Remove Spyware and Viruses today

Online fraud in the United States doubled to a reported $560 million in losses last year as illicit phishing expeditions by thieves posing as the Federal Bureau of Investigation represented the biggest consumer complaint, according to a Friday government survey.

The e-mail phishing scams represented 16.6 percent of all complaints. The next closest category, at 12 percent, concerned consumer unhappiness about being billed for products never ordered or received, according to FBI data unveiled Friday.

Overall, the number of reported dollar losses stemming from online fraud doubled in 2009 from the year prior.

The authorities last year received 336,655 complaints, a 22 percent increase from 2008, according to the data.

See Also:

• Viral Video Hoax, or Proof of Impending Cyber Apocalypse?
• Mom Loses Bid for Purdue Bomb Hoax Suspect’s Freedom
• Hidden Cameras in DTV Converters? YouTube Hoax Fans Conspiracy
• Net Hoax Convinces Germany of Fake U.S. Suicide Bombing Attempt
• FBI Charges Blind Phone Phreak With Intimidating a Verizon
• Government’s Star Witness Stumbles: MySpace Hoax Was Her Idea
• Report: Hoax Anti-Obama E-Mails Still Fool Dumb White Guys

Netflix is canceling its second $1 million Netflix Prize to settle a legal challenge that it breached customer privacy as part of the first contest’s race for a better movie-recommendation engine.

Friday’s announcement came five months after Netflix had announced a successor to its algorithm-improvement contest. The company at the time said it intended to expand the amount of information it gave to researchers in hopes that its recommendation system — a key part of Netflix’s customer retention strategy — would get even better. That was then followed with a warning by prominent data privacy lawyers that the new dataset was easily de-anonymized.

Those fears were highlighted in December, when an in-the-closet lesbian mother sued Netflix for privacy invasion, alleging the movie-rental company made it possible for her to be outed when it disclosed insufficiently anonymous information about nearly half-a-million customers as part of its $1 million contest.

The federal suit claimed Netflix violated fair-trade laws and a federal privacy law designed to protect video rental records when the Los Gatos, California, company launched the popular contest in 2006. The FTC also contacted Netflix about the first contest, which lasted three years, according to a Netflix blog post Friday.

“We have reached an understanding with the FTC and have settled the lawsuit with plaintiffs,” wrote Neil Hunt, the company’s chief product officer. “The resolution to both matters involves certain parameters for how we use Netflix data in any future research programs.

“In light of all this, we have decided to not pursue the Netflix Prize sequel that we announced on August 6, 2009.”

Here’s how the contest worked:

In order to get a better movie-recommendation algorithm, the online DVD rental company gave more than 50,000 Netflix Prize contestants two massive datasets. The first included 100 million movie ratings, along with the date of the rating, a unique ID number for the subscriber, and the movie info. Based on this data from 480,000 customers, contestants had to come up with a recommendation algorithm that could predict 10 percent better than Netflix about how those same subscribers rated other movies.

The contest ended this summer when two different teams passed the 10-percent improvement mark, with the prize money going to a team led by AT&T researchers.

However, video-rental records are protected records in the United States — a reaction to a reporter getting Supreme Court–nominee Robert Bork’s rental history from a video store. The lead attorney on the new suit, Joseph Malley, recently reached a multimillion-dollar settlement with Facebook over its failed Beacon program, which drew fire in part for sharing users’ Blockbuster rentals with their friends.

The Netflix suit< argued that the rental information is personal data/a> (.pdf) protected by Netflix’s privacy policy, and that NetFlix should have known that people would be able to identify users based on that data alone. In fact, just two months before NetFlix launched the contest, AOL released “anonymized” search-engine logs, which reporters quickly used to track down real people.

Photo: Flickr/Ross Catrow

See Also:

• Netflix Spilled Your Brokeback Mountain Secret, Lawsuit Claims
• How the Netflix Prize Was Won
• $1 Million Netflix Prize So Close, They Can Taste It
• Facebook Denies ‘All Wrongdoing’ in ‘Beacon’ Data Breach
• Lawsuit Accuses Facebook of Conspiring to Break Video-Privacy Law

BEIJING (Reuters) - China warned Google against flouting the country’s laws on Friday, as expectations grow for a resolution to a public battle over censorship and cybersecurity.

The chief executive of Google, Eric Schmidt, said this week he hoped to announce soon a result to talks with Chinese authorities on offering an uncensored search engine in China.

“Google has made its case, both publicly and privately,” said China’s Minister of Industry and Information Technology.

Google in January threatened to pull out of China if it could not offer an unfiltered Chinese search engine, after cyberattacks originating from China on it and about 30 other firms.

“If you don’t respect Chinese laws, you are unfriendly and irresponsible, and the consequences will be on you,” Li told reporters, in answer to a question on what China would do if Google.cn simply stopped filtering search results.

