[TriLUG] Identity Theft (was Re: Security)
Andrew C. Oliver
Mon, 20 May 2002 12:14:51 -0400
While I know this wasn't a direct reply to me. I thought I'd clarify.
I did not mean to say that identity theft wasn't a serious problem, its
becoming one of the top crimes in the country (I forget but I think it
has reached number 2 or 3 behind shoplifting or something like that).
What I meant was that I don't keep any information about myself in my
desktop that you couldn't probably find online. I do use online
banking...over SSL. My wife does keep amount based information on her
computer in a spreadsheet and once upon a time I did my own taxes and
thats on a computer behind me thats not connected to the internet. My
work computer does connect but via VPN access. So.... if you're
standing in my back yard accessing my wireless network behind the
firewall, the most serious question on my mind is "what the hell are you
doing in my backyard" I don't really care (other than the possible
annoyance that you might render my computer inoperative).
Now if you steal my palm pilot..then I have a problem. I'll probably
change my account numbers about the same time I change my credit cards
(I keep it in my wallet)....except...I don't remember the number...its
in my palm pilot.
I do worry about wired security because "script kiddie" in taiwan with
nothing better to do than run scripts to render my computer into some
sort of IRC repeater is far more likely...scratch that....WILL attack
and with no security would render my computer inoperative on a daily
basis. So in short... I don't really concern myself with such a cutting
edge attack such as standing in my backyard and hacking into my
computer...doesn't happen often enough and it wouldn't be worth my
attackers time. One day, maybe it will be a bigger threat (and I might
by low tech security equipment like a stun gun to take them out), but at
the moment...*shrug* I'm far more interested in range.
I do worry about people going through my garbage for account numbers and
am considering creating an advanced kindling program. (Meaning sticking
all my old bills in the fireplace durring the other 2-3 seasons ;-) ).
Ken Mink wrote:
> This is one of my favorite topics. In '96 someone in Atlanta got my SSN
>and name and obtained a number of credit cards. I have no idea how they
>got the information. At the time I was working for Gateway2000 in South
> In '98 my wife and I moved to the Triangle. About a month after we got
>here, we tried to buy a car. Note the word 'tried'. We were shot down
>because my credit was in the toilet. The ***hole had spent $30k in my
> I had to get copies of credit reports from all the reporting agencies
>and find out who had issued the cards. I also had to file a police
>report with the local cops in Atlanta. You know they're real keen to
>work a credit card fraud case for someone who not even in their state.
> Then I had to call the creditors and try to resolve the debt. Of course
>to them, I'm a dead beat trying to get out of paying my bills. It was so
>much fun talking to them.
> It took a few months and a lot of time, but I cleaned up my credit. Or
>so I thought. I tried to get a cell phone two weeks ago. They turned me
>down because of my credit. A new card from the same SOB is now on my
>credit report. It was issued in '96, but for some unknown reason is just
>now showing up. Since I owe $12k on a credit card that has been unpaid
>for 5 years, I can't get a cell phone.
> Now, none of this has actually cost me money, directly. Other than
>stamps, I have not spent anything cleaning it up. It terms of time and
>aggravation, it is unmeasurable. Six years and still it continues.
> I have also learned a few things about the credit industry and about
>SSNs. You only are legally required to give your SSN to 3 people; your
>employer, your bank or anyone that will have to cut you a 1099, and the
>government when you do your taxes. Anyone else, tell them no. Most
>institutions will generate an id number if you refuse to give them your
> Do not put your SSN on your checks. This is about the dumbest thing
>I've seen. Checks are handled by so many people and with a SSN, name and
>address right there, it's a license to steal. Also, my wife is a
>recruiter and she gets tons of resumes with the SSN on them. Again,
>stupid. And lastly, don't carry your SSN card with you. If you lose your
>wallet, who ever ends up with it will have your name, SSN and most
>likely your address.
> I am sorry if I've gotten long winded, but this subject gets my blood
>boiling. I could easily write for another hour on how f*cked up the
>credit reporting industry is. If this saves anyone from the hell I've
>gone through, then I'll be happy.
>On Sun, 2002-05-19 at 12:49, John Franklin wrote:
>>On Fri, May 17, 2002 at 12:28:08PM -0400, Andrew C. Oliver wrote:
>>>M. Mueller wrote:
>>>>On Friday 17 May 2002 11:31 am, <Andrew C. Oliver> wrote:
>>>>>Lets talk likelyhood per amount of effort. Its fairly unlikely I'd be a
>>>>>target due to the pure lack of gain.
>>>>Identity theft is the concern. Unsecure wireless networks could provide
>>>>enough information about a person to impersonate them. By impersonating
>>>>someone you can get a line of credit and leave the real indentity owner
>>>>with the responsibility of paying off the bills.
>>>And the amount of effort you'd need to go through to get this out of my
>>>wireless network versus just walk by and pick up my garbage kind of make
>>>me less concerned about that.
>>It happened to my sister. She ordered checks through the bank and they
>>never showed up. Turns out someone stole them (at the printer's, IIRC)
>>and starting using them. She notified the bank and closed the account
>>immediately, but that didn't stop a number of items from showing up on
>>her credit report. It took months for the police to finally arrest the
>>Identity theft is a serious concern, but there are so many ways to have
>>your identity stolen that the only real way to protect yourself is to
>>become a blank, buy everything with cash, and never use your SSN. Since
>>we need to use our SSN to get a job and file tax returns, we can't
>>really isolate ourselves.
>>Privacy is a huge issue. Politically, it'll take a major failure
>>somewhere before it takes a front stage position. When it does,
>>technology solutions that protect privacy will become all the rage. The
>>crux of the technology problem is that anything that can be made can be
>>forged. Your signature can be forged. A card with a magnetic strip or
>>a chip can be duplicated. Biometrics? Fooled with gummi bears. (was
>>that article posted here, or did I see in on Another List?)
>>Sadly, it's a situation that doesn't really need new technology, it
>>needs the systems in place to work as intended. None of the checks
>>written by the woman who stole my sister's checks should have been
>>accepted. The signature was nowhere near a match.
>>ICBM: 35°43'56"N 78°53'27"W
>>TriLUG mailing list
>>TriLUG Organizational FAQ: