A Minnesota woman says thieves even used her stolen information to trick companies that claim to offer identity theft protection.

 

Mark Lanterman, the Chief Technology Officer of Computer Forensic Services in the Twin Cities, says much of that stolen information is still for sale on what’s known as the "Dark Web" – a secret side of the internet.

 

Armed with someone’s stolen Equifax file Lanterman says, “I can know pretty much everything financial about you.”

Twenty-year-old Ray Persaud made his 2nd court appearance Friday. His attorneys say it's their 4th bomb threat case in two years.

 

Meanwhile, cyber security experts are deeply disturbed by Persaud’s actions and the increasing amount of online threats young people are making against schools, companies and governments.

 

"It's very concerning given what's going on across the country. It's very concerning and none of this can ever be taken lightly,” cyber security expert Mike Olson says.

For the second time in as many days, police in Minnesota have announced a major breakthrough thanks to DNA evidence. CFS Director, Kyle Loven, discusses the case. 

Coffee & Bagel Brands, which owns Caribou Coffee and Bruegger's Bagels, announced online Thursday that some customers' credit card information may have been accessed by an unauthorized third party.

 

A letter from the company said they first noticed "unusual activity" on their network Nov. 28. A cyber security firm detected unauthorized access to the company's point of sale systems.

 

"At this time, we are confident that the breach has been contained," the letter reads.

 

Coffee & Bagel Brands said there is a possibility that the third party accessed the names and credit card information of any customer who visited a Caribou location between Aug. 28 and Dec. 3.

 

The company said it has contacted the FBI and is also conducting an investigation with a cybersecurity firm.

 

"These breaches are occurring every single day," said Mark Lanterman with Computer Forensic Services.

 

Lanterman, one of the nation's leading experts in cybersecurity, estimates his company gets retained in three to four credit card breach cases each month.

 

"My advice is leave your debit cards at home," he said.

 

He suggests using your credit card for purchases instead of a debit card. That way, when a breach happens hackers end up stealing from the bank and not directly from your pocket.

 

"Debit cards are tied directly to consumers' money in their checking and savings account. And that's our money. Credit cards - that's the bank's money," he said.

MINNEAPOLIS (WCCO) — There’s a unique twist on identity theft and a warning for consumers today.

 

Prosecutors charged a woman for opening up credit cards in other peoples’ names and racking up more than $18,000 in charges at Menards stores.

 

What’s new is that the woman was able to put a hold on the victims’ mail so they would not be notified of the new credit card in their names.

 

According to a criminal complaint, Detroit resident Jasmine Williams was arrested last week at a South St. Paul Menards after using a bogus Menards credit card to purchase items.

 

WCCO’s Esme Murphy went to Computer Forensic Services in Minnetonka to talk to Mike Olson, who for 20 years, investigated identity theft for the U.S. Secret Service.

 

“We are all very vulnerable,” Olson said. “What everyone should realize and expect is that you have been breached, your information is out there — it just hasn’t been used yet.”

 

Olson says in scams like this one, the goal is often to buy goods that can be resold.

 

“It could be power tools; it could be something they can turn around and sell on a black market, if you will, or fence for a profit,” Olson said.

 

Dakota County Attorney Jim Backstrom is prosecuting the case and he says putting someone’s mail on hold to keep them from receiving a credit card is a unique twist.

 

“That is something, until this came along, I had never heard of,” Backstrom said. “Apparently if you have someone’s name and address, you can put a hold on anyone’s mail. That is kind of shocking.”

 

Olson says his advice for consumers is to take advantage of a new federal law, which allows you to freeze your credit for free. Freezing your credit will prevent anyone else from opening a credit card in your name.

 

The United States Postal Service was asked to comment, but WCCO did not hear back.

 

A representative from Menards said they were unable to comment on legal matters.

 

Jasmine Williams’ next court date is Nov. 1 in Dakota County.

 

For tips on how to freeze your credit, visit the Federal Trade Commission’s website.

Did you wake up this morning and notice Facebook didn't immediately log you onto your account? If so, you're likely one of the 50 million users impacted by a recently discovered security breach.

 

"This is the age of breach," said Mark Lanterman with Computer Forensic Services.

 

RELATED: Facebook: 50 Million User Accounts Affected by Security Breach

 

Lanterman said it's the world we now live in, where you have to balance convenience with security. This, as Mark Zuckerberg announces an important new security issue with Facebook.

 

Lanterman said if you've used Facebook's "View As" feature at some point, you created a token or certificate.

 

"Think of it as a digital key, and if that key, that certificate, fell into someone else's hands, they could essentially open up the door to your Facebook house, come in, open up the drawers, look around, take a look at your private messages," Lanterman said.

 

So, as a precautionary measure, the social media giant is resetting those accounts.

 

Facebook said there is no need to change your password, but it says the reset will require you to re-enter your password on your device or even the app.

 

Lanterman suggested you take it one more step by going into your security settings and activating the 2-Factor Authentication, which sends a code to your phone if someone tried to log in from an unknown device to make sure it's you.

 

"The takeaway is don't entrust a company, whether that's Facebook or whether it's Equifax, don't entrust companies with information that you don't want stolen," Lanterman said.

 

And if you're wondering why you found out about the break so quickly, Lanterman said it's because of a European law that now requires companies to notify victims or clients of a breach, and what was taken, right when they learn about it.

There are three major credit bureaus: Equifax, Experian and TransUnion. But when one was hacked, it prompted lawmakers to rethink security across the board.

 

“With the Equifax breach we were what was hacked. Not a card that can simply be replaced,” Computer Forensic Services chief technology officer Mark Lanterman said.

 

Now people can put a “freeze” on their credit for free as part of a new federal law. But what is a credit freeze exactly?

 

“If we put freezes on them we prevent [thieves] from being approved for loans,” Lanterman said.

 

That means in the same way a hacker couldn’t open a credit card in your name, you couldn’t either during a freeze. Lanterman says you can easily un-freeze your accounts without any penalty.  He says the small inconvenience is worth the protection.

 

“We need to take responsibility and put freezes on all of our credit reports,” Lanterman said.

 

Locks are also different, as they can have monthly fees are not included in the federal law. You are able to freeze credit for your children under the age of 16.

 

“It’s common for criminals to apply for credit using the names and social security cards of children,” Lanterman said.

 

How long until your family’s information is safe?  The reality is if it was compromised in the breach, it’s out there forever.

 

The new law also extends how long a fraud alert will remain on your credit report from 90 days up to a year. Fraud alerts are less severe than a freeze and will alert you only after suspicious activity has been detected.

Police body camera footage shows the minutes before Officers Ryan Kelly and Justin Schmidt shot and killed Thurman Blevins on June 23.

 

The videos show Officers Kelly and Schmidt spotted Blevins sitting on the curb and then jumped from their cruiser with guns drawn, shouting at him to put his hands up.

 

“When the gun is visible, that changes the whole dynamic of the encounter,” said Kyle Loven, who retired from the FBI after spending 22 years with the agency.

 

Loven is now a member of the management team at Computer Forensic Services.

 

He examined the videos with 5 EYEWITNESS NEWS.

 

The body camera footage shows Kelly and Schmidt pull up next to Blevins after saying he matched the description given in the 911 call. The videos show a gun is visible in Blevins' waistband.

 

“The gun in the waistband would have caused the officers to believe this is a very perilous situation,” Loven said. “They jumped out of the vehicle in a very aggressive fashion. Law enforcement is taught to be very aggressive when weapons are in play because they want to control the situation immediately.”

 

The videos capture officers commanding Blevins to put the gun down and put his hands up. About 20 seconds into the chase, Blevins drops a bottle of liquor he’s carrying.

 

“When they pulled up on him, they saw the weapon immediately," Loven said. "When he didn't comply, the number one thing the officers were looking at were the hand movements, where are the hands of this individual? When the bottle goes down, Mr. Blevins has two hands free. That would ratchet up an already perilous situation to where the officers have to worry about two hands free moving freely with a weapon clearly in play.”

 

Blevins asks officers not to shoot him at least twice. 5 EYEWITNESS NEWS asked Loven how officers are trained to consider those pleas during a pursuit.

 

“My guess is that the officers were focused on his actions,” Loven said. “What a subject is saying, if his actions are inconsistent with his words, his actions are going to take precedence from a law enforcement standpoint.”

 

The chase continued to the alley.

 

“Perhaps [Blevins] wanted to comply but wasn't thinking straight,” Loven said.

 

The National Center for Audio and Video Forensics, based in California, stabilized the videos at the request of the Bureau of Criminal Apprehension. 

 

Loven said it’s clear Blevins is holding a gun.

 

“Once that weapon is out and pointed at officers, that is clearly a critical situation where deadly force must be used,” Loven said

 

Officers fired their weapons 14 times, Blevins was shot four times, according to County Attorney Mike Freeman.

 

“When it comes to deadly force, you're taught to neutralize the threat and in most situations it's seldom one shot,” said Loven. “Just an extremely tragic situation.”

An audio recording, obtained by 5 EYEWITNESS NEWS, captured the final moments before Thurman Blevins was killed by police in North Minneapolis last month.

 

5 EYEWITNESS NEWS asked Minnetonka-based Computer Forensic Services, an information technology firm that works with law enforcement and government agencies, to analyze the audio.

 

CFS says they normalized the audio, a process that amplifies the quieter parts to the same volume as the peaks in the audio.

 

CFS determined, even after enhancement, parts of this recording are still unintelligible.

 

But, according to CFS, it's clear at least one officer gave commands, a second party responded, followed by more than eight gunshots.

From almost the moment he called 911 to report that his wife Amy had shot herself, police were suspicious of Stephen Allwine. 

 

On that day, November 13, 2016, detectives with Cottage Grove Police recalled how Amy Allwine had been the target of a murder-for-hire plot. Months earlier, the FBI had discovered someone, perhaps a business competitor, had paid $13,000 in Bitcoin to a hit man on the so-called 'Dark Net,' in an attempt to kill Amy.

 

Now, Amy was dead, and it appeared the murder scene may have been staged to look like a suicide. 

 

Computer Forensics cracked the case.

It's not often police learn about a murder before it happens. But months before her death, the FBI learned someone had tried to hire a hit man on the 'dark web' to kill Amy Allwine. Nearly a year later, police would arrest and charge her husband, Stephen Allwine. Did the FBI do enough? Or were clues ignored? And was the killer himself, the victim of a con?

ORONO, Minn. (WCCO) — School can be a sanctuary of sorts, even one day after being the very place where students lived through a terrifying experience.

“My daughter wanted to come back and be with her friends and get back invovled in what she does every day,” said parent Chris Case while watching the JV Girls Basketball Team at Orono High School. His daughter plays on the varsity squad.

Case said he talked briefly with her about Wednesday’s school shooting threat. It originated on social media, another topic often discussed with his children.

“You raise them hopefully the right way that they understand right and wrong and what to be scared about, that they would report things that they see on social media just like they would report things that they see in person,” he said.

Kyle Loven is the National Director Computer Forensic Services. He also has FBI experience investigating crimes in the digital world.

He said one of the difficulties in assessing online threats is the fact that people have the right to free speech.

“It’s determining when the speech crosses over into something more sinister with respect to a threat or intended action, that’s somewhere where law enforcement can truly get involved,” Loven said.

On Thursday night, another threat against “BHS” was circulating on social media, scaring many students and families at Blaine and Burnsville high schools. Authorities soon discovered the threat was originally posted by a student at Belen High School in New Mexico, but quickly spread online to Minnesota.

Police felt the Orono threat was credible because it stated a specific time, location, as well as the content of the message. It caused the school district to begin its lockdown procedure, including students using desk to barricade their classroom doors.

Since the Parkland, Florida, school shooting that killed 17 people, copycat threats have led to arrests across the country. Other cases were unfounded, but Loven says it’s better to be safe than sorry.

“If some speech just doesn’t seem right or it doesn’t feel right to them, I always tell people to err on the side of contacting law enforcement,” he said.

Loven also described social media as a double edged sword. The bad side is that threats can spread quickly causing panic. On the good side, he said it was helpful for police and the Orono School District in getting out timely information about the lockdown and when students would be dismissed.

Under Armour says the hacker didn't obtain any payment information, Social Security numbers or driver's license numbers. That means this break-in is unlikely to require credit and debit cards to be replaced or raise the specter of identity theft, as happened with big breaches affecting retailer Target and credit reporting agency Equifax that resulted in the departures of their CEOs.

