On Q Professional Investigations

Four individuals were sentenced this week for their respective roles in trafficking the identities and corresponding identity documents of Puerto Rican U.S. citizens.

Acting Assistant Attorney General Mythili Raman of the Justice Department’s Criminal Division and U.S. Attorney Rosa E. Rodríguez-Vélez of the District of Puerto Rico made the announcement. The sentencings took place in front of U.S. District Judge Gustavo A. Gelpí in the District of Puerto Rico.

Domingo Pablo Gutierrez, 52, a Guatemalan national formerly of Albertville, Ala., was sentenced today to serve 30 months in prison to be followed by three years of supervised release. Gutierrez agreed to forfeit $40,000 in proceeds and to be removed from the United States after the completion of his sentence. On Aug. 22, 2013, Gutierrez pleaded guilty in front of U.S. Magistrate Judge Bruce J. McGiverin of the District of Puerto Rico to one count of conspiracy to commit identification fraud and one count of conspiracy to commit human smuggling for financial gain.

On Jan. 21, 2014, Moises Lara-Ceballos, 38, a Mexican national formerly of Seymour, Ind., was sentenced to serve 54 months in prison to be followed by three years of supervised release. Lara-Ceballos agreed to forfeit $422,793 in proceeds and to be removed from the United States after the completion of his sentence. On Sept. 20, 2013, Lara-Ceballos pleaded guilty in front of U.S. Magistrate Judge Marcos E. López to one count of conspiracy to commit identification fraud, one count of aggravated identity theft, and one count of illegal reentry after deportation.

Juan Quero-Mendez, 28, a Mexican national formerly of Lilburn, Ga., was also sentenced on Jan. 21, 2014, to serve 36 months in prison and three years of supervised release. The court ordered the defendant to forfeit $17,180 in proceeds and to be removed from the United States after the completion of his sentence. On Sept. 20, 2013, Quero-Mendez pleaded guilty in front of U.S. Magistrate Judge Camille L. Vélez-Rive of the District of Puerto Rico to one count of conspiracy to commit identification fraud and one count of conspiracy to commit human smuggling for financial gain.

Adonis Ramirez-Segura, 54, a Dominican national and a legal permanent resident of Columbus, Ohio, was sentenced on Jan. 21, 2014, to serve 22 months in prison to be followed by three years of supervised release. On Sept. 20, 2013, Ramirez-Segura pleaded guilty in front of U.S. Magistrate Judge Camille L. Vélez-Rive to one count of conspiracy to commit identification fraud and one count of Social Security fraud.

The four defendants were charged in a superseding indictment returned by a federal grand jury in Puerto Rico on March 22, 2012. To date, 53 individuals have been charged for their roles in the identity trafficking scheme. All 49 arrested defendants have pleaded guilty and 36 defendants have been sentenced.

Court documents allege that individuals located in the Savarona area of Caguas, Puerto Rico, obtained Puerto Rican identities and corresponding identity documents. Other conspirators located in various cities throughout the United States allegedly solicited customers and sold Social Security cards and corresponding Puerto Rico birth certificates for prices ranging from $700 to $2,500 per set. The superseding indictment alleges that these identity brokers in the United States ordered the identity documents from the document suppliers in Savarona on behalf of their customers by making coded telephone calls. The conspirators are charged with using text messages, money transfer services, and express, priority or regular U.S. mail to complete their illicit transactions.

Court documents allege that some of the conspirators assumed a Puerto Rican identity themselves and used that identity in connection with the trafficking operation. Their customers generally obtained the identity documents to assume the identity of Puerto Rican U.S. citizens and to obtain additional identification documents, such as legitimate state driver’s licenses. Some customers allegedly obtained the documents to commit financial fraud and attempted to obtain a U.S. passport.

According to court documents, various identity brokers were operating in Rockford, DeKalb and Aurora, Ill.; Seymour, Columbus and Indianapolis, Ind.; Hartford, Conn.; Clewiston, Fla.; Lilburn and Norcross, Ga.; Salisbury, Md.; Columbus and Fairfield, Ohio; Dorchester, Lawrence, Salem and Worcester, Mass.; Grand Rapids, Mich.; Nebraska City, Neb.; Elizabeth, N.J.; Burlington and Hickory, N.C.; Hazelton and Philadelphia, Pa.; Houston; Abingdon and Albertville, Ala.; and Providence, R.I.

According to court documents, Quero-Mendez was an identity broker who operated in Lilburn, Ga.; Ramirez-Segura was an identity broker who operated in Columbus, Ohio; Lara-Ceballos was an identity broker who operated in Seymour, Ind.; and Gutierrez was an identity broker who operated in Albertville, Ala.

