Government-Aided Phishing 222
Anonymous writes "A Florida county is posting the Social Security numbers, bank account info and other sensitive data of hundreds of thousands of current and former residents on its public Web site, Computerworld is reporting. A county official says there's no problem, since the postings are in compliance with state law requiring public availability of records." From the article: "The breach stems from the county's failure to redact or remove sensitive data from images of public documents such as property records and family court documents, Hogman said. Included in the documents that are publicly available are dates of birth and Social Security numbers of minors, images of signatures. passport numbers, green card details and bank account information."
let's open some bank accounts (Score:2, Insightful)
what's going to convince them that this is a bad idea?
Re:let's open some bank accounts (Score:3, Insightful)
maybe someone posting a link [205.166.161.12] to the broward county public records site...
Re:let's open some bank accounts (Score:2, Funny)
*sigh*
Re:let's open some bank accounts (Score:5, Informative)
I just randomly picked a last name, and a couple of clicks later I know that (I've removed the names) L.A.P and A.J.P got a mortgage for 141,999.00 on 5/14/2004 from the CITY FEDERAL SAVINGS BANK.
So, if I were a phisher, I now have two names, and a dollar amount. I already know approximately where, and by clicking on the other records I know that they've been there for about 20 years, and that they also had some legal problems back in 1991, again, I'm leaving out the details.
W.T.F ?!?!?!?!
I would be humongously upset that this sort of stuff is available just by clicking.
Worse, by searching on the same two names + broward county plus a good guess as to another term, I found a link to a dump of 756k from google's cache. http://www.google.com/search?num=20&hl=en&lr=&safe =off&q=www.co.broward.fl.us%2Fdatabase%2Frecords%2 F03-24nme.txt&btnG=Search [google.com]
If I were a phisher, a few minutes with perl would give me a decent dictionary with which to start ...
Re:let's open some bank accounts (Score:5, Interesting)
The site is an
If all of the above is true, then the search I started should return everything between 1/1/1978 and 4/10/2006 in the database, assuming that their server survives the request. If this is true, this means that getting everything in their database is a trivial task, and that they are exposing a lot of people to identity theft, very easily. Further, even if they go through and redact the data later, it is probably too late, as the data would have been long since scraped. This is one time that I hope a slashdotting kills a server.
Re:let's open some bank accounts (Score:2)
Re:let's open some bank accounts (Score:2)
Re:let's open some bank accounts (Score:2)
MySQL > MSSQL
Re:let's open some bank accounts (Score:2)
You mean aside from the fact that you just posted your intentions on Slashdot?
Class-action suit? (Score:2)
That's easy (Score:2)
That's easy. Identify who "them" is, and narrow down all the SSN's, driver's license info, etc. and just publish that for the people who are responsible for posting this stuff. If you really wanted change the situation, just add a few of the high ranking politicians for the county to the list.
There are even ways of making this stuff a permanent part of the Internet, though I'll refrain from giving the less technically clueful some ideas.
I have a
Re:let's open some bank accounts (Score:2, Interesting)
Surely, I must be exaggerating. Sadly, no. See:
http://wamublamesgrandma.blogspot.com/2006/03/wamu s-response-to-my [blogspot.com]
Comment removed (Score:5, Insightful)
Re:Local Politicians (Score:2)
Re:Local Politicians (Score:3, Informative)
Make checks payable to... well you can look up that info yourself!
Re: (Score:2)
Re:Local Politicians (Score:2)
Re:Local Politicians (Score:3, Interesting)
Re:Nope (Score:5, Informative)
Funny thing, they are public docments. Altering then to hide the information is illegal.
Funny thing is, you are wrong. The Privacy Act of 1974 covers what to do with private data in government records at the federal level, and many states have similar provisions. Essentially the documents are public property, but specific personal details are not. For example, citing a court case, evidence, its outcome, etc. is public record. Giving the SSN of the person found guilty and the bank account number used to pay the fine is NOT public record.
Another example is declassified documents. Yes, they are public, but usually redacted. For example, giving information on an old military operation while redacting information that identifies the specific people involved. People that may very well still be in the military performing similar operations.
Altering public documents to the extent of redacting personal information, which is what this article is about, most certainly is legal and often required. However, you are an anonymous coward -- obviously someone redacted your user account so I don't know who you are.
Re:Nope (Score:2)
If I had mod points I dunno whether I'd give you a Funny or Informative.
