Identity Theft: How Safe Are You?Steven Stone
What is Identity Theft
Identity consists of:
– Social Security Number
– Credit Card Number and Credit Score
– Bank Account
– Name, Address, Phone Number Identity theft is fraud Thief takes personal information for their own
gain usually for financial purposes
Identity Theft Isn't New
Many instances of identity theft before the technology age
Term coined in 1960
Early Forms of Stealing Identity
Kill someone Dumpster Diving Pretexting
Identity Theft and the Internet
Lots of people use the internet to
– Pay bills
– Do taxes
– Shop
– Apply for Credit Cards and Loans
– Work Information is easily accessible to tech savvy
criminals
Identity Theft and the Internet
The two main techniques used to steal information off the internet are
– Malware
– Phishing
Malware
Thieves can steal user information using key loggers.
Most malware is attached to emails or downloaded from malicious websites
Malware is usually attached to Phishing scams
Phishing
Play on the word “fishing” Tricks user to give away information Works by playing off the trust of the victim Early phishing attempts started off as claiming
the victim won a prize or they had a chance for a big investment.
Current phishing involves spoofing legitimate company emails and/or websites such as banks
Zeus*
*Zeus is a Trojan horse and has nothing to do with the father of the Gods.
Zeus
A Trojan horse spread through phishing attacks PC version (Zeus) and mobile version (Zitmo) First appeared in 2007 when it stole information
from US Department of Transportation In 2009 it was attached to over 9 million
phishing emails under the disguise of Verizon Wireless
Zeus
Zeus has infected millions of computers across 196 countries, nearly 3.6 million in USA alone.In October 2010 the FBI shut down a crime ring that stole $70 million with ZeusZeus is easily available to criminalsZeus is hard to detect
“Interested in credit card theft? There’s an app for that.” - Gunter Ollmann, security specialist
Zeus
FireSheep
Firefox extension Used unsecure connections to collect cookies
containing log in information for websites
FireSheep
Notable Case
Name: Albert Gonzalez
Stole 170 million credit card and ATM numbers
Created website called Shadowcrew that sold private information to highest bidder including usernames and passwords to email addresses
Hacked into databases of TJ Maxx, Dave and Busters, Barnes and Nobles, J.C. Penny, and Target
Sentenced to 20 years in prison
What is being done about it?
Identity Theft and Assumption Deterrence Act Internet Crime Complaint Center(IC3) Credit fraud companies popping up
LifeLock
LifeLock - Failure
Todd Davis has had his identity stolen 13 times since his marketing campaign for LifeLock
LifeLock has been sued and fined $12 million by the FTC for false advertising and fraud
Conclusion
The only one that can stop your identity from being stolen is you
Be careful Be aware Be smart
References
http://www.phrases.org.uk/meanings/identity-theft.html
http://www.identitytheftprotection.org/articles/history-of-identity-theft.html
http://www.spamlaws.com/id-theft-history.html
http://www.guard-privacy-and-online-security.com/history-of-identity-theft.html
http://www.identity-theft-scenarios.com/definition-of-phishing.html
http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identity-theft.html
http://en.wikipedia.org/wiki/Identity_theft
http://www.allbusiness.com/government/government-bodies-offices/14207830-1.html
http://money.cnn.com/2010/12/14/technology/firesheep_starbucks/index.htm
http://www.identitytheftfixes.com/the_ugly_history_of_identity_theft.html
References
http://www.protectingmyprivacy.com/
http://searchcio.techtarget.com/definition/pretexting
http://en.wikipedia.org/wiki/Albert_Gonzalez
http://www.ic3.gov/media/annualreport/2010_IC3Report.pdf
http://www.ic3.gov/about/default.aspx
http://www.identity-theft-scenarios.com/definition-of-phishing.html
http://thesop.org/story/20101017/zeus-trojan-horse-stealing-millions-around-the-world.html
http://en.wikipedia.org/wiki/Zeus_%28trojan_horse%29
http://www.eweek.com/c/a/Security/Zeus-Trojan-Variant-Found-on-BlackBerry-Phones-422999/
http://www.wired.com/threatlevel/2010/05/lifelock-identity-theft/
Top Related