socket, so the PCB can also be used to emulate/analyze non-standard smart cards. It can also be connected to the parallel port, in order to be used with software written for the parallel port. Beside the "Normal ISO 7816" version we also offer a "small" SIM version. This version is used mostly for GSM/PCN applications, for phones that are using the Small SIM format. The smart card emulator/datalogger can also be used on any device where smart cards are used, like satellite and network tv decoders and other applications. Includes software on CD-ROM. 801b Normal ISO 7816 version. See Photo!...................ASSEMBLED...$150.00 801c Small SIM version. See Photo!.......................................KIT...$100.00 828 CREDIT & CALLING CARD NUMBER CAPTURING SYSTEM This system is just like the one recently featured on TV news that is currently being used at airports and shopping malls, and netting millions of dollars for its operators. This all-in-one hardware system will allow you to remotely capture unlimited credit card and calling card numbers (including PIN numbers and expiration dates) when entered into pay telephones. You can even capture the names and billing addresses of the card holders. The system can be used remotely from the comfort of your home, a payphone, or a cell phone. Information is stored in memory and displayed via LCD. A REAL money-making system that can net you millions without ever being caught, and can pay for itself after just a few minutes of use. You can literally capture hundreds of valid numbers and related information every day, whenever you want. Can be used in conjunction with #800b to write your own credit cards. All instructions included. See Photo! Bonus! 802 "Pin Code Hacker", 853...........................................................................ASSEMBLED...$950.00 857 BILL CHANGER & VENDING MACHINE HACKER/JACKPOTTER This handheld, concealable device will cause various affects on different machines including BILL CHANGER MACHINES. It's portable, battery powered, and measures 2-1/4 inches by 4 inches. Included are complete instructions on how to obtain free products and to jackpot machines of coins by a simple push of a button. Many vending machines hold in excess of $50.00 change, while bill changer machines can hold in excess of $500.00. Device will work on both 120 and 220 volt systems, making it effective anywhere in the world. We've now combined features from our now-discontinued Soda Machine Hacker. Not only will this device jackpot the soda machine, but in many instances will cause cans of soda to drop down the chute. Bonus! 853..................ASSEMBLED...$375.00 867 EMP MANIPULATION DEVICE This device is so controversial that we can't tell you what it can be used for except for the general information in this description. However, ALL instructions are included with the purchase of this device. This device drastically affects ALL electronic machines when brought into close proximity (Within 1 meter or 36 inches approx.) The highly directional pulsed signal can make you RICH if used in an illegal fashion, which, of course, we do not recommend. This system includes a "general" antenna but several specialized antennas are also available. See Photo! Bonus! ...................................................ASSEMBLED*...$775.00 OPTIONAL ANTENNA PACKAGE FOR ITEM# 867 867a Antenna the width of paper currency (works in most countries). 867b Antenna the width of a coin (works in most countries). 867c Antenna the width of a credit card (works in ALL countries). See Photo! Kit and instructions to build ALL 3 antennas (no soldering required)...KIT...$175.00 We WILL NOT answer emails from anyone asking about illegal activities, or how to use our products for illegal activities...they will automatically be deleted. All products are designed for testing and exploring the vulnerabilities of CUSTOMER-OWNED equipment, and no illegal use is encouraged or implied. We WILL NOT knowingly sell to anyone with the intent of using our products for illegal activities or uses. It is your responsibility to check the applicable laws in your city, state, and country. (END) There also can be no doubt that traditional methods of identity theft coupled with information age ease of access to citizens biographical information is contributing to increases in both the number of cases resulting in financial losses and the size of the losses. Reuters recently reported a dramatic example of identity theft coupled with financial fraud resulting in substantial losses: Man pleads guilty to stealing executives' personal data Tuesday September 26, 5:27 pm Eastern Time By Gail Appleson, Law Correspondent NEW YORK, Sept 25 (Reuters) - A Tennessee man has pleaded guilty to using credit card and bank information stolen from top executives at major corporations to buy diamonds and Rolex watches, federal prosecutors said on Tuesday. James Rinaldo Jackson, 39, of Memphis pleaded guilty to 29 counts of conspiracy, credit card, mail, wire and bank fraud. Prosecutors said he entered his plea during a hearing on Monday in Manhattan federal court. Among the victims were John Alm, president of Coca-Cola Enterprises, the largest bottler of Coke; Richard Fuld, chief executive officer of Lehman Brothers Holdings; Stephen Bollenbach, chief executive of Hilton Hotels Corp., and Gorden Teter, the former CEO of Wendy's International, who is now deceased. Other victims included Dr. James Klinenberg, former administrator of Cedars-Sinai Medical Centre in Los Angeles and Nackey Loeb, former president of the Union Leader Corp. and publisher of the Union Leader and New Hampshire Sunday News. Teter, Klinenberg and Loeb had died shortly before the information was stolen. Jackson faces a possible maximum sentence of 30 years in jail and $1 million fine on each of 27 bank, mail and wire fraud charges; five years in prison and a $1 million fine on the the conspiracy charge, and 20 years in prison and $250,000 fine on the credit card fraud charge. The diamonds and Rolex watches he tried to buy were worth a total of more than $730,000. During the hearing, Jackson admitted that between December 1999 and last February he stole financial information about his victims. Impersonating the victims, he then contacted their banks and credit card companies to arrange for their billing addresses to be changed to various hotels in the Memphis, Tenn. area. He explained to the court that he had obtained the information by researching his victims in ``Who's Who In America'' and in some cases used the Internet to obtain personal information about the executives. Jackson admitted that he obtained information about Teter by deceiving Wendy's into believing that he was a potential franchisee. He learned through the Internet that Teter had died and then obtained personal information about the deceased executive through a variety of means including the funeral home. Using the names of his victims, he contacted jewelry dealers throughout the United States and bought diamonds and Rolex watches that he had seen on the dealers' Internet Web sites. Jackson paid for purchases by either charging them to the victims' credit card numbers, having banks wire money from the victims' bank accounts or mailing the dealers fraudulent checks. He then had the jewelry dealers ship the diamonds and watches to the Memphis-area hotels. Jackson then made reservations at the hotels in the victims' names and notified the hotels to expect a package delivery. He, sometimes along with an accomplice, then picked up the packages. Jackson was arrested on Feb 25 near Memphis by FBI agents who watched him trying to pick up a package addressed to one of his victims. (END) This case may be dramatic but does not stand alone. Recent figures have placed identity theft coupled with financial fraud as one of the fastest growing crimes in the United States today. Current estimates place the figure at 500,000 cases each year with an average loss of $17,000 per case. Indeed, the United States Secret Service has begun to note the presence of organized criminal activity in the area of identity theft and financial fraud. (see Appendix II: Testimony of Bruce A. Townsend, Special Agent In Charge, U.S. Secret Service - Financial Crimes Division; before the U.S. House of Representatives, September 13, 2000) Statutory Inconsistencies Create Hurdles To Law Enforcement Given the reality of the growing threat to the protection of customer account information, the challenge ahead is for the United States Congress and state legislatures to pass laws empowering state and federal law enforcement to combat these threats without choking off legitimate technological advances and ease of access for legitimate consumers to their own account information. With the passage of Gramm-Leach-Bliley Congress took a major step in trying to define who will have access to confidential and personal information and at the same time attempted to thwart the use of fraud by identity thieves to illegally access customer information. The federal regulatory agencies are in the process of enacting regulations to enforce the provisions of Gramm-Leach-Bliley as we meet here today. It is too early to determine how Gramm-Leach-Bliley and the subsequent regulations now under consideration will impact many important areas of privacy surrounding financial information. However, it is not too early to recognize that Gramm-Leach-Bliley has failed in thwarting the efforts of disreputable private investigators and "information brokers" in the advertising and sale of confidential account information as demonstrated above and in my numerous appearances before Congress. Section 521 of Gramm-Leach-Bliley has a child support exemption provision allowing for the use of fraud against financial institutions in order to obtain customer account information under certain conditions. This one exemption has allowed private investigators to continue to advertise the sale of confidential financial information and has created a hurdle for law enforcement in enforcing Gramm-Leach-Bliley. Gramm-Leach-Bliley needs to be amended at once. The narrowly crafted child-support exemption for the use of fraud is being used as an advertising shield by private investigators to hide behind while continuing the covert sale of financial information that falls outside of the GLB exemptions. The provisions of GLB that allow for pretext in a child support situation state as follows: Sec. 521 (g) NONAPPLICABILITY TO COLLECTION OF CHILD SUPPORT JUDGMENTS- No provision of this section shall be construed to prevent any State-licensed private investigator, or any officer, employee, or agent of such private investigator, from obtaining customer information of a financial institution, to the extent reasonably necessary to collect child support from a person adjudged to have been delinquent in his or her obligations by a Federal or State court, and to the extent that such action by a State-licensed private investigator is not unlawful under any other Federal or State law or regulation, and has been authorized by an order or judgment of a court of competent jurisdiction. The operative language is: "No provision of this section shall be construed to prevent any State-licensed private investigator.from obtaining customer information of a financial institution...to collect child support from a person adjudged to have been delinquent in his or her obligations by a Federal or State court...AND has been authorized by an order or judgment of a court of competent jurisdiction." This language clearly means from both the legislative history of the act and the plain face of the statute that a judge (Court) must specifically authorize the use of pretext to obtain customer information of "a financial institution". I am not aware of a single case where a Court has authorized a private investigator to intentionally deceive a financial institution in order to obtain customer information. It is easy to understand why this has not happened and most likely never will. The presumptive evidentiary burden that would be required to obtain such an order would easily support the issuance of a subpoena to the institution that the information is being sought from and is being contemplated for pretext. Unless Congress has evidence that financial institutions routinely falsify responses to subpoenas it is hard to fathom why this provision was placed in GLB. Further, this section states: "to the extent reasonably necessary to collect child support from a person adjudged to have been delinquent in his or her obligations by a Federal or State court." The legislative history of this exemption was a claim made by some representatives of the private investigative industry that pretext was needed as there was no other method available to locate the financial institution holdings of deadbeat parents who lie to the Courts. This claim was not true at the time, as there are many lawful ways to pursue overdue non-custodial child support payments and many taxpayer funded agencies designed to fill that role. However, even if this argument is accepted as a legitimate historical reason for the exemption, there is no longer any legislatively justifiable reason to maintain the exemption given the provisions of the Personal Responsibility and Work Opportunity Reconciliation Act of 1996 which are now in effect and mandate that all financial institutions cooperate with the government by providing the financial information of delinquent child support parents directly to the Federal government for asset forfeiture. The following excerpt describing this procedure is from a front-page article written by Robert O'Harrow, Jr. in the Sunday, June 27, 1999 edition of the Washington Post: As part of a new and aggressive effort to track down parents who owe child support, the federal government has created a vast computerized data-monitoring system that includes all individuals with new jobs and the names, addresses, Social Security numbers and wages of nearly every working adult in the United States. Government agencies have long gathered personal information for specific reasons, such as collecting taxes. But never before have federal officials had the legal authority and technological ability to locate so many Americans found to be delinquent parents -- or such potential to keep tabs on Americans accused of nothing. The system was established under a little-known part of the law overhauling welfare three years ago. It calls for all employers to quickly file reports on every person they hire and, quarterly, the wages of every worker. States regularly must report all people seeking unemployment benefits and all child-support cases. Starting next month, the system will reach further. Large banks and other financial institutions will be obligated to search for data about delinquent parents by name on behalf of the government, providing authorities with details about bank accounts, money-market mutual funds and other holdings of those parents. State officials, meanwhile, have sharply expanded the use of Social Security numbers. Congress ordered the officials to obtain the nine-digit numbers when issuing licenses -- such as drivers', doctors' and outdoorsmen's -- in order to revoke the licenses of delinquents. Enforcement officials say the coupling of computer technology with details about individuals' employment and financial holdings will give them an unparalleled ability to identify and locate parents who owe child support and, when necessary, withhold money from their paychecks or freeze their financial assets. (End of excerpt) (Emphasis added by Robert Douglas) O'Harrow went on to describe in more detail how the new system operates: Next month, financial institutions that operate in multiple states -- such as Crestar Financial Corp., Charles Schwab & Co. and the State Department Federal Credit Union -- will begin comparing a list of more than 3 million known delinquents against their customer accounts. Under federal law, the institutions are obligated to return the names, Social Security numbers and account details of delinquents they turn up. The Administration for Children and Families will then forward that financial information to the appropriate states. For security reasons, spokesman Kharfen said, the agency will not mix the financial data with information about new hires, wages and the like. Bank account information will be deleted after 90 days. In a test run this spring, Wells Fargo & Co. identified 72,000 customers whom states have identified as delinquents. NationsBank Corp. found 74,000 alleged delinquents in its test. Later this year, smaller companies that operate only in one state will be asked to perform a similar service. Officials say most of these institutions will compare their files against the government's. But some operations that don't have enough computing power -- such as small local banks, credit unions and securities firms -- will hand over lists of customers to state officials for inspection. States can then administratively freeze the accounts. In California, more than 100 financial institutions have already handed over lists of all their depositors to state officials, including names, Social Security numbers and account balances, a state official said. (End of excerpt) (Emphasis added by Robert Douglas) Finally, the exemption places GLB in direct conflict with other federal statutes outlawing wire and mail fraud and unfair and deceptive trade practices. The exemption also places GLB in direct conflict with many State laws and creates nothing short of a judicial quagmire. Simply put, there is no legitimate reason to continue the child support exemption to Gramm-Leach-Bliley. There is a legitimate reason to strike it from the statute as companies are using it as pretence to advertise their ability to locate financial institution customer information. All the ad need say is the request must be in compliance with applicable laws and that all requests are performed on that basis. Conclusion Threats to information security systems of the financial services industry abound. With advancing technology we see the re-emergence of traditional methods of identity theft, pretext and fraud on the rise again. Law enforcement must be aggressive in combating these crimes before citizens become concerned about the safety and integrity of the industry. Congress should not be in the business of creating hurdles to effective law enforcement protection of customers of the financial services industry. Congress should be in the business of assisting the industry and consumers by empowering law enforcement to aggressively prosecute identity thieves of all types. © 2000 Robert Smith Douglas, III Appendix I Statement by Robert Douglas before the Committee on Banking and Financial Services United States House of Representatives Hearing On Identity Theft and Related Financial Privacy Issues September 13, 2000 My name is Robert Douglas and I am the co-founder and Chief Executive Officer of American Privacy Consultants, Inc. located in Alexandria, Virginia (www.privacytoday.com). American Privacy Consultants assists organizations and businesses understand and implement appropriate privacy policies, strategies, defenses, educational programs, training, and auditing. I appreciate the opportunity to appear before this committee once again to address the issue of identity theft, "pretext calling", and other