The charges are the result of Operation Island Express, an ongoing, nationally coordinated investigation led by the ICE Homeland Security Investigations’ (ICE-HSI) Chicago Office and USPIS, DSS and IRS-CI offices in Chicago, in coordination with the ICE-HSI San Juan Office and the DSS Resident Office in Puerto Rico. The Illinois Secretary of State Police; Elgin, Ill., Police Department; Seymour, Ind., Police Department; and Indiana State Police provided substantial assistance. The ICE-HSI Assistant Attaché office in the Dominican Republic and International Organized Crime Intelligence and Operations Center (IOC-2) as well as various ICE, USPIS, DSS and IRS-CI offices around the country provided invaluable support.

The case is being prosecuted by Trial Attorneys James S. Yoon, Hope S. Olds, Courtney B. Schaefer and Christina Giffin of the Criminal Division’s Human Rights and Special Prosecutions Section, with the assistance of the Criminal Division’s Asset Forfeiture and Money Laundering Section and the support of the U.S. Attorney’s Office for the District of Puerto Rico. The U.S. Attorney’s Offices in the Northern District of Illinois, Southern District of Indiana, District of Connecticut, District of Massachusetts, District of Nebraska, Middle District of North Carolina, Southern District of Ohio, Middle District of Pennsylvania, District of Rhode Island, Southern District of Texas and Western District of Virginia provided substantial assistance.

Potential victims and the public may obtain information about the case at: www.justice.gov/criminal/vns/caseup/beltrerj.html . Anyone who believes their identity may have been compromised in relation to this investigation may contact the ICE toll-free hotline at 1-866-DHS-2ICE (1-866-347-2423) and its online tip form at www.ice.gov/tipline . Anyone who may have information about particular crimes in this case should also report them to the ICE tip line or website.

Anyone who believes that they have been a victim of identity theft, or wants information about preventing identity theft, may obtain helpful information and complaint forms on various government websites including the Federal Trade Commission ID Theft Website, www.ftc.gov/idtheft . Additional resources regarding identity theft can be found at www.ojp.usdoj.gov/ovc/pubs/ID_theft/idtheft.html ; www.ssa.gov/pubs/10064.html ; www.fbi.gov/about-us/investigate/cyber/identity_theft ; and www.irs.gov/privacy/article/0,,id=186436,00.html .
View Source

The Bureau of Justice Statistics (BJS) has a sobering new report finding identity theft cost Americans $10 billion more last year than all other property crimes measured by the National Crime Victimization Survey.

While identity theft cost Americans $24.7 billion in 2012, losses for household burglary, motor vehicle theft, and property theft totaled just $14 billion.

The BJS report measures both direct and indirect losses tied to identity theft. Direct losses, the majority of the $24.7 billion, consisted of the money thieves got by misusing a victim’s personal info or account information. Indirect losses included other costs associated with identity theft — like legal fees and bounced checks.

The BJS’s last report on identity theft, for the year 2010, measured just direct losses and put them at $13.1 billion. While that report didn’t measure indirect losses, a separate research firm called Javelin Strategy and Research found this year that identity thefts are indeed on the rise.

Here are some key points from the BJS report:

85% of theft incidents involved the fraudulent use of existing accounts, rather than the use of somebody’s name to open a new account.

People whose names were used to open new accounts were more likely to experience financial hardship, emotional distress, and even problems with their relationships, than people whose existing accounts were manipulated.

Half of identity theft victims lost $100 or more.

Americans who were in households making $75,000 or more were more likely to experience identity theft than lower-income households.

While the majority of victims spent a day or less resolving the issue, identity theft can also be a drawn-out nightmare. A dramatic instance of ID theft occurred after a man named David B. Dahlstrom lost his wallet in Utah back in 1985. For the next 17 years, a German immigrant named Yorck A. Rogge masqueraded as Dahlstrom, The New York Times in 2007.

The real Dahlstrom was denied a credit card and even received an insurance claim for an accident he had nothing to do with.

In more recent years, identity thieves have begun targeting smartphone users and people who use social media and aren’t cautious about that use, experts told Reuters in 2012.

Javelin Strategy & Research found that year that someone whose information is revealed as part of an online data breach becomes 9.5 times more likely to have their identity stolen.

View Source

Fifteen years ago, on November 30, 1998, the FBI flipped the switch on the National Instant Criminal Background Check System, or NICS, a provision of the 1993 Brady Act that requires background checks on individuals purchasing firearms or receiving them through some other means.

The goal at the time was to disqualify any transfers of firearms to ineligible individuals while at the same time ensuring timely transactions for eligible individuals. Today, as the FBI-run background check system marks its anniversary, successes are seen daily and in real-time on both fronts.

Since its inception, the NICS has processed more than 177 million background checks requested by gun sellers, or federal firearms licensees (FFLs). On its busiest days, the system processes more than 10,000 automated checks an hour across 94 million records in FBI criminal databases, including the National Crime Information Center (NCIC), the Interstate Identification Index (III), and the NICS index of 11 million individuals who fall into certain categories that prohibit them from receiving firearms (see sidebar). Nine out of 10 NICS determinations are instantaneous, so FFLs know immediately whether to proceed with transactions or deny them. To date, NICS queries of criminal databases have resulted in 1,065,090 denials, with 88,479 in 2012 alone.

“The statistics for denials can stand on their own with regards to how well the system works in keeping firearms out of the hands of those who shouldn’t have them,” said Steve Fischer, a spokesman for NICS, which is run by the Bureau’s Criminal Justice Information Services (CJIS) Division in West Virginia.

The most common reasons for denials are prior criminal convictions, domestic violence, drug history, and fugitive status.

In 37 states, NICS background checks are conducted by the FBI when purchases are initiated at one of the country’s 46,895 licensed gun sellers. The sellers contact the NICS online through an electronic system or through one of three call centers, which run the names against the databases. Thirteen states perform their own background checks by utilizing the NICS.

While most NICS checks return immediate dispositions of “proceed” or “deny,” about eight percent are delayed, usually because of incomplete criminal history records. By law, the NICS section must make a determination within three days or the transaction may be allowed to proceed. It’s during that period that NICS staff research missing information to update the records and create a clearer picture of applicants. Last year alone, the NICS section filled in the blanks on more than 34,000 incomplete criminal history records and then shared the information with state agencies.

Records are not kept on individuals whose transactions are approved to proceed. By law, they are purged within 24 hours. NICS has an appeal process in place for individuals whose transactions are denied.

In addition to firearms, the Safe Explosive Act of 2003 requires background checks as part of the licensing process for individuals shipping or receiving explosives. The requests are submitted to NICS by the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF), and the ATF makes the final determinations. To date, NICS has processed more than 700,000 explosives background checks; in 2012, NICS processed 148,856 checks and denied 3,077.

NICS employs nearly 500 people and operates 17 hours a day (8 a.m. to 1 a.m.), 364 days a year (closed on Christmas). The system can—and does—routinely process more than 80,000 requests a day. Last December, NICS processed 2.7 million background checks—177,170 in a single day on December 21. According to a 2012 NICS report, the highest volume of background check requests usually occurs on the day after Thanksgiving.

View Source

ORANGE BEACH, Ala. (WALA) – Records show a former server who worked at Orange Beach restaurants was arrested and charged with 59 counts of identity theft, one count fraudulent use of a credit card, and one count third degree theft of property on Monday, November 25.

Orange Beach Police said Stephanie Marie Brown, 30, was manipulating tips as a server and taking money from unsuspecting customers between April and May.

Police said customers would not notice they were being over-billed until later receiving their credit card statements.

“Victims had contacted the restaurant and had complained to the restaurant about some charges on their credit card receipts were not authorized by them,” explained Greg Duck, Assistant Chief of Orange Beach Police.

Officials told FOX10 News she was a server at Hurricane Grill and Wings and also worked at Shipp’s Harbour Grill.

Managers at Hurricane Grill and Wings declined to talk on camera about Brown, but they did tell FOX10 she was a good employee; she just made some wrong decisions.

We also spoke with the owner of Shipp’s Harbour Grill who also declined to comment on camera, but told FOX10 that Brown stole some $500 from their cash register, and she had not padded any tips at their restaurant. They pressed the third degree theft of property charge against her.

Brown’s listed home address is an apartment in Fredricksburg, VA., but police said she was picked up in Pensacola, where she had been living.

She is being held on $5,000 bond for each identity theft charge and remains in the Baldwin County Jail, totaling to $301,000. Police said her case will go to a grand jury.

It is unclear how much money she stole during the scam.

In the meantime, Orange Beach police warn folks to stay aware of your credit.

“We just want people to understand that it can happen anywhere,” said Duck. “People really need to watch their bank accounts, and their credit card accounts on a daily basis. That helps law enforcement.”

View Source

PHILADELPHIA—Brandon James, 23, and Lenardo Nicolas, 25, both of Florida, were charged today by indictment with participating in an illegal check cashing scheme that involved cashing fraudulent checks using the drive-through teller lane at victim banks. It is alleged that the defendants and other co-conspirators from Florida, known and unknown to the grand jury (“crew members”), stole identifications, checks, bank cards, and credit cards from women’s wallets and purses usually left inside the victims’ cars in unattended parking lots. In order to carry out the scheme, the defendants and other crew members recruited female co-conspirators (“workers”) who could impersonate the victims’ identifications. The defendants and other crew members specifically instructed the workers to use the drive-through teller lanes, known to law enforcement as the “felony lanes,” to cash the fraudulent checks. The defendants carried out the alleged scheme between December 2012 and September 2013. The indictment charges each defendant with one count of conspiracy, two counts of bank fraud, and one count of aggravated identity theft, announced United States Attorney Zane David Memeger.

According to the indictment, James, Nicolas, and other crew members rented cars for the female workers to use during the course of the scheme. It is alleged that the defendants and other crew members covered the rental car’s license plate, usually with a stolen license plate, to conceal the identity of the car as it was in the bank drive-through lane. After a fraudulent check was successfully cashed, the workers would meet the defendants and other crew members, who waited close by to the bank in another rental vehicle, and then give them the money from the illegally cashed check. The workers would then receive another fraudulent, stolen check or checks and stolen identification to use at the next victim bank. The indictment alleges that the defendants and other crew members perpetrated this scheme in different states around the country. The victim bank locations in Pennsylvania included Montgomery and Chester Counties.

If convicted, James and Nicolas each face a maximum possible sentence of 67 years in prison, a $2.5 million fine, a five-year period of supervised release, and a $400 special assessment.

The case was investigated by the Federal Bureau of Investigation, the Hatfield Township Police Department, the Willistown Township Police Department, and the Upper Uwchlan Township Police Department and is being prosecuted by Assistant United States Attorney Jennifer Chun Barry and Special Assistant United States Attorney Peter Hobart.

An indictment, information, or criminal complaint is an accusation. A defendant is presumed innocent unless and until proven guilty.

View Source

Hanover VA Oct 20 2013 – Federal and state investigators are looking into alleged misuse of a highly confidential criminal background database used for gun purchases by a former vice president of Green Top Sporting Goods in Hanover County.

State police also have issued a summons charging the vice president, who was the alleged source of the misuse.Court documents and state police are confirming that Michael J. Lynch is facing a misdemeanor charge under criminal statutes that make it illegal to fraudulently seek or provide access to criminal background check information.

Lynch, whose Hanover Avenue home in Richmond has been sold and is empty, is facing an arraignment this month in Hanover General District Court on the misdemeanor, which carries a six-month jail sentence.

Todd Stone, Lynch’s lawyer, said Wednesday his client would not comment on the pending case. “I think we will be able to show that Mr. Lynch is not guilty of what he is charged with,” Stone said.

Green Top, which has been in business in Hanover County since 1947 and is one of the state’s largest retail weapons outlets, recently moved under new ownership and management to a sprawling location on Lakeridge Parkway west of Interstate 95.

State police said this week that Lynch was charged following a criminal investigation “into an unauthorized third party being granted access to the Virginia State Police V-Check program via an employee” of Green Top Sporting Goods.

Information obtained in the criminal investigation also has been referred by state police to the Federal Bureau of Investigation and to the federal Bureau of Alcohol, Tobacco, Firearms and Explosives, which has jurisdiction over Green Top’s license to sell firearms.

A spokesman for ATF in Washington did not return calls seeking information about the status of Green Top’s license.

Lynch, 57, a former Circuit City executive, was charged Aug. 27 based on a summons obtained by state trooper D.M. Sottile. The summons says the charge stemmed from alleged illegal activity that occurred between Aug. 8 and Aug. 21.

The V-Check system is the database through which state police conduct criminal background checks of potential purchasers of firearms, usually at the point of sale, including licensed firearms dealers.

Lynch, according to a recording on the Green Top telephone system, is no longer with the company. Company president William C. Prout did not return calls for comment Wednesday.

Sources with knowledge of Green Top operations said Lynch allegedly provided privileged information about accessing the V-Check system to a software company that advertises programming that can facilitate storing and submitting documentation that is provided to law enforcement to gain approval for a gun sale.

But the access code is highly confidential and by law cannot be disseminated to any source outside the licensed dealer to which it is assigned. Calls to the software company were not returned Wednesday.

Hanover Commonwealth’s Attorney Ramon C. “Trip” Chalkley III was out of the office this week and unavailable for comment.

Green Top has been repeatedly cited as one of the state’s top retail outlets for firearms and a year ago moved from its longtime site on U.S. 1 north of

Virginia Center Commons to the former Gander Mountain facility on Lakeridge Parkway.