Still, Under Armour says it is requiring all MyFitnessPal users to change their passwords.

Mark Lanterman discusses the nature of the breach and how consumers should approach it.

ST. PAUL, Minn. (KMSP) - St. Jude Medical, based in St. Paul, Minn. is fighting back against a critical report that sent its stock tumbling in August. The medical-device company is suing the organizations, and some of the people, behind the report.

Report raises cybersecurity concerns

In August, Muddy Waters, a hedge-fund firm, issued a report claiming some of St. Jude’s implanted heart devices were vulnerable to cyberattacks. The report noted two critical vulnerabilities: “crash” attacks involving “remotely disabled cardiac devices,” and a “battery drain attack” that can cause batteries to run down.

On Aug. 25, Carson Block, founder of Muddy Waters, was interviewed on Bloomberg TV, and said his firm was short-selling St. Jude stock, and cited the report as showing the “keys are out there and they’re very low hanging fruit for attackers to exploit.” Block said he expected recalls lasting as long as two years.
While Muddy Waters was the organization that published the report, the study was conducted by MedSec, a cybersecurity research firm.

St. Jude stock fell about five percent as news spread; a Star Tribune headline read “St. Jude stock tumbles as report questions company’s cybersecurity.”

Researchers question initial report

University of Michigan researchers reported their own experiments led to “strikingly different conclusions,” but did not conclude the report was false, only that the study was “inconclusive.”

Mark Lanterman, a Twin Cities cybersecurity expert who is nationally recognized for his expertise, also tried to duplicate the results of the report. He could not duplicate the results.

“I don’t believe MedSec’s report,” Lanterman, who works at Computer Forensic Services, told Fox 9. “I think there are money factors at play here. I think essentially this security researcher has found a new way to make money by issuing a very damaging, very critical security report, and then shorting stock.”

St. Jude fires back

On Sept. 6, St. Jude sued Muddy Waters, MedSec, and some of the key people involved in conducting or spreading the report. The suit, filed in federal court, describes the report as an “insidious scheme to try to frighten and confuse patients and doctors by publicly disseminating false and unsubstantiated information in order to gain a financial windfall and thereby cause investors to panic and drive the St. Jude stock price down.”

In a statement to Fox 9, Michael Rosseau, the CEO of St. Jude, states in part: “We felt this lawsuit was the best course of action to make sure those looking to profit by trying to frighten patients and caregivers, and by circumventing appropriate and established channels for raising cybersecurity concerns, do not use this avenue to do so again.”

Muddy Waters stands by report

Muddy Waters continues to stand by its initial report. A few days after releasing it, the firm described St. Jude’s initial responses to the report as 20 percent substance and 80 percent fluff, and wrote the company’s agenda was to “erode the credibility” of the report, while failing to “insert inarguable facts to the contrary.”

In a statement to Fox 9, Carson Block, founder of Muddy Waters, wrote in part: “it’s not that surprising to see a company that puts profits before patients try to silence its critics through a lawsuit. The device vulnerabilities are real, serious, and we are confident we will prevail in court. In fact, we have recently begun to receive information from whistleblowers that provide further detail on alarming lapses at St. Jude.”

MedSec did not respond to Fox 9’s request for comment.

Computer Forensic Services National Director, Kyle Loven, discusses the trade of security for convenience when it comes to technology.

It's a notion generating serious buzz: people suspect their smart phones are spying on them because they've seen online ads pop up for things they've never searched for, but have merely chatted about within earshot of their devices.

 

Your smart phone follows you wherever you go, tracks your movements and stores all kinds of personal data. If you do a Google search these days you're no longer surprised to be targeted with ads relating to your search.

 

It's a reality most people have learned to live with because functioning without a mobile device is increasingly hard to do. But what about the idea of your phone eavesdropping on your conversations?

 

"One thing I don't think a lot of consumers recognize is that phones are really snitches in their pockets," Sean Lanterman of Minnetonka-based Computer Forensics Services told KARE 11, noting that smartphones are almost always connected to the Internet and they've got microphones.

 

"You can be having a conversation and you have an application that has a microphone capability, and next thing you know you're being advertised as to what your conversation was about."

 

Case in point, KARE 11 viewer Lori Halverson got ads for Toyota and the show Riverdale on Twitter just hours after talking to a friend about needing an oil change at Toyota, and looking forward to Riverdale's new season.

 

She said she never actively looked up those key words in an online search engine, so found it rather "creepy" to see the ads come up in her news feed.

 

Viewer Mike Landberg said he teased his roommate about drinking wine and having too much body hair, and later that night his roommate had ads for a winery and a hair removal gadget pop up on his Instagram feed.

 

The same type of thing happened to KARE 11 digital media director Laura Stokes.

 

"Earlier today I was talking with a colleague, and I told her I loved her glasses. She said she went to Warby Parker," Stokes recalled. "She said 'Wait I've got a new place for you to look at called Zenni' and I wrote it down, old school style, on a piece of paper because I thought I do want to look that up later."

 

Laura never got a chance to look for Zenni, but Zenni found her.

 

"Two to three hours later I was on Facebook, and I was scrolling through my feed, and there was an ad for Zenni. I hadn't Googled it, I hadn't looked it up yet."

 

Yes, Laura keeps her phone next to her computer at her desk.

 

Another colleague said, to nobody in particular, she was freezing. A bit later several ads for sweaters showed up on her Facebook feed on her laptop.

 

"Your phone is always transmitting, always phoning home, it's always connected to the Internet," Lanterman explained.

 

"I think consumers just need to be wary of the agreements they're entering when they're using any piece of technology."

 

He pointed out that some people actually plant secret apps on their adversaries' phones specifically designed to use the built-in microphones

 

So, yes, we can verify it's happening to people -- they're being targeted with advertising based on words their smart phone microphones overhear.

 

It's harder to pin down just who, or what, is behind it.

 

Google concedes the company does use things you say to Google Assistant to route ads your way, but the cyber world giant flat-out denies spying.

 

"We only process speech after the hot word 'Ok Google' is detected,"

 

Facebook also denies eavesdropping, to wit, "Facebook does not use your phone's microphone to inform ads or to change what you see in News Feed."

 

But if you accept the premise your smart phone's microphone is eavesdropping, it's not reporting directly to another person. It's talking to other machines.

