Part 1 - A Very Dangerous Landscape
Some of us remember when a firm handshake
and a look square in the eye were all that was needed to close a
deal. A person's word was their bond. Nowadays, of course, it's a
little more complex than that. Account numbers, logins, passwords,
PIN numbers and even "secret" questions -- it's all designed to
keep our personal information, well … personal. But does it,
really?
For every encryption method, there are a thousand faceless
hackers and criminals out there, looking for a way to crack it and
steal your financial information. And to make matters worse,
technology has now forced us to doubt one of our most basic
assumptions - that we can prove we are who we say we are.
I'm talkin' identity theft here
Most of us over 50 can remember a time when the term "identity
theft" usually meant some kid lifted your ID to buy beer. But
fast-forward past Ward and June Cleaver, past Vietnam, past the
Beatles, past the Space Shuttle, even past 9/11. This is now.
In our world, your identity -- all the numbers and codes that are
normally used to prove who you are -- can be bought and sold as a
commodity among the underworld organizations of the world. To them,
you aren't a person … you're a resource. They're just harvesting
what's out there. And it's easier to get than you think.
Danger lurks half a world away
Chances are, the wiseguys who are trying to weasel their way
into your wallet aren't even in this hemisphere. One of the biggest
criminal organizations currently known to be engaged in active
identity theft is based in Russia. It's called (how's this for
irony) The Russian Business Network or RBN **(see note below). RBN
does have legitimate internet-based businesses, but it also is
known to be responsible for wholesale identity theft from consumers
worldwide. That stolen information is then auctioned off to
criminals across the globe. What it doesn't steal for itself, RBN
allows its customers to steal.
It leases network space to criminal websites (such as fake
antivirus software vendors) designed to scare consumers into buying
their product -- which turns out to be bogus.
So how can these "entrepreneurs" get your most prized data? It
can be as simple as picking up a discarded receipt or as ingenious
as a fake message from your bank.
Local crooks can pick through your trash to get a document with
an account number, your Social Security Number or credit card
information. They might even be able to monitor wireless computer
transmissions and pull your account information off the
non-encrypted network. (This is why we never recommend performing
financial transactions on "open" or unencrypted wireless
networks.)
Big phish, big payoff
But for the really big score, the bad guys don't target you;
they go after the folks who have lots of data -- YOUR data. In
2008, for example, the Russian Mafia targeted a major American
hotel chain, hacking into their European computer network and
stealing credit card details and other information for some 8
million customers across the continent. On this side of the pond,
ChoicePoint, a firm that specializes in warehousing data on
millions of American consumers, was swindled in 2005 out of 140,000
identities by Nigerians posing as legitimate businessmen.
ChoicePoint offers detailed demographic and financial information
on people for use in pre-market studies and by trend researchers.
Industry officials admit a similar theft of identities occurred at
another data warehouse operation as early as 2003.
But don't dig yourself a hole and crawl in just yet. There are
concrete steps you can take to avoid identity theft. We'll talk
about those -- and what to do if your information is stolen -- in
our next post.