Florida: comic relief for a stressed-out nation! (Score:2)
Re:Florida: comic relief for a stressed-out nation (Score:3, Funny)
<Homer>Florida? But that's America's wang!</Homer>
FLORIDA (Score:5, Funny)
Re:FLORIDA (Score:2)
Re:FLORIDA (Score:2)
I was unaware that the Catholic Church was providing online access for its members. Perhaps you meant "en masse"?
Re:FLORIDA (Score:2)
Re:FLORIDA (Score:2)
Whenever I hear a strange story... (Score:2)
It's sorta obvious if you think about it.. (Score:2)
if one is an idiot, it hurts everything below.. and due to genetic stats, it's more likely they both are.
if you work for a division, who's brother is an idiot ceo,
now- substitute division with state, division head with govenor.. and ceo with president..
imagine, they are under TWO bushes...
Re:It's sorta obvious if you think about it.. (Score:3, Funny)
See, when a
Re:It's sorta obvious if you think about it.. (Score:3, Insightful)
Re:It's sorta obvious if you think about it.. (Score:2)
old news (Score:3, Interesting)
Re:old news (Score:2)
I got a bit of a surprise - I sent some registered mail - and now I have an "electronic copy" of their signature, sutiable for cut-n-paste.
I am NEVER AGAIN going to accept registered mail, or if I do, I'm signing someone else's name. This is getting ridiculous!
Re:Like that's a problem (Score:2)
Re:Like that's a problem (Score:3, Interesting)
The problem with having bad credit isn't not being able to get credit, it's not being able to get credit at a reasonable interest rate. Identity theives, not planning on paying the bills, don't give a shit about the interest rate.
Identity theft (Score:2, Interesting)
When you are the victim of identity theft you know who to sue: Sue Baldwin,
Broward County, and the State of Florida. Two out of three deep-pockets isn't bad.
Re:Identity theft (Score:2)
Re:Identity theft (Score:2)
No no no.... It says right on the mortgage that her name is VERNA Sue Baldwin.
Personally I love her oath to "uphold and defend the Constitution of the United States and the Constitution of Florida." Priceless...
bad year for boward (Score:5, Interesting)
http://cbs4.com/topstories/local_story_033170755.
and then retaliated against the journalist after the piece aired:
http://cbs4.com/local/local_story_086232143.html [cbs4.com]
Re:bad year for boward (Score:2, Interesting)
Dammit, why'd I have to take a job down here? I did some digging and, sure enough, there are documents about me freely available on the web.
Re:bad year for boward (Score:2)
Re:bad year for boward (Score:2)
Re:bad year for boward (Score:2)
Note to self: When a city is trying to drive residents from their homes, don't take pictures of a hit and run.
Re:bad year for boward (Score:2)
"The Broward County Records Division shall not be liable for errors contained herein or for any damages in connection with the use of the information contained herein
Re:bad year for boward (Score:4, Informative)
C'mon, the least Slashdot could do... (Score:3, Funny)
Re:C'mon, the least Slashdot could do... (Score:2, Informative)
Why am I not surprised. (Score:5, Funny)
No way (Score:5, Funny)
Re:Why am I not surprised. (Score:3, Informative)
I need to get out more, that was the funniest thing I've read in a week.
-:sigma.SB
They must do it! (Score:5, Insightful)
This info was Public Records since, well, always :-)
Anybody could go to town hall and browse the registry of deeds and other repositories. It just became more convenient to do it, but it was always possible.
In a way, we always relied on "security through obscurity" keeping this information (kinda) private, and are now all upset at the obscurity withering out.
Re:They must do it! (Score:2)
Re:They must do it! (Score:2)
Re:They must do it! (Score:2)
This tells you what government promises and safeguards are worth.
Re:They must do it! (Score:2, Informative)
Its that the criminals have found a use for the information.
Re:They must do it! (Score:2)
It violates federal law, which trumps state law. Specifically, the privacy act of 1974
Re:They must do it! (Score:2)
It just became more harmful, because of the Internet, but the nature of it did not change.
So, people, don't let your 2000-election wounds open up again :-)
Re:They must do it! (Score:2)
What I meant was, having a state law patently contradicting a federal one for over 30 years, while possible, is a lot less likely, than a Slashdot user misreading one or both of the laws.
Re:They must do it! (Score:3, Interesting)
Wrong. The Privacy Act of 1974 only applies to the executive branch of the federal government.
Re:They must do it! (Score:2)
Re:They must do it! (Score:2)
The obscurity was never there. Only the stupid or lazy didn't look.
From TFA: Baldwin added that the information available on the Web is also freely available for public purchase and inspection at the county offices. "Professional list-making companies have always purchased copies of records and data from recorders to use in the creation of specialized mark
Re:They must do it! (Score:2)
Maybe not Phishing but... (Score:2, Funny)
I don't know if this could be considered "phishing" in the sense that I'm trying to lure people into giving me their information. It's right out there for all to see without going through all the bothersome effort of setting up a fake website and sending out the e-mails! Just some browsing, and then setting up the bank transfers and charging purchases!
And to think of all the effort that's being wasted on setting up phishing schemes, when Broward County will do all the work instead!
Bill Gates SSN (Score:3, Informative)
From the website itself.... (Score:4, Informative)
According to the Federal Trade Commission (FTC), identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. The FTC reports that there were 161,819 victims of identity theft in calendar year 2002. Florida has one of the highest
Back to top
Tips to Avoid Identity Theft
-Do not respond to phone calls or emails from unknown solicitors seeking personal information.
-Do not leave documents containing identifying information lying around your house or workplace. Keep them in a secure location.
-When discarding documents containing your social security number, credit or debit card information, or utility and phone bills, shred or destroy them. Don't just throw them away.
-Limit the contents of your wallet. Do not carry extra credit cards or important identity documents (social security card, passport, etc.) except when needed. Never carry passwords or PIN numbers in your wallet. -Photocopy, scan, or make a list of the contents of your wallet and keep it in a safe place. Copies or scans should include both sides of each item. A list should include account numbers, expiration dates, and customer service phone numbers for each item.
Maybe someone could point them to their own site? And why make copies if you can download for free???
Attacking the wrong people (Score:5, Informative)
Most states have this.
Don't attack the wrong people, the blame lies squarely with the credit card companies for using your SSN as identification and trusted authentication.
These are all public records and always were public records. It just saves you a drive to the court house of the respective county (or paying a PI network to do same) to have them online.
Yeah, I admit Florida is one fucked up state in so many ways, but don't blow this out of proportion.
Re:Attacking the wrong people (Score:2)
You *do* realize that credit card companies are required by law, since the 9/11 attacks (I think it was a provision in the PATRIOT Act), to collect peoples' SSNs for "anti-terrorism" purposes?
Of course, they were doing credit checks long before then, and SSNs are useful for that too. I'm not certain, but I think the FDIC may impose regulations which require S
The more SSN's out there the better? (Score:4, Insightful)
OK it had to be said (Score:4, Funny)
*ducks*
PUBLIC RECORDS (Score:2, Interesting)
It's really not fair at all to say that a record is "Public" if you have to drive to the office and pay $4/hr for a parking spot (if you're lucky enough to find one). Besides, most courhouses have rules li
This is good! (Score:4, Insightful)
Re:This is good! (Score:4, Insightful)
Shocking: laws do NOT replace common sense (Score:2, Insightful)
If all things in compliance with the law are perfect, then what the hell we need politicians to change/update the laws for? Fire the bastards.
found in five clicks (Score:2, Interesting)
Older than 1978 (Score:2)
Not just Florida (Score:2)
(At least, last I was in there a year or two ago)
Good news for the rest of us (Score:2)
Why bother trying to steal ID anywhere else when Broward County has offered itself up as a sacrifice for the surfing?
This is not Phishing (Score:4, Informative)
Phishing is the attempt to get someone to submit information to you by pretending to be someone else.
What the government is doing is publicizing information.
These two activities have almost nothing in common.
Florida.Query("Verna Sue Baldwin") (Score:3, Informative)
Broward County Bar Association [browardbar.org]:
Verna Sue Baldwin
Broward County Records Division
115 South Andrews Avenue
Suite 120
Fort Lauderdale, Fl 33301
954-357-7271 Voice
954-357-5573 Fax
sbaldwin@broward.org
www.broward.org/records
According to the Broward County Phone Directory [broward.org], the above phone number is the director's number, not the general dept. number. This is further evidence that Verna is Sue.
Here is Verna Sue Baldwin's Notary Certificate, notary ID 620591 [92386313] [205.166.161.12].
In November 1994, Verna Sue Baldwin and David D. McLauchlin (her husband) sold their condo to [name withheld]. Warranty deed [94569014] [205.166.161.12].
Verna Sue Baldwin then purchased a home:
4011 Thomas Street
Hollywood, FL 33021-3540
Parcel number 11208-11-03500
Folio number 514208110350
Warranty Deed for 4011 Thomas Street [94565427] [205.166.161.12].
According to that warranty deed, Verna Sue Baldwin's Social Security Number is 234-74-8234 [94565427] [205.166.161.12].