 

"It's an automated process. It's not someone on the other end reading it," Lanterman explained. "It's computers that have advanced algorithms that are deciphering what it means."

 

If you find all of this disturbing, there are steps you can take. First find out how many apps are using your microphone.

 

On your iPhone navigate to settings, then privacy, then microphone, and you'll see a display of which apps have access to your mic. You can then turn some or all of them off.

 

On Android devices, you can also check for microphone settings by going to applications manager and permissions.

 

But the next time you use the app that requires a microphone, for example the Facebook Live function, it will prompt you to activate the microphone again.

 

As it turned out Laura Stokes had 12 apps using her microphone. She can only guess which one of those apps is all ears, as it were.

An 18-year-old Plymouth man is charged with sharing child pornography on social media and email.

 

The case is one of many keeping law enforcement busy across the state.

 

Tips to the Bureau of Criminal Apprehension about suspected illegal online activity involving children continues to rise.

 

So far this year, the BCA has received 1,660 tips.

 

That surpassed the 12,000 tips received in all of 2016.

 

In February of 2016, tips from Google led Plymouth police to a house on 43rd Place North.

 

By June of that year, police had a search warrant and took laptops, thumb drives and SD cards from the house.

 

Alec Cotter was 16 when the investigation began. He is now 18 and charged as an adult with 13 felony counts.

 

Investigators found more than 45,000 images. Children as young as 6 were shown in some of them.

 

“You’re seeing more and more people for whatever reason get involved in viewing these types of images, which makes it problematic,” said Kyle Loven, the national director of Computer Forensic Service in Minnetonka.

 

Loven has 22 years of law enforcement experience, the past 13 spent as chief division council for the FBI.

 

He says the rise in child porn cases is disturbing.

 

“The problem is perhaps proliferating, but law enforcement is right on the heels of some of these folks who are engage in these activities,” Loven said.

 

The BCA says it sees lots of tips coming in from specific platforms like Google, ChatStep, DropBox, and Pinterest.

 

“With the sophisticated methods of law enforcement gaining steam and gaining momentum, law enforcement is much more capable of finding out who is doing this and much more capable of apprehending them,” Loven said.

 

Some experts say the rise in child porn is partly because of the ability to cheaply store lots of data.

 

Loven says Computer Forensic Services is working with 38 law enforcement agencies across the state to close in on those trying to exploit the most vulnerable.

 

Cotter is expected to make his first court appearance Nov. 16.

 

The BCA says the best way to protect your children from predators is to make sure you are aware of what they do online and they know to come to you if someone asks them to share personal images.

A whole lot of people have 'googled' someone at some time or another. But you may not realize just how much personal information is really out there - online.

 

KARE 11's Camille Williams looks at just how easy it is for anyone to find that information and how that information gets there and what you can do, if anything, to stop it.

 

Cyber expert and CEO of Computer Forensic Services, Mark Lanterman says, free online people search sites are popping up more and more and, those sites are, more intrusive, more precise and more difficult to hide yourself than any old phone book we've ever seen.

 

Lanterman trains many high-profile figures like district court judges, even local celebrities, on how to better protect themselves and keep their information private. and he's seen many examples of people misusing consumer information found online.

 

"There are people who become obsessed with others maybe bad relationships maybe someone holds a grudge and what these services do is it gives them a road map to their adversaries' front door," said Lanterman.

 

He says by paying as little as $50 someone could find even more information on you like where you work, how much you are paid, the car you drive, your charitable donations, your political affiliations, even your gym grade from high school.

 

So how does your personal information get on these sites especially if you don't share it yourself?

 

Tiffani George, an attorney with the Federal Trade Commission's division of privacy and identity protection says data brokers likely sell it to these sites, as they collect and buy consumer information, without us even knowing, from everyday things, like on-line or in-store purchases, social media activity, magazine subscriptions.

 

"Generally, a lot of information might be sold or exchanged for example marketing purposes but there's very little restriction on how that information is used downstream we want to make sure it's not falling in the hand of Identity Thieves or others who might misuse the information," said George.

 

So what can you do to protect your information and keep it private, you could opt-out of every single site out there but the FTC says that could almost be impossible.

 

“Currently, it would be pretty onerous for a consumer to track down every data broker that has information about them and figure what their rights are to that information," said George.

 

Back in 2014, the FTC recommended that congress require data brokers be more transparent and give consumers greater control over their personal information.

 

There have been bills but none have passed.

 

Recently, Senator Al Franken introduced a bill that would fall in line with the FTC recommendation, that bill is headed to the Senate Commerce Committee.

 

If it passes, through there then it will head to the senate floor for a vote.

If you’ve ever owned a car, credit card or house, your credit information is probably in the hands of Equifax. The Atlanta company is one of the top three credit reporting companies in the nation.

 

But on Sept. 7, Equifax made the public admission that its data servers had been hacked sometime between last May and mid-July, 2017. It acknowledges that the private financial information of 143 million people is likely compromised.

 

“This is the most egregious data breach we have ever seen,” said Massachusetts Attorney General Maura Healy.

 

Massachusetts is among the growing list of states now suing Equifax on behalf of the millions of customers whose data was hacked.

 

Minnesota Attorney General Lori Swanson says she is deeply concerned about the breach and will study possible legal action as well. It’s thought that the private information of 2 million Minnesotans is part of the breach.

 

Cybersecurity expert Mark Lanterman with Computer Forensic Services of Minnetonka says it’s the kind of data involved that makes this breach so bad. Lanterman says, far worse than the 2013 Target breach of credit cards which affected an estimated 40 million customers.

 

“We have had our names, our dates of birth, our social security numbers, our driver’s license numbers compromised. This is far worse than any retail credit card breach,” Lanterman said.

 

Since news of the hacking broke on Sept. 7, the company’s stock has exploded, losing a third of its value. Equifax could also face a federal investigation involving insider trading.

 

The company confirms that three of its executives sold nearly $1.8 million in stock just days after the breach was discovered in late July. But Equifax added they were not aware of that information at the time of the trades.

 

Equifax has established both a hotline and website to identify and advise those affected.

 

On its website, Equifax CEO Rick Smith explains, “this unprecedented step of offering every U.S. customer in the country a comprehensive package of identity theft protection and credit file monitoring at no cost.”

