Category: Money Matters

Gems, Warlords and Mercenaries: Russia’s Playbook in Central African Republic

BANGUI, Central African Republic — The dealer pulled back a shiny pink curtain and sprinkled the contents of two white envelopes across his desk: sparkling diamonds, more than 100 of them.

Some gems are sold legally, he explained. But many are trafficked by rebels who fight over the mines, adding fuel to a six-year uprising that has killed thousands and displaced more than a million people here in the Central African Republic.

Now, hoping to wrest control over the diamond trade and piece the country back together, the government has turned to a new partner — Russia — in what some lawmakers fear is a dangerous bargain that trades one threat for another.

And the central figure behind the Russian involvement, according to local and Western officials, is Yevgeny V. Prigozhin, a confidant of President Vladimir V. Putin who was indicted in the United States last year, accused of helping to finance “information warfare” and disrupt the 2016 American election.

The Central African government has welcomed the Russians, betting that stability will enable it to sell more diamonds legally and use the money to rebuild the nation.

“The rebellion in our country has cost us a lot,” said Albert Yaloke Mokpeme, the spokesman for the Central African president. “No one came to our aid except the Russian Federation.”

“With the help of Russia,” he added, “we will be able to secure our diamond mines.”

The diamond merchant, Arab Arab Koussay, who runs one of the country’s largest dealerships, fingered the gems on his desk and expressed a similar view. “We can’t control everything in this country,” he said.

But Russia’s help comes at a cost. Its representatives have struck deals with the government to mine diamonds where the trade is legal — one of many signs that Russia’s push into the country is closely tied to the profits it can reap.

Russian operatives have even partnered with murderous rebels to obtain diamonds in areas where the trade is outlawed, cashing in on the very lawlessness they have been brought in to end, according to members of the Central African government, Western officials and some of the warlords themselves.

More broadly, the fact that Russian mercenaries are training the nation’s troops has unnerved some lawmakers. Human rights violations in the country are so common that the United Nations imposed an arms embargo against Central African soldiers. But the Russian trainers have been accused of abuses as well, including rounding up innocent bystanders in mass sweeps.

“I keep thinking of what kind of army we are going to have if they are trained by Russians,” said Hamadou Aboubakar Kabirou, a member of Parliament.

Mr. Prigozhin has ties to mining, security and logistics companies that have been set up in the nation since 2017, according to American intelligence officials, Western diplomats and a security analyst who provided registration documents connecting him to some of the businesses. Mr. Prigozhin also personally showed up for peace talks with rebel groups several months ago, according to one warlord present.

SOURCE: https://www.nytimes.com/2019/09/30/world/russia-diamonds-africa-prigozhin.html

The great Equifax mystery: 17 months later, the stolen data has never been found, and experts are starting to suspect a spy scheme

  • Equifax’s data breach on Sept. 7, 2017, stunned markets and American consumers, but where the data of those 143 million people disappeared to has remained a mystery.
  • CNBC talked to experts, intelligence officials, dark web data “hunters” and Equifax to discover where they expect the data has gone, and what it is being used for.
  • The prevailing theory today is that the data was stolen by a nation-state for spying purposes, not by criminals looking to cash in on stolen identities.

On Sept. 7, 2017, the world heard an alarming announcement from credit ratings giant Equifax: In a brazen cyberattack, somebody had stolen sensitive personal information from more than 140 million people, nearly half the population of the U.S.

It was the consumer data security scandal of the decade. The information included Social Security numbers, driver’s license numbers, information from credit disputes and other personal details. CEO Richard Smith stepped down under fire. Lawmakers changed credit freeze laws and instilled new regulatory oversight of credit ratings agencies.

Then, something unusual happened. The data disappeared. Completely. CNBC talked to eight experts, including data “hunters” who scour the dark web for stolen information, senior cybersecurity managers, top executives at financial institutions, senior intelligence officials who played a part in the investigation and consultants who helped support it. All of them agreed that a breach happened, and personal information from 143 million people was stolen.

