Attorney Advertising

Articles Posted in Technology

by

puzzles-1439091-2-m.jpgAs we just talked about in our last article, in order for an insurance company to deny a first-party property claim in New York because of arson, and make that denial stand up in court, it has to prove that the insured intentionally caused the fire, and it has to do so by clear and convincing evidence. That is not always an easy burden of proof to meet. There reportedly is an exciting new tool being developed that might make proving arson, i.e., that a fire was intentionally set, easier and help arson investigators become even more effective in determining who caused the fire.

Researchers from the University of Alberta and the Royal Canadian Mounted Police, working in tandem, have developed a new computer program that can pinpoint the presence of gasoline in debris taken from a fire scene. What makes this so important is that gasoline, according to the researchers, is the most common accelerant found in arson fires; evidently preferred by arsonists everywhere. By making it easier to detect, and confirm, the presence of gasoline, you stand a good chance of making arson easier to prove and less profitable to attempt.

What makes the new tool so helpful, is that it often is difficult to confirm the presence of an accelerant in debris taken from a fire scene. No two houses, buildings, or fire scenes, are exactly alike; they contain different mixes of materials. Different materials leave behind different chemical compounds when burned, and these can mask the presence of an accelerant such as gasoline. The researchers, in effect, developed a computer filter that can by-pass the background noise to pinpoint the tell-tale signs of gasoline. They developed their tool by examining data from 232 samples taken from fires across Canada; by using real-life debris rather than merely relying on simulations, the researchers say their tool is dependably accurate.

Currently, determining whether there are traces of an accelerant left behind at a fire scene is time-consuming work. According to the researchers, the Royal Canadian Mounted Police have two separate forensic scientists examine each sample to see if their findings agree; this can take several hours for each sample, and there normally are three to four samples per fire. The newly developed computer program shrinks this time substantially. The first scientist still will have to analyze the debris herself, but will be able to confirm her findings in seconds, rather than hours, by using the computer program. A second forensic scientist will not have to analyze the debris unless the computer program’s findings disagree with those of the first scientist.
Continue reading

by

butterfly-1427284-m.jpgMost people by now have heard of the Heartbleed bug. It’s the programming flaw in one of the most common encryption methods on the internet: OpenSSL. It makes what should be secure websites, and the personal information they contain, vulnerable to hackers. It is more important, though, than just another internet threat. Every business should consider whether it can be liable for depending on the vulnerable encryption software in the first place. This is especially important in light of the Federal Trade Commission’s efforts to ensure that businesses take reasonable precautions to protect their customers’ digital data.

The same day the Heartbleed bug was announced, April 7, 2014, Federal District Court Judge Esther Salas, upheld the Federal Trade Commission’s right to police corporate cybersecurity practices. As we previously mentioned, the court denied Wyndham Worldwide Corp.’s motion to dismiss a suit the FTC brought against it which arose out of three separate alleged hacking incidents that occurred over a two year period.

According to a story by Matt Egan published on April 8, 2014 in Fox Business.com, the FTC sued Wyndham Worldwide Corp. and three subsidiaries, alleging that Wyndham, unreasonably and unnecessarily, exposed consumers’ personal data to unauthorized access and theft that resulted in hundreds of thousands of customers having their payment card account information exported to a domain registered in Russia and a fraud loss of more than $10 million. The suit reportedly alleged that, among other things, Wyndham:

  • Failed to use readily available security measures like firewalls;
  • Allowed software to be configured inappropriately;
  • Failed to ensure hotels implemented adequate information security policies;
  • Failed to remedy known security vulnerabilities.

[Emphasis supplied]

What makes the ruling especially relevant to the Heartbleed bug is the way that the encryption software the bug affects is developed and maintained.
Continue reading

by

illustration-card-1441198-m.jpgJust in case anyone thinks that cybersecurity is nothing more than an esoteric exercise for computer geeks and technicians, of no importance to the average person or business, the Heartbleed bug has come along to show us all how wrong that is. It was only just discovered two weeks ago and its impact was felt around the world almost immediately.

According to an article in the April 9, 2014 Daily Mail, the Heartbleed bug bypasses the normal safety features of websites. It can affect many of those sites that you might have noticed, which begin with an “https://” in front of their internet address, and which often appear with the symbol of a lock, both of which are supposed to mean they are safe. The bug, though, makes them vulnerable. It reportedly could affect more than 500,000 websites
The bug reportedly allows hackers to bypass normal encryption safety measures to get at encrypted information, including the most profitable types such as credit card numbers, user names, and passwords. The unauthorized user can even obtain the digital keys to impersonate other servers or users and eavesdrop on communications.