The V-Check system is the foundation of the state’s ability to carry out background checks of gun buyers; the system tracks criminal convictions, outstanding protective orders and individuals who have been diagnosed with severe mental disorders.

That sort of information is not passed along to retailers in the process of selling a weapon to a customer; the retailer merely learns if the potential buyer has been approved or disapproved as a buyer.

The system is closely monitored despite the number of checks that are run through the system annually by weapons retailers. In 2012, a record 432,387 gun transactions were recorded. In December that year, more than 5,000 transactions were recorded, the highest monthly total on record.

Richmond Dispatch

View Source

PRESS RELEASE
FBI OFFICE

PROVIDENCE, RI Oct 18 2013—Randolph Hurst, 50, of West Warwick Rhode Island, a former assistant district manager for the Social Security Administration in Rhode Island, pled guilty in U.S. District Court in Providence on October 9, 2013, to stealing the identity of a Coventry man and using the victim’s identity to fraudulently sell more than $160,000 worth of stock certificates belonging to the victim. Hurst also pled guilty to failing to pay $61,999 in taxes owed to the IRS.

Appearing before U.S. District Court Judge William E. Smith, Hurst pled guilty to one count each of aggravated identity theft, transportation of stolen securities, and tax evasion; two counts of mail fraud; and three counts of filing a false tax return. Hurst faces up to 45 years in federal prison and a fine of up to $1.4 million when he is sentenced on January 10, 2014.

A co-defendant in this matter, Justin Silveira, 29, of Coventry, pled guilty on October 9, 2013, to two counts of perjury and one count of obstruction of justice. Silveira admitted to the court that he lied to a grand jury that was investigating this matter. At sentencing on January, 10, 2014, Silveira faces up to 20 years in federal prison and a fine of up to $750,000.

The guilty pleas were announced by United States Attorney Peter F. Neronha; Vincent B. Lisi, Special Agent in Charge of the Boston Field Office of the FBI; Cheryl Garcia, Acting Special Agent in Charge of the New York region of the U.S. Department of Labor, Office of Labor Racketeering and Fraud Investigations; John Collins, Acting Special Agent in Charge of the Boston Office of the Internal Revenue Service, Criminal Investigation; and Scott E. Antolik, Special Agent in Charge of the Boston Field Office of the Social Security Administration, Office of the Inspector General/Office of Investigations.

At the time of his guilty plea, Hurst admitted to the court that in September 2010, he stole personal identifying information belonging to the victim and used it to open a joint account at Summit Brokerage Services in Providence in his name and in the name of the victim, without the victim’s permission. Hurst admitted that two days after opening the account, he provided documentation to Summit purportedly authored and signed by the victim, requesting the deposit of two stock certificates owned by the victim. The victim never authorized the deposit of the stock certificates and was unaware that an account had been opened in his name.

Hurst admitted to the court that in October 2010, without the victim’s knowledge, he requested that Summit sell the stocks and issue a check in his name and in the victim’s name for $157,747.49, which represented a portion of the proceeds of the sale of the stocks. The check was sent by courier to the Coventry address of Justin Silveira. On October 22, 2010, the check was deposited into a bank account owned jointly by Hurst and his wife. Hurst admitted to the court that on the same date the check was deposited he requested a second check from Summit in the amount of $3,980.46, in his name and in the victim’s name, for the remaining proceeds from the sale of the stock and that it be sent to the same address in Coventry. On November 8, 2010, the check was deposited into a bank account owned jointly by Hurst and his wife.

Hurst admitted to the court that he and his wife spent the proceeds of the sale of the stock, $161,727.95, on personal items and expenses.
The cases are being prosecuted by Assistant U.S. Attorney Dulce Donovan.

The matter was investigated by federal agents from the FBI; U.S. Department of Labor Office of Labor Racketeering and Fraud Investigations; Internal Revenue Service-Criminal Investigation; and Social Security Administration, Office of the Inspector General/Office of Investigations.

This law enforcement action is part of efforts underway by President Obama’s Financial Fraud Enforcement Task Force (FFETF) which was created in November 2009 to wage an aggressive, coordinated, and proactive effort to investigate and prosecute financial crimes. With more than 20 federal agencies, 94 U.S. Attorneys’ offices, and state and local partners, it is the broadest coalition of law enforcement, investigatory, and regulatory agencies ever assembled to combat fraud.

Since its formation, the task force has made great strides in facilitating increased investigation and prosecution of financial crimes; enhancing coordination and cooperation among federal, state, and local authorities; addressing discrimination in the lending and financial markets; and conducting outreach to the public, victims, financial institutions, and other organizations. Over the past three fiscal years, the Justice Department has filed more than 10,000 financial fraud cases against nearly 15,000 defendants including more than 2,700 mortgage fraud defendants. For more information on the task force, visit www.stopfraud.gov.

