We have met the enemy and it is public records.

At least according to Betty "BJ" Ostergren, that is. Betty, described in The Washington Post as "a feisty 56-year old" based near Richmond, is seeking to shame public figures into addressing what she sees as the all-too-ready access to public records enabled by commercial database, internet and document imaging technologies.

Encapsulating her fears in one favorite example, Betty lays it all out for Post's resident identity-theft reporter, Jonathan Krim:

"Don't you think if I can get Tom DeLay's Social Security number ... that some guy in an Internet cafe in Pakistan can, too?" she asks, her voice rising with indignation. "It's just ridiculous what we're doing in this country."

Utilizing such arguments, Betty, under the banner of The Virginia Watchdog is attempting to organize activists to beat back the tide of easy access to public records, particularly on the local level:

A wealth of documents -- including marriage and divorce records, property deeds, and military discharge papers -- containing Social Security numbers, dates of birth and other sensitive information is accessible from any computer anywhere. Many of the online records are images of original documents, which also display people's signatures.

Ostergren began organizing citizens and harassing officials on the issue in 2002, when a title examiner called to warn her that her county was about to put a slew of documents online, including pages with her signature.

A longtime activist in local politics, Ostergren swung into action, bringing enough pressure on Hanover County officials that they halted their plans. Then she broadened her attack, targeting other counties in Virginia and elsewhere.

Betty expounds a bit further (with copious use of exclamation) on her website:

No one has to fake an identity to get into ChoicePoint, no one has to break the law/hack into any website, no one has to dumpster dive, and no one has to dig into the neighbor's trash anymore to get SSNs. No, all it takes to find SSNs is getting into a Clerk's/Recorder's/Register of Deeds' website and ANYONE can since they are public records!

The Clerks etc. are spoon feeding criminals by putting these records online - the same records they took an oath to protect!!! Every Clerk/Recorder should pull the plug on this ONLINE RECORDS mess and get them offline! It will take the legislature (thru pressure from the citizens) to make them do it though. Tell your state legislators that if someone wants to see your records, make them take off from work and drive to the courthouse!

This, unfortunately, is the histrionic end of identity theft anxiety, fostered by content-starved local news and fueled good old fashioned black-helicopters-over-Kansas American paranoia. As a nation we are really, really good at frothing up over this kind of thing, but never did The Daily Caveat think to see the day when ready access to essential public records verges on initiating a moral panic.

While TDC disagrees with Betty's approach (and her rampant abuse of exclamation points), there is a vaild point in the potential need to redact sensitive data from internet versions of certain public records. However, perhaps rather than attempting to curtail access to public records, the ready availability of which has immense social benefits (Frankly, The Daily Caveat feels that Senator Delay is might bit shifty and bears a close eye.) one could consider addressing the other factors that actually serve to make access of these details potentially threatening to the average person.

Easy Access to Credit - I am looking at YOU...

The full Washington Post piece can be found here.

And to join The Movement, click here.

-- MDT

Labels: database, identity theft

FBR's troubles have been looming for some time. Not so long ago it seemed that a settlement with regulators was in the offing. Now it seems a fresh round of wells notices have gone out advising several central company figures that fresh charges may be on the horison.

Via the Washington Post:

Regulators May Sue FBR FiguresBy Terence O'Hara

Thursday, May 26, 2005

Securities regulators have told Emanuel J. Friedman and two other former executives of Friedman, Billings, Ramsey Group Inc. that the agencies are considering civil litigation against them for FBR's alleged improper trading in a client company's stock.

According to documents FBR filed yesterday, the Securities and Exchange Commission and NASD gave Wells notices to Friedman, former compliance chief Nicholas J. Nichols and former equity trading head Scott E. Dreyer.

A Wells notice reveals the results of an investigation and provides the target of the investigation an opportunity to argue why a civil suit should not be filed. Such a notice is an indication that the enforcement staff of the SEC or NASD has decided that a lawsuit is justified.

Spokesmen for NASD and the SEC said the agencies had no comment. NASD is the main self-regulatory body of the securities industry.

The investigations stem from an FBR-managed private sale of stock in 2001 for CompuDyne Corp., a Maryland security-products company. One investor in the stock placement, former New York hedge fund manager Hilary Shane, has been fined $1.45 million for improperly trading in CompuDyne stock before the private sale.

FBR has been under investigation since late last year, and last month offered $7.5 million to settle charges that it improperly traded CompuDyne stock. Friedman, Dreyer and Nichols resigned last month when the investigation in the CompuDyne deal targeted them personally.

Neither Dreyer nor lawyers for Nichols and Friedman returned phone calls requesting comment.

"The firm's broker-dealer subsidiary is awaiting consideration of an offer of settlement made to the staffs of the SEC and NASD," FBR spokesman Bill Dixon said in a written statement. "Mr. Friedman is no longer with the firm and is dealing with the regulators as an individual. Mr. Nichols and Mr. Dreyer are no longer with the firm, and are dealing with the regulators as individuals. Because these are pending matters, we are not able to comment further at this time."