deceptive practices still in use by some "information brokers", private investigators, judicial judgment collectors and identity thieves to illegally access the personal and confidential information of customers of financial institutions. Unfortunately, in spite of the enactment of legislation drafted by this Committee to outlaw such practices, these methods not only survive but also continue to grow in volume, scope, and methodology. Chairman Leach, I want to personally thank you and the Committee for your continued willingness and desire to address this serious issue first by crafting and passing much needed legislation and now in an oversight capacity. I am personally aware of the amount of time the Committee members and staff have invested in this problem over the last three years and as a citizen applaud the Committee's willingness to tackle these issues. I also would like to single out for recognition Jim Clinger, the Committee's Senior Counsel and Assistant Staff Director. Over the last three years I have had the unique pleasure of working with Jim on a regular basis and he is a true credit to this Committee and to the United States Congress. Above all he is a true gentleman. Finally, I would like to thank John Forbes, Special Agent - United States Customs Service; and, Alison Watson, Professional Staff Member of the Committee for their work over the last month in preparation for this hearing. H.R. 4311 Although I was specifically asked to address the use of pretext and other deceptive techniques to access confidential financial information, I would like to make a few brief observations concerning HR 4311. There can be little doubt that identity theft is one of the fasting growing crimes in the United States today. Each year hundreds of thousands of Americans fall prey to identity thieves. The financial and credit damage implications are severe for the individual who is the victim of identity theft. Additionally, retailers and financial institutions suffer financial losses as a result of identity theft. Finally, the nation as a whole suffers in increased prices for retail products and financial services including the cost of credit. The advent of the World Wide Web has brought increased opportunities for identity thieves through ease of access to personal, biographical data needed to perpetrate identity crimes and facilitates ordering merchandise absent a face-to-face encounter with a store clerk. These facts require that we examine areas of weakness that identity thieves exploit. In 1998 I demonstrated for this Committee the ease with which an individual can purchase private and confidential financial information. It is even easier to obtain the name, address, date of birth, social security number, mother's maiden name, phone number, and often the employment of any individual in the United States today. All of this information is for sale on the web. In a nutshell, all the information needed to steal a citizen's identity and create financial havoc is available on the Internet for little or no cost. The largest source of up-to-date personal, biographical information is credit bureaus. The sale and resale of credit header information by credit bureaus to private investigators, information brokers and judicial judgment collection professionals results in this information being accessible to anyone for a fee. This is big business. Several large companies make millions of dollars each year reselling personal information gathered by the credit bureaus. When citizens apply for credit or enter into a credit transaction they do not know that their personal, biographical information is then resold to any individual with a few bucks and a web browser. If the level of trust in the Internet is ever to rise from the relatively low position it now occupies, the sale of personal information must be brought under control. A good place to begin is by curtailing the sale of credit header information absent a permissible purpose as defined currently within the FCRA. For that reason I believe Section 8 of HR 4311 is long overdue. Pretext and other Deceptive Practices July 1998 through September 2000 On July 28, 1998, while appearing before this Committee, I stated: "All across the United States information brokers and private investigators are stealing and selling for profit our fellow citizens personal financial information. The problem is so extensive that no citizen should have confidence that his or her financial holdings are safe." Sadly, I return today to inform this Committee that my statement of 1998 remains true today. While the illegal access of financial information continues, progress has been made. When we last met in July of 1998 four steps were required in order to stop these practices. First, the financial services industry needed to understand and take affirmative steps to combat the threat posed by unscrupulous information brokers, private investigators, and identity thieves. Second, tough federal legislation was needed to outlaw the use of pretext and deception as a means to access confidential financial information. Third, appropriate federal regulatory agencies needed to create standards and regulations designed to assist institutions in the safeguarding of financial information and to reflect the legislative intent encompassed within any legislation enacted by Congress. Finally, aggressive prosecution of individuals and companies who steal, buy, and/or sell personal financial information was required to signal that the integrity of our nation's financial system is a law enforcement priority. The first three sides of the square have been completed. The financial services industry has made significant progress in beginning to combat identity theft and pretext through a sober recognition that this is not a problem that can be ignored if the industry wishes to maintain a reputation for providing confidentiality to customers. This recognition has been acted upon through the use of training programs and educational materials to begin the education of financial services industry professionals to the threats posed by identity thieves of all types. Many financial institutions have begun to enact internal standards designed to identify and thwart the practices of identity thieves and infobrokers. Is there more to do? Absolutely. Is the financial services industry taking the confidentiality of the records it safeguards on behalf of customers seriously enough to continue to move forward in this area? I believe so. This Committee and Congress moved quickly to pass legislation designed to punish those who would impersonate others in order to gain access to private financial records. With the passage of Gramm-Leach-Bliley, there is now federal law outlawing the use of pretext and other deceptive techniques to gain access to personal financial information absent several narrowly defined and commonly misunderstood exceptions. The federal regulatory agencies with direct supervisory function of the financial services industry moved quickly in 1998, by means of an advisory letter and other steps, to alert all institutions to the practices of identity thieves and information brokers. These same agencies are continuing as we meet here today to develop standards and regulations in keeping with the intent of Gramm-Leach-Bliley. With the first three sides of the box either erected or under construction, it is now time to build the final wall through aggressive enforcement action. With the enactment of Gramm-Leach-Bliley last November, I assume that the Federal Trade Commission and appropriate criminal enforcement agencies are now preparing to use the tools Congress and the President handed them. To my knowledge there has been one federal enforcement action brought by the FTC against an information broker. That civil action was begun prior to the enactment of Gramm-Leach-Bliley under laws designed to thwart "unfair and deceptive trade practices". Several states, notably Massachusetts, have aggressively pursued illegal information brokers. Again, these actions were taken prior to GLB and under state laws against illegal trade practices. It is time for tough nationwide enforcement of the civil and criminal provisions contained within Gramm-Leach-Bliley. In the invitation letter I received from the Committee to testify today I was asked to specifically address three areas: 1) The extent to which the use of pretext and other deceptive means continue in spite of the passage of Gramm-Leach-Bliley; 2) The effectiveness of efforts by the financial services industry to deter and detect fraudulent attempts to obtain confidential account information; and, 3) Other threats to financial privacy emerging today. The Extent To Which Deceptive Practices Continue Post Gramm-Leach-Bliley The use of pretext and other means of deception to trick financial institution employees and customers into disclosing personal and confidential financial information that I testified about two years ago continue unabated. Books have been written about pretext to teach and share common methods. Discussion groups abound on the Internet with the trading of new and improved techniques almost on a daily basis. Classes are held in which pretext methods are shared for a price. The techniques are becoming more complex and refined. Advertisements on the World Wide Web have doubled in the past two years. Here is a typical example: Bank Account Search Search Price $249.00 Availability National Approximate Return Time 10-18 Business Days* Requires Subject's Full Name, Complete Street Address, Social Security Number* Search Description Given a Subject's full name, complete address and social security number, this search will return the bank name and address, account type, account number, (if available) and approximate current balance of all located personal accounts. We access a proprietary database and identify open accounts using the Subject's SSN, however this search will only identify accounts in the Subject's primary state the business resides. If you suspect accounts exist in more than the primary residing state, a separate search request for each state is required, and should include the Subject's address in that state. *This search requires the Subjects social security number. If the SSN is unknown, we will find it for the purposes of this search but it will not be included in your search result. NOTE: This search uses the Subject's social security number as the account identifier, so only primary account holders are returned. Also, be sure to include any additional information you may have, such as the Subject's home & work telephone, birthdate, mother's maiden name, etc, in the additional comments section. This will greatly increase the odds of a successful search. Responsible Purpose For Search This search may return sensitive, confidential, and/or private information. For this reason, DOCUSEARCH.COM requires an explanation stating the purpose for requesting this search, its' intended use and supporting documentation. Additionally, we reserve the right to decline to perform any search which we deem not to be for a legitimate legal purpose or may cause emotional or physical harm. ImportantDisclaimer Financial searches are for informational purposes only, and are not acceptable as an exhibit or as evidence. Every effort is made to provide a complete & thorough search result. However, no method of research is 100% fool-proof and no firm can offer an absolute guarantee that every account will be found. *This search requires many hours of research and can't be rushed, as we want to return thorough, accurate results. Therefore, this is an approximate return time. (End) This advertisement is remarkable in many regards. The ad claims to "access a proprietary database and identify open accounts using the subjects SSN", yet "this search requires many hours of research and can't be rushed, as we want to return thorough, accurate results" and the search may require "10-18 business days". There is no proprietary database available to private investigators or information brokers that by use of the SSN (social security number) banking information can be obtained. In fact this ad used to say the company accessed a "federal database" to obtain the information. The ad further states: "Also, be sure to include any additional information you may have, such as the Subject's home & work telephone, birthdate, mother's maiden name, etc, in the additional comments section. This will greatly increase the odds of a successful search." Why would a database accessed by SSN require this personal information? It wouldn't. But pretext does. Many financial institutions use the mother's maiden name as a password. Further, some institutions will ask for your home or work phone numbers to verify the account holder. Finally, the phone numbers are often required as part of a pretext contact made directly to the account holder. The ad also states: "Additionally, we reserve the right to decline to perform any search which we deem not to be for a legitimate legal purpose or may cause emotional or physical harm." Perhaps this is an attempt to signify that a search request must satisfy GLB and other applicable State and Federal laws. Perhaps not. Here is the transcript of an email contact I had with Docusearch: From: DOCUSEARCH.COM To: email address deleted Subject: Re: Information Request Sent: Mon 3/20/00 1:41 PM You will first have to locate his address in the current residence state. This may be accomplished with a Locate by Previous Address Search. Then you can order the Bank Account Search. At 01:38 PM 3/20/00 , you wrote: >------------Begin, Information Request from visitor----------- >My Name Is : Rob Douglas >My Email Address Is : (deleted) >My Telephone Number Is : (deleted) >My Question Pertains To : Other: Explain Below >Comments : I have a client who is owed a substantial amount of money >by a potential defendant who left the area and closed his personal and >corporate bank accounts. I have an old home address for the potential >defendant and know what state he moved to. What searches would you >recommend to locate the potential defendant and his personal and >corporate bank accounts? >------------End, Information Request from visitor ----------- The ">" portions represent the email I sent to Docusearch using their on-line request form. Three minutes later I received the reply that I could order the bank account search in a situation that would clearly be illegal under GLB if pretext were used. I would hope that members of this Committee would find the services offered and language of the advertisements by Docusearch to be as disturbing as I do. I suspect many of the members of this Committee would wonder why this firm is allowed to operate in this fashion given the provisions of GLB and the applicable "unfair and deceptive trade practice" sections of Federal law. The excuse might be offered that this is just one company that no one in a position of responsibility to address these practices was aware of. That excuse would ring hollow. Docusearch is the company that sold personal information concerning Amy Boyer to a stalker that resulted in the murder of Ms. Boyer and the suicide of the stalker. Amy's parents have testified before Congress and have been widely covered in the media. In fact, Amy's death has led to consideration of legislation by this Congress to outlaw the sale of social security numbers. Throughout all this attention Docusearch has made one change to the web site where it advertises. Docusearch no longer publicly advertises the sale of social security numbers. But Docusearch continues to do business selling personal and confidential information. The attention to Docusearch does not end there. Docusearch was the cover story for Forbes magazine on November 29, 1999. This was seventeen days after President Clinton signed GLB into law. In the article Dan Cohn of Docusearch literally bragged about his abilities to obtain personal information about a subject. Here is the opening quote from the Forbes cover story: THE PHONE RANG AND A STRANGER CRACKED SING-SONGY AT THE OTHER END OF the line: "Happy Birthday." That was spooky--the next day I would turn 37. "Your full name is Adam Landis Penenberg," the caller continued. "Landis?" My mother's maiden name. "I'm touched," he said. Then Daniel Cohn, Web detective, reeled off the rest of my "base identifiers"--my birth date, address in New York, Social Security number. Just two days earlier I had issued Cohn a challenge: Starting with my byline, dig up as much information about me as you can. "That didn't take long," I said. "It took about five minutes," Cohn said, cackling back in Boca Raton, Fla. "I'll have the rest within a week." And the line went dead. In all of six days Dan Cohn and his Web detective agency, Docusearch.com, shattered every notion I had about privacy in this country (or whatever remains of it). Using only a keyboard and the phone, he was able to uncover the innermost details of my life--whom I call late at night; how much money I have in the bank; my salary and rent. He even got my unlisted phone numbers, both of them. (End of excerpt) One might wonder who Dan Cohn is and whom he sells this information to. Forbes answered that as well: Cohn operates in this netherworld of private eyes, ex-spooks and ex-cops, retired military men, accountants and research librarians. Now 39, he grew up in the Philadelphia suburb of Bryn Mawr, attended Penn State and joined the Navy in 1980 for a three-year stint. In 1987 Cohn formed his own agency to investigate insurance fraud and set up shop in Florida. "There was no shortage of work," he says. He invented a "video periscope" that could rise up through the roof of a van to record a target's scam. In 1995 he founded Docusearch with childhood pal Kenneth Zeiss. They fill up to 100 orders a day on the Web, and expect $1 million in business this year. Their clients include lawyers, insurers, private eyes; the Los Angeles Pension Union is a customer, and Citibank's legal recovery department uses Docusearch to find debtors on the run. Cohn, Zeiss and 13 researchers (6 of them licensed P.I.s) work out of the top floor of a dull, five-story office building in Boca Raton, Fla., sitting in cubicles under a fluorescent glare and taking orders from 9 a.m. to 4 p.m. Their Web site is open 24 hours a day, 365 days a year. You click through it and load up an on-line shopping cart as casually as if you were at Amazon.com. (End of excerpt) Amazingly, Cohn admits to the use of fraud and bribery: The researchers use sharp sifting methods, but Cohn also admits to misrepresenting who he is and what he is after. He says the law lets licensed investigators use such tricks as "pretext calling," fooling company employees into divulging customer data over the phone (legal in all but a few states). He even claims to have a government source who provides unpublished numbers for a fee, "and you'll never figure out how he is paid because there's no paper trail." (End of excerpt) The following excerpt reveals methods used by Cohn directly relevant to today's hearing and HR 4311: Cohn's first step into my digital domain was to plug my name into the credit bureaus--Transunion, Equifax, Experian. In minutes he had my Social Security number, address and birth date. Credit agencies are supposed to ensure that their subscribers (retailers, auto dealers, banks, mortgage