View Source

The background check is often the last thing we think of when applying for a job, after the cover letter, the resume, the references, and what to wear to the interview. In fact, many of us don’t think about it until a potential employer asks for our social security number and written permission to run a check.

This can be a problem. Though it depends on the job and the state, many employers still run extensive background checks on potential hires. The idea is to gather as much information as possible, so they know what they’re getting. As Forbes puts it, “There’s absolutely no doubt that making a wrong hiring decision can haunt your company, your other employees, and your client base.”

If you’re in the job market, you might want to run one on yourself first to avoid surprises and make sure the information that is out there is correct. You can do this by paying a background check agency like Been Verified or Talent Shield. Or, if you want to save money, you can do a pretty thorough one on yourself for free. Here’s a guide:

Review your court records
This is a big one — employers often want to know if you’ve been arrested or charged with a crime. Clearly, you’re already privy to that information. But if you’re looking for a job, it’s still wise to find out how the records depict you. Go to National Center for State Courts, where you can research your records at the state and city level.

Also, if you do have a criminal history, take a look at the new guidelines issued by the Equal Employment Opportunity Commission to help protect those with criminal backgrounds from job discrimination.

Get your credit report
This is a controversial practice — in fact, nine states have already passed laws limiting it — but the reality is that about 47 percent of companies still check some or all job applicants’ credit reports, according to the The Society of Human Resource Management. It doesn’t hurt to get out ahead of them.

All consumers are legally entitled to three free credit reports a year from the three major reporting agencies — Equifax, Experian, and TransUnion. Get all three. If you find errors, call them quickly and ask them to be corrected. Additionally, if you see negative points, and it’s due to extenuating circumstances (like a layoff or illness), you’re allowed to contact the bureau and attach a 100-word explanation to the problem. It won’t help your score, but it will give your potential employer your side of the story.

Request your employment history
It’s no secret to you where you worked and when, but it’s not a bad idea to see what’s on record. Your future employer may or may not look to see if there are any discrepancies on your resume (i.e., to check if you lied to them), so make sure the public info is accurate. Go to The Work Number to request data.

Review your education records
The Family Educational Rights and Privacy Act of 1974 requires your school to let you access your education records within 45 days of anyone asking for your record — at any point after graduation. You’re also allowed to request an amendment if you think something’s inaccurate. So call your school and find out what they release.

Review your medical background
This is another controversial one, which also has legal restrictions. The laws vary from state to state, so you’ll have to do a little research on your state’s website. But here’s an example: In Minnesota, an employer can only give you a medical exam or request your records if an offer for employment has been made. The employer is only allowed to examine you for “essential, job-related abilities.” Any “information obtained is collected and maintained separately and is treated as a confidential medical record.”

Depending on your state’s laws, and what job you’re applying for, you might want to request a copy of your medical records from your health care provider. They are legally required to hand them over.

Request your driving record
Many background checks also include driving records. If your future job requires you to drive, your employer may want to pull yours. To find out what’s on public record, request your report from the DMV.

Once you have all this information, you’ll be in a much stronger position if a potential employer asks to do a background check, even if you know she’ll find some dirt on you. Take a moment to be upfront about anything you think could be a deal breaker — they’ll likely appreciate your honesty and give you a chance to explain yourself.

View Source

Richmond VA Sept 30 2013 Using Department of Motor Vehicles records as its core, the state government is quietly developing a master identity database of Virginia residents for use by state agencies.

The state enterprise record – the master electronic ID database – would help agencies ferret out fraud and help residents do business electronically with the state more easily, officials said.While officials say the e-ID initiative will be limited in scope and access, it comes at a time of growing public concern about electronic privacy, identity theft and government intrusion.

“It makes it easier to compromise your privacy,” said Claire Guthrie Gastañaga, executive director of the American Civil Liberties Union of Virginia. “They’re using DMV for some other purpose than driving.”

DMV points out that, in today’s world, state driver’s licenses are the fundamental identification documents used by most Americans.
State officials say participation in the e-ID system will be voluntary, but the reason that the state has been moving to offer “privacy-enhancing credentials” to Virginia residents is the increasing number of government services offered online.

However, “anything you make more accessible and efficient for the user, you potentially open up for opportunities for risk, for attack,” said Robby Demeria, executive director of RichTech, Richmond’s technology council.

The first state agency using the largely federally funded Commonwealth Authentication Service system will be the Department of Social Services, aiming to satisfy federal Medicaid requirements under the Affordable Care Act and to reduce eligibility fraud and errors. The system goes live Tuesday.