Yesterday's filings, procedural papers that stock brokerages must provide NASD and state securities regulators whenever one of their brokers leaves a firm, indicate that the SEC and NASD have accused the men of violating securities laws. "The activities being investigated include trading done in [CompuDyne's] stock on behalf of FBR (in a firm account) during the offering process," the filings said.

As manager of CompuDyne's private offering, FBR was in possession of material, nonpublic information about the company and the pricing of the pending stock sale, and so was barred from making any trades in the company's stock based on that information, according to sources familiar with the case who declined to comment because negotiations with the three men are ongoing. Yesterday's filing indicates that trading was done in an FBR account, with the firm's own capital, in addition to any possible trades that took place in FBR client accounts.

The filings also say the investigations are focusing on FBR's so-called Chinese wall procedures, rules designed to keep investment banking client information from reaching stock traders and brokerage clients of the investment bank.

As former co-chief executive, Friedman was involved in both the stock trading activities and investment banking activities of FBR, and Dreyer would have approved any trades in CompuDyne stock. Nichols was responsible for making sure the firm complied with Chinese wall rules.

Annapolis-based CompuDyne has sued Shane for her improper trading before the 2001 stock sale, and the company has said it is considering other legal options.

Private stock placements in public companies, such as the 2001 deal, often cause stock prices to fall. To profit from that expectation, Shane "shorted" CompuDyne stock in the weeks before the offering, a type of trade in which investors replace high-price borrowed stock with lower-price purchased stock, and keep the difference in price.

The original article appears here.

-- MDT

While most of the scams that we encounter via the internet are new versions of old tricks, for fraudsters, the internet has added incredible economies of scale to their tried and true tactics.
While law enforcement is certainly attempting to contain this web-endabled explosion of low-level financial crimes, there are several home-grown groups that exist and operate in what could generously be called beyond the standard regulatory regime who have made it their business to frustrate would-be phishers, 419 scammers and other such internet con artists.

Take for example this recent story, via Yahoo UK about hacker-types using their skills to deface phony bank websites employed by internet scammers:

Vigilante hackers use Old West tactics for cyberspace justice

Wednesday May 25, 06:53 PM

WASHINGTON (AFP) - Angered by the growing number of Internet scams, online "vigilantes" have started to take justice into their own hands by hacking into suspected fraud sites and defacing them. These hackers have targeted fake websites set up to resemble the sites of banks or financial institutions in recent weeks, and have inserted new pages or messages. Some say "Warning - This was a Scam Site," or "This Bank Was Fraudulent and Is Now Removed." The efforts by the self-proclaimed "hero hackers" come amid a surge in online schemes known as "phishing" in which victims are lured to fake websites to get passwords or other personal data...

..."While phishing is undoubtedly an illegal activity, the legality of defacing phishing sites is also quite questionable, but in cases observed by Netcraft so far it is reasonable to assume that only the fraudsters themselves have been disadvantaged," the security firm said. Some of the hackers are boastful. "We only deface fake banks. Nothing else. Our targets are illegals and hosts that don't take down illegal sites," said a message posted on the website SecurityFocus by the purported "white-hat" British hacker group called The Lad Wrecking Crew....

... Peter Cassidy, secretary general of Anti-Phishing Working Group, an industry alliance, acknowledged there was a "gap" in law enforcement action against the schemes, but that hacking was not the solution. "This is similar to what we've experienced before in the Old West," Cassidy said. But hackers defacing websites "could leave the brand holder open to further retaliation," including efforts to hack into the real website of the bank or company...

The full article can be found here.

Another group, Artists Against 419 offers a novel way to combat scammers who use phoney bank websites to perpetrate their crimes. AA419's website is designed to steal bandwidth from phoney bank sites (which are themselves, in the interest of scammer versimilitude, illegally displaying images that contain the names and logos of legitimate institutions).

Most web hosting companies set a daily limit on the quantity of data that can be exchanged via a hosting account. By hot-linking images from the phony sites so that every time a web surfer views the AA419 site it draws against the scammer-sites' daily bandwidth limit. When that limit is exceeded the phoney site is pulled off the web for the day or until their bandwidth limit is reset, usually presenting potential visitor-victims with an error message that looks something like this:

Bandwidth Limit Exceeded

The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later.

Apache/1.3.27 Server at Port 80

AA419's philosphy is that any downtime they can force upon scammer sites is time that people aren't bing victimized. AA419 also maintains a fascinating fake bank link database, in case you are curious about how folks can be taken in by these sites, some of which look pretty convincing, others less so.

Another group has taken a less technological and more personal approach to fighting back against internet fraud, choosing to make a hobby of actually scamming the scammers, or scambaiting as they call it. 419eater.com is one such group mainained by a cadre of crack anti-phishers who actively engage with scammers attempting, essentially, to waste the con-artists time and thereby prevent scammers from vitimizing others.

