Tuesday, August 23, 2005
Identity theft affects more than credit scores and bank accounts. By assuming another's identity, someone can commit crimes of all sorts and never face the consequences. The aftermath of identity theft can affect a person's job and reputation for years to come, with no easy way to repair the damage.
It's the job of all citizens to monitor activity taking place under their names. Arlington, VA-based MyPublicInfo provides the tool to do so: the Public Information Profile (PIP), available at my Web site, http://www.idtheftsecurity.com. You can obtain a PIP by going there and clicking on the "MyPublicInfo" logo.
Every citizen has a responsibility to stave the identity theft pandemic. While we all have the right to expect industry and government to rise to the challenges of identity theft, we can -- and must -- do a lot, ourselves, to make sure nothing is awry with our identities.
MyPublicInfo's PIP gives consumers access to their public records. The tool helps them in two main ways. Anyone who obtains one can view public records connected to his name and see information accessible to other people performing background checks. It is the first tool to provide consumers with user-friendly, complete, and legally-conforming personal profiles of aggregated public information.
According to Dr. Harold Kraft, CEO of MyPublicInfo, over the past year, the rash of data thefts has led consumers to feel powerless. "The PIP, checked regularly, empowers consumers; peace of mind no longer depends on the whim of an identity thief."
Terrorists could enter the country under stolen identities. I can't think of a more intuitive, comprehensive way than the PIP tool for American citizens to take control of their identities and help Homeland Security. I have viewed my own PIP. It was a momentous experience. Citizens will be surprised by the information that floats around online and in public records. This is all potentially available to criminals, and it only makes sense for each and every citizen to keep tabs on it.
Government is beginning to recognize that citizens deserve power when it comes to their own identities. An article in the Aug. 17 edition of Insurance Journal reported the passing of the Information Security and Notification Act in New York State. Once it takes effect in December 2005, the law will require businesses to inform New York residents when financial and personal information has been compromised.
A handful of states have enacted legislation like New York's Information Security and Notification Act, but the measures are reactive, and many states provide little protection. Citizens cannot afford to wait. The best course of action is to be proactive when it comes to identity theft. A PIP makes action all the more possible. I encourage all my clients to use it.
Monday, August 22, 2005
Through social engineering or other means, thieves can learn everything they need to know to steal identities on a massive scale. While watchdog groups decry countermeasures such as The Real ID Act as invasions of privacy, the added security will stave identity theft in the face of increasingly brazen robberies.
I don't even need to get your Social Security number behind your back to steal it. All I need to be is a good liar. This is called social engineering. It's low-tech, and it works so well, thieves even without computers can easily steal identities.
The Associated Press reported on Aug. 12 that Olatunji Oluwatoisn, the only person charged in the ChoicePoint robbery, now faces six charges in addition to those he faces from earlier this year. He was allegedly part of a Nigerian identity theft ring that used social engineering techniques to gain access to ChoicePoint Inc.'s database. The massive heist of Social Security numbers and other sensitive identifying information lasted for about a year before news of the breach broke.
I always tell people that they might as well plaster their Social Security numbers across billboards along major highways throughout the nation. It's the key to the kingdom of identity theft, but not an especially challenging key to obtain. The billboards, in this case, are data brokers and others who have few laws to follow. Government must rethink how the private sector handles personal financial information.
An Aug. 10 article in The Christian Science Monitor quoted privacy and government officials debating the anticipated consequences of The Real ID Act, which Congress passed in May 2005. People read about The Real ID Act and think, "I can't believe how the government is fiddling with my privacy." It is upsetting to learn that so many people have access to your personal information, but it is important to realize, too, that privacy went the way of the dinosaur a long time ago.
With identity theft running rampant, we need security. People think they want privacy, but what they may really want is to know their information is secure. Security and privacy, in this day and age, cannot coexist. The Real ID Act is an earnest step toward effective authentication in identification. It is an improved way to stave identity theft. It begins to provide true peace of mind in identification.
As we implement it, people will learn just how available their information is—and just how impossible it is to change this fact. They will soon give up on the futile battle for privacy and start to demand security.
Wednesday, August 10, 2005
Threats to computer and data security continue to increase in variety and grow in sophistication. Criminals such as identity thieves and computer hackers employ these tools along with social engineering techniques to lull unsuspecting Web surfers. The onslaught demands a coordinated, overwhelming response from industry. Without massive and intelligent retaliation from industry leaders and governments, computer hackers, identity thieves and the like will have gained the upper hand for a long time to come.
Cons exploit the trusting sides of victims by using lies and ruses to gain proprietary information. This is social engineering. Hackers and identity thieves, technically adept, are adding social engineering to their tactics at an alarming rate. Social engineering is a tool to gain access to sensitive identifying and financial information stored on what may otherwise be properly secure individual and networked computers.
Remain vigilant even if your computer system or network utilizes the very latest in security. Anybody with nerve who studies sales techniques and psychology can socially engineer others. There is nothing high-tech about it. Social engineering applies tried-and-true, time-tested conning techniques to new circumstances, the information age.
And the technical threats continue to mount as well. A July 25 press release from Websense, Inc. explores many, such as keyloggers, mobile malicious code (MMC), and others—all of which are increasing in their frequency, according to the release.
The August 2005 issue of Entrepreneur looks at another alarming ploy, the pharming technique, which essentially compromises the functioning of a domain name server (DNS). A pharming scam redirects Web surfers who type legitimate organizations' URLs. A user may have no idea she has been rerouted to a con site, which masquerades as the real thing. Those running the fake site typically steal the visitor's personal information.
We cannot allow pharmers to get away with taking hacking to a whole new level. Pharming undermines users' fundamental expectations for the online experience.
The response to online threats must be cooperative. Governments and industries such as banking and software firms should work together to combat the problem as a united front. Stakeholders at all levels, from the software firm's boardroom to the personal computer user's living room, need to aggregate threats as they learn of them. Only then will firms and individuals be able to easily obtain and deploy effective blocking software.
Companies' security measures are woefully lacking. Just watch the news any night. The latest security breach tells you this. The circumstances we find ourselves in could bring down the whole house of cards. And a house of cards it truly is. Easy money for computer-savvy thieves abounds.