About 70 percent of Social Services’ clients are in DMV’s database, said David W. Burhop, the Department of Motor Vehicles’ deputy commissioner and chief information officer.

Four state agencies are now involved in Virginia’s e-ID initiative: DMV, the state’s “ID professionals”; the Virginia Information Technologies Agency, which runs the state’s IT systems; the Department of Social Services; and the Department of Medical Assistance Services.

DMV has the records of about 5.9 million licensed drivers and ID card holders. Some of that information – names, addresses, dates of birth, driver’s license numbers – will form the core of the state’s identity authentication system.

“To us, it is a tool that allows individuals to create online accounts,” said Craig C. Markva, communications director of the Department of Medical Assistance Services, speaking for Secretary of Health and Human Resources William A. Hazel Jr.

“When someone wants to do this, we need to be able to verify that the person trying to access the account is who he or she claims to be,” Markva said.

“This requires that they provide basic demographic information … that we can compare to what is known by DMV or by DSS (Department of Social Services) already.”

So far there’s been no public discussion in Virginia of the state’s electronic personal identity initiative or the use of the Internet for increasingly more transactions with the state government.

“When we allow governments to do that,” said Virginia ACLU’s Gastañaga, “it facilitates and empowers things that we might not want to have happen if the wrong people get into power.”

Decisions based on the convenience of using information technology are often done with a short-term perspective, said Rob S. Hegedus, chief executive officer of Sera-Brynn, a cybersecurity company in Suffolk.

“The privacy aspect catches up afterwards,” he said.

The state does not plan to hold public hearings on the Commonwealth Authentication Service system, officials said, but Demeria with RichTech contends “there’s plenty of reason for us to have a public discussion, debate, (and) consideration.”

“We want to make sure all the i’s are dotted and t’s are crossed before we execute,” he said.

For members of the public, Burhop said, e-ID would allow use of the Internet with security and privacy while needing only a single sign-on, providing faster service and lowering service costs.

“This is geared toward citizens who say, ‘Why do I have to fill out this again?’ ” DMV’s Burhop said.

Virginia is a leader in using online transactions, DMV said. But in order to move higher-risk transactions to the Internet, a more robust authentication method is needed, officials said.

For example, if a Virginian sells a car to another state resident, the deal requires a physical exchange of the registration card and the handwritten information on the card that is often hard for DMV representatives to read when the buyer registers the vehicle at the agency, noted Pam Goheen, DMV’s assistant commissioner for communications.

“If both parties had a high-assurance credential such as an e-ID,” Goheen said, “this transaction could be done entirely online which would include the registration and title updates eliminating the need to visit the DMV and speeding up the process.”

The Virginia Information Technologies Agency and contractor Northrop Grumman are responsible for state IT infrastructure, but state agencies are responsible for their business applications and the data they hold, said Sam Nixon Jr., the state’s chief information officer.

IT security is a shared responsibility between VITA and the state agencies it serves, Nixon said.

DMV says the $4.3 million Commonwealth Authentication Service system will be safe from abuse because agencies will control individuals’ files. Those files will not all be put into a single database open to other agencies.

Agencies using the service to verify a client’s identity will get only a yes-or-no reply from the Commonwealth Authentication Service system, DMV said.
And the DMV has not suffered a data breach, Burhop said.

Nonetheless, cyberhackers are always trying to break into the state’s IT system.

In 2012, VITA and Northrop Grumman blocked more than 110 million cyberattacks on the state’s data networks, Nixon said. “You can do the math, but that represents hundreds of thousands of blocked attacks each day.”

More than 47,000 viruses were blocked before they affected Virginia’s government IT assets, Nixon said, and the number of security incidents VITA detects and fixes has tripled since 2011.

But in 2009, before the Northrop Grumman took over the state’s IT system, hackers got into the Virginia Department of Health Professions’ prescription-monitoring database. Though it was unclear what records were actually taken, the database contained records of more than half a million people and more than 35 million prescriptions.

Also in 2009, the Department of Education sent a thumb drive to another agency that contained more than 103,000 sensitive records. It was later determined that the thumb drive was lost.

“When you ask a government entity to keep something like this safe, they really can’t,” Sera-Brynn’s Hegedus said. “Nobody can guarantee it.”
Times-Dispatch

View Source

A Russian-speaking man casually shows on camera how he can download a punter’s bank-card details and PIN from a hacked card reader.

In a video demonstrating a tampered sales terminal, a card is swiped through the handheld device and a PIN entered – just as any customer would in a restaurant or shop. Later, after a series of key-presses, the data is transferred to a laptop via a serial cable.