companies) have a legitimate need to check credit. "We physically visit applicants to make sure they live up to our service agreement," says David Mooney of Equifax, which keeps records on 200 million Americans and shares them with 114,000 clients. He says resellers of the data must do the same. "It's rare that anyone abuses the system." But Cohn says he gets his data from a reseller, and no one has ever checked up on him. Armed with my credit header, Dan Cohn tapped other sites. A week after my birthday, true to his word, he faxed me a three-page summary of my life. He had pulled up my utility bills, my two unlisted phone numbers and my finances. (End of excerpt) And should there be any question as to the ability of a determined criminal to gain access to confidential information including financial information, the following excerpt is on point: He had my latest phone bill ($108) and a list of long distance calls made from home--including late-night fiber-optic dalliances (which soon ended) with a woman who traveled a lot. Cohn also divined the phone numbers of a few of my sources, underground computer hackers who aren't wanted by the police--but probably should be. Knowing my Social Security number and other personal details helped Cohn get access to a Federal Reserve database that told him where I had deposits. Cohn found accounts I had forgotten long ago: $503 at Apple Bank for Savings in an account held by a long-ago landlord as a security deposit; $7 in a dormant savings account at Chase Manhattan Bank; $1,000 in another Chase account. A few days later Cohn struck the mother lode. He located my cash management account, opened a few months earlier at Merrill Lynch &Co. That gave him a peek at my balance, direct deposits from work, withdrawals, ATM visits, check numbers with dates and amounts, and the name of my broker. (End of excerpt) Cohn is even willing to lead officials to believe he is a law enforcement officer as this excerpt demonstrates: How did Cohn get hold of my Merrill Lynch secrets? Directly from the source. Cohn says he phoned Merrill Lynch and talked to one of 500 employees who can tap into my data. "Hi, I'm Dan Cohn, a licensed state investigator conducting an investigation of an Adam Penenberg," he told the staffer, knowing the words "licensed" and "state" make it sound like he works for law enforcement. Then he recited my Social Security, birth date and address, "and before I could get out anything more he spat out your account number." Cohn told the helpful worker: "I talked to Penenberg's broker, um, I can't remember his name...." "Dan Dunn?" the Merrill Lynch guy asked. "Yeah, Dan Dunn," Cohn said. The staffer then read Cohn my complete history--balance, deposits, withdrawals, check numbers and amounts. "You have to talk in the lingo the bank people talk so they don't even know they are being taken," he says. (End of excerpt) But the Forbes reporter (Penenberg) did some further digging and uncovered what appears to be direct evidence of the use of impersonation and pretext in the following excerpt: Sprint, my long distance carrier, investigated how my account was breached and found that a Mr. Penenberg had called to inquire about my most recent bill. Cohn says only that he called his government contact. Whoever made the call, "he posed as you and had enough information to convince our customer service representative that he was you," says Russ R. Robinson, a Sprint spokesman. "We want to make it easy for our customers to do business with us over the phone, so you are darned if you do and darned if you don't." Bell Atlantic, my local phone company, told me a similar tale, only it was a Mrs. Penenberg who called in on behalf of her husband. I recently attended a conference in Las Vegas but don't remember having tied the knot. (End of excerpt) Finally, Cohn believes he is justified in what he does: Daniel Cohn makes no apologies for how he earns a living. He sees himself as a data-robbing Robin Hood. "The problem isn't the amount of information available, it's the fact that until recently only the wealthy could afford it. That's where we come in." (End of excerpt) I have one question. Why are Dan Cohn and Docusearch still in business? Docusearch is not alone. There are now more information brokers and private investigators openly advertising their ability to obtain and sell financial information then there were in 1998. These ads continue to be found on the World Wide Web, in the yellow pages and in legal and investigative trade journals. In fact, there has been an ad running in the local edition of the Legal Times that can be found in many law firms and federal offices here in Washington. I suspect copies can be found at the FBI, U.S. Attorney's Office, the Department of Justice, and the Federal Trade Commission. One phone call to this company determined they offer the ability to locate an address for an individual for $65 if the social security number is provided and $115 if the social security number is not provided. Further, and more to the point, for $200 they will supply the name of the bank, the type of account maintained and the balance in the account for the individual specified. There was a further offer extended by the company to confirm that the funds are available and there would be no charge if there were only minimal funds in the account. The scenario presented to the company fell squarely within the four corners of Gramm-Leach-Bliley that would make the request and provision of the banking information illegal if accomplished by pretext. The company was informed that a woman was trying to locate a current address for a live-in boyfriend who had skipped town with money from her checking account. There was nothing in the scenario presented that even began to come close to the exceptions enacted as part of Gramm-Leach-Bliley. In fact, as the committee is aware, on August 30th Committee Senior Counsel Jim Clinger, Special Agent John Forbes, Committee Staff Member Alison Watson and I called numerous private investigators and information brokers around the country in an effort to determine how many would sell bank account information and under what circumstances. We decided that we would survey the first ten companies that we could reach by phone. The companies were selected randomly by Special Agent Forbes based upon their advertisements. All of the companies were presented with the scenario outlined above. In less than three hours the first ten companies we reached were all willing to sell us personal bank account information detailed enough to raise the educated belief that the information would be obtained by pretext or other deceptive means. Not a single company we reached turned us down. Not one. More to the point, two of the companies' representatives made specific mention of "privacy laws" and "federal statutes" being a hindrance to their ability to provide the information. However, we were told, they could still succeed but just "don't tell anybody" that we had obtained the information. One individual referred to the fact that he had 11 years banking experience and guaranteed that he could find the bank and that 80% of the time he could get the account number and balance. Several of the companies stated that they could get us individual transaction records including deposit information. One offered to teach us how to determine the amount in the account once he located the bank and account number. One company stated that it would check the Federal Reserve section for the part of the country where the individual was located. This same company claimed to work for "hundreds and hundreds of attorneys and collection agencies". Further, they stated that they had found $1.2 million dollars in an account just the previous day for an attorney. They advised us to wait for the banking information before going to Court. Another company stated they would locate the information if we had a "Court filing judgment" or a letter from an attorney giving the name of the person the account information was being sought for and the reason. This company stated they could find local bank information for $200 and statewide information for $500 including account numbers and balances. Several of the companies offered to locate safety deposit box locations and securities related information. One company charges $175 to locate the name and address of the bank if you have a judgment. However, the same company offered for $250 to locate all accounts, account numbers, balances, mutual funds, names on the accounts, dates of closure if an account was closed, and safety deposit box information if we didn't have a judgment. Here is just one example of the type of advertising we found: Welcome to (name omitted). We can perform bank account and investment searches anywhere in the USA and the World. Bank account searches can be used to collect judgements, verify net worth of individuals and companies, or any other purposes. We can search: Bank Accounts Checking Savings Investments Stocks Bonds Commodities Mutual Funds Safety deposit boxes And much, much more. We can search by: State Country Offshore account searches also available. Disclaimer: We limit retrieval to documents or information available from a public entity or public utility which are intended for public use and do not further elaborate on that information contained in the public entity or public utility records. Must Be 18 or Older for a Consultation or Record Search. We take no responsibility and assume no liability for any privacy claims as we neither utilize, reveal, nor attempt to access any confidential information concerning the parties involved in the search. We are not a licensed private investigator, and we do not engage in any activities for which a license is required. (End of excerpts) The disclaimer is amazing in light of the fact that this company offered to sell us the amount located in a checking account and the deposit history to the account for $275. I cannot fathom a single way that account balance and deposit transaction records could be "intended for public use". Indeed this would be a direct revelation of "confidential information". No company we reached asked any questions that would logically follow from the passage of Gramm-Leach-Bliley, even when they had disclaimers in the advertisements suggesting that there were restrictions on who could obtain banking information and under what circumstances. Further, in addition to the overt remarks made by several companies to the minor obstacles presented by "federal statutes" and "privacy laws" the advertisements and telephonic presentations bore all the classic signs of pretext operations. These include no-hit/no-fee guarantees; length of time required to complete the search; higher pricing; and types of information being sold. These results are troubling and point to the inescapable conclusion that there are now criminals hiding behind professional titles such as "information broker", "private investigator", and "judicial judgment collector". I do not make this statement lightly as I was a private investigator for seventeen years and was very proud of my profession. There are thousands of good, honest private investigators, information brokers, and collection professionals working everyday in this country to assist citizens and attorneys at all levels of our judicial system. I receive emails everyday from investigators and brokers who are upset and demoralized because of the practices of some who feel it is easier to steal information instead of using the lawful means that all others who obey the law do. The good, honest professionals are looking to their government to step in and stop these criminals. Further, many of the information brokers, private investigators, and judicial judgment collectors belong to national trade associations. In fact, many of these association members and their leaders can be found in Internet chat areas trading pretext methods. This begs the question: What are these associations doing to police their membership? The Effectiveness Of Efforts By The Financial Services Industry To Deter And Detect Fraudulent Attempts To Obtain Confidential Account Information The financial services industry has for many years utilized various methods of combating fraud and protecting the confidentiality of customer information. As I stated in my testimony two years ago, I believe the industry was not aware of the techniques being used by information brokers and investigators to penetrate their security protocols by means of pretext and impersonation. Indeed, most Americans remain ignorant of the practices of unscrupulous information brokers. The financial services industry is traditionally between a rock and a hard place when it comes to information security. Customers want their information to remain confidential. At the same time, they want easy access twenty-four hours a day to that same confidential information. It is this very dilemma that criminals exploit. The financial services industry is starting to move aggressively to combat the methods and deceptive practices used by identity thieves and infobrokers that seek to illegally gain access to confidential information and in many cases to steal the funds of institution customers. Upgraded and newly developed computer systems and programs work to oversee billions of transactions each day in an effort to identify potentially fraudulent activity. Education and training programs are being modified and instituted to teach all institution employees the signs of identity theft and fraud and what steps to take. Institutions that have taken steps to determine if information brokers are attempting to access confidential information have found that this is indeed the case. More and more institutions are moving to institute passwords and personal identification numbers (PINS) that provide true access protection. But, many more need to move in that direction. Customers are starting to be notified by institutions concerning the reason and need for certain security protocols. Again, more needs to be done in this area. There is much education, training and work that remains. I am convinced the financial services industry is up to the task. I have had a birds-eye view of the response of the financial services industry over the past two years. I have worked directly with institutions and professional associations to educate them on the issue of pretext and other deceptive practices used to penetrate information security systems. In each instance I have found that the privacy, administrative and security leaders in the institutions and at association meetings are genuinely concerned about solving this problem and are moving to do so. The financial services industry relies on a reputation for confidentiality to survive. Recent well publicized cases of institutions not protecting customer information both here and abroad illustrate the harm that will quickly be realized by an institution that does not protect customers. This concern has led, in one instance, to the American Bankers Association distributing to the entire membership an education and basic training program on pretext calling I was asked to author at the association's initiative. The portion I authored was just a small part of a comprehensive three part series the ABA has distributed to the membership to address the subject of identity theft and privacy in detail over the course of this past year. I believe these materials will aid in thwarting the practices of the Dan Cohns of this world. I have been asked to speak on a number of occasions to groups of bankers to demonstrate to them how to spot pretext calls, how to educate financial services employees about pretext, and what steps to take at the institution level to thwart information security intrusions. Indeed, you would be hard pressed to find a gathering of bankers anywhere today where the subject of privacy is not addressed at length as a major topic of discussion. Further, the financial services industry did not wait for the passage of GLB to address the issue of pretext. Almost immediately after my testimony in 1998 the ABA was distributing materials and videotapes to any institution concerning pretext and updated information security practices. It is too early to tell how effectively the defenses now being installed by financial institutions are working to thwart pretext. However, judging by the number of firms advertising the ability to obtain financial information there is still more to be done. However, unless we end legitimate customer access to account information, there will always be criminals who will attempt to steal that information. The financial services industry needs a helping hand from law enforcement. These criminals must be prosecuted. The message needs to be sent that Federal law enforcement is serious about protecting financial institution customers. It is time to act. Emerging Threats To Financial Privacy While the traditional methods of pretext presented before this Committee two years ago continue, there are new emerging threats to the security of information within financial institutions. Those who use creative means to obtain personal information are not resting and waiting to see what Congress or law enforcement will do next to protect the privacy and confidentiality of U.S. citizens. These individuals and companies continue to develop methods to locate citizens and their confidential information. There is much fear that the loss of routinely accessed credit headers will diminish the ability to easily access personal biographical information used as part of a pretext. Therefore, some who seek that information are moving to develop other "sources" and "methods" to develop personal information needed to begin a successful pretext. The fastest growing method used to "skiptrace" for the current address and other personal information of an individual is to obtain the information from the phone company. Most United States citizens believe that their phone records are private unless obtained by subpoena or other form of Court order. This is especially true for the millions of Americans who pay extra to have a non-published or unlisted phone number. Most citizens would further think that who they call and how long they talk is also a private matter. Most citizens would be wrong. For years I have seen the sale of private telephone information on the web and in investigative and legal trade journals. These services include the acquisition and sale of non-published and unlisted phone numbers and records; long distance toll records; cellular phone records; pager records; fax records; the current phone number and address for the owner of a disconnected phone, and much more. While these practices are bad enough, and need to be addressed by Congress and/or law enforcement, the latest development is equally worrisome. Currently, there are presentations of closed, highly secure classes for private investigators and information brokers, teaching the inner workings of the telecommunications industry. These classes are being coupled with databases being developed in the private investigative community to assist in obtaining information held by telecommunications companies. Once obtained this data can then be sold and/or used as part of further identity theft and pretexts used in any number of scenarios, but certainly as the starting point for information