Tackling Identity Theft

[Spyder32]

From Cnn.com (Jan 29th)

(CNN) -- A fourth man has been arrested as part of the largest identity theft case in U.S. history. Federal officials say Emanuel S. Ezediaro is charged with buying and selling credit reports of tens of thousands of people. If convicted of wire fraud and conspiracy, he could get up to 35 years in prison and more than $1 million in fines.

One of his alleged co-conspirators, Philip Cummings, will be arraigned on Wednesday.

This column, which was written when the case was made public, explains how the fraud was carried out and what consumers can do to protect themselves.

It's all we've been hearing from computer security specialists since September 11: Be on the lookout for threats from outside your network. Hackers and terrorists engaging in the dark arts of cyberspace could do a lot of harm.

Yet one of the big techno-scare stories of the week involves a threat that came from within. It was an inside job that set off what federal officials are calling the largest identity theft case in U.S. history.

U.S. Attorneys say Philip Cummings, a 33-year-old former customer service representative at a Long Island, New York, tech company, helped orchestrate a fraud scheme that has claimed more than 30,000 victims, costing them $2.7 million -- so far.

The feds say Cummings' company provided software and hardware that allowed banks and lending companies to get commercial credit information from three national agencies that keep track of consumer credit -- Equifax, TransUnion and Experian.

Cummings is charged with using his position at his company's help desk to get access codes that other companies use to check consumer credit. Officials say he then sold to criminals credit reports that include Social Security numbers, credit card numbers and other vital personal information. Those criminals then used the information to defraud victim across the country, according to police.

"You don't just have to protect yourself against a faceless hacker in a basement," said Chad Herrington, a computer security specialist with Entercept Security Technologies of San Jose, California.

"We often forget to think that insider know where the data is, have access and know what to do with it," Herrington said. "They can damage you a lot more. But the insider threat doesn't make the news. Companies try to keep this kind of thing quiet."

U.S. Attorneys say Philip Cummings helped orchestrate the fraud scheme that claimed more than 30,000 victims, costing them $2.7 million.

Chris Rouland, director of the X-Force research and development division of Internet Security Systems, which is headquartered in Atlanta, Georgia, said any company that strengthened firewalls for outside threats but ignored insiders is "a hard candy shell with a soft chewy center." Companies must do a better job of keeping track of their own employees, Rouland told "Howired."

Both Rouland and Herrington say more background checks need to be done of technology workers who handle this kind of personal data. Rouland added that companies must also use technology to monitor that data while it is inside their systems and restrict access to key resources.

"It's also about controlling temporary workers and consultants," Herrington told "Hotwired." "Let's say they only worked at a company for a week, but the account they used to give them access wasn't deleted for up to a year later. They can still get access and do what they want."

There may not be much you, the consumer, can do about "insider" identity theft cases. But you can check your credit history once or twice a year, according to Christina Karpowitz, a spokeswoman for Experian. "Especially before making a major purchase. You want to review your credit report at least 90 days before that."

Here's a low-tech way to protect your identity: don't just throw away any mail that may have your Social Security number, credit card numbers or any other personal information. Shred them.

Thieves are threatening to make Dumpster diving an Olympic sport, and any pre-approved credit card offers you get in the mail can be the equivalent of a gold medal for the unscrupulous.

Shredders are getting cheaper, and it would be a small price to pay for hanging on to your identity.

Wow, this is really sick and sad. I never have payed to much attention to identity theft issue's and have always tried to use common sense when dealing with anything related to that crime that could protect me. Usually I'll double shred (so pieces aren't easy to put together) my credit statements or anything like that and maybe soak it in water, but I rarely use a credit card anyways.

U.S. Attorneys say Philip Cummings, a 33-year-old former customer service representative at a Long Island, New York, tech company, helped orchestrate a fraud scheme that has claimed more than 30,000 victims, costing them $2.7 million -- so far.

That's a whole lot of money (and victims) to be scammed or frauded away from people. God know's how much more there is that they haven't found yet, because some people work with more than one scam or fradulent purpose's.

"We often forget to think that insider know where the data is, have access and know what to do with it," Herrington said. "They can damage you a lot more. But the insider threat doesn't make the news. Companies try to keep this kind of thing quiet."

It alway's suck's when this kinda thing happens (duh) but when there is an insider working at a bank or any place that deals with the transfer of social security numbers, credit card numbers, etc.

My point being, is that I think we should focus more on preventing identity theft and studying how they do it and way's of stopping it. I'm going to be looking onto more articles and reading up on it (hopefully learning about ways to stop it) but in the mean time, How do you feel about identity theft and What do you know about it? Way's to be prevented? Etc..

[alittlebitnumb]

When you really think about it, Identity theft can be pretty easy.

For instance, a corrupt bank teller, car dealer or anybody that deals with personal information can slip a few numbers here and there, sell them and ruin somebody. All it takes is somebody using your social security number to run up bills, tickets and the like before somebody knows what the hell hit them.

Also a little social engineering can go a long ways. Call or get real cozy with somebody on IRC (or other chat) and finnagle info out of a hapless victim.

Everyday I wonder where my personal info is stored, I can almost gurantee it's in a database somewhere unencrypted and ready for the taking. Like my info is all that important. What about those who havse serious money and a reputation to keep up? What if there is some crazed fan, disgruntled employee, or polital opponent wanting to dig up dirt, make dirt up, or simply ruin their lives?

It's very scary. Let this be a lesson kiddies. be careful on what you say and where you say it.

Heh, maybe I should heed my own advice

albn

[englishgirl1]

In the UK, the inland revenue recently announced that they were having to rebuild their security systems to stop employees looking up the salaries of ex-partners, famous people etc. This partly stemmed (according to the press anyway), from an incident of this type (although not this magnitude).

Also, in a recent documentary shown on BBC Television, an investigative reporter used a copy of a birth certificate to get a photo driving licence (using his photo) of the home secretary, who is registered blind, which caused a bit of a stink.

Finally a personal story. I had a bit of a pest (not stalker, he was too stupid for that title), a few years back who tried to steal my identity. He registered for various things in my name and it took me a long time to recover, first of all because I didn't know the extent of the problem, second because people don't generally question your identity closely. I still get problems occasionally although it's easier now because I married and changed my name (and he doesn't know!)

Nothing is sacred in this country, you can get a copy of most documents you'd need to adopt a persona and what's really scary is that knowing that this problem exists, our government are still bumbling along the "joined up" computing route, tying together sources of information from various public bodies. To give you an idea, our health service is trying to share data across the country, with scant regard for the discrepancies in security and privacy policies between local health authorities.

Sorry, that turned into a bit of a rant. But this sort of thing really worries me.

Rachel

[n0t 1337]

My familiy has had literally thousands stolen due to identity theft (fortunatly, is was all from credit cards and we didnt have to pay it)

The worst thing is that we KNEW their adress (it was 10min from our house) and reported it to the police as well as all the credit agencies and yet the police refused to even look into it!

Its just too easy...

[dspeidel]

Originally posted here by alittlebitnumb
When you really think about it, Identity theft can be pretty easy.

For instance, a corrupt bank teller, car dealer or anybody that deals with personal information can slip a few numbers here and there, sell them and ruin somebody. All it takes is somebody using your social security number to run up bills, tickets and the like before somebody knows what the hell hit them.

It is too easy and too frequently we see a corrupt individual exploit the system. The proper controls need to be in place. Part of those controls should be a proper background check. If the information controls are in place but the person using the info is corrupt much is still lost.

Many social problems are caused by corrupt people -a danger to dealing with people. Yes, I am slightly cynical.

Cheers,
-D