"419" is the Nigerian legal code for an advance fee fraud scam which by now every man, woman and child with an email address has encounted in a form somewhat resembling this:

The most prevalent and successful cases of Advance Fee Fraud is the fund transfer scam. In this scheme, a company or individual will typically receive an unsolicited letter by mail from a Nigerian claiming to be a senior civil servant. In the letter, the Nigerian will inform the recipient that he is seeking a reputable foreign company or individual into whose account he can deposit funds ranging from $10-$60 million that the Nigerian government overpaid on some procurement contract...

...The sender declares that he is a senior civil servant in one of the Nigerian Ministries, usually the Nigerian National Petroleum Corporation (NNPC). The letters refer to investigations of previous contracts awarded by prior regimes alleging that many contracts were over invoiced. Rather than return the money to the government, they desire to transfer the money to a foreign account. The sums to be transferred average between $10,000,000 to $60,000,000 and the recipient is usually offered a commission up to 30 percent for assisting in the transfer....

...The goal of the criminal is to delude the target into thinking that he is being drawn into a very lucrative, albeit questionable, arrangement. The intended victim must be reassured and confident of the potential success of the deal. He will become the primary supporter of the scheme and willingly contribute a large amount of money when the deal is threatened. The term "when" is used because the con-within-the-con is the scheme will be threatened in order to persuade the victim to provide a large sum of money to save the venture.

In response to such requests and being led by their intrepid leader, Shiver Metimbers, the 419Eater crew has vexed international scammers with all manner counter-scams. They approach their work with an unmatched verve and an equally unmatched perverse sense of humor (for all TDC readers of the Lindsay Lohan demographic, please ask a parent or guardian's permission before visiting the site).

While not advocating or approving anti-fraud tactics that stray beyond the bounds of international law, The Daily Caveat can recommend that you check out 419Eater's F.A.Q., Letter Archive and Audio Files, all detailing real correspondence between 419's intrepid scambaiting crew and various international fraudsters. Particularly recommended for review are The Tale of the Painted Breast letter exchange and the Martins David / Shiver Metimbers audio exchange (in which Timbers engages in a telephone conversation with a scammer using only Arnold Schwarzenegger sound files).

For more on the subjects of phishing and internet facilliated financial crimes, check out the Anti-Phishing Working Group, the Secret Service's financial crimes page and Nigeria's Economic and Financial Crimes Commission.

Viva la resistance.

-- MDT

Labels: database

Following is a chronology of recent data breaches courtesy BeSpacific.com and cataloged by the Privacy Rights Clearinghouse. One positive thing, at least for our industry, is that this list manages to put the recent thefts from data brokers such as Lexis Nexis or Choicepoint in the greater context of what is apparently the leaky sieve model of privacy found in corporate America and academia.

Last week the wonderfully named Orson Swindle, a commissioner at the Federal Trade Commission since 1997 provided his impromptu thoughts on the situation at a recent cyber-crime conference:

"Everybody's screaming, all the political figures up on Capitol Hill, about identity theft," he said. "It's not identity theft, it's the theft of information... While politicians raise hell about identity theft, what we're really talking about is the failure to protect valuable currency.... Corporate boards better start paying attention, because they haven't been."

Also, according to Swindle, the pattern of corporate data breaches "Indicates to me the industry has, to a great extent, been irresponsible, and somebody has got to pay." He suggested the first people to pay might be corporate lawyers. The lax data protection, according to Swindle, is being driven in part by those general counsels who sit around and say, "be careful about what you promise in privacy and information security because you might get sued for it."

DATE	NAME	TYPE OF BREACH	NUMBER
Feb. 15, 2005	ChoicePoint	ID thieves accessed	145,000
Feb. 25 , 2005	Bank of America	Lost backup tape	1,200,000
Feb. 25, 2005	PayMaxx	Exposed online	25,000
March 8, 2005	DSW/Retail Ventures	Hacking	100,000
March 10, 2005	LexisNexis	Passwords compromised	32,000
March 11, 2005	Univ. of CA, Berkeley	Stolen laptop	98,400
March 11, 2005	Boston College	Hacking	120,000
March 12, 2005	NV Dept. of Motor Vehicle	Stolen computer	8,900
March 20, 2005	Northwestern Univ.	Hacking	21,000
March 20, 2005	Univ. of NV., Las Vegas	Hacking	5,000
March 22, 2005	Calif. State Univ., Chico	Hacking	59,000
March 23, 2005	Univ. of CA, San Francisco	Hacking	7,000
April 8, 2005	San Jose Med. Group	Stolen computer	185,000
April 11, 2005	Tufts University	Hacking	106,000
April 12, 2005	LexisNexis	Passwords compromised	Additional 280,000
April 14, 2005	Polo Ralph Lauren/HSBC	Hacking	180,000
April 14, 2005	Calif. FasTrack	Dishonest Insider	4,500
April 18, 2005	DSW/ Retail Ventures	Hacking	Additional 1,300,000
April 20, 2005	Ameritrade	Lost backup tape	200,000
April 21, 2005	Carnegie Mellon Univ.	Hacking	19,000
April 26, 2005	Mich. State Univ's Wharton Center	Hacking	40,000
April 26, 2005	Christus St. Joseph's Hospital	Stolen computer	19,000
April 28, 2005	Georgia Southern Univ.	Hacking	"tens of thousands"
April 28, 2005	Wachovia, Bank of America, PNC Financial Services Group and Commerce Bancorp	Dishonest insiders	680,000
April 29, 2005	Oklahoma State Univ.	Missing laptop	20,000
May 2, 2005	Time Warner	Lost backup tapes	600,000
May 4, 2005	CO. Health Dept.	Stolen laptop	1,600 (families)
May 16, 2005	Westborough Bank	Dishonest insider	750
May 18, 2005	Jackson Comm. College, Michigan	Hacker	8,000
May 20, 2005	Purdue Univ.	Hacker	11,000
TOTAL			5,476,150

Yikes. Bad times. Read the rest of the Swindle article here and for more on pending legislation relating to personal data theft, try privacyrights.org.

-- MDT

Labels: data breech, identity theft

At last count, nine had been arrested and the accounts of 670,000 customers of Bank of America and Wachovia had potentially been compromised. With somewhere around 100,000 customer notification letters sent out (been watching my mailbox closely), investigators in the Garden State are promising additional arrrests.

Via Reuters and iWon.com:

More arrests coming in US bank theft ring

Monday May 23, 11:41 AM EDT

By Jonathan Stempel

NEW YORK (Reuters) - At least two more bank employees will probably be arrested in the coming weeks over a scheme to steal data about customers at four major U.S. banks, a New Jersey police detective said on Monday.

Police in Hackensack, New Jersey, last month had charged nine people, including seven former bank employees, over the possible compromising of hundreds of thousands of accounts at Bank of America Corp., Wachovia Corp., PNC Financial Services Group Inc. and Commerce Bancorp Inc.

At least 60,000 Bank of America and 48,000 Wachovia customers were notified that their accounts might be at risk, spokeswomen for the banks said. More bank customers may also have been affected.

"Sifting through the massive amount of computer information is an arduous task," said Hackensack Detective Capt. Frank Lomia in an interview. "We believe there were at least 200,000 to 300,000 breaches, based on financial records we have seen on DRL's computers, and the number could be higher."

The police called the scheme an attempt to steal customer account data and sell the information to collection agencies. There is no sign the breached account data was used to open accounts or obtain loans, a practice known as identity theft.

The alleged leader was Orazio Lembo, who advertised his DRL Associates as a firm that could supply bank account, balance and employment information to debt collectors, police said. More than 40 collection agencies and law firms bought the data, which DRL obtained from bank employees, police said.

Lomia said police largely finished the first phase of the investigation, which involved shutting Lembo's operations and informing banks of the problem. The second phase involves examining firms that bought the data, according to Lomia. He said Bergen County prosecutors and federal authorities are involved in the matter.

"We expect at least two more banking people to be arrested," Lomia said.

More here.

-- MDT

Labels: identity theft

Many thanks to excellent Inter-Alia.net blog who ran accross this equally excellent set of links at Justia, a Legal Search Engine Optimization Blog. Justia seems to be a great resource and I am definitely going to add it to my daily reading. You should too.

The following choice links are drawn from a much longer and more comprehensive series of competitive intelligence-related posts at Justia over the last few days. All feature free access to interesting data. Many of these links you will no doubt be familiar with but there were certainly a few that were new to me (accompanying commentary originates from Justia):

Yahoo! - Industry Center. For background research, Yahoo covers industry news, statistics and profiles, as well as top performing companies within the industry. Yahoo also provides an earnings calendar to track upcoming events.

bizjournals.com - Industries & Communities. bizjournals.com aggregates news articles by industry from different local business journals. They even offer a My Industries custom page where they will display news headlines from industries you have selected.

BNET - White Papers RSS Feeds by Job Function and Industry. BNET offers white papers that span a broad range of job functions and industries. This is another great resource that you can feed into My Yahoo. You have to register in order to read the white papers though.

Moreover Technologies - Free RSS News Feeds Listing. Moreover offers news feeds by industry.

bizjournals.com - RSS Feeds. bizjournals.com also offers RSS feeds of local news and industry news.

Onecle- Sample Contracts and Business Forms. Onecle has compiled a database of material contracts extracted from SEC filings. This collection is both searchable and browsable, and includes employment agreements, services agreements, license agreements, manufacturing agreements, severance agreements and more. This is the insider source for corporate contracts and other actionable intelligence.

PwC - EdgarScan PricewaterhouseCoopers offers a different twist on SEC filings. Their focus is on financial data, which they've extracted and may be displayed as an MS Excel spreadsheet or as a chart.

SEC Info. SEC Info offer yet another spin on SEC filings. This site includes both SEC EDGAR and CSA SEDAR securities filings, and also includes SEC-deleted filings. Why would a company request that the SEC delete a filing? Because there was either an error in the filing or the company inadvertently disclosed something that it now wishes to redact. So, even when the SEC deleted a copy of a filing from its own site, you may be able to find an archival copy on SEC Info.

bizjournals.com - Legal Services Features news about the legal services industry from local business journals.