gathered as part of a pretext against a financial institution or directly against the financial consumer. Here is an advertisement being widely distributed for these classes: NOW! COMING TO LOS ANGELES! Telecom Secrets Seminar or Using Telecom as a new way to skiptrace and locate. by Michele "Ma Bell" Yontef, CMI Telecom Investigations Specialist, Licensed Private Investigator, Paralegal, Server of Process, Notary, Constable of Court ******************************************************************************************** This is a seminar that will take you from being someone who uses a phone in investigations, to someone who uses the whole telecommunications system to further your investigations. You will gain a comprehensive understanding of the phone system, and how to use that system to get the information you need to close the case. With so many of our "tools of the trade" being taken from us by recent privacy laws, this is a "must attend" seminar. Using Michele's completely legal methods we can continue to obtain the information that is vital to us and to our clients. Don't let yourself or your clients down, learn new and better ways to increase your services and your income. No recording of any kind will be permitted. There will be extensive security measures. Please contact Vicki for details. All attendees will be required to sign a non-disclosure agreement. West Coast Professional Services reserves the right to refuse admittance. These techniques are completely legal, but are being taught only to Investigators and Law Enforcement Officers. Restrictions apply. ************************************************************************************************ A statement from Michele regarding the content: I will be talking about everything from how to make totally anonymous calls to finding the carrier of any type of line. I will be explaining how things in the Telecom work, so that you will know how to legally maneuver around any obstacle. I will show you how to skip trace and locate like never before, by using the Telecom as a database. I will tell you what the operator knows about you, who can hear you talking on the phone, how to perform all types of procedures, and I will be giving you a ton of vital information in my booklets that accompany the seminar. I will also introduce a new form of searching for skips and will open to you first, my brand new database, that encompasses EVERY numerical search you have ever seen online, plus many more new search ideas that I can teach you about in the seminar as well. For example, did you know that the type of switching your telephone company has you hooked into can allow a listen in on your lines...I will explain how to tell what kind of switching you have, and how it can either lend to the listen in, or block it. I can also show you how to use my database to find that switching for any party, and use it to trace a number to CNA, without ever picking up the phone to pretext anyone! I have brought home missing children, using the secret searches I will disclose to all of you that attend. (End)(Emphasis added) Here is another widely distributed reference: Here's an unedited letter from (name deleted), who just experienced the Telecom Secrets Seminar by Michele "Ma Bell" Yontef... Colleagues: There are currently three days to prepare yourself, if you are attending the Los Angeles version of the "Telecom secrets" Seminar. You need to practice taking notes, and be ready to absorb the information like a sponge. There is a lot of it, but it's actually very easy to learn. Michele teaches you about how the entire telecommunications system works, then gives you the secrets of how you can use it to do your own non-pubs, CNA's and disconnects, as well as the rationale that leads you to be able to determine the location of some of the toughest skiptrace assignments and locates, you have ever attempted. I sat in awe, writing as furiously as I could, through the six hour session with the Iowa Association of Private Investigators, (IAPI), provided by Michele, on Friday afternoon. I cannot tell you how valuable this seminar will be to me, in the coming weeks and months, as I develop my skills, using her technique. The best part is that I'd never even thought of most of this stuff. It is all new, and a wonderful way to expand one's skiptracing skills. It will take practice, but she has given us all a true treasure chest, (and she knows how I love treasure chests! --), and all the other tools to do the job. The price is an absolute bargain, too! Please pay particular attention to the reason for her disclaimers and nondisclosure forms. With all the movement and political wrangling of the privacy advocates, (READ - "reactionaries"), we can't afford to have this excellent legal source tainted by the people who would strangle our profession, and shut off all our sources. End)(Emphasis added) The reference to "CNA's" means customer name and address. The reference to "non-pubs" means the ability to obtain the non-published phone number for an individual. The reference to "disconnects" means the ability to locate the new phone number, name and address for someone who disconnected a phone in addition to determining the owner of a previously disconnected phone number. The database being designed to aid in the acquisition of information maintained by the telecommunications industry has been named "The Last Treasure". The choice of this name is intentional. It was chosen to mean that this database will be the last method available to locate the overwhelming majority of citizens should the carte blanche acquisition of credit header information be restricted. As with the pretext of financial institutions two years ago, the presenters of these classes and the developers of this database claim that this is all legal. I will leave that to others to decide. As a citizen of this country I am dismayed that my phone records can be bought and sold on the Internet. As a former private investigator that has handled several stalking cases I am well aware of the damage that can be done through the acquisition and sale of this information. As a privacy consultant, I am well aware of the fact that information obtained from the phone company can and is often used to start a financial pretext. Should there be any doubt concerning the problems that can be created when confidential phone information is obtained, one look no further then a September 9, 2000 article by Lindsey A. Henry for The Des Moines Register: A West Des Moines woman contends that her ex-husband tracked her down and threatened her after MCI WorldCom gave out her phone number and other information. Peggy Hill, 33, is suing the long-distance company in federal court in Des Moines. The lawsuit says her ex-husband in Georgia called MCI at least 10 times in June 1999 asking for her billing information and the numbers she had called. MCI representatives gave him the information and even changed her calling plan at his request, the lawsuit said. (End of Excerpt) Here was a woman being stalked by her ex-husband and taking precautions, only to be thwarted by the ease with which her phone records were accessed: Hill thought she had protected herself, her lawsuit says. She moved several times after her divorce in 1992. She paid for an unlisted number. She asked MCI to keep her information confidential, according to the lawsuit. Only after Hill called to complain did MCI employees flag her account with a warning, according to subpoenaed MCI files. "Please do not look up numbers for him or give him names of where numbers are dialed to," the notation said. "Peggy is in danger!!!!!! . . . MCI should not have given this man any information!!!!!!" (End of excerpt) The following claim of rarity when it comes to the release of confidential phone records is laughable given the ease with which Infobrokers buy and sell phone company customer records every day and widely advertise their ability to do so on the Internet: Sandy Kearney, an investigator for the Iowa attorney general's office, said Hill's situation was rare. "I hear all the time from telephone companies claiming to not release information without permission," she said. Hill's lawyer, George LaMarca, said the lawsuit should remind companies of their obligation to protect customers. "We can't get services without entrusting our most confidential and personal information to companies," LaMarca said. "When we do that, we expect confidentiality. When that trust is breached, companies should expect to pay the consequences." (End of excerpt) Just as this husband was able to allegedly access his ex-wife's customer records, identity thieves, private investigators, information brokers and judicial judgment collectors use similar techniques everyday to access these same records. All they need do is impersonate the customer or the relative of a customer. This common knowledge amongst identity criminals is being used as the starting point for access to personally identifiable information that can then be used to access financial information. This committee will recall the testimony of one of the "Godfathers" of the information broker industry in this very room two years ago. Al Schweitzer instructed us all at that time that one of the most common financial pretexts begins with either a pretext call to the consumer impersonating someone from the phone company, or a pretext call to the phone company to develop personal information to be used as part of a further pretext against the consumer and/or financial institution. The problem continues today and is growing in scope and sophistication. I would like to ring one final warning bell concerning the use of pretext and deceptive information security penetration practices. These are the very techniques that are used by individuals engaged in corporate espionage. Every day these techniques are used to steal our nation's corporate and military trade secrets and other forms of confidential information. I know that our military is aware of this as representatives of the Pentagon asked me to present a private briefing after my last appearance here in 1998. I will not disclose in an open forum what I was able to demonstrate in that briefing other than to state that I believe it confirmed concerns on the part of the officials I met with in relation to a threat that could easily put our country at a disadvantage during a time of crisis. This Committee, which oversees the safety and soundness of our Nation's financial system, should be concerned about the threat that corporate espionage, both domestic and foreign, poses to the financial well being of our country. This is the "Information Age" and our country is the leader in that regard. It is precisely that leadership position which is driving this unprecedented economic boom we are all witnessing. Information technology advantages are paramount to our continued economic success. This is why information security is all-important to that success. Companies are discovering the need for computer system firewalls, yet are woefully unprepared when it comes to social engineering security penetrations and a laissez faire attitude concerning who information is disclosed to telephonically and otherwise. Simply put. Loose lips do sink the corporate ships of today and tomorrow. The most infamous computer "hacker" on the planet, Kevin Mitnick, obtained the plans for an unreleased Motorola product by direct "pretext" phone calls to Motorola employees who then faxed him the plans to his home! If you speak to Mr. Mitnick, you will learn that he obtained just as much confidential information via "dumpster diving" and social engineering (pretext) as he ever did by a true computer hack attack. Another method that is becoming more common is the use of a "Trojan check". An investigator or broker will create a fictitious business name and open a checking account in that business name. A small check will be mailed to the target as a "rebate" or "prize" stamped on the back "for deposit only". Once the check has been deposited and is returned to the fictitious company the banking information obtained on the back of the check can be used to further the pretext to determine the amount of funds held in the account. There is great debate in the investigative and broker communities as to the legality of this practice given Gramm-Leach-Bliley and the deceptive trade practices statutes. While the debate continues, so does the practice. Informal networks of investigators, infobrokers, judgment collectors, and collection professionals are found all over the Internet. It is not uncommon to see requests for "contacts" in financial services institutions. Some collection professionals openly advertise their ability to provide information maintained within their files. Routinely, there are account and file numbers along with the names of targets placed on the Internet for inspection by others to determine if information can be traded or obtained. Vehicle tracking devices are being offered for sale in order to follow or record the travels of citizens. While not directly relevant to the pretext of financial information, it demonstrates the length that some will go to in order to obtain information on citizens in the United States today. If law enforcement agencies of State and Federal governments were caught doing these practices absent a constitutionally permissible purpose and/or Court order there would be rioting in the streets. Yet every day these events are carried out by private investigators, information brokers and judgment collectors who have no authority above that of a private citizen and no one blinks. From where I sit, my privacy is just as violated whether the intrusion comes from a person with a badge or not. What Needs To Be Done I would like to make some suggestions concerning what needs to be done to continue the battle against the use of fraud and deception to access financial information. First, we need swift, aggressive, nationwide action by law enforcement to begin criminal investigation and prosecution of those who are thumbing their noses at the provisions of Gramm-Leach-Bliley and other appropriate statutes. I hope the information I provided in 1998 and today supports this conclusion. Second, GLB needs to be amended. The narrowly crafted child-support exemption for the use of pretext is being used as an advertising shield by private investigators to hide behind while continuing the covert sale of financial information that falls outside of the GLB exemptions. The provisions of GLB that allow for pretext in a child support situation state as follows: Sec. 521 (g) NONAPPLICABILITY TO COLLECTION OF CHILD SUPPORT JUDGMENTS- No provision of this section shall be construed to prevent any State-licensed private investigator, or any officer, employee, or agent of such private investigator, from obtaining customer information of a financial institution, to the extent reasonably necessary to collect child support from a person adjudged to have been delinquent in his or her obligations by a Federal or State court, and to the extent that such action by a State-licensed private investigator is not unlawful under any other Federal or State law or regulation, and has been authorized by an order or judgment of a court of competent jurisdiction. The operative language is: "No provision of this section shall be construed to prevent any State-licensed private investigator.from obtaining customer information of a financial institution...to collect child support from a person adjudged to have been delinquent in his or her obligations by a Federal or State court...AND has been authorized by an order or judgment of a court of competent jurisdiction." This language clearly means from both the legislative history of the act and the plain face of the statute that a judge (Court) must specifically authorize the use of pretext to obtain customer information of "a financial institution". I am not aware of a single case where a Court has authorized a private investigator to intentionally deceive a financial institution in order to obtain customer information. It is easy to understand why this has not happened and most likely never will. The presumptive evidentiary burden that would be required to obtain such an order would easily support the issuance of a subpoena to the institution that the information is being sought from and is being contemplated for pretext. Unless Congress has evidence that financial institutions routinely falsify responses to subpoenas it is hard to fathom why this provision was placed in GLB. Further, this section states: "to the extent reasonably necessary to collect child support from a person adjudged to have been delinquent in his or her obligations by a Federal or State court." The legislative history of this exemption was a claim made by some representatives of the private investigative industry that pretext was needed as there was no other method available to locate the financial institution holdings of deadbeat parents who lie to the Courts. This claim was not true at the time, as there are many lawful ways to pursue overdue non-custodial child support payments and many taxpayer funded agencies designed to fill that role. However, even if this argument is accepted as a legitimate historical reason for the exemption, there is no longer any legislatively justifiable reason to maintain the exemption given the provisions of the Personal Responsibility and Work Opportunity Reconciliation Act of 1996 which are now in effect and mandate that all financial institutions cooperate with the government by providing the financial information of delinquent child support parents directly to the Federal government for asset forfeiture. The following excerpt describing this procedure is from a front-page article written by Robert O'Harrow, Jr. in the Sunday, June 27, 1999 edition of the Washington Post: As part of a new and aggressive effort to track down parents who owe child support, the federal government has created a vast computerized data-monitoring system that includes all individuals with new jobs and the names, addresses, Social Security numbers and wages of nearly every working adult in the United States. Government agencies have long gathered personal information for specific reasons, such as collecting taxes. But never before have federal officials had the legal authority and technological ability to locate so many Americans found to be delinquent parents -- or such potential to keep tabs on Americans accused of nothing. The system was established under a little-known part of the law overhauling welfare three years ago. It calls for all employers to quickly file reports on every person they hire and, quarterly, the wages of every worker. States regularly must report all people seeking unemployment benefits and all child-support cases. Starting next month, the system will reach further. Large banks and other financial institutions will be obligated to search for data about delinquent parents by name on behalf of the government, providing authorities with details about bank accounts, money-market mutual funds and other holdings of those parents. State officials, meanwhile, have sharply expanded the use of Social Security numbers. Congress ordered the officials to obtain the nine-digit numbers when issuing licenses -- such as drivers', doctors' and outdoorsmen's -- in order to revoke the licenses of