 

But most importantly, Lanterman advises people to be extra vigilant and monitor all credit and banking accounts closely.

 

“If you’re able catch fraud on your credit report, if you catch that quickly enough, you can help control any potential damage,” Lanterman said.

 

Under intense criticism from lawmakers, Equifax changed its rules so that customers do not lose the right to litigation if they enroll in the protection program.

 

In addition, it promises not to automatically enroll or charge customers at the end the free year of credit monitoring or charge them fees for a credit freeze or suspension.

 

For added safety, consumers can request either a credit freeze or a fraud alert from any of the three reporting services.

 

A credit freeze prevents anyone, including the consumer from opening new credit. You will have the option of lifting that freeze temporarily for a small fee.

 

A fraud alert will basically raise a red flag to notify both you and creditors of suspicious activity. However, it is free but will only be in effect for 90 days without renewing it.

The Equifax data hack is considered the most troubling breach yet.

 

The information compromised–birth dates, social security numbers, addresses in some cases drivers licenses–ever expires, leaving those affected vulnerable for years to come.

 

For this reason it’s safest to suspect the sensitive information exposed can and will be used to victimize the 143 million Americans affected, with no end in sight.

 

“This is a company that’s in business by judging us of being ‘credit worthy,’" Computer Forensics Services founder Mark Lanterman said. "I don’t think they’re worthy of anything right now.” 

 

He says the Target hack, which only exposed credit card numbers and not other information, was forgivable. 

 

"With the Target breach, those are credit card numbers," he said. "You can cancel them and move on with your lives. What are you going to do [now], cancel our identity?”

 

According to the Federal Trade Commission, there’s a good chance you’re one Americans whose sensitive information has been exposed.

 

“This is the most personal information you have,” Lanterman said.

 

So here’s what the FTC suggests you can do to minimize harm to your identity:

 

Check your credit reports for suspicious activity

Monitor your credit cards and bank accounts every week for fraudulent transactions. Consider placing a fraud alert on your credit files. This will warn creditors they should verify anyone seeking credit in your name is actually you. Finally, you may want to freeze your Equifax, Experian, Transunion and Innovis credit files by phone--but bear in mind this alone won’t keep crooks from making charges to your existing accounts

 

“All that this does is that it prevents criminals from opening new lines of credit,” Lanterman said.

 

Which is all the more reason to keep your eyes peeled and make it a habit. Also bear in mind each freeze will cost you anywhere from $5 to $15 to place and lift.

 

“Equifax will actually be making money from us as we try to recover from their incompetence,” Lanterman added.

 

Although Equifax reportedly waives the freeze fee for affected customers, it will cost to lift the freeze(s) if, for example, you need to take out a loan or a new line of credit.

 

The ordeal and subsequent hassle and fees add insult to injury. Class action lawsuits have already been launched, but Lanterman believes they are no consolation whatsoever.

 

“Money can’t make this right,” he said.

 

Without a magic cure, when it comes to protecting your identity, you are the first and last line of defense.

 

“This is a betrayal of all consumers and now we have to monitor, we have do work for the rest of our lives to make sure we're not victims of fraud directly related to this breach,” Lanterman said.

It's not just your mail or your computer that can make you vulnerable to identity theft. The latest target is your cell phone.

 

The Javelin Strategy and Research firm, based in California, found approximately 161,000 people in the U.S. had their cell phone accounts hacked over the last year. That's nearly double from the year before, which was 84,000.

 

"I think phone numbers are a piece of data consumers are often very willing to give up," said Sean Lanterman, a technology officer with Computer Forensic Services.

 

It's easy to give someone your cell phone number. It's also easy for hackers to take that number and find your home address, e-mail address and much more.

 

"When I have your cell phone number, I can find your name, your address and from there the possibilities are endless," said Lanterman.

 

He agrees with Thomas Martin, a former Drug Enforcement Agency agent who posted a blog stating your cell phone number is your new social security number.

 

You would never give out your social security number, for obvious reasons, but now cyber security experts want you to start thinking of your phone numbers the same way, as scammers are using these numbers to their advantage.

 

"I can call someone, I can call anyone and make it look like the call is coming from you. And that's especially problematic when you have systems like credit card companies that automatically recognize the incoming phone number. And they recognize this incoming number is associated with the account, let's get ready to talk about things with this account," said Lanterman.

 

So what can you do to not fall victim? Try a Virtual Phone Number. It's a service which allows you to give out a number that isn't your real number but connected to it. Have more than one cell phone and give out the number to the phone that doesn't have apps or any of your personal information. Provide other identifying information, especially if it's a retailer ask if you can just provide an email address, zip code, or your name.

Twin Cities computer security expert Mark Lanterman says all Minnesotans should be alarmed that a hacker was able to break into 23 state databases.

 

“This is a serious deal,” Lanterman said.

 

Using the name "Vigilance," the hacker posted online some of the information he found – including names, addresses, phone numbers, email addresses and confidential passwords.

 

In an interview through Twitter messages, the hacker said, "They include state employees, contractors and private citizens."

 

“I think he did it to prove a point, but it definitely could have been a lot worse and I think we should be thankful that he stopped when he did,” Lanterman said.

 

The reason he did it, the hacker said, was the not-guilty verdict in the Officer Jeronimo Yanez trial.

 

"It was retaliation for the verdict," the hacker who goes by "Vigilance" told KARE 11. "Protesters took to the streets. I took to the Internet."

 

Lanterman says hackers like this are known as "hacktivists"

 

“If he wanted to commit identity theft, he would have done it a different way. I think here he wanted to disrupt the state, prove that he could do it, but I think he used the breach to gain attention for his viewpoint,” Lanterman said.

 

Lanterman said the state has ignored him in the past when he's raised concerns about security vulnerabilities – and says we should feel lucky the hacker didn't have worse intentions.

 

Late Wednesday, Minnesota IT Services sent the following statement:

 

“As previously reported, Minnesota IT Services has determined that a server housing several legacy state technology applications was accessed without authorization by an external actor. This hack impacted a very small portion of the State of Minnesota’s technology infrastructure, primarily affecting legacy computer systems that are no longer in use.

 

“This event did not impact any major business systems that support state government operations.  In this incident, the hacker exploited a weakness in the state system that resulted in the hacker’s ability to access the data inside. The data that was posted online appears to be consistent with what our investigation has found, including email addresses and encrypted passwords of subscribers to old government newsletters (for example, energy permitting program updates).

