[TriLUG] Identity Theft (was Re: Security)

Andrew C. Oliver acoliver at apache.org
Mon May 20 12:14:51 EDT 2002 

While I know this wasn't a direct reply to me.  I thought I'd clarify. 
 I did not mean to say that identity theft wasn't a serious problem, its 
becoming one of the top crimes in the country (I forget but I think it 
has reached number 2 or 3 behind shoplifting or something like that). 
 What I meant was that I don't keep any information about myself in my 
desktop that you couldn't probably find online.  I do use online 
banking...over SSL.  My wife does keep amount based information on her 
computer in a spreadsheet and once upon a time I did my own taxes and 
thats on a computer behind me thats not connected to the internet.  My 
work computer does connect but via VPN access.  So.... if you're 
standing in my back yard accessing my wireless network behind the 
firewall, the most serious question on my mind is "what the hell are you 
doing in my backyard" I don't really care (other than the possible 
annoyance that you might render my computer inoperative).  

Now if you steal my palm pilot..then I have a problem.  I'll probably 
change my account numbers about the same time I change my credit cards 
(I keep it in my wallet)....except...I don't remember the number...its 
in my palm pilot.

I do worry about wired security because "script kiddie" in taiwan with 
nothing better to do than run scripts to render my computer into some 
sort of IRC repeater is far more likely...scratch that....WILL attack 
and with no security would render my computer inoperative on a daily 
basis.  So in short... I don't really concern myself with such a cutting 
edge attack such as standing in my backyard and hacking into my 
computer...doesn't happen often enough and it wouldn't be worth my 
attackers time.  One day, maybe it will be a bigger threat (and I might 
by low tech security equipment like a stun gun to take them out), but at 
the moment...*shrug*  I'm far more interested in range.

I do worry about people going through my garbage for account numbers and 
am considering creating an advanced kindling program.  (Meaning sticking 
all my old bills in the fireplace durring the other 2-3 seasons ;-) ).

-Andy

Ken Mink wrote:

><VENTING>
>	This is one of my favorite topics. In '96 someone in Atlanta got my SSN
>and name and obtained a number of credit cards. I have no idea how they
>got the information. At the time I was working for Gateway2000 in South
>Dakota.
>	In '98 my wife and I moved to the Triangle. About a month after we got
>here, we tried to buy a car. Note the word 'tried'. We were shot down
>because my credit was in the toilet. The ***hole had spent $30k in my
>name.
>	I had to get copies of credit reports from all the reporting agencies
>and find out who had issued the cards. I also had to file a police
>report with the local cops in Atlanta. You know they're real keen to
>work a credit card fraud case for someone who not even in their state.
>	Then I had to call the creditors and try to resolve the debt. Of course
>to them, I'm a dead beat trying to get out of paying my bills. It was so
>much fun talking to them.
>	It took a few months and a lot of time, but I cleaned up my credit. Or
>so I thought. I tried to get a cell phone two weeks ago. They turned me
>down because of my credit. A new card from the same SOB is now on my
>credit report. It was issued in '96, but for some unknown reason is just
>now showing up. Since I owe $12k on a credit card that has been unpaid
>for 5 years, I can't get a cell phone.
>	Now, none of this has actually cost me money, directly. Other than
>stamps, I have not spent anything cleaning it up. It terms of time and
>aggravation, it is unmeasurable. Six years and still it continues.
>	I have also learned a few things about the credit industry and about
>SSNs. You only are legally required to give your SSN to 3 people; your
>employer, your bank or anyone that will have to cut you a 1099, and the
>government when you do your taxes. Anyone else, tell them no. Most
>institutions will generate an id number if you refuse to give them your
>SSN.
>	Do not put your SSN on your checks. This is about the dumbest thing
>I've seen. Checks are handled by so many people and with a SSN, name and
>address right there, it's a license to steal. Also, my wife is a
>recruiter and she gets tons of resumes with the SSN on them. Again,
>stupid. And lastly, don't carry your SSN card with you. If you lose your
>wallet, who ever ends up with it will have your name, SSN and most
>likely your address.
></VENTING>
>	I am sorry if I've gotten long winded, but this subject gets my blood
>boiling. I could easily write for another hour on how f*cked up the
>credit reporting industry is. If this saves anyone from the hell I've
>gone through, then I'll be happy.
>
>Ken
>
>On Sun, 2002-05-19 at 12:49, John Franklin wrote:
>  
>
>>On Fri, May 17, 2002 at 12:28:08PM -0400, Andrew C. Oliver wrote:
>>    
>>
>>>M. Mueller wrote:
>>>
>>>      
>>>
>>>>On Friday 17 May 2002 11:31 am, <Andrew C. Oliver> wrote:
>>>>        
>>>>
>>>>>Lets talk likelyhood per amount of effort.  Its fairly unlikely I'd be a
>>>>>target due to the pure lack of gain.  
>>>>>
>>>>>          
>>>>>
>>>>Identity theft is the concern.  Unsecure wireless networks could provide 
>>>>enough information about a person to impersonate them.  By impersonating 
>>>>someone you can get a line of credit and leave the real indentity owner 
>>>>with the responsibility of paying off the bills.  
>>>>
>>>>        
>>>>
>>>And the amount of effort you'd need to go through to get this out of my 
>>>wireless network versus just walk by and pick up my garbage kind of make 
>>>me less concerned about that.
>>>      
>>>
>>It happened to my sister.  She ordered checks through the bank and they
>>never showed up.  Turns out someone stole them (at the printer's, IIRC) 
>>and starting using them.  She notified the bank and closed the account
>>immediately, but that didn't stop a number of items from showing up on
>>her credit report.  It took months for the police to finally arrest the
>>woman.
>>
>>Identity theft is a serious concern, but there are so many ways to have
>>your identity stolen that the only real way to protect yourself is to
>>become a blank, buy everything with cash, and never use your SSN.  Since
>>we need to use our SSN to get a job and file tax returns, we can't
>>really isolate ourselves.
>>
>>Privacy is a huge issue.  Politically, it'll take a major failure
>>somewhere before it takes a front stage position.  When it does,
>>technology solutions that protect privacy will become all the rage.  The
>>crux of the technology problem is that anything that can be made can be
>>forged.  Your signature can be forged.  A card with a magnetic strip or
>>a chip can be duplicated.  Biometrics?  Fooled with gummi bears.  (was
>>that article posted here, or did I see in on Another List?)
>>
>>Sadly, it's a situation that doesn't really need new technology, it
>>needs the systems in place to work as intended.  None of the checks
>>written by the woman who stole my sister's checks should have been
>>accepted.  The signature was nowhere near a match.
>>
>>
>>jf
>>-- 
>>John Franklin
>>franklin at elfie.org
>>ICBM: 35°43'56"N 78°53'27"W
>>_______________________________________________
>>TriLUG mailing list
>>    http://www.trilug.org/mailman/listinfo/trilug
>>TriLUG Organizational FAQ:
>>    http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
>>    
>>

More information about the TriLUG mailing list