delinquents. Enforcement officials say the coupling of computer technology with details about individuals' employment and financial holdings will give them an unparalleled ability to identify and locate parents who owe child support and, when necessary, withhold money from their paychecks or freeze their financial assets. (End of excerpt) (Emphasis added by Robert Douglas) O'Harrow went on to describe in more detail how the new system operates: Next month, financial institutions that operate in multiple states -- such as Crestar Financial Corp., Charles Schwab & Co. and the State Department Federal Credit Union -- will begin comparing a list of more than 3 million known delinquents against their customer accounts. Under federal law, the institutions are obligated to return the names, Social Security numbers and account details of delinquents they turn up. The Administration for Children and Families will then forward that financial information to the appropriate states. For security reasons, spokesman Kharfen said, the agency will not mix the financial data with information about new hires, wages and the like. Bank account information will be deleted after 90 days. In a test run this spring, Wells Fargo & Co. identified 72,000 customers whom states have identified as delinquents. NationsBank Corp. found 74,000 alleged delinquents in its test. Later this year, smaller companies that operate only in one state will be asked to perform a similar service. Officials say most of these institutions will compare their files against the government's. But some operations that don't have enough computing power -- such as small local banks, credit unions and securities firms -- will hand over lists of customers to state officials for inspection. States can then administratively freeze the accounts. In California, more than 100 financial institutions have already handed over lists of all their depositors to state officials, including names, Social Security numbers and account balances, a state official said. (End of excerpt) (Emphasis added by Robert Douglas) Finally, the exemption places GLB in direct conflict with other federal statutes outlawing wire and mail fraud and unfair and deceptive trade practices. The exemption also places GLB in direct conflict with many State laws and creates nothing short of a judicial quagmire. Simply put, there is no legitimate reason to continue the child support exemption to Gramm-Leach-Bliley. There is a legitimate reason to strike it from the statute as companies are using it as pretence to advertise their ability to locate financial institution customer information. All the ad need say is the request must be in compliance with applicable laws and that all requests are performed on that basis. Once the investigator is comfortable that the requestor is not law enforcement running a sting operation-they sell any information in complete disregard of the law. Our survey proved this ten times over. Third, financial institutions must continue the work they have started to take every precaution necessary to teach all banking employees about the methods associated with identity theft and pretext so that employees can spot fraudulent acts and know what to do when an act is detected. This will require regular and ongoing education, training and auditing programs to maintain the highest level of information security possible. Infobrokers and identity thieves are constantly developing new techniques and methods. The financial services industry must work to stay abreast of these techniques. Fourth, the federal regulatory agencies must also continue to stay abreast of information security threats and implement appropriate standards and regulations. Audits need to assess the effectiveness of programs in place. Finally, this Committee must continue on a regular basis to exercise the appropriate oversight functions necessary to ensure that agencies of the federal government continue to take every step available to stop illegal access of personal and confidential customer information. I know that we are late in the Congressional session and that Chairman Leach will be passing the baton next year. I also am aware that when the baton passes there may be changes in the staff of the Committee. I genuinely hope that no matter who takes up the leadership of the Committee and no matter from which side of the aisle, that there will continue an institutional memory to follow this issue. I truly believe it is of profound import to the health of our financial services industry in this country. Conclusion In closing, when I appeared before this Committee in 1998 I recited a long laundry list of the dangers posed by the deceptive methods in use by some private investigators and information brokers to gain illegal access to confidential and protected information. There were some who found it hard to believe that what I claimed was true or as serious as I presented the problem. However, those in the investigative and information broker industries who were practicing these techniques knew that I had spoken honestly and were not pleased to have sunshine illuminating their practices. I soon began fielding phone calls from across the country. The hearing had been carried on C-SPAN. In brief, the attention to these techniques was not well received by some. I was condemned by many and even received two death threats. I mention this because the information being obtained illegally is in many cases both quite serious and lucrative for those buying and selling it and often places others in physical danger. One needs to look no further than the case of James and Regina Rapp of Touch Tone Services to see that this is true. They were running a million dollar a year operation in Denver Colorado with numerous employees when Denver and Los Angeles law enforcement officers caught up with them along with the FTC. Why so many agencies? A short list of the Rapp's alleged activities points to the answer. The following allegations were reported: Touch Tone had accessed and sold information concerning undercover Los Angeles police detectives including their private unlisted phone and pager records to a member of the "Israeli mafia", placing the lives of the officers, the officers' families, the officers' confidential informants, and active organized crime investigations in danger. Touchtone accessed and sold information concerning the murder of Ennis Cosby, son of famed comedian Bill Cosby. Touchtone accessed and sold personal and confidential information regarding the Columbine High School massacre victims and families including home addresses, unlisted home telephone numbers, banking, and credit card records. Touchtone inserted itself into the Jon Benet Ramsey investigation. Here is a list written by James Rapp to a California private investigator outlining the Rapp's work in the Jon Benet Ramsey murder investigation: Here is a list of all Ramsey cases we have been involved with during the past lifetime (sic). 1. Cellular toll records, both for John & Patsy. 2. Land line tolls for the Michigan and Boulder homes. 3. Tolls on the investigative firm. 4. Tolls and home location on the housekeeper, Mr. & Mrs. Mervin Pugh. 5. Credit card tolls on the following: a. Mr. John Ramsey, AMX & VISA b. Mr. John Ramsey Jr., AMX. 6. Home location of ex-wife in Georgia, we have number, address & tolls. 7. Banking investigation on Access Graphics, Mr. Ramsey's company, as well as banking information on Mr. Ramsey personal. 8. We have the name, address & number of Mr. Sawyer & Mr. Smith, who sold the pictures to the Golbe (sic), we also have tolls on their phone. 9. The investigative firm of H. Ellis Armstead, we achieved all their land and cellular lines, as well as cellular tolls, they were the investigative firm assisting the Boulder DA's office, as well as assisting the Ramseys. 10. Detective Bill Palmer, Boulder P.D., we achieved personal address and numbers. 11. The public relations individual "Pat Kroton" (sic) for the Ramseys, we achieved the hotel and call detail where he was staying during his assistance to the Ramseys. We also have his direct cellular phone records. 12. We also achieved the son's John Jr.'s SSN and DOB. 13. During all our credit card cases, we acquired all ticket numbers, flight numbers, dates of flights, departing times and arriving times. 14. Friend of the Ramseys, working with the city of Boulder, Mr. Jay Elowskay, we have his personal info. Of course, all the above have been repeatedly asked for over and over again. Let me know if I can be of further assistance in this or any matter. (End of letter) This one company, Touchtone, had a client list of more than 1,200 spread across the country. Another local Montgomery County, Maryland private investigator admitted to obtaining the phone records of Kathleen Willey, a witness in the criminal investigation of President Clinton. These are just two companies. There are dozens of companies still in operation today. There can be little doubt as to the serious implications of the activities of these companies. Mr. Chairman and members of the Committee, as I leave you today, I hope that the time and effort I have placed in this testimony will serve as a blueprint for further examination by this Congress of matters deserving attention. Thank you. Appendix II U.S. Secret Service Testimony of Mr. Bruce A. Townsend Special Agent in Charge - Financial Crimes Division For Presentation to the Committee on Banking and Financial Services U.S. House of Representatives September 13, 2000 Mr. Chairman, members of the Committee, thank you for the opportunity to address the Committee on the subject of identity theft and the Secret Service's efforts to combat this problem. I have prepared a comprehensive statement that will be submitted for the record, and with the Committee's permission, I will summarize my statement at this time. In addition to providing the highest level of physical protection to our nation's leaders, the Secret Service exercises broad investigative jurisdiction over a variety of financial crimes. As the original guardian of our nation's financial payment systems, the Secret Service has a long history of pursuing those who would victimize our financial institutions and law-abiding citizens. In recent years, the combination of the information technology revolution and the effects of globalization have caused the investigative mission of the Secret Service to evolve in a manner that cannot be overstated. Today we are faced with a new challenge--that of identity theft. The Secret Service views identity theft as a disturbing combination of old schemes and abuse of emerging technologies. However, it should be clear--this crime is about more than the theft of money or property. This crime is about the theft of things that cannot be so easily replaced--a person's good name, a reputation in the community--years of hard work and commitment to goals. Make no mistake about it; this crime is a particularly invasive crime that can leave victims picking up the pieces of their lives for months or even years afterward. Mr. Chairman, we in the Secret Service applaud your efforts in convening this hearing today. We stand ready to work with you and all the members of the committee in attacking the crime of identity theft. It is our belief that hearings such as this will be the catalyst to bring together the resources of both state and Federal Governments in a unified response to the identity theft problem. Congress has already taken an important step in providing increased protection for the victims of identity theft through the enhancements made to Title 18, United States Code, Section 1028, by the Identity Theft and Assumption Deterrence Act, which was signed into law in October of 1998. This law accomplished four things simultaneously. First, it identified people whose credit had been compromised as true victims. Historically with financial crimes such as bank fraud or credit card fraud, the victim identified by statute, was the person, business or financial institution that lost the money. All too often the victims of identity theft, whose credit was destroyed, were not even recognized as victims. This is no longer the case. Second, this law established the Federal Trade Commission (FTC) as the one central point of contact for these victims to report all instances of identity theft. This collection of all information involving ID theft cases allows us to identify systemic weaknesses and enables law enforcement to retrieve all investigative data from one central location. It further allows the FTC to provide people with the information and assistance they need in order to take the steps necessary to correct their credit records. Third, this law provided increased sentencing potential and enhanced asset forfeiture provisions. These enhancements help to reach prosecutorial thresholds and allow for the repatriation of funds to victims. Lastly, this law closed a loophole in Title 18, United States Code, Section 1028, by making it illegal to steal another person's personal identification information with the intent to commit a violation. Previously, under Section 1028, only the production or possession of false identity documents was prohibited. With advances in technology such as E-Commerce and the Internet, criminals today do not need actual documents to assume an identity. We believe the enactment of this legislation is an important component in bringing together both the federal and state government, in a focused and unified response to the identity theft problem. Today, law enforcement and regulatory and community assistance organizations have joined forces through a variety of working groups, task forces, and information sharing initiatives to assist the victims of identity theft. Victims no longer have to feel abandoned, with no where to turn. Policies and procedures are being initiated to expedite the reporting of this crime. Civil remedies are also being created allowing for victims to seek restitution. The Secret Service "Victim Witness Assistance Program" aids identity theft victims by providing resources and contact information for credit bureaus and service programs. The financial community continues to design and implement security measures that minimize the exploitation of true persons names and identification information. The Secret Service has broad investigative responsibilities relating to financial crimes. Today, some type of false identification is a prerequisite for nearly all financial fraud crimes. False ID's provide anonymity to criminals and allow for repeat victimization of the same individual while perpetrating a variety of fraud schemes. Often, in their attempt to remain anonymous, criminals may randomly assume the identity of another individual through the creation of false identification documents. In these cases, the goal may not be to target an individual for the purposes of stealing his or her identity. Yet, by coincidence, that individual's identity has been compromised through the criminal's use of their personal identifiers. False identification documents, either altered, counterfeited, or fraudulently obtained, are routinely used with loan and check fraud schemes, and almost all credit card fraud schemes. Ironically, the credit industry through capital investments over the past 10 years has strengthened the integrity of the system through security measures, which effectively thwart some types of direct counterfeiting. Subsequently, criminals no longer simply create names and identities; they must more often rely on the identifiers of real people. As we enter the next century, the strength of the financial industry has never been greater. A strong economy, burgeoning use of the Internet and advanced technology, coupled with increased spending has led to fierce competition within the financial sector. Although this provides benefits to the consumer through readily available credit, and consumer oriented financial services, it also creates a rich environment for today's sophisticated criminals, many of whom are organized and operate across international borders. In addition, information collection has become a common byproduct of the newly emerging e-commerce. Internet purchases credit card sales and other forms of electronic transactions are being captured, stored, and analyzed by entrepreneurs intent on increasing their market share. This has led to an entirely new business sector being created which promotes the buying and selling of personal information. With the advent of the Internet, companies have been created for the sole purpose of data mining, data warehousing, and brokering of this information. These companies collect a wealth of information about consumers, including information as confidential as their medical histories. Consumers routinely provide personal, financial and health information to companies engaged in business on the Internet. Consumers may not realize that the information they provide in credit card applications, loan applications, or with merchants they patronize, are valuable commodities in this new age of information trading. Data collection companies like all businesses are profit motivated, and as such, may be more concerned with generating potential customers rather than the misuse of this information by unscrupulous individuals. This readily available personal information in conjunction with the customer friendly marketing environment has presented ample opportunities for criminals intent on exploiting the situation for economic gain. The Secret Service has investigated numerous cases where criminals have used other people' s identities to purchase everything from computers to houses. Financial institutions must continually practice due diligence or they will fall victim to the criminal who attempts to obtain a loan or cash a counterfeit check using someone else's identity. As financial institutions and merchants become more cautious in their approach to "hand to hand" transactions the criminals are looking for other venues to compromise. Today, criminals need look no further than the Internet. For example, an Internet fraud investigation conducted by the secret service, Department of Defense, Postal Inspection Service, and the Social Security Administration Inspector General's Office highlighted the ease with which criminals can obtain personal information through public sources. These defendants accessed a web site that published the promotion list of high ranking military officers. This site further documented personal information on these officers that was used to fraudulently obtain credit, merchandise, and other services. In this particular case the financial institution, in an effort to operate in a consumer friendly manner issued credit over the Internet in less than a minute. Approval for credit was granted after conducting a credit check for the applicant who provided a "true name" and matching "true Social Security Number." All other information provided such as the date of birth, address and telephone number, that could have been used for further verification, was fraudulent. The failure of this bank to conduct a more comprehensive verification process resulted in substantial losses and more importantly a long list of high-ranking military officers who became victims of identity fraud. The Internet provides the anonymity criminals desire. In the past, fraud schemes required