GovInfoSecurity has an interactive 2010 Timeline of skimming attacks. You can roll over the chart and get details, or just scroll through the text of each attack below the chart.

I found the chart a little hard to read, so here’s my remix:

This makes it easier to see that many of the attacks are classified as “unknown”. At least one example should be familiar to my regular readers:

Tino’s Greek Café
Austin, Texas
Type of Attack: Unknown
Cards Compromised: Unknown
Date Discovered: August 11

A popular Austin restaurant, Tino’s Greek Café, reports that its customers’ card data was stolen by criminals. Some customers have lost thousands of dollars and charges that are turning up from as far away as South Africa and Brazil. Local law enforcement says that customers who ate at the restaurant and used debit or credit cards to pay for meals between March and July may have had their card data stolen. Police continue to investigate the crime and have not yet determined how the criminals stole the card data.

Heartland has said both publicly and to me in person that the attack is “outside their system”. They have hinted at fault with the POS, which I have discussed before. This was their official/PR statement:

The intrusion likely occurred in the third-party point-of-sale system used at the merchant location or as a result of other fraud. The Heartland system has not been compromised in any way.

I will be discussing the details of this case and more in my presentation at RSA San Francisco 2011.

Session ID: CLD-204
Date: Wednesday, Feb 16
Time: 1:00 PM
Location: Orange Room 305

Here is the understated banner they gave me to show you. I asked for a bigger one, but this is what they sent :)

The California State Supreme Court turned down an appeal for a San Francisco dog-mauling defendant. The court pointed out that the dog’s owner was negligent by failing to take simple measures to reduce risk of attack and by failing to assist the attack victim.

The court said a fatal dog mauling is murder if the owner knew the animal posed a risk to human life and exposed others to the danger.

Judge Charlotte Woolard reinstated the murder conviction in 2008, saying Knoller had known [the 140 lb dog] Bane was dangerous from past incidents, did not muzzle him before taking him into the hallway, and did not call 911 or take any other meaningful action to save Whipple during the 10-minute mauling.

This brings to mind the controversy surrounding the Idaho prison where guards failed to take simple measures to reduce risk of attack and failed to assist the attack victim.

The surveillance video from the overhead cameras shows Hanni Elabed being beaten by a fellow inmate in prison, managing to bang on a prison guard station window, pleading for help. Behind the glass, correctional officers look on, but no one intervenes when Elabed is knocked unconscious.

No one steps into the cellblock when the attacker sits down to rest, and no one stops him when he resumes the beating.

The victim, a Muslim man of Palestinian decent incarcerated for robbery, can be seen in a graphic surveillance video trying to get away from his attacker. The attacker, who was incarcerated for assault, described himself on MySpace as 5’5″, 150 lbs and half Mexican, half white. The victim tries to reach the guards and signals for help instead of fighting back. The attacker eventually knocks the victim unconscious and then kicks him in the head repeatedly in front of at least three guards on duty.

He then takes a break to sit in a chair, catch his breath and take a drink before returning to kick his unconscious victim in the head. Two minutes pass after the attack stops again before guards enter. The attacker lays down calmly to have cuffs put on. The victim had been attacked and asked for help before, described in the Idaho Statesman.

Before the Idaho attack, [the victim] tried to get help from prison staffers, telling them that he had been threatened and giving them details about drug trafficking between inmates and staffers that he had witnessed, according to his lawsuit. He was put in solitary confinement for his protection but was later returned to the same unit with the inmates he snitched on, his lawsuit said. He was on the cellblock only six minutes before he was attacked.

Steven Pevar, an attorney for the American Civil Liberties Union, said in 34 years of suing more than 100 prisons and jails, the Idaho lockup is the most violent he has seen.

“This isn’t even what we know of as a prison – this is a gulag,” Pevar said.

Pevar blames the violence on CCA and the former warden, Phillip Valdez, who was head of the prison when Elabed was attacked. Valdez was later transferred to another CCA prison in Kansas. The company refused to disclose its reason for moving him.

The victim suffered internal head bleeding and was in a coma for the next three days before he was returned to prison, where his condition worsened. He then had to be discharged from prison due to permanent brain damage. The attacker’s sentence was increased after a guilty plea for “aggravated battery and to committing battery with the intent to promote gang activity”, but he will be eligible for parole in 8 years. Attempted murder?

The FBI is now investigating the Corrections Corporation of America (CCA) for prisoner treatment in this privately run Correctional Center in Idaho. Apparently the CCA was already being sued for guards forcing prisoners to “snitch” on other prisoners. This would mean that not only did they know “the [attacker] posed a risk to human life and exposed others to the danger” but they also may have increased the risk by baiting the attacker.

This situation is said to be different than other CCA asymmetric prisoner fights such as the 2008 death in Oklahoma due to head trauma, because the exact time line and other details were recorded by surveillance cameras.

The Maemo wiki has a page on SMSCON, a python script with some nice ideas for remote control.

SMSCON provides complete control of your N900 by sending SMS commands to it. This is particularly handy in case you cannot find your phone, for example if it has been lost or even stolen.

SMSCON is a two part Python script running in command-line; smscon and smscon_daemon. smscon is the command-line control part and smscon_daemon is the daemon (running in the background) part. The configuration file for all the user settings is in the smscon_config file.

SMSCON will also auto-load silently at boot, waiting for a special SMS command message in case you phone is lost (or even stolen).

SMSCON can’t guarantee that you will find your phone again, but it will provide the maximum chance to recover it. If this application ever helps you to recover your phone please tell the story on Maemo.org! The best way is of course to never lose your phone or let it get stolen…

Recovery of the phone is a start, but obviously remote monitoring and remote control of a linux system using SMS has many other applications in security. One might say this is the future of surveillance systems. Likewise, detecting communication with these devices in your organization has just become even more imperative.