But none of them knows where the data is now. It’s never appeared on any hundreds of underground websites selling stolen information. Security experts haven’t seen the data used in any of the ways they’d expect in a theft like this — not for impersonating victims, not for accessing other websites, nothing.

But as the investigations continue, a consensus is starting to emerge to explain why the data has disappeared from sight. Most experts familiar with the case now believe that the thieves were working for a foreign government and are using the information not for financial gain, but to try to identify and recruit spies.

One data hunter dives in

The missing Equifax data has been a 17-month-long obsession for Jeffrey, a cybersecurity analyst at one of the world’s largest banks. To him, it represents a sort of professional Lost City of Atlantis or Holy Grail.

Jeffrey is not the analyst’s real name. He asked to remain anonymous because he was not authorized to speak to the media. He also asked that his bank remain anonymous, because he’s one of such a narrow pool of a specific type of employee that even the name of his bank could be used to identify him.

Jeffrey is a “hunter” on the bank’s “hunt team,” and his job is searching for data on the dark web or darknet — a set of web sites that can only be accessed with special software that protects the user’s anonymity. The dark web can be used for many purposes, but most prominently serves as the internet’s underground black market, where criminals buy, sell and trade credit card data, personal information and criminal services.

Jeffrey trolls the dark web for stolen personal data that looks like it might be brand new, especially if it looks like it might belong to customers of the bank or its rivals. He is often one of the first to know that another company has been breached, and his team is often among the first to inform the victims that their systems have been breached.

So Jeffrey was surprised when he learned about the Equifax breach at the same time as everybody else, when the company announced it to the world.

Stolen consumer information usually goes up for sale immediately after a company is hacked, he explains. Criminals aim for speed so they can sell the data before a company’s tripwires ever detect it was stolen. The longer they wait, the more likely the victims and the institutions will make changes to render the data useless. This is especially true with credit card numbers, which can quickly be canceled once fraudulent charges start cropping up on them. Or when Social Security numbers — like those stolen in the Equifax breach — start getting flagged for fraud.

READ MORE: https://www.cnbc.com/2019/02/13/equifax-mystery-where-is-the-data.html

Freezing Credit Will Now Be Free. Here’s Why You Should Go for It.

07MONEY-1-master768

Consumers will soon be able to freeze their credit files without charge. So if you have not yet frozen your files — a recommended step to foil identity theft — now is a good time to take action, consumer advocates say.

Security freezes, often called credit freezes, are “absolutely” the best way to prevent criminals from using your personal information to open new accounts in your name, said Paul Stephens, director of policy and advocacy with Privacy Rights Clearinghouse, a consumer advocacy nonprofit group.

Free freezes, which will be available next Friday, were required as part of broader financial legislation signed in May by President Trump.

Free security freezes were already available in some states and in certain situations, but the federal law requires that they be made available nationally. Two of the three major credit reporting bureaus, Equifax and TransUnion, have already abandoned the fees. The third, Experian, said it would begin offering free credit freezes next Friday. To be effective, freezes must be placed at all three bureaus.

The Federal Trade Commission says that when the law takes effect, its identity theft website will provide links to each bureau’s freeze website.

A security freeze makes it harder for criminals to use stolen information to open fraudulent new accounts, or borrow money, in your name. Credit bureaus house records of your accounts and payment history, which card companies and lenders use to decide whether you are likely to pay your bills. If you freeze your file, the bureaus will not provide information to lenders unless you “thaw” the freeze first, using a special personal identification number.

Free security freezes are becoming available more than a year after a huge data breach was discovered at Equifax. The breach compromised the personal information, including Social Security numbers, birth dates and other sensitive details, of more than 145 million people — nearly half the population of the United States.

Despite the scale of that breach, and a steady stream of other incidents, security freezes have not really caught on. An AARP survey of about 2,000 adults found that just 14 percent had frozen their credit files. (The survey, conducted in July by GfK Group using a probability-based online panel, has a margin of sampling error of plus or minus two percentage points.)

In-depth interviews with 24 consumers by researchers at the University of Michigan School of Information found that many people knew about the Equifax breach, but few had taken the step of freezing their credit files as a result.

Consumers suffer from “optimism bias,” the researchers found. They realized that the breach created risk, but did not think anything would happen to them personally. “People tend to underestimate their own risk,” said Florian Schaub, an assistant professor at the school and one of the study’s authors.

Others incorrectly assumed that because they had poor credit or little wealth, they would be unattractive targets for identity thieves. “They think: ‘I don’t have much money. I have nothing to lose,’” Mr. Schaub said. “But that’s not how identity thieves operate.”

People interviewed also cited the cost of freezes as a barrier. It can cost as much as $10 per bureau to place a freeze, and a similar fee is charged to thaw it temporarily when you want to apply for credit.

Consumer advocates hope that making freezes free will spur more consumers to use them. (The new law requires that a thaw must also be free.)

But the freeze process is not as easy as it could be, said Mike Litt, consumer campaign director for U.S. PIRG, the consumer advocacy group. He would prefer credit files to be “frozen” by default, and thawed on request. As it stands, consumers must place freezes separately at all three bureaus, and keep track of three PINs.

And because it’s not always possible to know in advance what credit bureau a lender will use, consumers typically must lift the freezes at all three bureaus when they want to apply for new credit.

Brett Merfish, a lawyer in Austin, Tex., said she froze her credit at all three bureaus several years ago, after her personal information was used to open “a steady flow” of fraudulent credit card accounts. The freeze process was “tedious,” she recalled, but ultimately effective because she no longer has problems with fake accounts. “It’s worth it to do it,” she said.

One credit bureau, TransUnion, introduced a smartphone app, myTransUnion, this month that consumers can use to more easily freeze and thaw their credit. The app is available for both Apple and Android phones. Mr. Stephens, of the Privacy Rights Clearinghouse, said he had not seen the app, but cautioned consumers to tread carefully, in case it is used to market other, fee-based products and services.

The credit bureaus also offer something called a credit “lock,” which they promote as a more convenient way to protect your information. But some offerings carry fees, and consumer advocates prefer freezes because the rules are set by law, rather than by the credit bureaus.

One other less-protective option is a fraud alert, which requires credit bureaus to contact you to verify your identity when a company requests your credit file. Under the new law, initial fraud alerts must last for one year once established. Fraud alerts are free, and, unlike the freezes, an alert placed at one bureau is automatically placed at all three.

U.S. PIRG also recommends freezing your file at a lesser-known reporting agency known as the National Consumer Telecom and Utilities Exchange. The exchange provides credit information to some cellphone, pay television and utility companies. (Some consumers have reported having cellular accounts opened in their names, even though they had placed freezes on their credit reports at the main bureaus.)

The website for the utilities exchange says its database is “housed and managed” by Equifax. But the exchange is a “distinct” entity that requires its own freeze, said Craig Caesar, outside counsel to the exchange. “A separate request to N.C.T.U.E. is required because it is a separate database,” Mr. Caesar said in an email. There is no cost for a freeze, he said.

The new law also requires credit bureaus to allow parents to create and freeze credit files for their children under 16, to prevent their identities from being misused. The Federal Trade Commission offers information on what to do.

Freezes will not protect you from other types of fraud, like someone using the number of a credit card you already have, or impersonating you online to claim your Social Security benefits. To help prevent those types of theft, Mr. Litt recommends checking your credit card statements regularly for suspicious charges, and setting up and monitoring an online Social Security account, to prevent criminals from opening one first and diverting your benefit checks. A PIRG report suggests other helpful steps as well.

Checking your credit report periodically is also wise. You are entitled to one free copy each year from the big three bureaus at annualcreditreport.com. (A security freeze will not prevent you from getting your free annual report, the F.T.C. says.)

Here are the websites to visit to set up security freezes:

TransUnion: transunion.com/credit-freeze

Experian: experian.com/freeze/center.html

Equifax: www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

National Consumer Telecom and Utilities Exchange: www.nctue.com/Consumers

The Trump Administration to Restaurants: Take the Tips!

Most Americans assume that when they leave a tip for waiters and bcapital-one-credit-cardartenders, those workers pocket the money. That could become wishful thinking under a Trump administration proposal that would give restaurants and other businesses complete control over the tips earned by their employees.

The Department of Labor recently proposed allowing employers to pool tips and use them as they see fit as long as all of their workers are paid at least the minimum wage, which is $7.25 an hour nationally and higher in some states and cities. Officials argue that this will free restaurants to use some of the tip money to reward lowly dishwashers, line cooks and other workers who toil in the less glamorous quarters and presumably make less than servers who get tips. Using tips to compensate all employees sounds like a worthy cause, but a simple reading of the government’s proposal makes clear that business owners would have no obligation to use the money in this way. They would be free to pocket some or all of that cash, spend it to spiff up the dining room or use it to underwrite $2 margaritas at happy hour. And that’s what makes this proposal so disturbing.

The 3.2 million Americans who work as waiters, waitresses and bartenders include some of the lowest-compensated working people in the country. The median hourly wage for waiters and waitresses was $9.61 an hour last year, according to the Bureau of Labor Statistics. Further, there is a sordid history of restaurant owners who steal tips, and of settlements in which they have agreed to repay workers millions of dollars.

6 Ways to Be Better at Money in 2018

capital-one-credit-cardWelcome to the Smarter Living newsletter. Editor Tim Herrera emails readers once a week with tips and advice for living a better, more fulfilling life. Sign up here to get it in your inbox every Monday morning. Though there’s never a wrong time to get your finances in order, a new year is the perfect excuse to take a deep look at your relationship with money. Whether you’re just starting out in your career or you’re nearing retirement, below is The Times best financial advice from this year on earning and saving more money and, more important, deciding what to do with all of it.

Save a little extra money every week

No, cutting out that indulgent, extra-fancy coffee once a week won’t make you a millionaire, but those small savings truly do add up over time. Find where you’re nickel-and-diming yourself, then see what you can stand to eliminate. Read more »

‘Dear Equifax: You’re Fired.’ If Only It Were That Easy.

The emails have landed in my inbox, one every other day or so since Equifax revealed that cyberthieves had helped themselves to the Social Security numbers and dates of birth of more than 140 million Americans in the company’s files. And though the words differ (and some are unprintable in this space), the messages all end with the same demand: I want out. I want out of Equifax’s system. That company no longer has permission to make money off my personal data. I want them to delete my file and never start a new one.

It’s hard to blame people for wanting to quit in a fit of pique. This is an industry that uses our personal and financial data as its product, and the real customers are the banks and others who want to check up on us. And this breach isn’t like those at other companies that have let their data loose, like Yahoo or Target, where you can simply find another company to patronize. So, can you dump Equifax? And if not, shouldn’t you be able to?

First, some practicalities. When you sign up for a credit card or a mobile phone or any number of other loans or services, you agree — whether you know it or not — for the provider to send a report card on you to credit reporting agencies like Equifax, Experian and TransUnion. So let’s say you no longer trust Equifax to store your data in the wake of its breach. Sure, you could approach all of those providers and try to persuade them not to send data about you to Equifax each month. But it would be far easier to simply ask Equifax to erase your file and not make a new one.

But what happens if you need to borrow money in the future and you have credit files only at Experian and TransUnion? This poses an enormous problem when it comes time to make the biggest of all purchases — a home. Fannie Mae, whose rules govern the standards for many mortgages, wants information from all three credit “repositories,” as the company puts it.

There is already a potential out in the rules that allows for data from just two agencies if that is “the extent of the data available.” While this rule may exist to help people with a limited credit history, there’s no reason Fannie couldn’t also apply it to people with an extensive history that happens to reside only at Experian and TransUnion, and not at Equifax.

This wouldn’t be ideal for the mortgage industry, though. Credit reports tend to be riddled with errors, so lenders prefer a wider range of data to survey. “Lenders will compare the three and make their best guess,” said Pam Dixon, the executive director of the World Privacy Forum, a research group. “They kind of triangulate the errors.”

While it’s a nifty trick when an industry’s rank incompetence seems to necessitate a permanent triumvirate, a better solution might be a duopoly that actually cares about getting the data right.

Lenders who deal in smaller amounts seem flexible enough, and would have to become more so if more people had only two major credit files. American Express already is. It simply looks to the other two big credit bureaus for underwriting guidance if an applicant does not have a file at the third, said Ashley Tufts, a company spokeswoman. (She declined to comment on why American Express planned to continue to send data to Equifax, given the bureau’s now proven inability to protect it.)

Some readers, many of whom will have no need for mortgages or much new credit in the future, have tried to delete their Equifax files since the breach. One person sent letters making his demand to Equifax’s former chief executive, Richard F. Smith, before he retired last week. (The request received no reply.) Others have called the company’s various call centers. Often, they couldn’t get through or waited for more than hour and then spoke to someone who insisted that it was not possible to have a file deleted.

But what happens if you need to borrow money in the future and you have credit files only at Experian and TransUnion? This poses an enormous problem when it comes time to make the biggest of all purchases — a home. Fannie Mae, whose rules govern the standards for many mortgages, wants information from all three credit “repositories,” as the company puts it.

There is already a potential out in the rules that allows for data from just two agencies if that is “the extent of the data available.” While this rule may exist to help people with a limited credit history, there’s no reason Fannie couldn’t also apply it to people with an extensive history that happens to reside only at Experian and TransUnion, and not at Equifax. This wouldn’t be ideal for the mortgage industry, though. Credit reports tend to be riddled with errors, so lenders prefer a wider range of data to survey. “Lenders will compare the three and make their best guess,” said Pam Dixon, the executive director of the World Privacy Forum, a research group. “They kind of triangulate the errors.”

While it’s a nifty trick when an industry’s rank incompetence seems to necessitate a permanent triumvirate, a better solution might be a duopoly that actually cares about getting the data right. 07MONEY-1-master768Lenders who deal in smaller amounts seem flexible enough, and would have to become more so if more people had only two major credit files. American Express already is. It simply looks to the other two big credit bureaus for underwriting guidance if an applicant does not have a file at the third, said Ashley Tufts, a company spokeswoman. (She declined to comment on why American Express planned to continue to send data to Equifax, given the bureau’s now proven inability to protect it.)

Some readers, many of whom will have no need for mortgages or much new credit in the future, have tried to delete their Equifax files since the breach. One person sent letters making his demand to Equifax’s former chief executive, Richard F. Smith, before he retired last week. (The request received no reply.) Others have called the company’s various call centers. Often, they couldn’t get through or waited for more than hour and then spoke to someone who insisted that it was not possible to have a file deleted.

At the Center of Change, Cherry’s Unisex Saturday night in Bedford-Stuyvesant, Brooklyn, where the salon is an almost always-open witness to a neighborhood in the throes of change.

02drunk190.1It was past 1 a.m. in Bedford-Stuyvesant, Brooklyn, on Memorial Day weekend, on Fulton Street between Throop and Nostrand. A few bodegas and a fried chicken spot were open, supported by gaggles of hungry young people bubbling up from the subway every few minutes. Hip-hop from passing cars with windows open or tops down melted into the night. But for the most part, it was quiet. This strip of Fulton is dominated by 26 storefronts that specialize in black hair, but at this hour, most were dark, their gates down.

One shop, however, was open for business. It was a cavernous salon with a black tile floor and white walls, and its door was propped open. Black chairs ringed the room, and an island of hair dryers took up its center. This was Cherry’s Unisex Salon. Two barbers and four customers lounged in chairs. A short, muscular man wearing a black T-shirt and sweatpants, Cory Parker, took off his do-rag and sat in a barber chair, running a hand over short, curly hair as he consulted a chart of 30 men’s haircuts on a wall.

“I want between a 3, an 18 and a 27,” he said over his shoulder to a barber rummaging in a drawer.

“O.K.”

“You’re not even looking at the chart! What did I say I want?”

The barber turned around and peered at the chart. “You said you want an 18, a 23 …” he started. They both laughed.

READ MORE:https://www.nytimes.com/2017/07/07/nyregion/cherrys-unisex-salon-bedford-stuyvesant-brooklyn.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=second-column-region&region=top-news&WT.nav=top-news&_r=0