Help!  I’m hoping a whistleblower will step up to provide additional info regarding the extent of the TD Ameritrade breach.

If you have whistle-blower information about what happened, please help. If you know anyone who works at any of these companies who could help, please speak to them.  Think you might be able to help answer the many unanswered questions I have? Please contact me privately, such as by leaving a message for me at (267)543-2801.

Here’s what I surmise happened:  At some point, presumably due to my lawsuit or the injunction filing, TD AMERITRADE finally started seriously looking into the breach we had informed them of eons earlier. Someone at TD AMERITRADE, or ID Analytics, or Mandiant, perhaps by placing canaries and watching for them on the wire, or through triggers, or tripwire tools, or malware search tools, found evidence that their
boxes had been compromised, e.g. a rootkit or backdoor or the active PII (Personally Identifying Information)-compromising code.  Most likely, there was a combination of these people, tools and compromises involved. Then I think there was a game of telephone: info about the breach went from the actual investigator/researcher up through levels of management, between companies (say from Mandiant to ID Analytics to TD AMERITRADE, up through the brilliant PR folks to Joe Moglia, who made an announcement, and then other mouthpieces at TD AMERITRADE made announcements and wrote FAQs and financial reports based on that announcement.  This would allow what happened and what was publicly reported to diverge considerably.

If for some reason you don’t want to deal with me, by all means, consider heading over to wikileaks.org!  If you are paranoid (and you should be!) the good folks at wikileaks have some good ideas (http://www.wikileaks.org/wiki/Wikileaks:Submissions) on how to ensure your confidentiality.  Even if you contact me directly, please read that page to have an idea of what you are up against.  Sarbanes-Oxley and other applicable laws prohibit some retaliation against whistleblowers, but it still happens; anonymity is a far better tool.  Be aware that organizations such as the NASD and FINRA are essentially *self-governing* bodies, i.e. their purpose is largely to protect companies like TD AMERITRADE! The SEC was informed of the issue in 2005; they didn’t take effective action.

Please be aware: I don’t disclose security problems irresponsibly; you shouldn’t assume I’d make everything you provide public.  I’m happy to communicate in any reasonable form – phone, email, mail, web (e.g. reply to this post), or other methods (I’m good with VoIP, IRC, IM, SMS, anonymous email, S/MIME, PGP/GPG, gzip, PKZip, Winzip, RAR, tar, ftp, ssh, scp, winmail.dat, you name it.) Some basic contact info is here: http://www.elvey.com/it/contact.htm. If you want you can just email me: matthew (at) elvey.com, but put “earthshattering” in the Subject to ensure I get your message; that will bypass filters that could reject or discard your message; if you do that, then you can send me attachments up to 50MB in size.

I think Ameritrade is hiding behind ’security by obscurity’ claims and admittedly brilliant PR.  Please help me prove it.
(If only their Security were half as good as their PR … )