Account numbers and other sensitive information appear on the computer screen, ready to be exploited. And the data can be texted to a phone, if a SIM card is fitted to the handheld.

We’re told the footage, apparently shown on an underworld bazaar, is used to flog the compromised but otherwise working kit for $3,000 apiece – or a mere $2,000 if you’re willing to share 20 per cent of the ill-gotten gains with the sellers under a form of hired-purchase agreement.

Crucially, the gang selling this device offers a money-laundering service to drain victims’ bank accounts for newbie fraudsters: a network of corrupt merchants are given the harvested card data and extract the money typically by buying fake goods and then cashing out refunds. The loot eventually works its way back to the owner of the hacked card reader.

A copy of the web video was passed to The Reg, and is embedded below. We have rotated part of the footage so it’s easier to read the on-screen text.

Electronic security consultancy Group-IB said the modified Verifone VX670 point-of-sale terminal, shown above, retains in memory data hoovered from tracks 1 and 2 of the magnetic stripe on the back of swiped bank cards, as well as the PIN entered on the keypad – enough information for fraudsters to exploit.

The setup suggests the sellers are based in Russia. In the video, a credit card from Sberbank, the country’s largest bank and the third largest in Europe, is used to demonstrate the hacked terminal’s capabilities.

If a SIM card for a GSM mobile phone network is fitted to the doctored device, the information can be sent by SMS rather than transferred over a serial cable, explained Andrey Komarov, head of international projects at Group-IB.

He told us crooks tampering with point-of-sale (POS) terminals and selling them isn’t new – but the bundling of money-stealing support services, allowing fraud to be carried out more easily, is a new development in the digital underground.

“We have detected a new group that sells this modified model of POS terminals and provides services for illegal cash-outs of dumped PINs through their own ‘grey’ merchants: it seems they buy fake stuff, and then cash-out money,” Komarov said.

“It takes less than three hours. According to our information, this kind of service is really new, and it is also being used by different cyber-criminals against the Russian bank Sberbank.”

Komarov told El Reg that the emergence of hacked card readers is due to banks improving their security against criminals’ card-skimming hardware hidden in cash machines and similar scams. Planting data-swiping malware in POS handhelds out in the field is possible, but it is fairly tricky to find vulnerable terminals and infiltrate them reliably without being caught.

It’s a touch easier to buy a tampered device and get it installed in a shop or restaurant with the help of staff or bosses on the take. This creates a huge potential market for fraudsters, according to Komarov.

Scam warnings

Banking giant Visa has issued several alerts about this kind of fraud along with occasional warnings about device vulnerabilities – such as this warning from 2009 [PDF]. And social-engineering tricks [PDF] in which fraudsters pose as Visa employees carrying out adjustments to terminals – while actually compromising them – has been going on for years.

One alert [PDF] from Visa, dating from 2010, explains how thieves worked in the past and the steps merchants can take to defend against the fraud: anti-tampering advice from this year can be found here [PDF], an extract of which is below:

Criminal gangs worldwide are illegally accessing active POS terminals and modifying them by inserting an undetectable electronic “bug” that captures cardholder data and PINs during normal transaction processing.
The impact of this type of crime can be significant to all key parties involved in card acceptance. An attack can not only undermine the integrity of the payment system, but diminish consumer trust in a merchant’s business. In response to this emerging threat, acquirers, merchants and their processors need to proactively secure their POS terminals and make them less vulnerable to tampering.

A more recent advisory on combating this type of fraud, issued earlier this year by Visa, can be found here [PDF].

Avivah Litan, a Gartner Research vice-president and an expert in banking security and related topics, said that tampering with card readers has been going on for years. She agreed with Group-IB’s observation that since banks are investing more in securing cashpoints, penetrating point-of-sale terminals can be an easier way to make money for criminals.

“The bad guys will go after anything they can, but it can be easier to find dishonest merchants to cooperate in running tampered terminals [to harvest bank details] than going after ATMs,” Litan told El Reg, adding that this kind of fraud was rife in South America, particularly in countries such as Brazil.

But Group-IB’s Komarov believes the Russian-speaking fraudsters behind the black-market sale of hacked sales terminals are targeting the international market as well as crims in the motherland. “The example they showed for Sberbank was just because they also use it against Russian-speaking countries, as they have Russian-speaking roots,” he explained.

We passed on Group-IB’s research to Verifone at the start of this month, along with a request for comment on what could be done to frustrate the trade of tampered card readers through underground markets and similar scams. We have yet to hear back from the device manufacturer. We’ll update this story if we hear more. ®

View Source