It’s not considered malicious software or malware because it is more of programing flaw; but that really is not important. What is important is that the flaw, and the vulnerability, went undetected for more than two years until it recently was discovered, independently, by researchers at Google and the Finnish company Codenomicon. A fix is possible, and reportedly fairly easily applied. The problem seems to be that the fix has to be manually applied by the people who run each individual site. That, unfortunately, will take time.
Continue reading

by

classified-1432995-m.jpgThere are a few recent developments in the field of cybersecurity that businesses, individuals, and fraud investigators alike should take note of. One is a recent case which, if followed, could expand a business’ liability for security breaches and the others are new tools businesses possibly could use to protect against that same liability.

Digital information, including how to protect it and prevent fraud, is always a fascinating topic. New advances in digital security go hand in hand with ingenuous ways to steal digital information. It is fun to follow, in the same way it is fun to watch Wile E. Coyote chase the Roadrunner: the chase never really ends, they always come back for more, and they use bigger and better gadgets every time.

Cybersecurity, though, is more than just a fun-read. It has real-world implications. According to a report published in the Wall Street Journal, Federal District Court Judge Esther Salas, on Monday, April 7, 2014, upheld the Federal Trade Commission’s right to police corporate cybersecurity practices to ensure businesses take reasonable precautions to safeguard their customers’ data. The FTC reportedly sued Wyndham Worldwide Corp. and three subsidiaries, in 2012, after hackers broke into the company’s corporate computer system and the systems at several individual hotels, between 2008 and early 2010, and allegedly stole credit and debit card information from hundreds of thousands of customers. The FTC alleged that Wyndham did not take reasonable measures to protect its customers’ information from theft. It cited what it alleged were wrongly configured software, weak passwords and insecure computer servers. Wyndham argued that the FTC did not have the statutory authority to police corporate cybersecurity. The FTC argued that its authority came from its 100 year old statutory power to protect consumers from businesses that engage in unfair or deceptive trade practices. There was no finding of liability, but the court reportedly upheld the FTC’s right to bring the suit. The lawsuit reportedly seeks to have the court order Wyndham to improve its security measures and fix whatever harm its customers suffered.

With the possibility of federal enforcement of what amounts to a “reasonable-precautions” cybersecurity standard, businesses, not just fraud investigators, should pay attention to the potential tools at their disposal to protect their clients’ information.

The technological advances in keeping things secret are ingenuous. Much like the mythical jackalope, or my favorite, the basselope, they use things that do not seem to have anything to do with each other, to come up with something better: A more effective lock and key to turn away prying eyes from private information they should not see.
Continue reading

by

cosmos-lighting-1-1024026-m.jpgInsurance fraud, how it’s committed and how it’s solved, always is an interesting topic. It’s like a crime drama. Whether it’s Castle, The Mentalist, or NCIS, you get to see the end result and then figure out how it happened; and you inevitably learn about a couple of mistakes that help it along and a few more that eventually bring it to an end. Real-life examples are not always as compelling as highly-rated TV shows but they do illustrate the problem and show what investigators should, and should not, do to bring it to an end. The ones we will be talking about in this post are Rental Car Fraud, a smart-phone app, and, once again, the Target Data Breach. They have a lot more in common than you might think.

Rental Car Fraud, a subset of the ever-popular Auto Fraud, is growing at an alarming rate, according to an article in the March 12, 2014 edition of the Claims Journal by Denise Johnson. The concept is simple: rent a series of cars; use them to commit crimes and then dump, and maybe even burn, them when you’re done; and conceal your identity by using fake or stolen ID. The cars are hard to trace and the connections between them even more difficult to figure out. According to Kraig Palmer, an investigator with the California Highway Patrol who recently spoke at the Combined Claims Conference in Orange County, Calif., stolen ID’s are not hard to come by and can be relatively cheap at about $50 each. The fraud is not easy to solve. According to the article, Palmer said he worked on one case that involved 103 vehicles, which resulted in 72 arrests. Another involved 3 main suspects who rented 42 cars from 2 different rental agencies. One of the suspects was a preferred customer, which evidently made it easier for him to rent the cars and harder for the companies to trace him. Those incentive programs reportedly often allow a customer to register on-line without even having to set foot in the rental agency.

