[EAS]Identity Theft (More)

pjk pjk at design.eng.yale.edu
Fri Jun 1 18:46:48 EDT 2001

Subject:   Identity Theft (More)

Dear Colleagues -

I commented on this quite recently at
http://www.yale.edu/engineering/eng-info/msg00820.html but the
dimension of the problem grow ever more concerning. To quote a
paragraph of some material I wrote for a course unit on privacy:

Contemporary society, even before the Internet, can be characterized
as one where a significant portion of important personal activities
are carried out by the mediation of people whom one does not see, or
even know to exist. The vast expansion of the Internet in the last 10
years has much magnified this circumstance. Today a bank can extend
credit to someone anywhere in the US. The credit record companies such
as TRW on which they rely, before the Internet and even more readily
so now, track the credit history of well over 100 million people.
Similarly, government agencies are responsible for accounting for the
activities of equally many millions of people, the IRS (created in
1913), the Social Security Administration (1935), the FBI (1908), and
many others.

Herewith some recent items.


(from NewsScan Daily, 31 May 2001)

Identity theft is an increasing problem in the Information Age, and
 brokerage companies sometimes unwittingly sell dossiers to people
using  fake credit card and posing as other people. In one scam,
thieves used an  e-mail account and a stolen credit card number to
purchase reports  containing Social Security numbers, employment
information and driving  records, and were able to use this
information to plunder bank accounts.  One victim of identity theft
said: "What has taken me a lifetime to build  -- my trust, my
integrity and my identity -- has been tainted. I don't know  if I'm
dealing with a 14-year-old messing around with a computer or if I'm
dealing with organized crime." The Social Security
Administration's  inspector general says the power of the Social
Security number makes it a  valuable asset subject to limitless
abuse, and calls that misuse has  developed into "a national
crisis." (Washington Post 31 May 2001)

Internet security experts such as Peter G. Neumann of SRI
International and  Bruce Schneier of Counterpane Internet Security
believe that security on  the Internet is very poor. Schneier
characterizes the Internet as "just too  complex to be secure," and
Neumann predicts: "The Internet is waiting for  its Chernobyl, and
I don't think we will be waiting much longer; we are  running too
close to the edge."  In the process of compiling material for a 
New Yorker magazine article on Internet security issues, journalist
Michael  Specter hung out with network "crackers" in Amsterdam and
observed them  take over the Los Angeles Police Department computer
system, steal  passwords from a university in Korea, and break into
his own Web site.  He  also received a lesson in creating viruses
and produced one that erased all  the data on one of his computers.
(New Yorker 28 May 2001) print only

(from TOURBUS Volume 6, Number 84 -- 29 May 2001)


It sounds scary.  But should you be afraid?  You may be wondering
exactly what the phrase "identity theft" means.  Perhaps it
conjures up images of evil plastic surgeons, or someone standing on
the street corner yelling "Stop that man -- he just stole my
IDENTITY!"  And ironically, the policeman says "Who are you?"

Identity theft occurs when someone uses your personal information
(usually without your knowledge) to commit fraud or theft. It's a
problem that existed before the Internet, or even computers. But
computers and the Internet might make it easier for Bad People to
learn your name, address, birthdate, social security number, credit
card, bank account or driver's license number.

And armed with some or all of that data, it becomes trivial for a
criminal to invade your privacy, run up a tab at your expense, open
bank accounts, apply for loans, establish phone or utility service,
request a postal change of address, or even commit crimes in your

Who Wants to Be a Billionaire?

A few months ago, a high-school dropout employed as a busboy made
headlines when he was caught in a scheme to steal millions from
rich and famous people such as Steven Spielberg, Ross Perot, Oprah
Winfrey and Ted Turner.

Police arrested 32-year-old Abraham Abdallah, in possession of a
tattered copy of Forbes Magazine's "400 Richest" article, marked up
with the social security numbers, home addresses and birth dates of
200 celebs and moguls.

Abdallah allegedly used the Internet for some of his research, and
was able to obtain detailed credit reports on his victims, gain
access to credit cards and poke into accounts at brokerage houses.
Abdallah's virtual house of cards began to tumble when Merrill
Lynch got suspicious about an email request to transfer $10

Don't Be the Weakest Link

Even if you're not a billionaire, you could put yourself at risk of
identity theft if you're not careful.  If you don't want to be
among the 500,000 people who are victims of identity scammers each
year, here are some things you can do to protect yourself, both
online and offline:

 + Never send personal information such as credit card or social
   security numbers by email.  Think of email the same as a post
   card, in terms of security.
 + Don't reveal your password to anyone.  At websites that require
   a login, use something other than your dialup userid & password.
 + Put as little as possible in online profiles, especially if you
   use AOL.
 + Be very careful at public Internet terminals, ATMs and phone
   booths.  Someone could be "shoulder surfing" to learn your
   password, PIN code or calling card number.
 + When making an online purchase, be sure the merchant uses a
   secure server. (The site address should begin with HTTPS instead
   of HTTP.)
 + Don't respond to messages informing you that you've won a prize,
   if they require you to provide a credit card number, SSN, etc.
   in order to claim the booty.
 + Don't respond to messages informing you that you've won a prize,
   period.  NEWS FLASH: You didn't win.  It's either a spammer or
   a scammer trying to get money or personal info from you.
 + When you're in a public place and you have to enter private
   data, use the "two finger" method.  Put both of your index
   fingers on the keyboard or keypad, and pretend to press a key
   with one hand, while pressing the desired key with the other.
   With practice, you can enter your password or PIN number in a
   way that makes it virtually impossible for snoops to detect.
 + Keep a close watch on laptops, PDAs and cell phones when you're
   in a public place.  Protect access to these devices with a
 + If you sell a computer or hard disk, make sure the disk is
   wiped clean.  But deleting files or even formatting the disk
   may not be enough.  I suggest a digital "file shredder".  You
   can find and download a free program to do this here:

   <A href="http://www.download.com">
   http://www.download.com  </A>

Got Bilked?

If you believe that you have become a victim of identity theft,
quick action can minimize the damage.  Here are some steps you
should take immediately if you lose your wallet, passport, or birth
certificate, if you have a laptop stolen, or if you note suspicious
activity on your credit card.

 + Notify the police in case of fraud or theft, and get a copy of
   the police report.
 + Contact your bank and inform them if a credit card or other
   account may have been compromised.
 + Ask the credit bureaus to attach a fraud alert to your report.
 + Contact the post office to see if a change of address has been
 + Ask your Internet provider for a new password and/or email

Educate Yourself

Here are some good sites that provide more information on identity
theft and tips on protecting your personal privacy.  The U.S.
Federal Trade Commission has a useful website with information
about identity theft.


Another resource created by the FTC is "ID Theft: When Bad Things
Happen To Your Good Name".


The Privacy Rights Clearinghouse provides in-depth information and
practical tips on how to safeguard your personal privacy.


further related links:

Congressional testimony on social security number privacy

Privacy, Speech, and Cyber-Liberties Bills in the 107th Congress

Employee Privacy Under Siege

Foundation for Information Policy Research


More information about the EAS-INFO mailing list