Buczek Enterprises has been a small blip on the radar until this evening. One of the most catastrophic things a Company can do which is charged with keeping Confidential Information is to arbitrarily allow access to both domestic and international people whom do not have a need to know. While researching an upcoming Article on Buczek, I was doing some deep bio research on Buczek’s website and stumbled upon some most disturbing information. All of the below referenced Companies forms, instructions, email addresses, phone numbers, videos, and a plethora of other information are accessible from the Internet without ANY HACKING.
Buczek allows access to anyone with respect to their entire Client Forms Repository. Altisource, ACA Asset Management GroupAimYourWay, CoreLogic, Energy REO/HomeStar, Lender Processing Services, Mortgage Contracting Services, Ocwen, National Field Network, Safeguard Properties, REO Allegiance, WhiteVan-Carrington — EH Pooled Investments LP (FCI Lender Services in Oregon?!) and several unnamed Companies whom I have Non Disclosure Agreements with one of which will contact Buczek in the morning.
While I feel compelled to post the links to all of this information I am not … yet. Everyone gets a pass … tonight. The more important aspect of this is that the compliance with Computer and Information Security is for shit. In the 21st Century Buczek should spend a few of the extra dollars they are getting on charge backs, for which their Clients pay them anyway, and protect Client data.
Buczek Enterprises and ACA Asset Management Group both have the same case of Noob Coding. Look at both of the hyperlinks. You will see that they are coded identical from a Forensic IT Point-of-View. Now, click Home on each. The Home on Buczek Enterprises processes fine (insecure in my opinion even though it is https), but the ACA Asset Management Group generates an error: Notice: A session had already been started – ignoring session_start() in /usr/local/apache/htdocs/slive/WEB-INF/web-apps/framework/path.php on line 92
If I were a Client I would be pretty damn concerned. Why? Give me a good Dodd – Frank / Consumer Financial Protection Bureau / FDIC Audit and you just lost your Contract. Screw the Audit, how much did I or Anonymous or 312 learn?! How about the root level if someone wanted to get curious?! Now, FULL DISCLOSURE: My IP Address was used in the Clear and I DID NOT HACK Buczek. This was a simple Security Audit which was performed pro bono.
While Buczek Enterprises likes to hold Contractors LIABLE FOR SEVEN YEARS IN CHARGE BACKS do you really think they will do the same for themselves? (See Below To Document That I Was In And Prove The Claim) Let me be very blunt here: If you are a Client of Buczek and want to talk, feel free to reach out. Reports will be generated on each and every Member of the National Association of Mortgage Field Services (NAMFS) as I feel compelled to inform the American Public and our Congressional Representatives on precisely how insecure the Property Preservation Industry is.
Here is the irony: When those NAMFS Members like Field Asset Services (FAS) chose to drop Foreclosurepedia the Company as a Client FOR NO REASON WHATSOEVER other than to have a Chilling Effect Upon Free Speech you freed up an enormous amount of free time for me to pursue my Investigative Journalism.
See, that is ironic. I always thought I was better at cutting lawns; however, now it looks like as I no longer have Non Disclosure Agreements with anyone I am free to pursue my mid age calling. Hell, it is a Public Service. I mean don’t we all want transparency? I mean if there is an IT/COMSEC issue do we not want that made known to everyone so that it may be corrected and an assessment performed to protect all Clients?!
So, where does all of this go? Well, I suppose that lies upon the Shoulders of Eric Miller and the rest of the Property Preservation Industry. You people brought this war to my doorstep. You violated the very rights I fought to protect for you. While everyone was safely tucked in at night I was walking Point. I come home and because I talk you eviscerate me?!
Did you really, really think I was just going to let FAS close the door on work for no legal reason whatsoever? While Dale McPherson screwed the Wounded Warrior Project and sacked the FannieMae Contract I was cutting grass and this is how I get treated, huh?!
Stay tuned each and every day. I am just warming up. Should prove to be a great Holiday Season! Hey Brian, can you hear me now?!
Should anyone like an IT Security Assessment, feel free to reach out to me for a Consultation. As most of my Clients know, when I sign a Non Disclosure Agreement I am legally bound to keep all of your information Confidential; I take it to the Grave. Sometimes it is cheaper than having to find shortcomings all over the Internet.
One final note: Buczek Enterprises has done far more than compromise their Client’s information. Many Internet Scrapers are now using their Client’s Information in their own Sales and Distribution. Altisource, in particular, should take note of this as they wouldn’t want to become part of a Congressional Inquiry due to an Audit. It would seem that lately Altisource has chosen some very unfortunate Partners. Perhaps Luxembourg ought to get a Clue before it becomes too late!