LexisNexis Mealey Publications - Legal News via RSS. LexisNexis offers free (gasp!) RSS feeds for legal news. They also provide individual feeds for different practice areas, including insurance, products liability, litigation, intellectual property and more. While reading the news headlines and summaries is free, you do need a paid subscription to view the full-text of any articles or cases.
Moreover Technologies - Law News.

Jaffe Legal News Service - Law Firm News. Offers RSS feeds for top stories, law firm news and breaking news.

GoogSpy. GoogSpy offers a tremendously powerful strategic intelligence tool. The Ranks in the Top 10 on these Search Terms section tells you where a web site currently ranks for certain keywords. So, instead of manually entering keywords into Google to see how your web site or a competitor's web site ranks, a simple search using GoogSpy takes care of this tedious task. Another advantage of using GoogSpy is that you may discover that your web site is ranking highly for certain keywords that you did not intend to target. The disadvantage of using GoogSpy is that its data set is not complete. So, not all web sites or keyword combinations appear in the GoogSpy database. You may also consider optimizing portions of your own site to capture your competitor's higher ranking keywords. Just be careful that you don't end up de-optimizing your site for your existing keywords in the process.

Greedy Associates Board. The Greedy board is the destination for those seeking the latest law firm gossip and rumors. Associates on this board frequently talk about law firm culture, salaries and other issues.

Yahoo! - Venture Capital. Offers venture capital news. As I've discussed in a prior tip, you can even set-up a customized news feed to target a specific venture capital firm. For example, here's an RSS news feed for Draper Fisher Jurvetson.

BusinessWeek Online - Deal Flow. BusinessWeek blog on venture capital and startups. Also available by RSS.

Yahoo! - Mergers & Acquisitions. M&A news feed.

CNNMoney - M&A Databank. Features reports on recent M&A deals, including transaction details and information on the target and acquiror.

BNET - Mergers and Acquisitions. Features RSS feed of mergers and acquisitions updates. BNET also provides an RSS feed for mergers and acquisitions white papers.

Onecle - Mergers Agreements. Features mergers and acquisitions agreements that were disclosed in SEC filings.

To see the rest, navigate over to Justia.

-- MDT

Labels: database

This story continues to unfold with initial estimates of 500 thousand records accessed being bumped up to 670,000. Nine arrests have been made by New Jersey authorities following months of investigation. Via ComputerWorld:

The case has already led to criminal charges against nine people, including seven former employees of the four banks. The crime ring apparently accessed the data illegally through the former bank workers. None of those employees were IT workers, police say. ...the suspects manually built a database of the 676,000 accounts using names and Social Security numbers obtained by the bank employees while they were at work. The information was then allegedly sold to more than 40 collection agencies and law firms, police say.

The suspects pulled up the account data while working inside their banks, then printed out screen captures of the information or wrote it out by hand, Lomia says. The data was then provided to a company called DRL Associates, which had been set up as a front for the operation. DRL advertised itself as a deadbeat-locator service and as a collection agency, but was not properly licensed for those activities by the state, police say.

Read more here and here.

Multiple federal agencies are now participating on the investigation, including the Treasury Department and the Internal Revenue Service. And in a move that should reverberate through the legal industry for some time, authorities have state that the next phase of their investigation will include targeting law firms and collection agencies who purchased data from the crime ring.

-- MDT

Labels: database

You don't know how long The Daily Caveat has been trying to find a way to work America's favorite blond, bubble-headed celebutante into our daily news. Finally the day has arrived. I don't think I can add much more to this crazy story beyond what you can read below:

Federal Investigators Remove PCs, Discs From Several Locations; LexisNexis Break-In Linked to Paris Hilton Phone Hacking

By Brian Krebs
Washingtonpost.com Staff Writer
Thursday, May 19, 2005

The federal investigation into the massive theft of sensitive personal records from database giant LexisNexis Inc. intensified this week with the execution of search warrants and seizure of evidence from several individuals across the country, according to federal law enforcement officials.

Three people targeted in the investigation confirmed that federal investigators had served warrants at their homes. The group included a minor who has been in contact with a washingtonpost.com reporter for three months and who said he was directly involved in the LexisNexis breach...

...The minor, whose identity is not being revealed because he is a juvenile crime suspect and because he communicated with a washingtonpost.com reporter on condition of anonymity, said federal officials "raided" his home this week and seized his computer. He said investigators "got everybody" involved in the digital break-in.

Nine people in all were served search warrants by investigators, according to a senior federal law enforcement official who asked not to be identified because of his role in this and other ongoing investigations. The official said several members of the group are also believed by investigators to be involved in the much-publicized hacking in February of hotel heiress Paris Hilton's T-Mobile cell phone account, but he did not specify which members...

...The link between the LexisNexis and Paris Hilton investigations is supported by online conversations that a washingtonpost.com reporter had with the minor whose home was searched. The minor said he was involved in both intrusions and provided an image of what he said was a Web page that only T-Mobile employees would have access to...