 

“After learning about the potential breach, Minnesota IT Services’ Computer Forensic Team immediately took steps to assess the validity of the claim and concluded that the server had in fact been compromised. Minnesota IT Services worked quickly to remedy the vulnerabilities and strengthen security controls. We anticipate that we will be turning over the information resulting from our investigation to the FBI today.

 

“Minnesota IT Services will be reaching out directly to those who are affected, primarily subscribers to state geographic information and energy program newsletters.   As always, we recommend that people use unique passwords for every account they use.  Out of caution, our recommendation to those who are affected is that they consider the passwords compromised and reset them anywhere the same password might have been used.

 

“While Minnesota’s systems are probed for vulnerabilities more than 3 million times each day, our state has fortunately not yet experienced a major attack exposing Minnesotan’s private data. However, Minnesota has experienced incidents that have exposed state systems and data to significant risk. Nearly every government function that Minnesotans depend on is reliant on technology, but many of the systems we use today run on outdated, unsupported technology that makes them a prime target for attack. Recognizing the growing threat, Governor Dayton proposed a significant investment in cybersecurity during the last legislative session to modernize state systems and strengthen cyber defenses to better protect Minnesotans. Events such as these underscore the urgency of this increased investment.”

A Minnesota couple lost more than $200,000 in a sophisticated email scam authorities say is sweeping the country. After renting at first, they were just days away from closing on the purchase of a Twin Cities area townhome. That’s when they received an email with details about the real estate transaction.

 

“This is the email that came from Courtney,” said Steve Tadevich as he pointed to his computer screen.It looked like it was from Courtney Pennington from Edgewater Title, the company handling the sale.They trusted the email, followed the instructions, and showed up at Edgewater Title for the closing. Turns out, the email and the wiring instructions were fake.

 

Instead of sending their money to the title company’s account at Venture Bank, the money had been wired to the crook’s account at Bank of America. From there, the money was immediately transferred again. “By then, the money was gone,” Steve said.They lost $205,000. “That’s a big hunk of our retirement, gone,” Steve told KARE 11.

 

The Tadevich family is not alone. The FBI says they are seeing similar email scams nationwide targeting real estate and other financial transactions. “Over the past three years, we have tracked approximately 14,000 victims in the United States with a fraud loss approaching one billion dollars,” said Jeffrey Van Nest, associate division counsel of the FBI’s Minneapolis office. “And so it’s becoming a very big issue for us.”

 

The FBI can’t comment on ongoing investigations. Neither can the Lakeville Police Department, which took the first report and continues to investigate. So, to find out how schemes like this work, KARE 11 took the emails to Mark Lanterman, a private expert in computer crime.

 

“This is very sophisticated,” Lanterman said.On the surface, the email Stave Tadevich got looks legitimate. But Lanterman says the coding information hidden inside the email tells a different story. Remember that email Steve got supposedly from Courtney in Minnesota? “The originating IP address does not come from Minnesota,” Lanterman discovered. Digging deeper into the code, Lanterman traced the email halfway around the world. “The email originated using a server that’s located in Romania,” Lanterman told KARE 11. Bucharest, Romania, to be exact. For years, Romania has been known as a hotbed for hacking.

 

But Lanterman warns that the thieves might not actually be located there. To find out who’s behind an overseas Internet address – or an off-shore bank account – authorities need search warrants. And that’s where investigators say they often hit a roadblock when the money trail leads to foreign countries. “Other countries don’t necessarily care about an American search warrant,” Lanterman said. “And the criminals know that.” Authorities are still trying to figure out how the thieves even knew about Steve’s real estate closing. Did they have an insider feeding them information? Or did they hack into someone’s computer and read other emails about the sale?

 

“Somebody’s computer got hacked somewhere along the way,” Steve Tadevich believes.

 

“Just unbelief that this actually happened to us,” says his wife, Claudia.

A slew of new smartphone applications meant to conceal information are causing parents to take a closer look at their children's devices.

 

These applications may appear to be one thing--a calculator, spreadsheets--but enter in a passcode or hit the right button and they reveal messaging functions or images the phone's user would rather keep private. 

 

Experts warn parents to watch for "ghost apps" on their children's phones. Kids have been using them to keep information away from mom and dad's prying eyes, worrying some parents who strive to closely monitor their children's online presence. 

 

"They are popular because they work," cyber security expert Mark Lanterman said. "Kids want privacy and their friends are using these apps, so there may be pressure to use these apps."

 

Some statistics show as many as 70 percent of teens use these ghost apps, and some believe the number could be even higher. 

 

Experts tell parents to look for warning signs like two seemingly similar calculator apps, and set parental controls to monitor or control what apps they can download,  though nothing is as good as sitting down and talking for your children.

Criminal charges were announced Wednesday in an international human trafficking and prostitution enterprise that prosecutors called “the Uber of sex trafficking.” The crime ring involved numerous victims and thousands of ads placed on Backpage.com in 29 different states over the past two years.

 

Washington County Attorney Pete Orput said the crime ring used phones to coordinate meeting locations with johns and the victims. He said "dozens" of phones were used to set up the "dates" with victims, and sometimes the men responding to the ads would overlap with each other.

 

"It was the Uber of sex trafficking,” Orput said. “You could order up sex...Ordering a girl was like ordering up a pizza.”

 

According to the criminal complaint, the investigation uncovered an operation out of Irvine, California, which trafficked women from China to areas across the country for prostitution.

 

Ramsey County Attorney John Choi said the sex trafficking victims were brutally raped and beaten, and forced to work 12 to 14 hours each day with a quota of $800 per day. In Minnesota, investigators documented multiple places of operation, including St. Paul, Blaine, Cottage Grove, Maplewood, Oakdale and St. Louis Park. Operations were also discovered in Fargo, North Dakota.

 

According to the charges, which document the experiences of six victims, the women had to pay their traffickers house fees, transportation costs, hotel expenses, as well as provide their own food, and some were forced to relinquish their passports. 

 

"This is the most sophisticated human trafficking operation I have ever seen," Choi said.

 

The four suspects -- Fangyao Wu, Sophia Wang Navas, Hong Jing and Dongzhou Jiang -- are charged with racketeering, sex trafficking, promotion of prostitution, concealing criminal Proceeds and engaging in the business of concealing criminal proceeds in connection with a criminal enterprise profiteering off the sale of vulnerable human beings for sex.