There are certain things a claims adjuster or SIU rep should look for when faced with an auto claim for property damage or bodily injury that involves a rental car. Kraig Palmer, according to the Claims Journal story, suggested they look for unusual patterns, such as whether one person rented more than one vehicle involved in the occurrence. Howard J. Hirsch added a few more, which appeared in the January/February 2011 edition of Auto Rental News; though he referred the tips to auto rental counter agents, fraud investigators might be able to use them as well:

  • The customer owned a vehicle, but it is not being serviced or repaired [at the time he rents the car].
  • The customer inquires about extra insurance before it is offered.
  • The customer is a walk-in and does not own a vehicle.
  • The customer has a local address and an out of state license.
  • The customer only requests a one-day rental.
  • The customer pays in cash.
  • The customer pays for the rental with someone else’s credit card.
  • The customer presents a foreign driver’s license with no passport.

Continue reading

by

question-1-1339413-m.jpgThere have been a few interesting recent news stories concerning the benefits and dangers of Big Data, for businesses and individuals alike. One even points out a possible middle ground, which can allow the continued use of the vast amounts of data at the disposal of government and businesses, while protecting individual privacy.

The benefits of Big Data are not as well-known as they should be. A recent study by Sean Young, assistant professor of family medicine at the David Geffen School of Medicine at UCLA and co-director of the Center for Digital Behavior at UCLA, showed one way that Big Data could be used to promote and protect public health. The researchers collected approximately 550 million Tweets; developed an algorithm, or set of instructions, that searched for words suggesting risky behavior or drug use; and located those words among the Tweets. Though they only identified just less than 10,000 such Tweets, they were able to match those Tweets with geographic areas with unusually high incidences of HIV cases. The researchers propose using real-time analysis of social media data to understand and maybe even predict where HIV and drug use will occur. That information could be used for disease detection and prevention.

The downside to collecting vast amounts of data about large numbers of people is that it is hard control who has access to it and how it is used. According to the British newspaper The Guardian, a management consulting firm recently uploaded the British National Health Service’s Hospital Episode Statistics to Google servers in order to work with the information to answer specific questions and even create interactive maps involving specific queries. It was a large amount of data; it took two weeks to upload and consisted of 27 DVD’s of information. The problem, reportedly, was that the data contained personal information including information about patient locations, since it was used to create maps, and the Google servers were outside Britain, evidently making its dissemination harder to control. This has increased criticism of another NHS plan, the care.data scheme, which will link general physician and hospital records, including a patient’s date of birth, NHS number, zip code, ethnicity and gender, and allow that information to be used by researchers, drug companies, and insurers. The problem, reportedly, is how to safeguard that data, which will be partially, but not totally, scrubbed of personal information.
Continue reading

by

snow.IMG_00000242 (3) - Copy.jpgAdvances in business technology are becoming routine, even in the most unexpected places. Each new advance comes with both risks and rewards. One of the more recent, the mobile payment app, accessed through a customer’s mobile phone, points out how the good and the bad often go hand in hand: big data, marketing, privacy, cybersecurity, biometrics, and liability all wrapped up into one. How to benefit from this technology, without being caught in its snares, is a lesson every business should learn.

We previously talked about the costs involved when digital information is stolen from a business. At approximately $188 per stolen record in the United States, the costs quickly add up, even for small and medium size businesses. At that price, think of how hard it would be for a parts supplier, a small manufacturer, or a retail store to cover the loss of a few thousand, or even a few hundred, customers’ payment records.

Customers like the mobile payment apps; they make the buying experience seamlessly simply. Their ease of use lets the customer pay for a purchase without much more than punching up the app and turning the smartphone towards the store’s scanner; all without the sting of paying with cash or the necessity of pulling out a credit card. Instead, the credit card information is tied to the app. That, however, is where the trouble begins.

Mobile payment apps offer even more advantages for businesses. Many, including Henry Helgeson, CEO of payment systems software provider Merchant Warehouse, in a June 18, 2013 article in Forbes, have touted the possibilities. If done properly, and widely, mobile payment apps can harness the big data capabilities of smartphones to help businesses:
Continue reading

by

IMG_00000183.jpg Almost every New York Business uses digital information daily and therefore runs the risk of having it stolen. The potential costs involved are significant and the risks are real. How to protect against the dangers, consequences, and liability arising from data breaches, while still taking advantage of the benefits of using digital information, is a challenge every business, large and small, must become aware of and learn how to meet. In this post we’ll take a look at the dangers involved, and in subsequent posts we’ll examine the available remedies.