...According to an account provided by the teenaged member of the hacker group -- and confirmed by the law enforcement source who insisted on anonymity -- the LexisNexis break-in was set in motion by a blast of junk e-mail. Sometime in February a small group of hackers, many of whom only knew each other through online communications, sent out hundreds of e-mails with a message urging recipients to open an attached file to view pornographic child images. The attachments had nothing to do with child porn; rather, the files harbored a virus that allowed the group's members to record anything a recipient typed on his or her computer keyboard.

According to the teenage source, a police officer in Florida was among those who opened the infected e-mail message. Not long after his computer was infected with the keystroke-capturing virus, the officer logged on to his police department's account at Accurint, a LexisNexis service provided by Florida-based subsidiary Seisint Inc., which sells access to consumer data. Other officers' login information may have been similarly stolen, the law enforcement source said.

The young hacker said the group members then created a series of sub-accounts using the police department's name and billing information. Over several days, the hacker said the group looked up thousands of names in the database, including friends and celebrities. The law enforcement source said the group eventually began selling Social Security numbers and other sensitive consumer information to a ring of identity thieves in California. washingtonpost.com has not been able to reach the young source to seek comment about the sale of personal information.

Much more intrigue at the WashingtonPost.com.

-- MDT

Labels: data breech, database, identity theft

Ahh, the good old days...

It used to be that the average person only had to maintain an irrational fear of being knocked unconscious and waking up on ice in the bathtub of a seedy motel missing a kidney. Currently identity theft is the bug-a-boo du jour helping fill space on local newscasts and outraged editorial pages.

Unfortunately, speaking as a recent victim, identity theft is definitely more than just an urban legend and properly insulating ones-self from its most common causes (buy a shredder, people) is certainly worth doing.

The need to balance transparence and privacy is a real and continuing concern not just for our industry but for society at large. The International Herald Tribune has an interesting article on that subject, which originally ran in the New York Times that discusses a systematic approach undertaken by The Johns Hopkins University to evaluate personal data security:

...Working with a budget of $50 and a strict requirement to use only legal, public sources of information, groups of three to four students set out to vacuum up not just tidbits on individuals, but whole databases - death records, property tax information, campaign donations, occupational license registries - on citizens of Baltimore. They then cleaned and linked the databases they had collected, making it possible to enter a single name and generate multiple layers of information on individuals...

...The Johns Hopkins project was conceived by Avi Rubin, a professor of computer science and the technical director of Johns Hopkins's Information Security Institute. Rubin has used his graduate courses in the past to expose weaknesses in electronic voting technology, digital car keys and other byproducts of a society that is increasingly dependent on computers, networks and software.

"My expectations were that they would be able to find a lot of information, and in fact they did," Rubin said.

In some instances, students visited local government offices and filed official requests for the data - or simply "asked nicely" - sometimes receiving whole databases burned onto a CD. In other cases, they wrote special computer scripts, which they used to slurp up whole databases from online sources like Maryland's registry of occupational licenses (barbers, architects, plumbers), or from free commercial address databases...

...David Bloys, a private investigator in Texas, has helped craft a bill now pending in the state legislature there that would prohibit the bulk transfer and display over the Internet of documents filed with local governments.

There are real dangers involved, Bloys said, when such information "migrates from practical obscurity inside the four walls of the courthouse to widespread dissemination, aggregation and export across the world via the Internet." However convenient online access made things for legitimate users, the information is equally convenient for "stalkers, terrorists and identity thieves," Bloys said...

(Read the rest of the article here.)

Lots to comment on in this piece, but it will have to wait until later today.

Duty calls.

-- MDT

Labels: identity theft

The Law Librarian blog (please give them the privilege of your regular patronage) has a very helpful list of links all hailing from NYU's Law School's GlobalLex providing legal research guidance for a variety of countries that are a bit off the beaten path. Available research guides include:

• Spain

• Moldovia

• Belarus

• Lithuania

• Romania

• Georgia

• Bermuda

• Brazil

• Mali

Many other international legal research guides, including region, country and institution specific resources can be found here, courtesy of GlobalLex.

-- MDT

The Daily Caveat last wrote about the Ron Perelman, Sunbeam, Morgan Stanley fiasco in early April. Perleman filed suit against Morgan Stanley, alledging that the firm aided Sunbeam in inflating sales figures prior to Perleman receiving a large quantity of Sunbeam Shares in a stock exchange. Perelman has since been awarded more than $600 million in compensatory damages by a jury and is now seeking $2 billion in punitive damages.

Via CorporateConsel.net:

Perelman Seeks $2 Billion in Punitives Against Morgan Stanley

Jill Barton
The Associated Press
05-18-2005

A jury that awarded billionaire financier Ron Perelman $604.3 million in compensatory damages is preparing to mull his request for another $2 billion in punitive damages from Morgan Stanley, which he accused of deceiving him about Sunbeam Corp.'s financial condition.
The investment firm plans to appeal the verdict, which was delivered Monday, and called any punitive damages "inappropriate and legally deficient."