false identification documents, and necessitated a "face to face" exchange of information and identity verification. Now with just a laptop and modem, criminals are capable of perpetrating a variety of financial crimes without identity documents through the use of stolen personal information. The Secret Service has investigated several cases where cyber criminals have hacked into Internet merchant sites and stolen the personal information and credit card account numbers of their customers. These account numbers are then used with supporting personal information to order merchandise to be mailed throughout the world. Most account holders are not aware that their credit card account has been compromised until they receive their billing statement. Time and time again, criminals have demonstrated the ability to obtain information from businesses conducting commerce on the Internet. This information has been used to facilitate account takeover schemes and other similar frauds. It has become a frightening reality that one individual can literally take over another individual's financial identity without the true victim's knowledge. Cyber criminals are also using information hacked from sites on the Internet to extort money from companies. It is not unprecedented for international hackers to hack into business accounts, steal thousands of credit card account numbers along with the accompanying personal identifiers, and then threaten the companies with exposure unless the hackers are paid a substantial amount of money. The Secret Service continues to attack identity theft by aggressively pursuing our core violations. It is by the successful investigation of criminals involved in financial and computer fraud that we are able to identify and suppress identity theft. As stated earlier, identity theft, and the use of false identification has become an integral component of most financial criminal activity. In order to be successful in suppressing identity theft we believe law enforcement agencies should continue to focus their energy and available resources on the criminal activities that incorporate the misuse or theft of identification information. The Secret Service has achieved success through a consistent three -tiered process of aggressive pro-active investigations, identification of systemic weaknesses, and partnerships with the financial sector to adopt fixes to these weaknesses. The Secret Service's investigative program focuses on three areas of criminal schemes within our core expertise. First, the Secret Service emphasizes the investigation of counterfeit instruments. By counterfeit instruments, I refer to counterfeit currency, counterfeit checks, both commercial and government, counterfeit credit cards, counterfeit stocks or bonds, and virtually any negotiable instrument that can be counterfeited. Many of these schemes would not be possible without the compromise of innocent victim's financial identities. Second, the Secret Service targets organized criminal groups that are engaged in financial crimes on both a national and international scale. Again, we see many of these groups; most notably the Nigerian and Asian organized criminal groups, prolific in their use of stolen financial and personal information to further their financial crime activity. Finally, we focus our resources on community impact cases. The Secret Service works in concert with the state, county, and local police departments to ensure our resources are being targeted to those criminal areas that are of a high concern to the local citizenry. Further, we work very closely with both federal and local prosecutors to ensure that our investigations are relevant, topical and prosecutable under existing guidelines. No area today is more relevant or topical than that of identity theft. It has been our experience that the criminal groups involved in these types of crimes routinely operate in a multi-jurisdictional environment. This has created problems for local law enforcement that generally act as the first responders to their criminal activities. By working closely with other federal, state, and local law enforcement, as well as international police agencies we are able to provide a comprehensive network of intelligence sharing, resource sharing, and technical expertise which bridges jurisdictional boundaries. This partnership approach to law enforcement is exemplified by our financial crimes task forces located throughout the country. Each of these task forces pools the personnel and technical resources and to maximize the expertise of each participating law enforcement agency. A number of these task forces are focused on the Nigerian criminal element operating in this country. As mentioned earlier, this particular ethnic criminal group has historically been involved in a myriad of financial crimes, which incorporate false identification and identity theft. In addition to our inter-dependant working relationship with law enforcement on all levels, our partnership with the private sector has proved invaluable. Representatives from numerous commercial sectors to include the financial, telecommunications, and computer industries have all pledged their support in finding ways to ensure consumer protection while minimizing corporate losses. The secret service has entered into several cooperative efforts with members of the financial sector to address challenges posed by new and emerging technologies. These initiatives have created some new and innovative approaches to identification verification in business. Automated teller machines, E-Commerce, online banking, online trading, smart cards, all once considered futuristic concepts, are now a reality. Each of these technologies lends themselves to creating a "faceless society". In order for businesses to be successful, they can no longer rely upon personal contact as a means of identity verification. One innovative approach that appears to address the problems of identity verification for Internet commerce has been developed and introduced by a member of the financial community. This new product is the first commercial venture by the credit card industry to provide the public with an on line authentication process using chip technology and encryption. Although this product may not end credit card fraud on the Internet, it is the first step in providing a more secure environment in which to conduct Internet commerce. Efforts such as these provide a foundation by which law enforcement and the private sector can build upon. By applying the technologies used in this product and others being developed for the same purpose, we can systemically eliminate the weaknesses in our economic infrastructure, which allow for the misuse of personal information. In conjunction with these technological advances, the Secret Service is actively involved with a number of government sponsored initiatives. At the request of the Attorney General, the Secret Service joined an interagency identity theft subcommittee that was established by the Department of Justice. This group, which is made up of federal and state law enforcement, regulatory agencies, and professional agencies meets regularly to discuss and coordinate investigative and prosecutive strategies as well as consumer education programs. In addition, under the direction of the President, the Treasury Department, with the assistance of the Secret Service, convened a national summit on the subject of identity theft. This summit brought together various federal, state, and private sector entities to discuss and develop policies that will help to prevent identity theft crimes. Follow-up workshops are scheduled for October of this year to focus on ways of assisting consumers and preventing identity theft. As you have heard in this testimony some very positive steps are being taken to address and combat identity theft. The Secret Service will always encourage both business and law enforcement to work together to develop an environment in which personal information is securely guarded. In this age of instant access, knowledge is power. We cannot allow today's criminals to abuse the very systems that were created for the betterment of society. The emotional toll on the lives of those whose identities have been compromised cannot be fully accounted for in dollars and cents. It is all of our responsibilities to protect personal information. The Secret Service acknowledges that identity theft is a very real problem and pledges its support in the Federal Government's efforts to eliminate it. This concludes my prepared statement. I would be happy to answer any questions that you or any other member of the committee may have. Thank you. Home Contact Us Privacy News APC News Services Speeches [Non-text portions of this message have been removed] 5859 From: kondrak Date: Sat Jul 27, 2002 10:44pm Subject: Re: You can paint my porch Excellent.... At 19:49 7/27/02 -0400, you wrote: >A blonde, wanting to earn some money, decided to hire herself out as a >'handy-woman' and started canvassing a nearby well-to-do neighborhood. She >went to the front door of the first house and asked the owner if he had any >odd jobs for her to do. > >"Well, you can paint my porch," he said, "How much will you charge me?" > >The blonde, after looking about, responded, "How about $50?" > >The man agreed and told her that the paint and other materials that she >might need were in the garage. > >The man's wife, inside the house, heard the conversation and said to her >husband, "Does she realize that the porch goes all the way around the >house?" > >The man replied, "She should; she was standing on it. Why...do you >think she's dumb?" > >Humbled by her initial reaction, his wife said, "No. I guess I'm just >guilty of being influenced by all the 'dumb blonde' jokes I've been >hearing." > >A short time later, the blonde came to the door to collect her money. > >"You're finished already?" the husband asked. > >"Yes," the blonde replied, "and I had paint left over, so I gave it >two coats." > >Impressed, the man reached into his pocket for the $50.00 and handed it to >her. > >"And by the way," the blonde added, "it's not a Porch, it's a Lexus." >-- > >-------------------------------------------------------------------------------------------------- >The First, The Largest, The Most Popular, and The Most Complete TSCM, >Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. >-------------------------------------------------------------------------------------------------- > James M. Atkinson Ph: (978) 381-9111 > Granite Island Group Fax: > 127 Eastern Avenue #291 http://www.tscm.com/ > Gloucester, MA 01931-8008 mailto:jmatk@tscm.com >-------------------------------------------------------------------------------------------------- > Strategy without tactics is the slowest route to victory. > Tactics without strategy is the noise before defeat. - Sun Tzu >-------------------------------------------------------------------------------------------------- > >[Non-text portions of this message have been removed] > > > >======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. >=================================================== TSKS > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 5860 From: kondrak Date: Sun Jul 28, 2002 4:37am Subject: Bookmark this...FCC ID Numbers search engine http://www.fcc.gov/oet/fccid/ In case you didn't have it... Bookmark this...FCC ID Numbers search engine.. very useful. 5861 From: Fernando Martins Date: Sun Jul 28, 2002 4:52pm Subject: RE: Brazil's President Inaugurates Amazon Monitoring System The official site of the project is http://www.sivam.gov.br/ (all in brazilian/portuguese) 800 V-SAT, SATCOM system, a 220 miles fixed radar and 6 mobile units... Seems cool. Some links: http://www.raytheon.com/c3i/c3iproducts/c3isivam/ http://www.american.edu/TED/SIVAM.HTM http://www.obt.inpe.br/mapsar/SIVAM/page_01.htm FM > -----Original Message----- > From: MACCFound@a... [mailto:MACCFound@a...] > Sent: sexta-feira, 26 de Julho de 2002 4:43 > To: TSCM-L@yahoogroups.com > Subject: [TSCM-L] Brazil's President Inaugurates Amazon > Monitoring System > > > Brazil's President Inaugurates Amazon Monitoring System > > > MANAUS, Brazil, July 25 /PRNewswire/ -- President Fernando > Henrique Cardoso > today inaugurated the initial operating capability of the > System for the > Vigilance of the Amazon (SIVAM), a $1.4B system that provides > comprehensive > electronic surveillance of Brazil's immense and relatively > undeveloped Amazon > region. > > The ceremony, held in the city of Manaus in the heart of the > Amazon, comes > five years to the day after Raytheon Company (NYSE: HREF="aol://4785:RTN">RTN) and its partners, > Embraer and ATECH, began work on SIVAM. The project will > provide real time > information on conditions across the breadth of the region to > a wide range of > government agencies, research institutions and other users. > It includes the > capabilities to build one of the world's largest > environmental databases. > > Under the auspices of the Federal Government in Brasilia, > SIVAM is the first > step in Brazil's long range effort to protect and control > this unique natural > area that encompasses over half of the country's landmass. > The event is a > significant milestone in the realization of Brazilian > commitments made at the > UN Conference on the Environment and Development held in Rio > de Janeiro in > 1992, and SIVAM is a critical asset for maintaining Brazilian > sovereignty > over its national territory. > > The newly operating SIVAM system uses a diverse array of > equipment to monitor > both the surface of the vast Amazon jungle and the national > airspace above > it. SIVAM data will be used to support essential Brazilian government > programs, university and private scientific research efforts, > and sustainable > development initiatives. It will also help to address the > health, educational > and economic needs of Brazilian families and individual > citizens. Tied > together by an innovative satellite telecommunications > infrastructure, the > system combines data generated by space-based, airborne and > surface sensor > and support systems. Satellite remote sensing data are > received through the > Government's ground station at Cuiaba and image processing > site at Cachoeira > Paulista, which have been upgraded by the National Space > Research Institute > (INPE) and Raytheon. > > Raytheon-supplied sensors -- including synthetic aperture radars, > multispectral scanners, optical infrared sensors, high > frequency direction > finding equipment, and communications and non-communications > exploitation > gear -- have been installed onto three remote sensing > aircraft, modified > versions of the Embraer ERJ- 145. These jets give users the > opportunity for > remote mapping through the dense jungle canopy, forest fire > detection, and > photoreconnaissance. On the jungle floor and in the waters > of the Amazon > river system itself, Raytheon provides an array of weather > and environmental > monitors that provide a real time and comprehensive picture > of regional > environmental conditions ranging from meteorological and lightning > information to water characteristics and air and river pollutants. > > SIVAM's air traffic control (ATC) and associated airspace > surveillance for > the first time provides Brazil with a comprehensive > monitoring capability > throughout the region. The system will contain 14 > state-of-the-art Raytheon > fixed base air traffic control radars and six transportable radars, > supplemented by five existing government-furnished ATC > radars. These ground- > based radars are augmented by five newly developed SIVAM > airborne radars, > also adapted ERJ-145s, outfitted with Raytheon and Swedish sensors. > Collectively these radars provide an area-wide monitoring capability > permitting vastly enhanced counter-smuggling, border > surveillance and law > enforcement operations over an area the size of the United > States west of the > Mississippi. > > Data from the various airborne and ground-based sensors are > sent to and > processed in an Air Surveillance Center located in Manaus, Regional > Coordination Centers located in Manaus, Porto Velho, and > Belem, and a General > Coordination Center to be located in Brasilia. > > Dick Nelson, Raytheon vice president for SIVAM, said, > "Working with the > extremely professional members of the Brazilian Air Force - > led by Brigadeiro > Teomar Fonseca Quirico, and earlier by Brigadeiros Marcos > Antonio de Oliveira > and Jose Orlando Bellon -- over the past five years has been > one of the > highlights of the project. Their operational, technical, and program > management expertise so evident during the development and > installation of > the project ensures that SIVAM will meet all of the > expectations that the > Brazilian Government had in mind when the system was first > conceived over a > decade ago." > > With headquarters in Lexington, Mass., Raytheon Company is a global > technology leader in defense, government and commercial > electronics, and > business and special mission aircraft. > > Contacts: > > Patricia Perlini Dave Shea > > 260.429.5547 703.284.4245 > > MAKE YOUR OPINION COUNT - Click Here > http://tbutton.prnewswire.com/prn/11690X50238200 SOURCE Raytheon Company CO: Raytheon Company ST: Brazil SU: http://www.prnewswire.com [Non-text portions of this message have been removed] ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 5862 From: Matt Paulsen Date: Mon Jul 29, 2002 6:05pm Subject: CNN - Disposable cell phones on the way Took em long enough to pick up on it. -m http://www.cnn.com/2002/TECH/ptech/07/29/telecoms.throwaway.reut/index.html Throwaway cell phones are set to make their debut on United States convenience store shelves, down the aisle from plastic razors, beef jerky and disposable cameras they seek to emulate as spur-of-the-moment consumer purchases. Hop-On, a small company based in Garden Grove, California, said this week it had won U.S. regulatory approval to sell its first phones, clearing the way for a nationwide introduction of a no-frills recyclable phone for prepaid mobile calling. In an interview, Chairman and Chief Executive Peter Michaels said approval of the phones will allow Hop-On shortly to sell its stripped-down mobile phone and 60 minutes of initial service for a $40 flat fee, through an unnamed carrier. Hop-On mobile devices are plastic, two-way phones the size of a deck of playing cards. Users talk and listen to callers via a microphone/earpiece connected by a thin wire. 5863 From: James M. Atkinson Date: Mon Jul 29, 2002 8:25pm Subject: You Know You Are In The Summertime When... YOU KNOW YOU ARE IN THE SUMMERTIME WHEN... The birds have to use potholders to pull worms out of the ground. The trees are whistling for the dogs. The best parking place is determined by shade instead of distance. Hot water now comes out of both taps. You can make sun tea instantly. You learn that a seat belt buckle makes a pretty good branding iron. The temperature drops below 95 and you feel a little chilly. You discover that in July it only takes 2 fingers to steer your car. You discover that you can get sunburned through your car window. You actually burn your hand opening the car door. You break into a sweat the instant you step outside at 7:30 a.m. Your biggest bicycle wreck fear is, "What if I get knocked out and end up