In May 2000, she added a 14x28 swimming pool [100293267] [205.166.161.12].
In July 2004, Verna Sue Baldwin and David D. McLauchlin paid off their mortgage [104151876] [205.166.161.12].
Note: I didn't list all of Sue Baldwin's loans. Be sure to do that before ordering her credit report. Equifax uses that information for "security".
It looks like Verna Sue Baldwin still lives at 4011 Thomas Street. Parcel sales history [bcpa.net]. 2005 property taxes [broward.fl.us]. Map [66.55.51.198].
Verna Sue Baldwin's mother is Dora B. Baldwin, as stated in her Durable Family Power of Attorney document [101676908] [205.166.161.12]. Dora isn't currently married, so Baldwin might be her maiden name. Perhaps try searching West Virginia's public records.
Re:next news story (Score:3, Interesting)
What the hell made Florida ever think that this was a good idea?
Re:next news story (Score:3, Funny)
I think you answered your own question.
Re:next news story (Score:2, Redundant)
What the hell made Florida ever think that this was a good idea?
The fact that it's FLORIDA. Florida would be a lovely place, if not for the people who live there - especially the politicians!
This data breach is, without question, criminally irresponsible. Wanna bet none of the inbred morons responsible is ever brought to trial?
I'm a Canadian computer geek who wants American citizenship - the only thing keeping me from wgetting the entire site and building an identity is the fact that I'm not a complete
Re:next news story (Score:2)
You must have a fever or something... Wanting to move to a country like that.
Certainly devs earn more money in places like NYC, but they also pay obscene amounts of rent too. And due, the Vancouver tech market is booming.
Re:next news story (Score:2)
You must have a fever or something... Wanting to move to a country like that.
What? Of the most friendly people I've ever met (certainly more outgoing than Canadians), with a second-to-none can-do spirit?
Americans are just like Canadians, but on an individual basis they're friendlier, and the hardware stores have more/better tools.
Certainly devs earn more money in places like NYC, but they also pay obscene amounts of rent too. And due, the Vancouver tech market is booming.
Don't care. I'd rather live in
Re:next news story (Score:2)
Don't care. I'd rather live in rural Iowa than either one of those cities. If more than 70% of the men in a given place don't know how to change a spark plug, I'm not moving there.
Why learn how to change spark plugs when you haven't got a car?
Re:next news story (Score:2)
Curiosity. The real question is how to learn when you haven't got a car.
Besides, its just saving time learning a skill that will be obsolete when the oil runs out. Plan for the future and learn to wind coils instead.
Re:next news story (Score:2)
But I am
-nB
Re:next news story (Score:2)
Argh argh argh argh! (Score:2)
There is no 'a' anywhere in the word. Ever. Under any circumstances. If you're going to put something in ALL CAPS, please, for the love of God, people, spell it correctly.
Other that that, I agree with you completely.
Re:Argh argh argh argh! (Score:2)
Re:next news story (Score:3, Funny)
Speaking of attracting undesireables, I appear to have picked up a stalker, nyahahah! Eh any ACs or GuloGulo (959533) that respond to this message, everyone remember the name, this one is truly half baked.
Hah! Stalkers? Gimme a break. Try carrying around my sig and see how many disgusting uncircumcised Europeans or "I was robbed at birth!" wackos hit me up.
I hope they all get phimosis. Savages.
Re:Devaluing SSN & account numbers (Score:2)
Re:Devaluing SSN & account numbers (Score:2)
Let's put it that way, the border cops near San Diego were quite glad I had my passport with me...
Re:Devaluing SSN & account numbers (Score:2)
Of course not. For one, it's a driver's license. That has nothing to do with citizenship or residency. Also, the state issued driver's licenses are not linked to federal citizenship status. If you've ever gotten a job, you know what proves identity, and what proves citizenship. You can use a valid passport to prove both (I think the only civilian ID a natural born citizen can have that proves
Re:Wanted Posters (Score:3, Funny)
Yeah, but were you really tempted to steal the identity of someone the police were looking for?
Re:Wanted Posters (Score:3, Insightful)
What better identity to commit a crime under could there possibly be?
Re:Privacy Act (Score:3, Informative)
Re:Broward County (Score:2)
Re:What's the big deal...? (Score:2)
With it, and maybe a name or birthdate...one could get an actual, official SSN card. With that, you can get a drivers license, with YOUR picture on it. After that, the world is your oyster.
Or, with the SSN and address/name, you can apply for a credit card. Spend all you want, and blow off the bills.
It's not just the number...it's the number + name or address or birthdate.