Li complimented Google on having reached about 30 percent market share in the Chinese market since it launched google.cn about three years ago, and said it was welcome to expand market share further if it abided by Chinese law.

It was up to Google whether to stay in China’s market or not, he added.

Ministry officials have wavered between confirming and denying that talks are happening at all, in response to repeated media questions during China’s annual legislative session.

“This is really a hot topic, it’s easy and yet not easy to respond. A lot of these matters don’t fall under my ministry, ” Li said.

The Ministry of Industry and Information Technology shares oversight of the Chinese internet with a number of other bodies — while still more bureaucracies are involved in matters of foreign investment, complicating the Chinese government’s response to Google’s challenge.

(Reporting by Lucy Hornby and Rujun Shen; Editing by Alex Richardson)

See Also:

• China Stands Firm in Response to Google Threat
• Google to Stop Censoring Search Results in China After Hack Attack …
• China Widens Net Censorship; Google Exile Looms
• Google Hack Attack Was Ultra Sophisticated, New Details Show …
• Probe Traces Google Hack to Chinese Schools
• Google Hackers Targeted Source Code of More Than 30 Companies …
• U.S. Pinpoints Coder Behind Google Attack

I’d almost forgotten that David Spark ambushed Ben Tomhave, Andrew Storms and me with a video camera on the first day of RSA last week.  I think we literally hadn’t even had the time to get more than 10 steps beyond the escalator when David found us.  Which is my way of saying none of us had any idea what was gong on at the convention yet, we were just talking off the top of our head.  Was this really only a week and a half ago?  I didn’t end up seeing a lot of tokenization at RSA, though I did get to talk to some of the key players about end to end encryption.

Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking.

Zaman, a 33-year-old former programmer at Barclays Bank, was charged with laundering between $600,000 and $800,000 for hacker Albert Gonzalez, who is currently awaiting sentencing on charges that he and others hacked into TJX, Office Max, Heartland Payment Systems and numerous other companies to steal data on more than 100 million credit and debit card accounts.

Zaman pleaded guilty in April to one count of conspiracy. His sentence includes three years of supervised release with a couple of conditions — Zaman cannot have access to ID information or financial information without prior approval from the government and must disclose his conviction to any future employer. Upon release, Zaman will not be barred from using computers.

Zaman is the second conspirator in the TJX case to be charged. Former Morgan Stanley coder, Stephen Watt, was sentenced in December to two years in prison for his role in the TJX case, which involved supplying Gonzalez with a sniffer program used to siphon card data from the TJX network.

Once the card data was stolen, mules were used to siphon the money from ATMs and send the money electronically — either by a wire transfer or using digital currencies such as E-gold and Web Money — to a bank account in Latvia. Gonzalez’s portion of the booty was then transferred to other bank accounts, some of them opened under fictitious names. Zaman’s job in the U.S. was to withdraw funds from these accounts at ATMs in various locations across the United States, and then send the cash to Gonzalez in Florida.

Zaman also traveled to San Francisco three times in late 2005 and early 2006 and met with “an unknown man of apparent Eastern European descent” who slipped him between $50,000 and $370,000 in cash each time. Zaman then shipped the money via Federal Express to Gonzalez. Zaman also made about three trips to New York to pick up cash for Gonzalez. Each time, he earned 10 percent of the amount shipped.

In March 2008, two months before Gonzalez was arrested in Florida, Zaman sent him ATM system logs from Barclays, a bank where Zaman was working as a programmer. Prosecutors said Gonzalez uploaded the logs to a Latvian server he controlled and shared with others, but there is no evidence that the logs were used for nefarious purposes before Gonzalez’s arrest or after.

In addition to the Barclays ATM logs, investigators found 16.3 million payment card numbers on the Latvian server and an additional 27.5 million card numbers on a server in the Ukraine.

Gonzalez is currently facing a minimum 17-year sentence in prison.

Prosecutors had sought only 46 months and a $75,000 fine for Zaman because his activities were limited solely to money laundering. The government said it had “no evidence that Zaman participated in, or reasonably foresaw the extent of, the intrusions and data thefts perpetrated by the Gonzalez organization.”

Prosecutors said Zaman did not provide “substantial assistance” in the investigation or prosecution of anyone else. He provided information about his own activities, the authorities said.

According to the prosecution’s sentencing memo (.pdf), Zaman was a popular kid with lots of friends. He was a member of chess, debate and math clubs and was on a successful career path, earning $130,000 plus bonuses from Barclays.

“But he enjoyed partying and using expensive recreational drugs when he wasn’t working,” prosecutors said. “So he needed cash beyond his six-figure legitimate income.”

Zaman’s attorney did not immediately respond for comment.

See also:

• Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack
• TJX Hacker Was Awash in Cash; His Penniless Coder Faces Prison