The jury said it found clear and convincing evidence that Perelman, the Revlon cosmetics chief, relied on false statements that Sunbeam was a turnaround success and could afford to acquire his camping equipment company, Coleman.

Sunbeam filed for bankruptcy protection in 2001 after its financial troubles were discovered, and Perelman alleged he had millions in losses because stock he received in the deal plunged in value. His lawsuit is also seeking $2 billion in punitive damages, which the jury will consider over the next few days....

Morgan Stanley vowed to appeal the verdict, blaming Judge Elizabeth Maass for issuing a default judgment in which she told the jury that Morgan Stanley helped Sunbeam, an investment banking client, defraud investors. Because of that judgment, Perelman only had to prove that he was swayed into making his decisions regarding the Coleman sale by Morgan Stanley's advice.

"Far from being part of the Sunbeam fraud, Morgan Stanley was a victim of that fraud, losing $300 million when Sunbeam collapsed, one of the many true facts that the jury was not allowed to hear," Morgan Stanley said in a statement.

Before the start of the trial, Perelman won a ruling by the judge that said jurors must accept as fact that Morgan Stanley helped Sunbeam cover up its failing finances. That meant Perelman only had to show that he relied on the Wall Street firm's advice when he accepted 14.1 million shares of Sunbeam stock in the 1998 buyout deal.

"The verdict, while disappointing, is not surprising, given the unprecedented and highly prejudicial rulings imposed by the trial judge," Morgan Stanley said. "Morgan Stanley was not permitted to defend itself on the merits. As a result, the jury heard allegations, instead of true facts, and Morgan Stanley was denied a fair trial."...

More to be found here, in the original piece.

And on a side note, Morgan Stanley is facing an independent investigation from the SEC regarding whether the firm failed to provide emails about the Sunbeam transactions from Perelman's legal team. Securities Litigation Watch as the full rundown on that story, drawing from a recent WSJ article. Their summary can be found here.

Labels: Morgan Stanley

Effective 2006 info aggregator will be moving all its customers away from the Choicepoint Online interface over to the AutotrakXP product.

Legaldockets.com has the scoop.

-- MDT

Via USA Today:

SEC investigates pension consultants

By John Waggoner, USA TODAY

5/16/2005

The Securities and Exchange Commission released a study Monday saying that pension consultants might not be disclosing conflicts of interest — which could mean workers and investors are not getting the best money managers for their retirement plans... The SEC study surveyed 24 of the nation's 1,700 pension fund consultants and found:

• More than half of the consultants surveyed provided services to pension funds and money management firms, raising the potential for conflicts of interest. For example, 10 sold software to money management companies to analyze clients' portfolios. The software cost as much as $70,000 a year.

• More than half of the consultants offered investment conferences free for clients, but charged money managers a fee. Money managers weren't required to go but might have felt pressured to do so.

• Many consultants required money managers to direct a portion of their stock and bond trades to a broker affiliated with the consultant. By doing so, the consultant's fees were buried in the cost of brokerage. Also, the fund might pay more for trades than they would elsewhere, which means lower returns for investors.

• Many consultants provided services, such as investment management, to pension plans through affiliates. That's not wrong, but the consultant has to disclose potential conflicts.

• Many pension consultants don't consider themselves to be fiduciaries. Fiduciaries have a legal obligation to act in their clients' best interests.

"We wanted to quickly alert those 1,700 pension consultants that they do have a fiduciary obligation, and that they have to live up to it," Richards says.

More at USA Today.

-- MDT

Via Newsday.com:

Former Bayer AG exec will plead guilty to price-fixing scheme

By MICHAEL LIEDTKE
AP Business Writer
May 16, 2005

SAN FRANCISCO -- Former Bayer AG executive Wolfgang Koch will plead guilty to colluding in a price-fixing scheme that drove up the cost of rubber chemicals used to make tires, outdoor furniture and shoes in the United States during a three-year period, the U.S. Department of Justice said.

The plea agreement announced Monday marks the latest development in a long-running antitrust investigation into an international price-rigging ring formed by some of the world's biggest rubber chemical manufacturers, including Crompton Corp. of Middlebury, Conn.

The probe, anchored in San Francisco by the Department of Justice, has revealed the dealings of competitors that secretly plotted to raise the prices of their rubber chemicals.

More here.

-- MDT

Via the 10b-5 Daily:

Interstate Bakeries Settles

May 12, 2005

Interstate Bakeries Corp. (OTC: IBCIQ.PK), the Kansas City-based manufacturer of Wonder Bread and Twinkies, has obtained preliminary court approval for a settlement of the securities class action pending against the company in the W.D. of Mo. The case was originally filed in 2003 and alleges that the company mislead investors about the market for its goods.

The settlement was agreed to last year, prior to Interstate declaring bankruptcy, and has been on hold waiting for the bankruptcy court to allow it to go forward. The settlement is for $18 million, with $15 million to be paid by insurers.

Addition: In related news, Twinkies have turned 75 years old.

In other related news, according to Hostess and crack-scientists at Rice University, it takes forty-five seconds to explode a Twinkie in a microwave. If you attempt this in the office kitchen, don't mention our name.

-- MDT

It was in mid-April that Stephen Cutler announced that he would be leaving his post at the SEC. This past week that securities administration announced his replacement - Linda Chatman Thomsen will be assuming the Directorship of the Division of Enforcement.

The SEC announcement can be seen here. With thanks to Securities Litigation Watch for the link.

Thomsen's appointment is considered to indicate that the SEC will continue the aggressive enforcement posture that businesses have come to expect from the agency over the last few years.

Thomsen will also be the first woman to hold the position. She previously served as Deputy Enforcement Director.

USA Today ran a profile of Thomsen on the occasion of her appointment. Accompanying the article was this brief vitae:

• Title: Director of the Division of Enforcement, Securities and Exchange Commission.

• Education: Smith College, A.B.; Harvard University, J.D.

• Career with SEC: 1995, assistant chief litigation counsel, SEC; 1997, assistant director of the Division of Enforcement, SEC; 2000, associate director of the Division of Enforcement; 2002, deputy director of the of the Division of Enforcement.

• Career prior to joining SEC: Davis Polk & Wardwell law firm in Washington, D.C., and New York; Assistant U.S. Attorney for the District of Maryland.

Congrats Linda...

-- MDT

Brock Romanek at TheCorporateCounsel.net has a link to the now up-and-running SEC disclosure comment letter database (within EDGAR):

Lot of members asking how to find the SEC Staff's comment letters on the SEC's site. Here is some insight from Brink Dickerson: Comment letters are starting to appear in the SEC’s EDGAR database. They are assigned one of two form types, “upload” for letters generated by the SEC staff, and “corresp” for letters generated by filers. As with other filings, they are indexed by filer name, so the primary way to access the letters is to search for the filer and then look for the form type. To search across filers, go to the EDGAR archives – which is within the “Search for Company Filings” area on the main EDGAR page – and search for “form-type=” either “upload” or “corresp.”

So far the selection is not that large, with twenty-four examples - but it should grow at the rate of roughly 300 letters per month. Further, except in a few cases, the letters available so far are either just the correspondence or just from the SEC - but not both.

A list of all currently available letters can be found here.

-- MDT

Labels: database

Business Week has run a story profiling prominent securities plaintiff attorneys, Max Berger and Sean Coffey of Bernstein, Litowitz Berger & Grossman:

The Kings Of Class Actions

May 16, 2005

Max Berger and Sean Coffey are riding high after making WorldCom's bankers pay up. Here's what life is like for Max W. Berger these days: The maitre d' at Manhattan restaurant Cité prances around the 58-year-old founding partner of plaintiffs' law firm Bernstein Litowitz Berger & Grossmann LLP (BLBG) as Berger is delivered to his favorite corner table. He is offered a sampling of fine wine, and his filet mignon is on the house after he complains that the first one is too fatty. Berger soaks up the attention. But the real treat arrives with dessert. Jonathan J. Lerner, a partner at venerable law firm Skadden, Arps, Slate, Meagher & Flom LLP, who opposed Berger in a massive shareholder lawsuit five years ago, saunters up and says to his dinner companion: "This guy took $3 billion from me. He's the best lawyer in New York."

The article kinda goes on like that, listing some of Berger and Coffey's greatest hits. But it provides interesting view into one of the preeminent firms and some of the most prominent personalities in securities litigation.

Read the rest here.

Many thanks to the 10b-5 Daily for the link.

-- MDT

Labels: Bernstein Litowitz and Berger, Sean Coffey

Via the International Herald Tribune:

3rd General Re official faces a fraud complaint

By Timothy L. O'Brien The New York Times
MAY 12, 2005

The U.S. Securities and Exchange Commission has notified a third executive of General Re that he faces a civil fraud complaint as part of an investigation of financial manipulation in the insurance industry, according to a person briefed on the matter. The executive, John Houldsworth, was the head of General Re's office in Dublin. Houldsworth has been in the middle of several questionable transactions that have drawn the attention of regulators in the United States and other countries. While he still holds a senior position in Dublin, he no longer manages the office.

Separately, the pension fund TIAA-CREF said on Tuesday that its chief financial officer, Elizabeth Monrad, had requested and been granted an unpaid leave of absence to respond to a regulatory action against her. The SEC notified Monrad last Thursday that it planned to file a civil fraud complaint against her in connection with a questionable transaction between her former employer, General Re, and American International Group, according to a person briefed on the matter. Both General Re and AIG are targets of investigations into fraudulent insurance practices. Both are cooperating with the inquiries.

Last week, the SEC also notified a current General Re executive, Richard Napier, that it planned to file a civil fraud complaint against him in connection with the AIG transaction, according to two other people briefed on the matter.

Read the rest here.

-- MDT

Labels: AIG, General Re