lying on the pavement and cook to death?" You realize that asphalt has a liquid state. The potatoes cook underground, so all you have to do is pull one out and add butter, salt and pepper. Farmers are feeding their chickens crushed ice to keep them from laying boiled eggs. The cows are giving evaporated milk. -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 381-9111 Granite Island GroupFax: 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@tscm.com -------------------------------------------------------------------------------------------------- Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. - Sun Tzu -------------------------------------------------------------------------------------------------- 5864 From: Charles P. Date: Tue Jul 30, 2002 10:54am Subject: handheld tdr on ebay I have an older Biddle CFL510 handheld TDR for sale on ebay if anyone is interested. I doesn't compare to the larger popular units (Riser Bond 1205, etc) but it is handy to have. Easily fits in a toolbox or briefcase. I found it useful for demonstrating how a tdr works. Ranges go from 300ft to 9500 ft. Reserve is set at $200. http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=1754522198&rd=1 free shipping to anyone from the TSCM list (be sure to let me know if it's you). Charles Charles Patterson Global Communications Tarrytown, NY www.telephonesecurity.com charles@t... 5865 From: iDEN-i100 Date: Tue Jul 30, 2002 3:16pm Subject: [Fwd: Pursuit Seminar for Law Enforcement Driver Trainers 2002] "Engler, Donna" wrote: > ********************************************************* > > Pursuit Seminar for Law Enforcement > Driver Trainers 2002 > > ********************************************************* > > The following seminar is not affiliated with > NLECTC or the National Institute of Justice. Please > contact the conference organizers for more > information. > > --------------------------------------------------------- > > Organizer: Association of Professional Law Enforcement > Emergency Response Trainers (ALERT) International > > Web site: www.alertinternational.com/training/eform.htm > > Point of contact: > > Bruce Cabral > President, ALERT International > 478-994-0876 > bcabral@g... > > The National Highway Safety Administration (NHTSA) and > the Association of Professional Law Enforcement Emergency > Response Trainers (ALERT) International will be > conducting the Pursuit Seminar for Law Enforcement > Driver Trainers in twelve various locations throughout > the United States in 2002. > > This seminar will provide the foundation for law > enforcement agencies and academies to develop appropriate > pursuit-training programs. The information will provide > guidance for police officers from the initiation of a > vehicular pursuit, through its conclusion. The safety of > the public will be emphasized as being paramount to the > total pursuit situation. The focus of the seminar is to > address legal and operational vehicular pursuit training > issues that include identifying factors to consider when > initiating, conducting, and terminating a vehicular > pursuit. > > There is no cost for tuition to attend this seminar; > however, the participants are responsible for their own > travel, lodging, and meals. > > --------------------------------------------------------- > Remaining Seminars for 2002 > Dates and Locations > --------------------------------------------------------- > > July 31, August 1, & 2, 2002 > New Hampshire Police Standards and Training Academy > Concord, New Hampshire > > August 28, 29, & 30, 2002 > Idaho Post Academy > Meridian, Idaho > > September, 11, 12, &13, 2002 > Minneapolis Police Department > Minneapolis, Minnesota > > October 16, 17, & 18, 2002 > Riverside County Sheriffs Department > Riverside, California > > October 28, 29, & 30, 2002 > Tallahassee Police Department > Tallahassee, Florida > > November 13, 14, &15, 2002 > North Carolina Justice Academy > Salemburg, North Carolina > > --------------------------------------------------------- > Registration Information > --------------------------------------------------------- > > Register for these seminars by calling 478-994-0876 or > visiting the web site > www.alertinternational.com/training/eform.htm. > > **************************************************** -- "NEXTEL1 IT'S NOT JUST NEXTEL" Subscribe to Nextel1: http://www.groups.yahoo.com/subscribe/NEXTEL1 "NEXTEL2 FOR iDEN SOFTWARE DEVELOPERS" Subscribe to Nextel2: http://www.groups.yahoo.com/subscribe/NEXTEL2 "WIRELESS FORUM HOMELAND SECURITY GROUP" The Complete Resource for Wireless Homeland Security. Subscribe to WFHSG: http://www.groups.yahoo.com/subscribe/WFHSG 5866 From: James M. Atkinson Date: Wed Jul 31, 2002 9:19am Subject: CIA Expert: Leaks of Classified Information Must Stop http://disc.server.com/discussion.cgi?id=149495&article=31248 BETRAYAL BY THE SENATE by Doug Fiedor - dfiedor@c... There is a traitor in the Senate of the United States. He has been there for a long time because the socialists in his state keep voting for him. And no, it's not (holy) Joe Lieberman. He is the driving force behind all of Capitol Hill's socialist organizations(1), but not necessarily an out and out traitor. There are two members of the United States Senate who have been leaking top secret security documents -- war plans, in the latest instance -- for many years. One is now a committee chairman and in position to leak everything we have. Almost everyone on Capitol Hill knows exactly who he is, just fear mouthing the name out loud. So, they are playing games by having the FBI investigate the leaks. This has got to be one of the stupidest games ever played in Washington. The FBI is not going to bust the responsible Senate committee chairman. He's too powerful. Instead, the FBI will search till they find a scapegoat; probably an aide who did the Senator's bidding by personally delivering the classified reports. Meanwhile, the senior Senator walks free, and continues leaking many of our nation's most sensitive documents. Such is the way of the Senate. They have an agreement in that chamber to never accuse another member of anything. Apparently, that arrangement also extends to Clinton administration Democrats. For instance, Senate committees made a big spectacle of publicly chiding business leaders of corporations that went bankrupt. Yet, their own Joe Lieberman, chairman of the Senate Governmental Affairs Committee (and at least four other Senators), had his fingers deep in that pie. Many of the socialist organizations Lieberman set up to route campaign funds to other socialists on Capitol Hill collected big bucks from the business leaders, banks and corporations most deeply involved in the new scandals. Actually, a couple years back, it was Lieberman and friends who were most instrumental in protecting many of these bad bookkeeping businesses against interference from federal regulators. Of course, then Treasury Secretary Robert Rubin was also involved in this with his friends in the Senate. Like certain socialist Democrat Senators, Bobby Rubin's name seems to turn up prominently when corporations perpetrating fraud on their stockholders are mentioned. We're not just talking about the corporations like Enron, either. Nope! These public officials were (and are) also involved with the banks that facilitated the fraud. They even had a code name for it: Roosevelt. Of course, that would be Franklin D. Roosevelt, we presume, since we are talking about perpetrating a fraud on the American people here. According to the New York Times last week, banks like "Citigroup and J. P. Morgan Chase have been repeatedly criticized by investigators and shareholders' lawyers for structuring billions of dollars of transactions for Enron involving entities with names like Mahonia, Yosemite, Delta and Stoneville Aegean." Rubin, of course, is paid a huge weekly salary as chairman of Citigroup's executive committee. And, if we search the campaign donation records of certain socialist Senators, we find a surprising array of names of wrongdoers making the news lately. Looking into the financial benefactors of Lieberman's socialist organizations, the same business and financial community names are found yet again. The Roosevelt transaction, deals between Enron and the banks, and other such shenanigans, were examined in a hearing before the Senate Permanent Subcommittee on Investigations last week. Afterwards, some members of the committee realized that the Roosevelt transaction violated accounting rules. "Citibank was a participant in this accounting deception," said committee chairman, Senator Carl Levin (D-MI). Levin is probably not personally involved in this mess. However, he knows perfectly well which Senators are. Yet, his committee has no plans to question any of those perpetrators. Instead, the Senate Permanent Subcommittee on Investigations seems to be doing everything it can to dance around the subject in a way that will protect all other members of the Senate. Meanwhile, many of these very same socialist Senators are quietly working to lay off at least part of the debt of WorldCom on the American people. Apparently, some telephone long distance providers were (are) very financially involved with WorldCom. Because WorldCom went bankrupt, these long distance providers feel they will lose money. So, these corporations are seeking the permission of government to raise charges to customers to recoup what they will lose from WorldCom. At least two of these long distance providers are also major campaign fund providers to certain Senators -- and help fund a couple of Joe Lieberman's Capitol Hill socialist groups -- so we suspect long distance telephone bills will be increasing soon. -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 381-9111 Granite Island GroupFax: 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@tscm.com -------------------------------------------------------------------------------------------------- Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. - Sun Tzu -------------------------------------------------------------------------------------------------- 5867 From: Date: Wed Jul 31, 2002 5:45am Subject: Intercepting E-Mails to Catch Spouses Cheating May Be Breaking the Law Intercepting E-Mails to Catch Spouses Cheating May Be Breaking the Law, Warn Nation's Top Divorce Attorneys CHICAGO, July 31 /PRNewswire/ -- People who intercept e-mails to catch their spouses cheating over the Internet in many cases are violating federal and state laws, warn the nation's top divorce attorneys. "Spouses are increasingly obtaining 'proof' of the other spouse's infidelity by reading electronic mail and retrieving records and conversations from Internet and cybersex chat rooms," says J. Lindsey Short, Jr., president of the American Academy of Matrimonial Lawyers, the nation's top 1,600 divorce and matrimonial law attorneys. Taking information from home computers to which both spouses have equal access probably does not violate any laws, say the attorneys. However, to the extent the e-mails are accessed through an on-line account, like America Online or Hotmail, or hacking into a password-protected file on a computer, the spouse surreptitiously accessing the account is most likely subject to civil and criminal penalties. "Internet romance is easy to find and simple to maintain. One of the beauties of cyber-chat is that one can be whomever one wishes," says divorce attorney Mark Gruber of New Jersey, who has co-authored an article for the Academy's Journal on cybersex, divorce and the retrieval of electronic communications in the marital home. "However, individuals who try to catch their spouses at cyber-cheating need to be aware that they could be breaking the law in doing so," Gruber says. The improper retrieval of electronic information may specifically constitute a violation of the Electronic Communications Privacy Act of 1986 and The Wiretap Act and Stored Communications Act, both passed in 1996. The latter two laws amended the earlier act to extend anti-wiretapping provisions to e-mails, chat rooms and electronic storage of information and communications. Persons violating the law can face both federal and state criminal penalties of up to five years in jail as well as civil penalties, fines, damages, including punitive damages, and legal fees. The matrimonial lawyers note that workplace e-mails and communications related to cyber-cheating have no similar protections or expectations of privacy, as employers have the right to monitor office e-mails. Matrimonial lawyers say other cyber-trends they are seeing in divorce cases include an increase in subpoenas for hard drives during discovery to uncover erased e-mails and spouses posing under pseudonyms in chat rooms to see if their spouses will cheat on them. The American Academy of Matrimonial Lawyers is composed of the nation's top 1,600 attorneys who are experts in the specialized field of matrimonial law, including divorce, prenuptial agreements, legal separation, annulment, custody, property valuations, support and the rights of unmarried cohabiters. The purpose of the Academy is to encourage the study, improve the practice, elevate the standards and advance the cause of matrimonial law. MAKE YOUR OPINION COUNT - Click Here http://tbutton.prnewswire.com/prn/11690X48611914 SOURCE American Academy of Matrimonial Lawyers CO: American Academy of Matrimonial Lawyers ST: Illinois SU: LAW http://www.prnewswire.com 07/31/2002 08:30 EDT 5868 From: Tim Jackson Date: Wed Jul 31, 2002 9:57am Subject: Can you help identify this room audio transmitter A client of mine recently found a working transmitter in his company board room. I need to try and find its origin. It's a black plastic box about the size of a twenties pack of cigarettes and operates off a single 9V battery (PP3 / 6F22 006P etc). The unit has an external microphone on a cord about two feet in length which plugs into the transmitter using a standard 1/8" minijack. The only controls are an on/off switch, gain control pot and a "battery low" LED. The box bears the following silk-screened label in gold ink: JOSEPH JP-818H MICROPHONE TRANSMITTER The unit transmits on 111.7MHz, immediately above the FM commercial broadcast band. Examination of the circuitry and the plastic housing reveals that it's probably a mass-produced unit intended to be a cheap wireless mic for stage use. It isn't even crystal-controlled. The battery fitted to the unit is of particular interest to me as it is not a type sold in this country (South Africa). The battery is black and green in the same sort of proportion as a Duracell battery is black and copper. It is branded "ZHANLI". Any idea where this is sold? Tim Tim Jackson Micro Delta +27 82 651 7272 Johannesburg South Africa --- [Non-text portions of this message have been removed] 5869 From: James M. Atkinson Date: Wed Jul 31, 2002 0:02pm Subject: Re: Can you help identify this room audio transmitter Piece of cake: It is a Cheap Chinese made Joseph JP-818 Microphone Transmitter with a frequency range between 110 - 120 MHz. Dynamic range is better then 80 dB and distortion is less then 190. Frequency Response is 80 Hz - 12 kHz @ 3 dB roll-off. Working distance is about 15 meters max (the eavesdropper has to be VERY close). Pre-Emphasis is 50 uS. Maximum RF power output is 30 mW, and the microphone cable itself is the antenna. It takes a standard MN1604 9V battery, and can run for about 6 hours on a typical battery (current draw is just under 21 mA). Size is roughly 105*63*23 mm, and weight is roughly 125 Grams You can find a picture of the little thing at : http://www.tscm.com/joesph-jp818h.jpg http://www.tscm.com/joesph-JP818.gif http://www.tscm.com/joseph-818b.gif Once again Raphael scores a clean, almost instantaneous match ( http://www.tscm.com/raphael.html ). -jma At 4:57 PM +0200 7/31/02, Tim Jackson wrote: >A client of mine recently found a working transmitter in his company >board room. I need to try and find its origin. > >It's a black plastic box about the size of a twenties pack of cigarettes >and operates off a single 9V battery (PP3 / 6F22 006P etc). > >The unit has an external microphone on a cord about two feet in length >which plugs into the transmitter using a standard 1/8" minijack. > >The only controls are an on/off switch, gain control pot and a "battery >low" LED. > >The box bears the following silk-screened label in gold ink: > > JOSEPH > JP-818H >MICROPHONE TRANSMITTER > >The unit transmits on 111.7MHz, immediately above the FM commercial >broadcast band. > >Examination of the circuitry and the plastic housing reveals that it's >probably a mass-produced unit intended to be a cheap wireless mic for >stage use. It isn't even crystal-controlled. > >The battery fitted to the unit is of particular interest to me as it is >not a type sold in this country (South Africa). > >The battery is black and green in the same sort of proportion as a >Duracell battery is black and copper. It is branded "ZHANLI". Any idea >where this is sold? > >Tim > > > >Tim Jackson >Micro Delta >+27 82 651 7272 >Johannesburg >South Africa > > > > >--- > > > > >[Non-text portions of this message have been removed] > > > > >======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: >http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. >=================================================== TSKS > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 381-9111 Granite Island GroupFax: 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@tscm.com -------------------------------------------------------------------------------------------------- Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. - Sun Tzu -------------------------------------------------------------------------------------------------- [Non-text portions of this message have been removed] 5870 From: iDEN-i100 Date: Wed Jul 31, 2002 4:02pm Subject: Agency to Impose Limits on Devices http://cnniw.yellowbrix.com/pages/cnniw/Story.nsp?story_id=31834565&ID=cnniw&scategory=Telecommunications%3AWireless& -- [Non-text portions of this message have been removed] 5871 From: Kutlin, Josh Date: Wed Jul 31, 2002 0:01pm Subject: RE: Can you help identify this room audio transmitter This link has a pic with the battery http://www.radios4you.com/WirelessMICS/JP919LapelMic/jp919lapelmic.html Josh -----Original Message----- From: James M. Atkinson [mailto:jmatk@tscm.com] Sent: Wednesday, July 31, 2002 1:03 PM To: tim@m...; TSCM-L@yahoogroups.com Subject: Re: [TSCM-L] Can you help identify this room audio transmitter Piece of cake: It is a Cheap Chinese made Joseph JP-818 Microphone Transmitter with a frequency range between 110 - 120 MHz. Dynamic range is better then 80 dB and distortion is less then 190. Frequency Response is 80 Hz - 12 kHz @ 3 dB roll-off. Working distance is about 15 meters max (the eavesdropper has to be VERY close). Pre-Emphasis is 50 uS. Maximum RF power output is 30 mW, and the microphone cable itself is the antenna. It takes a standard MN1604 9V battery, and can run for about 6 hours on a typical battery (current draw is just under 21 mA). Size is roughly 105*63*23 mm, and weight is roughly 125 Grams You can find a picture of the little thing at : http://www.tscm.com/joesph-jp818h.jpg http://www.tscm.com/joesph-JP818.gif http://www.tscm.com/joseph-818b.gif Once again Raphael scores a clean, almost instantaneous match ( http://www.tscm.com/raphael.html ). -jma At 4:57 PM +0200 7/31/02, Tim Jackson wrote: >A client of mine recently found a working transmitter in his company >board room. I need to try and find its origin. > >It's a black plastic box about the size of a twenties pack of cigarettes >and operates off a single 9V battery (PP3 / 6F22 006P etc). > >The unit has an external microphone on a cord about two feet in length >which plugs into the transmitter using a standard 1/8" minijack. > >The only controls are an on/off switch, gain control pot and a "battery >low" LED. > >The box bears the following silk-screened label in gold ink: > > JOSEPH > JP-818H >MICROPHONE TRANSMITTER > >The unit transmits on 111.7MHz, immediately above the FM commercial >broadcast band. > >Examination of the circuitry and the plastic housing reveals that it's >probably a mass-produced unit intended to be a cheap wireless mic for >stage use. It isn't even crystal-controlled. > >The battery fitted to the unit is of particular interest to me as it is >not a type sold in this country (South Africa). > >The battery is black and green in the same sort of proportion as a >Duracell battery is black and copper. It is branded "ZHANLI". Any idea >where this is sold? > >Tim > > > >Tim Jackson >Micro Delta >+27 82 651 7272 >Johannesburg >South Africa > > > > >--- > > > > >[Non-text portions of this message have been removed] > > > > >======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: >http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. >=================================================== TSKS > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ -- ---------------------------------------------------------------------------- ---------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. ---------------------------------------------------------------------------- ---------------------- James M. Atkinson Ph: (978) 381-9111 Granite Island GroupFax: 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@tscm.com ---------------------------------------------------------------------------- ---------------------- Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. - Sun Tzu ---------------------------------------------------------------------------- ---------------------- [Non-text portions of this message have been removed] ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 5872 From: kondrak Date: Wed Jul 31, 2002 2:31pm Subject: Re: Can you help identify this room audio transmitter That battery came from Red China..don't know about the box however.. At 16:57 7/31/02 +0200, you wrote: >A client of mine recently found a working transmitter in his company >board room. I need to try and find its origin. > >It's a black plastic box about the size of a twenties pack of cigarettes >and operates off a single 9V battery (PP3 / 6F22 006P etc). > >The unit has an external microphone on a cord about two feet in length >which plugs into the transmitter using a standard 1/8" minijack. > >The only controls are an on/off switch, gain control pot and a "battery >low" LED. > >The box bears the following silk-screened label in gold ink: > > JOSEPH > JP-818H >MICROPHONE TRANSMITTER > >The unit transmits on 111.7MHz, immediately above the FM commercial >broadcast band. > >Examination of the circuitry and the plastic housing reveals that it's >probably a mass-produced unit intended to be a cheap wireless mic for >stage use. It isn't even crystal-controlled. > >The battery fitted to the unit is of particular interest to me as it is >not a type sold in this country (South Africa). > >The battery is black and green in the same sort of proportion as a >Duracell battery is black and copper. It is branded "ZHANLI". Any idea >where this is sold? > >Tim > > > >Tim Jackson >Micro Delta >+27 82 651 7272 >Johannesburg >South Africa > > > > >--- > > > > >[Non-text portions of this message have been removed] > > > > >======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. >=================================================== TSKS > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 5873 From: kondrak Date: Wed Jul 31, 2002 8:55pm Subject: Fw: Groaner > > >A couple lived near the ocean and used to walk the beach a >lot. One summer >they noticed a girl who was at the beach pretty much every >day. She wasn't >unusual, nor was the travel bag she carried, except for one >thing; she would >approach people who were sitting on the beach, glance around >furtively, then >speak to them. Generally the people would respond negatively >and she would >wander off, but occasionally someone would nod and there >would be a quick >exchange of money and something she carried in her bag. The >couple assumed >she was selling drugs, and debated calling the >cops, but since they didn't know for sure they just >continued to watch her. >After a couple of weeks the wife said, "Honey, have you ever >noticed that >she only goes up to people with boom boxes and other >electronic devices?" >He hadn't and said so. Then she said, "Tomorrow I want you >to get a towel >and our big radio and go lie out on the beach. Then we can >find out what >she's really doing." >Well, the plan went off without a hitch and the wife was >almost hopping up >and down with anticipation when she saw the girl talk to her >husband and >then leave. The man walked up the beach and met his wife at >the road. >"Well, is she selling drugs?" she asked excitedly. >"No, she's not," he said, enjoying this probably more than >he should have. >"Well, What is it, then? What does she do?" his wife fairly >shrieked. The >man grinned and said, "She's a battery salesperson." >"Batteries?" Cried the wife. >"Yes,"he replied... >"She sells C cells down by the sea shore!" 5874 From: Paolo Sfriso Date: Thu Aug 1, 2002 2:35am Subject: Need help in accessing data on old 8-inch floppy Dear Colleagues. A potential client has posed the following request: > I am looking for someone who can access and read data from an old 8-inch > floppy. > > The floppy apparently contains a program for which no historical hard-copy > records exist > and my company is eager to have the program downloaded and written to a > current media. > > I know very little about the contents of the disk or what hardware was > used (possible HP) to create it. > > Can you provide any suggestions on how I might go about downloading the > data in question? Can anybody be of assistance ? I have not been able to find a system of this type still working over here. Kind Regards. Paul Sfriso Director GRUPPO S.I.T. Security, Investigations & Technology Quarto d'Altino, Venice ITALY phone +39 0422 828517 fax +39 0422 823224 24hr GSM cellphone +39 335 5257308 www.grupposit.com paulsfriso@t... [Non-text portions of this message have been removed] 5875 From: Hawkspirit Date: Thu Aug 1, 2002 6:52am Subject: Ebay Bugs Ebay keeps me working!, Roger SPY BUG PHONE TRANSMITTER Item # 1370068133 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=1370068133 5876 From: D. Douglas Rehman Date: Thu Aug 1, 2002 8:04am Subject: RE: Need help in accessing data on old 8-inch floppy Try Computer Conversions in California; they can recover data from virtually any media. www.computerconversions.com Best Regards, Doug Rehman Rehman Technology Services, Inc. Specializing in Computer Forensics and Technology Related Investigations License A-9800119 Mount Dora, Florida (Orlando Area) (352)357-0500 http://www.surveil.com > -----Original Message----- > From: Paolo Sfriso [mailto:paulsfriso@t...] > Sent: Thursday, August 01, 2002 3:36 AM > To: tscm-l@yahoogroups.com > Subject: [TSCM-L] Need help in accessing data on old 8-inch floppy > > > > Dear Colleagues. > > A potential client has posed the following request: > > > I am looking for someone who can access and read data from an old > > 8-inch floppy. > > > > The floppy apparently contains a program for which no historical > > hard-copy records exist and my company is eager to have the program > > downloaded and written to a current media. > > > > I know very little about the contents of the disk or what > hardware was > > used (possible HP) to create it. > > > > Can you provide any suggestions on how I might go about downloading > > the data in question? > > Can anybody be of assistance ? I have not been able to find a > system of this type still working over here. > > Kind Regards. > > Paul Sfriso > Director > GRUPPO S.I.T. > Security, Investigations & Technology > Quarto d'Altino, Venice > ITALY > > phone +39 0422 828517 > fax +39 0422 823224 > 24hr GSM cellphone +39 335 5257308 > www.grupposit.com > paulsfriso@t... > > > > > [Non-text portions of this message have been removed] > > > ------------------------ Yahoo! Groups Sponsor > ---------------------~--> Access Your PC from Anywhere - Free > Trial http://us.click.yahoo.com/o5uw2C/0ncEAA/Ey.GAA/kgFolB/TM > -------------------------------------------------------------- > -------~-> > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire > speed, the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to > http://docs.yahoo.com/info/terms/ > > > 5877 From: James M. Atkinson Date: Thu Aug 1, 2002 7:52am Subject: Re: Ebay Bugs At 4:52 AM -0700 8/1/02, Hawkspirit wrote: >Ebay keeps me working!, Roger > >SPY BUG PHONE TRANSMITTER Item # 1370068133 >http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=1370068133 It's a very common "kit bug" which sells in qty for about $4.95, really easy to find. Just look for a drifty signal in or near the FM broadcast band, then notice the lack of sub-carriers. The circuit is L/C tuned, look for corrupted 200 kHz channel spacing as well. The transmit range is very limited, and concealment is difficult. VERY popular as a "throw down" or "insurance bug", so if you find one suspect the person who brought you in, or who may benefit from the bug being found. -jma -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 381-9111 Granite Island GroupFax: 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@tscm.com -------------------------------------------------------------------------------------------------- Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. - Sun Tzu -------------------------------------------------------------------------------------------------- 5878 From: D. Douglas Rehman Date: Thu Aug 1, 2002 8:11am Subject: RE: Need help in accessing data on old 8-inch floppy Oops... Wrong URL... www.computer-conversions.com > -----Original Message----- > From: D. Douglas Rehman [mailto:rehman@s...] > Sent: Thursday, August 01, 2002 9:04 AM > To: tscm-l@yahoogroups.com > Subject: RE: [TSCM-L] Need help in accessing data on old 8-inch floppy > > > Try Computer Conversions in California; they can recover data > from virtually any media. www.computerconversions.com > > > Best Regards, > > Doug Rehman > Rehman Technology Services, Inc. > Specializing in Computer Forensics and Technology Related > Investigations License A-9800119 Mount Dora, Florida (Orlando > Area) (352)357-0500 http://www.surveil.com > > > > -----Original Message----- > > From: Paolo Sfriso [mailto:paulsfriso@t...] > > Sent: Thursday, August 01, 2002 3:36 AM > > To: tscm-l@yahoogroups.com > > Subject: [TSCM-L] Need help in accessing data on old 8-inch floppy > > > > > > > > Dear Colleagues. > > > > A potential client has posed the following request: > > > > > I am looking for someone who can access and read data from an old > > > 8-inch floppy. > > > > > > The floppy apparently contains a program for which no historical > > > hard-copy records exist and my company is eager to have > the program > > > downloaded and written to a current media. > > > > > > I know very little about the contents of the disk or what > > hardware was > > > used (possible HP) to create it. > > > > > > Can you provide any suggestions on how I might go about > downloading > > > the data in question? > > > > Can anybody be of assistance ? I have not been able to find a > > system of this type still working over here. > > > > Kind Regards. > > > > Paul Sfriso > > Director > > GRUPPO S.I.T. > > Security, Investigations & Technology > > Quarto d'Altino, Venice > > ITALY > > > > phone +39 0422 828517 > > fax +39 0422 823224 > > 24hr GSM cellphone +39 335 5257308 > > www.grupposit.com > > paulsfriso@t... > > > > > > > > > > [Non-text portions of this message have been removed] > > > > > > ------------------------ Yahoo! Groups Sponsor > > ---------------------~--> Access Your PC from Anywhere - Free > > Trial http://us.click.yahoo.com/o5uw2C/0ncEAA/Ey.GAA/kgFolB/TM > > -------------------------------------------------------------- > > -------~-> > > > > ======================================================== > > TSCM-L Technical Security Mailing List > > "In a multitude of counselors there is strength" > > > > To subscribe to the TSCM-L mailing list visit: > > http://www.yahoogroups.com/community/TSCM-L > > > > It is by caffeine alone I set my mind in motion. > > It is by the juice of Star Bucks that thoughts acquire > > speed, the hands acquire shaking, the shaking is a warning. > > It is by caffeine alone I set my mind in motion. > > =================================================== TSKS > > > > Your use of Yahoo! Groups is subject to > > http://docs.yahoo.com/info/terms/ > > > > > > > > > ------------------------ Yahoo! Groups Sponsor > ---------------------~--> Access Your PC from Anywhere - Free > Trial http://us.click.yahoo.com/o5uw2C/0ncEAA/Ey.GAA/kgFolB/TM > -------------------------------------------------------------- > -------~-> > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire > speed, the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to > http://docs.yahoo.com/info/terms/ > > > 5879 From: A Grudko Date: Thu Aug 1, 2002 9:30am Subject: Re: Ebay Bugs ----- Original Message ----- From: James M. Atkinson > VERY popular as a "throw down" or "insurance bug", so if you find one > suspect the person who brought you in, or who may benefit from the > bug being found. Also a useful decoy. The buggist plants a more sophisticated device in the knowledge that many 'sweepers' will be too busy patting themselves on the back to look for a second, harder to detect device. "See Mr Client, you were right - you were bugged (Thinks - I'll send you an inflated bill tomorrow - snigger)" There was also a famous Jo'burg PI who made sure he got repeat business by making sure he 'found' something - 'til one day he missed the one way mirror that the client was watching from behind (it was a bank dealer room)....ohhh Andy Grudko (British) - D.P.M., Grad I.S, South Africa - PSIRA investigators Reg. No. 8642 Grudko Associates - www.grudko.com , andy@g... . Est. 1981. International business intelligence and investigations To contact us: (+27 12) 244 0255 - 244 0256 (Fax). ICQ : 146498943. Netmeeting : agrudko@h... IPA, SACI, WAD, CALI, SAMLF, UKPIN, AFIO (OS), IWWA, PRETrust When you need it done right - first time 5880 From: James M. Atkinson Date: Thu Aug 1, 2002 10:00am Subject: Re: Ebay Bugs I agree, but always assume there are three bugs, not just two. Also the "throw down bug" is a real problem in NYC and surrounding areas, and I know of cases where a major company was having a spyshop sweep firm come in every two weeks, and each time they found at least one bug, and sometimes 5-6. The victim had covert CCTV installed and they video taped the "sweepers" actually planting the devices to enure they had future business. The sweep firm was of course fired, and banned from all properties. -jma At 4:30 PM +0200 8/1/02, A Grudko wrote: >----- Original Message ----- >From: James M. Atkinson >> VERY popular as a "throw down" or "insurance bug", so if you find one >> suspect the person who brought you in, or who may benefit from the >> bug being found. > >Also a useful decoy. > >The buggist plants a more sophisticated device in the knowledge that many >'sweepers' will be too busy patting themselves on the back to look for a >second, harder to detect device. > >"See Mr Client, you were right - you were bugged (Thinks - I'll send you an >inflated bill tomorrow - snigger)" > >There was also a famous Jo'burg PI who made sure he got repeat business by >making sure he 'found' something - 'til one day he missed the one way mirror >that the client was watching from behind (it was a bank dealer room)....ohhh > >Andy Grudko (British) - D.P.M., Grad I.S, South Africa - PSIRA investigators >Reg. No. 8642 >Grudko Associates - www.grudko.com , andy@g... . Est. 1981. >International business intelligence and investigations >To contact us: (+27 12) 244 0255 - 244 0256 (Fax). ICQ : 146498943. >Netmeeting : agrudko@h... >IPA, SACI, WAD, CALI, SAMLF, UKPIN, AFIO (OS), IWWA, PRETrust >When you need it done right - first time -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 381-9111 Granite Island GroupFax: 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@tscm.com -------------------------------------------------------------------------------------------------- Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. - Sun Tzu -------------------------------------------------------------------------------------------------- 5881 From: iDEN-i100 Date: Thu Aug 1, 2002 0:38pm Subject: CE*COMM Announces New Communications Security and Surveillance Product http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/07-31-2002/0001774861&EDATE= -- [Non-text portions of this message have been removed] 5882 From: George Shaw Date: Thu Aug 1, 2002 11:45am Subject: RE: Need help in accessing data on old 8-inch floppy I think that a company still operating in England have such a device. I will check with the tech support people and let you know (another source may be the Universities as they usually have things they never throw out). Failing that it is possible but expensive to get the file read on a bit level and stored to hard disk but if the file(s) are binary then it wont run on any new software (OS) other than that it was written for. If it is data files text or numbers then it is easily worked with. If they don't know what operating system it was written for they may never be able to run it unless the source code is on the disk. Caution would have to be exercised as to the contents of the disk and the true right to view. George Shaw MI3GTO Mobile: +44 (0) 7740 361 163 Email: george.shaw@u... -----Original Message----- From: Paolo Sfriso [mailto:paulsfriso@t...] Sent: 01 August 2002 08:36 To: tscm-l@yahoogroups.com Subject: [TSCM-L] Need help in accessing data on old 8-inch floppy Dear Colleagues. A potential client has posed the following request: > I am looking for someone who can access and read data from an old 8-inch > floppy. > > The floppy apparently contains a program for which no historical hard-copy > records exist > and my company is eager to have the program downloaded and written to a > current media. > > I know very little about the contents of the disk or what hardware was > used (possible HP) to create it. > > Can you provide any suggestions on how I might go about downloading the > data in question? Can anybody be of assistance ? I have not been able to find a system of this type still working over here. Kind Regards. Paul Sfriso Director GRUPPO S.I.T. Security, Investigations & Technology Quarto d'Altino, Venice ITALY phone +39 0422 828517 fax +39 0422 823224 24hr GSM cellphone +39 335 5257308 www.grupposit.com paulsfriso@t... [Non-text portions of this message have been removed] ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS