ISC reader Aaron sent along a story in the News Tribune in Tacoma, WA. In short, it's the case of a serial identity thief who never got arrested but stole money from someone who is friends with a reporter. (Don't mess with journalists or their friends, oops. :) It's a pretty good read and a decent case study on ID theft and on the limitations in actually bringing these people to justice.
In this case, the identity theft took place because the individual involved had physical access to the victim's mail (it was a roommate). Right now, most identity theft takes place using non-technological means (i.e. dumpster diving). However, I still posit that electronic ID theft is not only dangerous, it is more dangerous. It takes time and effort to steal someone's identity in person. Online, with the right piece of malware and a good infection vector, you can steal thousands of identities in seconds. The only protection that is provided to consumers (at least in the United States) that I have been able to discern is that the existing fraud models limit the amount of money stolen by a particular attacker. Of course, risk management models allow companies to predict the amount of loss due to ID theft and pass it back down to the consumer in the form of increased prices. One day, someone will be smart enough to figure out how to bypass the fraud models.
It doesn't help that in the United States we have a weak national ID that easy to steal (we call it a Social Security Number). Getting that number makes everything else easy. It certainly doesn't help that organizations like the US Department of Education use SSNs for authentication, making it easy for keyloggers to steal them. SSNs as authentication are stupid... once you know the 9 digit number the game is over. Keyloggers and other malware has successfully compromised (this is different from actually stealing all the money) about $55 billion in US assets alone (an increase from my earlier estimate).
In short, protect your identity as best you can, from both physical and electronic theft.
John Bambenek, bambenek/at/gmail/dot/com
University of Illinois
Feb 9th 2007
1 decade ago