Hacker investigation unveils huge ID theft case
Dec.
1, 2002
By JIM
BROOKS
What is now being called the largest case of identity theft in
U.S. history was revealed last week by the U.S. Attorney's Office
in New York. Three men were charged with running an ID theft ring
that stole more than 30,000 consumers' credit information, which
was sold and later abused.
So far, the losses attributed to the theft are said to top $2.7
million, according to a story on the Internetnews.com Web site.
The charges resulted from an investigation that began after a reported
computer hacking incident at Experian, one of the three major credit
reporting agencies. Experian's credit database had been illegally
accessed over a 10-month period. Hackers stole credit information
about more than 15,000 Ford Motor Credit customers.
One of the men charged in the case was a former help desk employee
of a Long Island, N.Y. company whose computers were used to run
credit checks. The man used the company's codes to conduct the theft,
according to the U.S. Attorney's Office.
As a result of the ID theft, victims' checking and saving accounts
were emptied, purchases were charged to credit cards, new addresses
were established for many accounts and new credit cards, checks
and ATM cards were requested.
UNSTOPPABLE? We have all heard of the steps consumers should
take to prevent the theft of personal information. Among them, closely
guard your Social Security number; never write your ATM PIN number
on the card; keep any carbons showing your credit card data; and
use passwords that are difficult to guess if you have password protected
accounts.
None of the usual safeguards offered by consumer groups would have
mattered in this latest case of identity theft. The culprits had
inside information, and could go shopping for victims as easily
as you scroll through the auction listings on eBay.com.
Despite all the safeguards and high-tech security, it all boils
down to the fact that any confidential system is only as trustworthy
as the people it employs. In this case, the employee spent more
than a year accessing credit reports of consumers, mostly those
living in affluent neighborhoods, according to the Detroit Free
Press.
"At end of the day, other people have custody of your information
and it's very difficult for consumers to control that," said
Betsy Broder, the Federal Trade Commission's identity theft expert.
"Even when you give the information to legitimate merchants,
it's only as safe as that institution's safeguards."
It's up to consumers to keep watch their backs when it comes to
their credit, experts say. While this has always been true, the
most recent ID theft case highlights the need for anyone with a
credit rating to monitor it closely, if for nothing more than accuracy.
To find out how to get copies of your credit report, visit the
Equifax (www.equifax.com), TransUnion (www.transunion.com) and Experian
(www.experian.com).
DETECTING ID THEFT. The Federal Trade Commission offers
these tips for detecting identity theft, and steps to minimize potential
losses in event of a theft.
-- Make annual checks of your credit record at all three major
credit reporting agencies.
-- Make note if a creditor's monthly bill does not arrive. A missing
credit card bill could mean a thief has hijacked your account and
entered a change of address.
-- If you have been a victim of ID theft, the FTC has an ID theft
affidavit that can be downloaded and sent to financial institutions
to report the theft.
-- If your credit report indicates accounts opened without your
knowledge, contact the security departments at those institutions
and close them. Also contact the three major credit bureaus and
have them flag your credit file for possible fraudulent activity.
-- File a report with the local police.
For more tips on what consumers can do if they suspect their identity
has been stolen, visit the Federal Trade Commission's Web site at
www.consumer.gov/idtheft.
KAZAA BUG. A malicious file that can erase all the music
files on a user's computer has hit users of the popular KaZaA peer-to-peer
file-trading network.
One of the KaZaA software's features is its ability to change its
look with the use of different "skins," small files that
affect its configuration. One of these files, the Magic Eightball
skin, brings with it some nasty surprises.
When executed, the file erases the music files on the computer
and crashes the operating system. TechTV reported last week that
in its tests of the file (which is considered a Trojan horse program
and not a virus), Magic Eightball did not activate on a computer
running Windows 98.
On a Windows XP computer however, the file executed and a box appeared
asking if the user wants to "see some magic." After clicking
"yes," a countdown began and then all the MP3 music files
on the system were erased and the PC crashed.
Fortunately, Magic Eightball is only spread via the KaZaA system.
You don't have to worry about it coming to you in an e-mail message.
Magic Eightball only can hit you if you download it.
As of Nov. 30, the file was still one of the 589 million files
available to KaZaA's 3.2 million-plus users online. If you are searching
for skin files to change the looks of your KaZaA program, don't
try the Magic Eightball.
FEMA PORTAL. Most people only hear about the Federal Emergency
Management Agency -- better known in the news as FEMA -- when disaster
strikes. FEMA is the arm of the federal government that comes in
to help people cope when homes and businesses are destroyed or no
longer usable.
The site, DisasterHelp.gov, is a clearinghouse for information
for victims and those who respond to help in disasters. The amount
of information presented is massive, though the site does an excellent
job of making it all easy to find.
While the site is operated by FEMA, it includes information from
26 partner agencies including the American Red Cross.
Victims can learn how to apply for disaster assistance and the
types of benefits available to them. Responders have a section that
is divided up by service -- police, fire, emergency managers and
EMTs. If you can't find exactly what you want, the site is completely
searchable.
The site is a work-in-progress, and plans are to continue to expand
the site. For more information, visit DisasterHelp.gov.
|