 

One suspect was taken into custody in Washington County, Minnesota on Tuesday and three others were arrested in California. Those suspects will be extradited to Minnesota to face charges.

 

Orput said the sex trafficking ring appears to still be in operation despite the apprehension and charges against four of the major players.

 

“If you are a customer of these women, stop,” Orput said. “This is not a victimless crime. In this particular case, these females were working from 9 a.m. to 11 p.m. They would have sex with sometimes dozens of men per day. Sometimes men would pay, sometimes they wouldn’t. Sometimes the women would be beaten, robbed, or raped. They had minimums established by traffickers. This was their daily life. So to those men, stop – it is a crime, and most important, it’s wrong.”

 

Prosecutors in Minnesota have been fighting prostitution connected to Backpage ads for years. The website’s adult services section was removed in January, but Orput said the ads haven’t been shut down – they’ve just moved to another section of the Backpage classifieds.

Authorities are warning companies and organizations in the Twin Cities area about an email scam in which people try to get employees’ personal information from their W-2s in order to file fraudulent tax returns.

 

The Better Business Bureau says the scam initially targeted private sector businesses, but it is now being used against school districts, nonprofit organizations, healthcare providers, temporary staffing agencies and chain restaurants.

 

The Internal Revenue Service says the company or organization’s accounting or human resources department will receive a phony email asking for a list of all of the company’s W-2 tax forms, employees’ dates of birth and Social Security numbers.

 

The fake emails may include wording such as: “Can you send me the updated list of employees with full details (name, SSN, date of birth, home address and salary” or ‘Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”

 

Authorities believe the scammers intend to use the employee’s personal information to file fraudulent tax returns.

 

As his latest example of what anyone with an email account should be looking for, Mark Lanterman from Computer Forensic Services points to an email with misspellings including zeros instead of Os,  an abbreviated link and an urgent message. The email was at the root of the DNC breach, and ultimately lead to Hillary Clinton's emails being delivered to WikiLeaks. Lanterman says this goes to show anyone can be fooled.

 

“In 2016  I was retained by  four of the top ten law firms in Minneapolis, because they fell victim to a W-2 scam,” says Lanterman.

 

A version of  the W-2 scam was emailed to someone in the finance department of Bloomington Public Schools earlier this month. The employee, who is now in administrative leave, took the bait and sent the hacker the 2016 w-2 forms for all 28 hundred employees in the district.

 

“The criminals aren't stupid and they know what info is on a W-2 -- your name, date of birth, address, social security number and how much you make, pretty much everything I need to file a tax return fraudulently, or perhaps take out mortgages in your name,” says Lanterman. “I can sell your stolen credit card information for $5 but I can sell you online for over $800."

  

Oops. Those Colin Powell emails dating back to 2014 have some embarrassing revelations. Released by a site called DC Leaks, which some say have ties to Russia. Cybersecurity expert Mark Lanterman isn’t convinced that Russia is responsible for the hacking, saying that “Russia is a convenient suspect for us to point a finger at, and maybe that’s the case. But in my experience, it’s usually an insider. It’s usually someone with access”. What does this mean for those of us in the general public. “Our privacy should matter to all of us”, Lanterman says. “I think that these higher profile email breaches, whether it’s Hilary Clinton, or Colin Powell, or Sarah Palin. It just goes to show that we’re all vulnerable to these types of attack”. So, if I delete an email, does that mean it’s gone. Lanterman says no. “Delete doesn’t mean delete. Emails are kind of like flu bugs, you spread it around. And it’s hard to get rid of totally, because someone else usually has a copy of it.” Out of the email options, Lanterman prefers Gmail due to its security features, particularly because it offers two-factor authentication”. Lanterman explains that if a hacker gets access to your account address or information, and can maybe break your password, with two-factor authentication, he can’t get any further. Ultimately, there are risks and dangers to using email, but we can try to mitigate those risks with safety features.

 

For most of us, the issue isn’t trash talk, it’s personal information. One lesson that should be kept in mind—Don’t put something in an email that you don’t want your mother to read. 

Before you update to a new device, be careful with what you do with the old one. Fox9 investigates what to do with the old cellphone before you sell or get rid of your old phone. Mark Lanterman, CTO of Computer Forensic Services, says that all data that you think has been deleted is subject to recovery. It’s unnerving to realize that people are keeping snitches in their pockets. Reviewing a mystery phone, Lanterman is able to recover deleted photos and GPS locations that lead to the home of the original owner. Lanterman warns us that someone could learn how to extract this kind of information from used iPhones. 

Though many believe that people don’t fall for email scams, one large company lost millions due to a spear phishing attack. Mark Lanterman, CTO of Computer Forensic Services, compares the email attack to a prank phone call. Referred to as ‘CEO Spoofing’, a hacker pretends to be a CEO or an authorized signer on an account. Lanterman says that these attacks are nothing new, as many companies are targeted and have lost money. 

Is your cellphone spying on you? These spying apps can allow people to be tracked, their calls and messages monitored, and their activity documented. This can all be done without the person’s knowledge. They cost as little as $8 a month, and though these apps can be used for legitimate reasons, they can also be used for much more. Computer forensic expert Brian Hill demonstrates the spying capabilities of these apps and how easy they are to install. Experts say to always set your phone to lock after use, keep your phone on you, and keep your password a secret. 

It’s an issue of national security vs. privacy. Investigators want access to one of the San Bernardino shooter’s iPhones to assess the potential of overseas threats. Apple is sticking to its decision to not help the FBI enter the iPhone of the San Bernardino shooter. Computer forensics expert Nate Dittmar advises that this kind of loophole is a risk for everyone that uses this technology and states that once a precedent is set, there is no way to guarantee that it wouldn’t be utilized repeatedly. 

If you use Uber to get around town, how often do you actually check your account activity? It turns out that accounts are being hacked by cybercriminals in pursuit of free rides. Computer forensics expert Mark Lanterman explains, “While you may check your credit card statements once a month, some of us maybe don’t follow our Uber accounts quite as closely.  It only takes a few seconds, perhaps with an email that downloads malware once it has been clicked. Once the criminals have your information, it’s then sold on the Dark Net. We may love technology and the convenience it offers us, but we also give up some of our security. 

