A report out of the Identity Theft Resource Center claims that the number of data breaches in 2008 has already surpassed 2007's total of 446. While it's intuitively obvious that the number of data breaches is increasing, I have a hard time putting much credence in the actual numbers reported by the ITRC or the reasons they cite for the increase.

The first problem with counting data breaches is that we all need to admit that the only statistics we see at all are reported data breaches. Until 2003 when California passed the watershed legislation in this field, SB 1386, very few breaches had to be reported and predictably almost none were. Initially, many global enterprises ignored SB 1386 assuming that if they didn't have a presence in California they weren't subject to it's requirements. It took awhile before most enterprises, particularly those outside of...

OK, it may not be as big a news story as Lindsay Lohan's announcing she's converting to Judaism, but I thought the story coming out of embattled Georgia that they have been seeing massive Distributed Denial of Service attacks originating in Russia is interesting. No, not the fact that the Russians clearly view cyberwar as integral part of modern warfare. They proved that LAST year when the Russians brought the 'net infrastructure of Estonia to it's knees in a dispute over a Russian war memorial.

No, what I found interesting is that it's not at all clear who in Russia is orchestrating the attacks. Early reports focused on the Russian military and some shadowy botnet service providers. Now there's speculation that it may simply be a group of patriotic Russian hackers doing their best to defend the motherland. Gary Warner at University of Alabama Birmingham has done some really...

It's been an extraordinarily active week on the cybercrime front and it feels like a good time to initiate a new blog I've been thinking about for some time. For those of us that track cybercrime, identity theft and the other activities of Internet miscreants, it's clear that the nature of the game has changed in the last year. Cybercrime, historically an activity driven by testosterone impaired geeks, has become the latest growth industry for organized crime. I'll look at some of the facts and statistics that demonstrate this in the coming weeks, but for now I want to look at some of the more interesting evolving stories.

First, there was the arrest of eleven suspects in the TJX case. For those of you that don't follow internet crime closely, this was the data breach that caused the release of 41 million records (mostly credit card numbers) into the wild. Estimates of losses to date run in the hundreds of millions of dollars. The FBI has been working...

While products such as PGP Universal and PGP Desktop have done a successful job of protecting email and storage, securing the data presented in web application have largely been unaddressed.  Users of web mail (Gmail), forums, blogs and group calendering (google calender) currently have no reasonable way to insure the privacy of their information, in that it often resides on the web server. This pair of blogs discusses the various options for using PGP technology to extend the web client with the goal of securing web data with and without the consent of the web site operator.

Securing Web Data...An Undiscovered Country

Web applications are especially popular among mobile computer users. This is partially due to the computing and power limitation of the mobile devices, but also because of the complexity of security and synchronization issues.  While MAPI/Notes and IMAP are often used for corporate mail, web mail has also become very popular....