A Heck of a Pickle With This Technology

An inside look at security measures in the computer industry left his audience mulling over what they’d just learned. Bringing a wealth of experience in the field, Kirk C. Bailey reeled off dozens of examples of where we’re dealing with “broken technology, not being used for what it was designed.”

Bailey, picked by the December 2003 issue of Information Security Magazine as “one of the ten best people in the industry — chosen as the Best Multi-Tasker” today — serves as Chief Information Security Officer (CISO) for the City of Seattle. He is also the UW’s manager of Strategic Computer Security Services.

From these perches, Bailey has become a sought-after advisor to organizations seeking answers to computer security. He is the founder and key leader of The Agora, a professional security organization. Founded in 1995, The Agora is a successful strategic association of information systems security professionals, technical experts, and officials from the private sector, public agencies, local, state and federal government, and law enforcement.

Bailey’s work with The Agora has been reported throughout the country in the nation’s leading newspapers. He has also appeared on local television news shows, as well as the PBS Frontline special “Hackers.” Bailey is a 28-year veteran of Information Technology, with special interest in its application to healthcare and banking. His main hobby is collecting baseball autographs, including rare signatures of early players and paintings.

The speaker took us back to the early 70’s when he worked as the Night Shift supervisor for data processing at the National Bank of Commerce (forerunner of Rainier Bank, et al).

He described the night that “Chad” made history by falling ten stories down the wastepaper chute, falling on a bed of tons of waste paper from the day's work. “Chad gave meaning to the mounds of paper bits, when 30-years later his name would be synonymous with a certain election in Florida.”

“Technology today is invading our private lives. With the release of tiny cameras with huge storage capacity, there is no control over our privacy. Companies share names and addresses of clients and data proliferates. Just how far has it gone?”

Kirk, in October of 1999, selected a group of 12 acquaintances to conduct a study of the data contained in files bearing his name. The group was asked to explore all avenues over a six-week period, “breaking no laws, and manufacturing no data,” to find out all it could about Kirk C. Bailey. He asked the group to work part time only.

At a cost of $100, six weeks later, the group returned to Kirk to inform him their findings. They were able to produce his full legal name (which he never uses), information that his mother gave birth to him by C-Section, produced a certified copy of his birth certificate (cost $14), social security number, all of his previous residences, mortgage information, previous neighbors, telephone accounts, utility usage, vacation days, credit card accounts, savings and checking accounts, a copy of his electronic signature, travel history, marriage information, magazines subscriptions, his schooling, a list of his friends and all of his charitable contributions over time.

“What this graphically shows is we have no custodial sense for our data. The training given to people handling sensitive information is minimal, as witnessed by the ease in which the Bailey Group gathered information about me. So, what are our choices? On the issue of identity theft, there are many places to go for information.”

Kirk offered a list of websites where information is available. These include the Federal Trade Commission, Washington State Attorney General’s Office, Credit Reporting Agencies, Social Security Administration, U.S. Postal Service and Department of Motor Vehicles.

Answering questions, Bailey said that social security numbers are available online. “It’s easy to get this information.”

“The worst thing you can do is publish the information about your family on a genealogy site. Birth and death information is useful for those wishing to steal identities.”

“The banking industry is very secure and they try hard to keep it that way. However, I’d recommend not using any online services about your accounts ­ period.”

“Anti-virus software only stops what we know. There are 65,000 known viruses out there, but new ones are identified at the rate of 400 to 500 a month. It’s difficult for the anti-virus software to keep current. Viruses will only continue to increase in number.”

“Wireless systems are flawed security-wise. The data transmitted is easily monitored.”

A reunion of sorts was held at the end of the meeting when Ted Ederer commented about Bailey’s reference to “The Barnswingers.” Back in the days of high school, it seems that both Kirk Bailey and Ted Ederer participated in a dance club called the Barnswingers. If that didn’t bring on some smiles, nothing would.

Thanks to Kirk Bailey and his riveting program. Thanks to Ernie Hayden for transporting Mr. Bailey to and from the meeting, for securing the program and for introducing our speaker. You got some good pictures, too, Ernie!

For his efforts, Kirk was given a certificate showing the BBRC had donated a book in his name to a child in the Bellevue schools, and Ernie was told to show up again this week for more pictures.

TOP

How to Protect Yourself from
Computer-Based Threats
Useful Cyber-Information Resources

How to be a “Cyber-Secure Citizen ...
National Cyber Security Alliance
http://www.staysafeonline.info/

How to Avoid Internet Fraud and Scams ...
U.S. Securities & Exchange Commission
http://www.sec.gov/investor/pubs/cyberfraud.htm

Everything you Need to Know About Internet Hoaxes ...
Dept of Energy’s CIAC
http://hoaxbusters.ciac.org/

How to Secure Your Home Computing Environment ...
Carnegie Mellon CERT
http://www.cert.org/tech_tips/home_networks.html

Consumers Guide to Internet Safety, Privacy and Security ...
National Consumer’s League
http://www.nclnet.org/essentials/

Test the Strength of your Password (How easy can it be cracked?) ... Security Stats, Inc.
http://www.securitystats.com/tools/password.php

How to Protect your Laptop (and the information on it) ...
LabMice.net
http://labmice.techtarget.com/articles/laptopsecurity.htm

If You are Really Interested in Computer Security (and want to learn a bunch about the nitty-gritty technical stuff) ...
an EnterprizeITplanet.com
http://www.antionline.com

Identity Theft
Where to go for more Information

Federal Trade Commission
Accepts complaints from ID theft victims:
Identity Theft Hotline: 1-877-IDTHEFT
http://www.consumer.gov/idtheft
Booklet “ID Theft, When Bad Things Happen to Your Good Name,” available by calling 1-877-FTC-HELP.

Washington State Attorney General’s Office
Posts detailed information about ID theft online at http://www.wa.gov./ago

Consumer Resource Centers
ID Theft experts statewide. Can help you refer you to the proper authorities and assist consumers and businesses regarding the new law.
Ph 1-800-551-4636.

Credit Reporting Agencies
Important to include your social security number and current address when writing to the three credit bureaus.

• Equifax: http://www.equifax.com
  Report Fraud 1-800-525-6285
• Experian: http://www.experian.com
  Report Fraud 1-888-EXPERIAN
• Trans Union: http://www.transunion.com
  Report Fraud 1-800-680-7289

Social Security Administration
Email: oig.hotline@ssa.gov
Ph 1-800-269-0271

SSA Fraud Hotline, FAX (410) 597-0118

U.S. Postal Service
If theft of US Mail is involved, or a fraudulent change of address has been filed, contact the U.S. Postal Inspector by phone, or online at http://www.usps.com/postalinspectors

Department of Motor Vehicles
If a false driver’s license was obtained in your name, or someone is using your driver’s license number: call 360-664-8885 or email DOL, Driver Responsibility-Fraud Unit drvfraud@dol.wa.gov or online http://www.wa.gov.dol

TOP