Law enforcement has become increasingly concerned that smartphone encryption is too difficult to bypass while privacy advocates say that improved security is a good thing. about all of the information you have stored on your cellphone. Accordingly, cellphones are often critical pieces of evidence. Cybersecurity expert and computer forensic analyst Mark Lanterman explains, “Cell phones are treasure chests full of evidence”.  If the government is complaining about not being able to access your information, it may be a good thing for consumers since it means that hacker’s can’t either. As technology advances, it becomes increasingly difficult to balance privacy and security. 

Mark Lanterman speaks to Fox9 Investigators about the Dark Net. Originally developed by the US Navy, the Dark Net fosters an environment where everything goes and everything is for sale. Everything people usually see on the Internet is only the tip of the iceberg when it comes to what the Internet really offers. Mark Lanterman, a former detective turned computer forensic specialist, says that everything is for sale on the Dark Web. “The Dark Web is all about customer service”, says Lanterman. Through the Dark Net, home surveillance systems can be accessed in addition to providing a backdoor to a hospital’s ventilation system or approximately 7,000 Midwest turbines. Many believe that the Dark Web is growing exponentially. 

5 on Your Side Investigates what local officials were discussing after the death of Michael Brown and whether or not these communications shed light on what happened. Mark Lanterman says that although the consultant may have searched for some of the emails, purged or deleted emails were not searched. 

Mark Lanterman, CTO of Computer Forensic Services, explains on Bloomberg the role of Rescator in the stolen credit card black market, his involvement in the Target data breach, and the importance of responding to cybersecurity systems when they alert us to breaches. 

With the concerns that many have about keeping their data protected, one British company claims that they can make data so encrypted the NSA might not be able to even access it. This military-level encryption works by sending a one-time code to your phone that is good for only thirty seconds. However, Computer forensic expert Mark Lanterman looks to the clause stating “Seecrypt will pro-actively assist law enforcement agencies to prevent criminal activity…” as a warning. “Either there is some kind of a backdoor or they are maintaining records that you’re not realizing they’re keeping”, says Lanterman. Is this degree of privacy worth the hassle? 

In this day and age, technology is all around us, and for most of us in the palm of our hand. It’s also become a haven for a crime and at the same time an investigator’s secret weapon. Mark Lanterman speaks to KTCC about hashvalues, or image fingerprints. These fingerprints tell Lanterman where pictures come from and whether an image is recognized as being contraband. Lanterman analyzes search terms, whether or not material was accessed accidentally, referring to it as “digital archaeology”. “Cellphones and computers are repositories of evidence, and they are essentially snitches”, says Lanterman. “It tells the truth”. 

In response to the ongoing investigation of Hilary Clinton and her email usage, it has been asked, “What happens when you delete an email?” Computer forensic expert Nate Dittmar says that emails can be recovered even after you have deleted them. As opposed to “deleting”, it is more like telling to the computer to not pay attention, or forget, about a certain email. 

Your favorite electronic devices can now stay on as you’re on your flight. As long as they’re on airplane mode, iPhones can stay on. “From what I’ve seen and based on our testing, there is very little risk of interference. However, it is always best to err on the side of caution”, says computer forensic expert Mark Lanterman. “I would’ve hoped that they would’ve gone in this direction years ago, so I’m just happy that they finally have”. 

Instead of thinking it’s not going to be me, the odds are, it is going to be you”, says computer forensics expert, Mark Lanterman. He accesses a hacker’s amazon website of stolen card numbers, helping NBC 2 Investigators find more than 18,000 stolen numbers. A hacker can strike anywhere a card is swiped. Lanterman says with the stolen data in hand and a hundred bucks worth of equipment accessible on Ebay, it’s simple for a criminal to counterfeit a card. “The mindset is, why rob a bank when you can simply download the money?” says Lanterman. 

Mark Lanterman, CEO of Computer Forensic Services and expert in cybersecurity, advises on post-Target breach recovery, track data, and potential suspects responsible for the breach. “I believe that Target is trying to identify the source of the breach, and more importantly, is trying to prevent fraud from occurring”, says Lanterman. 

Thousands of people’s credit and debit card information believed to be stolen from the Home Depot data breach are linked to Minnesota zip codes. Investigators are saying that this breach is much worse than what happened to Target last year. Cybercrime experts says at least 12,000 stolen credit and debit cards linked to Minnesota zip codes are for sale on an underground website. “You can filter the cards based on expiration date as well as the last four digits of the credit card”, says computer expert Mark Lanterman. “It’s essentially an Amazon.com for credit card thieves”. 

Experts say a possibly even bigger data breach has impacted Home Depot. Computer security experts believe Russian hackers stole as many as 5,000 Minnesota credit card numbers used at Home Depot. “The retailers are certainly at a disadvantage. In order to protect an organization, security teams need to find tens of thousands of entry points. The hacker only needs to find one that’s not properly guarded”, says computer security expert, Mark Lanterman. The CTO of Computer Forensic Services in Minnetonka, Lanterman pulled up the underground website that he says Eastern European hackers used for Target’s data breach. He shows that credit cards used at Home Depot stores are already on the markets for as little as eight dollars. Home Depot issued a statement today that they’re working with their banking partners and law enforcement to investigate.

Computer security expert Mark Lanterman says trading in your old smart Phone could have consequences. “If you don’t take preventive steps by wiping your phone, someone with proper technical knowledge can recover your text messages, your contact list, your banking credentials, your usernames and passwords if you do online banking”. Security experts say not to turn in or recycle your old smart phones, as they may still contain personal information even after you believe you have deleted it. “Destroy it with a hammer, a drill, lightning works well, someway to physically destroy that device. You don’t want to recycle it, you don’t want to turn it in. And I know that goes against a lot of what we’re taught, you want to recycle, but not when it comes to your personal data”, says Lanterman. 

The parent company of Cub Foods, Supervalu, became the latest retailer to suffer a major data breach. Consumers have a lot of questions about how to protect themselves moving forward. Mark Lanterman, a computer forensics expert, says stolen credit card information can be fairly lucrative on the black market. Lanterman says there is one sure fire way shoppers can keep their information from getting into hacker’s hands, “I recommend cash”. He also says, “Take responsibility for your own security and cancel the card”.