The most prominent data breach in the news recently, as we’ve discussed, is the one at Target stores. It alone involved the theft of credit and debit card information of more than 40 million people, or more than 1/8 of the total population of the United States. The potential costs, and liability, involved are huge: according to a report by Ponemon Institute, released in May, 2013, the average cost of a breach per stolen record, globally, was $136; in the United States it was even higher, $188. Multiplied by 40 million records compromised in the Target breach, the costs could run into the billions of dollars.
Continue reading

by

SBUH.jpg Digital information can be both a blessing and a curse for modern day businesses. It’s seemingly everywhere because, it seems, people leave it everywhere, even unsuspectingly. Even a little can tell you a lot, if you know where to look. Apparently innocuous information, like where you are at any given moment, can tell more about you, and be more valuable, than you might think. A recent story in the Wall Street Journal drives this point home.

We’ve written a lot recently about the wealth of information available in the modern-day digital age: how it can be used to investigate insurance fraud; how it can help criminals steal; or even how it can be their target. What’s becoming ever more clear, however, is the tremendous impact this information can and will have on businesses and commerce as a whole.

The Wall Street Journal story deals with turning location into dollar signs. Published on Tuesday January 14, 2013, it focuses on how companies get a huge amount of specific, detailed, though anonymous, information about customers, just by knowing where they are and where they’ve been, each and every day. They use this information in targeted marketing campaigns to increase their profits. The kicker is that they get this information, about their customers’ travels, habits, and interests, all simply by tracking their customers location, and most people probably don’t even realize they’re doing it.
Continue reading

by

Marsh.12.28.13.jpgThere’s an awful lot of data out there in the great big digital universe, and, as everyone should know by now, it can create a record of people’s activities that they may not always fully appreciate. We’ve previously written about how metadata, when used the right way, can help investigate insurance fraud. As recent news stories point out, however, when used the wrong way by the wrong people, it can be used to steal and defraud innocent people and companies.

Everyone, every time they go online, leaves a digital footprint. Whether it’s social media, where you just have to post your latest thought for all to see; e-commerce, where you browse, select and pay for everything on-line; or even shopping at the local brick and mortar store where you pay by credit card, there’s a record created and information left behind. Cyber-security, which is just another name for at least trying to keep that digital information safe, was much in the news this Christmas Season. Unfortunately, for shoppers, retailers and broadcasters, alike, cyber-security often seems to be more of a goal than a reality.

By now, the security breach at Target stores may seem like old news, but it’s not. On Friday, January 10, 2014, Target said that 70 million people had their names, addresses, and telephone numbers taken by cyber-thieves. This is in addition to the 40 million people who had their credit and debit card information, including Personal Identification Numbers, or PIN’s, hacked from Target’s servers. Thankfully, a lot of the information, including the PIN’s, evidently was encrypted, which at least means it has to be cracked open before a thief can get at it. Whether that will be enough to protect the stolen information is something only time will tell. Unfortunately, even the loss of seemingly benign personal information, like your address, email address, and telephone number, can make you more susceptible to identity theft.

Neiman Marcus, just this past Saturday, January 11, 2014, announced that it, too, had been a victim of a cyber-security attack, in which thieves stole some of its customers’ credit card information and made unauthorized purchases during the holiday season.

On December 25, 2013, the BBC was hacked. Just so you don’t think that retail customers are the only targets, or that retail sales are the only source of ill-gotten gains, communications companies, even staid government-run ones like the British Broadcasting Corporation, are vulnerable. The story broke because someone saw the thief trying to sell access to the BBC servers, online. That would be kind of like coming home from work and not realizing your house was broken into until you see a commercial trying to sell your heirloom jewelry on TV.

The supposed thief, according the BBC story, is a notorious Russian hacker known by the names “”HASH” and “Rev0lver”. From the sound of it, it’s not the first time he’s done this, and it won’t be the last time he’ll try. He attempted to sell access on underground, which is another word for clandestine, marketplaces on the web. It was first noticed by the Milwaukee based cyber-security firm Hold Security LLC, which reportedly makes a practice of monitoring such sites to locate people who try to deal in stolen information like this. HASH tried to convince buyers he had something worthwhile by showing them files which only someone with access to the servers would be able to get at.

Now you might think to yourself, what’s the big deal about the BBC? After all, it’s just information. It’s not like anyone stole money directly out of your pocket.
Continue reading