Identity Theft

1
Identity Theft

• Jeff Piontek

2
Introduction

• Fastest Growing Crime
• 10,000,000/year in US
• Affects everyone not just targeted victims
• Serious threat to consumers on daily basis

3
Topics of Discussion

• Identity Theft Defined
• Brief History
• Causes of Identity Theft
• Methods of Identity Theft
• Effects of Identity Theft
• Phishing
• Prevention
• Ethical Evaluations

4
Identity Theft Defined

• Impersonating another person
• Reasons
• Monetary gain
• Stolen or modified passport
• Redirect traffic violations
• Build a targets criminal record
• Often thieves are drug addicts, compulsive
  shoppers or gamblers

5
Brief History

• Been around for millennia-Shakespeare refers to
  in stories and even found in bible
  
• Violent crimes decreasing but gaps in economic
  status growing
  
• Unemployment and Inflation on rise
• ID theft growing as a non-violent means of theft
  with high return
  
• Longer left to grow, more problem it becomes

6
History-continued

• ChoicePoint-database hacked
• Posed as legitimate business customer
• 30,000-35,000 California citizens
• Data included Social Security number, health
  data, other identifying data
  
• Consumers frustrated that access gained
• Company notified public under California law
• Security precautions were ignored

7
Real Life

• Hackers used weaknesses kindness and sympathy
• Example Son who made bet with father
• Impersonate-the-manager trick
• Surprising how easy it is to do
• Weak enforcement in catching criminal that
  actively steal peoples ID
  
• New laws under Bush-Criminals aiding in terrorist
  activities by obtaining fake IDs could receive
  up to 5 years in prison.
  

8
Causes of ID Theft

• Primarily for purpose of personal financial gain
• Majority use stolen personal info to commit
  credit fraud and obtain goods/services
  
• Create fake identification materials to move
  through society, plan terrorist attacks or setup
  major crime rings.
  
• Used because non-violent, weak punishments for
  first time and repeat offenders
  
• Rewards great-consequences minor

9
Targets

• Individual not only targets
• Retailers, commercial businesses and corporate
  headquarters targeted
  
• Plunder dumpsters, mailboxes and other places
  data stored or disposed of improperly
  
• Largest sources of information are most appealing

10
Employee Dishonesty

• Weak link often lies in a businesss own ranks
• Companies lose customer trust
• Employees have direct access and interact with
  many records daily
  
• Investigation costs the company even more

11
The Effects

• Victims often unaware for a long time
• May be wrongly accosted for crimes committed in
  your name
  
• The longer before discover, the more time it will
  take to repair damage done
  
• Federal, state, and private recovery services are
  available

12
Phishing

• Impersonating an organization and attempting to
  gain personal information
  
• Begins with SPAM email targeting wide audience
• Attempts to lure victims to a spoofed site

13
Methods of phishing

• Deceptive email and webpage(s)
• Trojan, rootkit, key logger
• Malicious spyware

14
Deception Methods

• Victim receives falsified email
• Information verification or renewal encouraged
• Typically asks for urgent response
• Link to fraudulent website, can direct to
  different address than shown if html email
  enabled
  
• Subject, content, and styling resemble official
  materials

15

• Email often contains valid links to the companies
  website
  
• Link to official privacy policy
• Graphics copied from website
• On the website, the URL may be disguised,
  replaced by a fake, or the address bar may be
  hidden
  
• Typical user does not have the proper knowledge,
  and is not willing to disable ActiveX and
  scripts
  

16
Trojans, rootkits, keyloggers

• Attached to email, embedded in webpage, or in
  free downloadable software
  
• Widely spread through shareware websites and file
  sharing programs
  
• Create vulnerabilities for deception, reading
  files, or recording keystrokes
  
• Can redirect browser to spoofed site when the
  user visits the legitimate one

17
Spyware

• Spyware is not filtered on the fly
• Some spyware can record keystrokes
• Can also capture packet information
• Can be used to survey sites the user commonly
  visits
  
• Information is relayed back to the attacker

18
Preventing Phishing

• Education know tricks of trade
• Use email spam filters
• Anti-virus software
• Firewall software
• Dont use email links

19
Ethical Evaluations
20
Kantianism-Second Imperative

• Common goals of ID thieves are
• Financial gain
• Avoidance of criminal punishment
• Disguise themselves in society
• Framing a target victim
• In each case victim treated as means to end
• We conclude that it is not moral

21
Act Utilitarianism

• Morality depends on act
• I propose two distinct acts which I will evaluate
  using Principle of Utility
  
• If total benefits exceed total harm then act is
  moral

22
Case One

• Student with loans cannot afford to pay more
  college tuition dumpster dives and steals ID of
  wealthy executives and entertainers who spend
  money frivolously. Obtains credit info of Donald
  Trump and fraudulently purchases online goods
  which he sells at discount price to friends to
  pay tuition
• Happiness gained by student and friends with very
  little harm
  
• Because benefits exceed harm, it is moral

23
Case Two

• Bored, spoiled high-school student scams people
  for fun
  
• Spoofs MasterCard webpage, spams thousands of
  targets
  
• Innocent victims fall prey to scam and provide
  financial data
  
• Student runs up charges, opens new credit
  accounts, etc.
  
• Action is clearly immoral

24
Rule Utilitarianism

• Proposed moral rule Identity Theft is wrong in
  each and every form
  
• Universalize, benefits are
• Government, business and individuals save money
  and time
  
• Some offenders reform
• Harms are
• Few criminals cant support habit
• May resort to violent crimes
• Happiness exceeds harm so it is moral

25
Social Contract Theory

• Rule is moral if reasonable people would accept
  it for its benefits to society.
  
• Using same rule as before
• Benefits to society
• Financial savings
• Feel secure in identity
• Time saved
• These are reasonable benefits that the people
  would accept so it is moral
  
• Most societies today accept this rule

26
Conclusion

• Identity Theft should not be taken lightly
• We must increase awareness
• Investigation and punishments must be more
  serious
  
• Online identity theft will grow before it
  declines, which may not occur until new
  technologies are implemented