Friday, October 16, 2015

T-Mobile Experian Hack

"Hackers took T-Mobile customer names, addresses, Social Security numbers, birthdays, and even sensitive identification numbers (like a driver's license, military ID or passport number.)"

Saturday, June 20, 2015

Identity Theft Surpasses Drug Crime, Maybe

I have read conflicting information about Identity Theft being more lucrative than the criminal drug trade so I'll post some articles here as I come across them.
Norton reports that cybercrime is costing the global economy $338 billion a year, overtaking a still a lucrative trade in the underground drugs market.

Foster Children at High Risk for Child Identity Theft

Foster Children are unfortunately at a high risk for Identity Theft. As you can imagine with them moving around so much and so many people having temporary access to their SSN and insurance credentials, Foster Children are often in for an ugly surprise when they find themselves on their own as 18 year old adults.

Here are some articles on the topic

NBC News
Children in foster care are at greater risk of becoming victims of identity theft and entering adulthood with their credit already in shambles, experts say.

The Federal Trade Commission (FTC)
Every year, more than 26,000 kids in the United States age out of foster care. Remember how difficult it was to navigate through the world when you were 18? Now imagine you had to do it with nearly no support system – and with a mountain of debt in your name, thanks to identity theft.

A resource (report) from the Annie E. Casey Foundation
Young people in foster care are at heightened risk of identity theft
The federal credit check requirement is intended to help young people leave foster care with clear credit histories.

Thursday, June 18, 2015


I have not yet watched all of this but it looks good.

I don't endorse Norton officially but this is good info and a good explanation on what is going on as hacking.

Friday, March 13, 2015

Identity Theft Scams and Tactics

I also thought I had a post about common ID Theft Scams. I'll fill this one out soon but here are some for starters, numbered but in no particular order
  1. Dumpster Diving
  2. Stealing wallets and purses
  3. Stealing mail even by change of address form
  4. Stealing records from their employer
  5. Shoulder Surfing
  6. Hacking
  7. Skimming
  8. Phishing
  9. Spear Phishing
  10. Vishing
  11. Smsishing
  12. Spoofing

I've cited Jake Stroup before as an online resource so I'll to one of his pages here again and I will be back to fill out this article in the next few days.

Tuesday, February 17, 2015

Identity Theft and The $1B Bank Heist

In my professional opinion this is a very good example of the type of threat posed by Identity Theft, because, like most Identity Theft victims, the crime was not discovered until well after the fact.

I heard a story very much like this around 1991. A large multinational corporation was robbed by multiple wire transfers that occurred in a few seconds or less. The theft was something like $300 Million. I had happened years before the story went out. I remember it shocked me to learn that the theft was not reported because the company did not want to startle its shareholders.

So they lost $300 Million back in the late 80s and didn't want to say anything.

Now several banks have collectively lost $1 Billion and could not say anything, not because they didn't want you to know, but because they themselves did not know.

If you saw Superman III you understand the idea behind this. If you have been a victim of Identity Theft, particularly non-financial Identity Theft, then you know what can happen.

Now the two have been combined. If you saw the reboot of Battlestar Galactica you can appreciate why Commander Adama ordered "There will be no networked computers on this ship."

If you argued with your Grandparents that you had to lock your door or your car, you need to understand now that you must have an Identity Theft Restoration service. Just like you pay for water, which again used to be free from a well.

This is the 21st Century. Times are changing. Rapidly. Be aware.

Malicious Spyware infects firmware

Your information is on more than one network and if someone wants it bad enough, like from Anthem or your Bank for example, they can get it. And they don't need it because they are trying to do you any favors.

Be aware that anything on a network is vulnerable and there is an arms race to protect it whether you are participating in it or not.
"Kaspersky Lab says the malicious spyware ... implants are different from other cyberattacks in that they directly infect a computer’s firmware — the software that links directly to the hard drive.
This means that it is beyond the reach of most antivirus and security products, and is immune to efforts to wipe clean or even replace hard drives since it can be recalled at will."

Saturday, February 14, 2015

Types of Identity Theft

Apparently I don't have a post on the Types of Identity Theft.
I thought I did but I will finish this one out soon.
For starters here is some information that should remain intact after editing.

The Federal Trade Commission (FTC) is the nation’s consumer protection agency. The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace.

The FTC maintains an Identity Theft education site at and has previously defined Identity Theft by stating:
Identity Theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.

I have identified 5 Basic Types of Identity Theft consistent with this definition although that can be and has been expanded into 8 or 10 or more.

The 5 as I call them are:

  1. Driver's Licence
  2. Social Security
  3. Medical
  4. Character/Criminal
  5. Financial
However, the Bureau of Justice Statistics has 3 types and these are very broad but are consistent with the 5 Types as I discuss them.

From their website
For the National Crime Victimization Survey (NCVS), the definition of identity theft includes three general types of incidents:

  • unauthorized use or attempted use of an existing account
  • unauthorized use or attempted use of personal information to open a new account
  • misuse of personal information for a fraudulent purpose.

  • Medical Identity Theft, and Social Security/Financial Identity Theft of Children and Seniors are the 3 most common types of Identity Theft at present.

    Financial Identity Theft differs from Bank Fraud and Credit Card Fraud and represents less than 30% of the issue. CitiBank used to run ads that made it seem like Financial Identity Theft was the only type. Those ads have not been broadcast or cablecast for several years at this point.

    Also you will notice that LifeLock no longer has their CEO's Social Security Number on display in ads and they don't claim to stop Identity Theft either. This is another change demonstrating an improved understanding of the complexity of the issue.

    The 5 Types of Identity Theft are also commonly expanded as I mentioned, here is a variation with some additional commentary from me:
    1. Driver's Licence: We all knew someone in High School who used a fake ID to get Alcohol or Cigarettes, that is an example of someone using another person's Driver's License to do something they could not. This is the basis of Identity Theft. If a warrant were issued for that person's arrest, it would have been issued for the person represented by the Driver's License.
    2. Social Security: The IRS reported that $3.6 Billion in refunds were sent to parties who had filed on someone else's SSN. This type of ID Theft also allows people to work and generate a tax burden on someone else's SSN.
    3. Medical: Just as above, with your medical account info, such as your SSN if you are on Medicare, someone else can access your benefits and potentially use them up for themselves. This can also create an issue in medical databases and cause you to get the wrong type of medical treatment and this is a danger that can kill you.
    4. Character/Criminal: Obviously, with enough of your credentials, a criminal can pass themselves off as you, such as by getting a warrant issued for your arrest because a speeding ticket was written on your Driver's License as mentioned above. Proving that you were not the perpetrator of a crime is one of the ugly hurdles ID Theft victims must clear.
    5. Financial: By using your credentials to open a new financial account a thief commits Financial ID Theft as opposed to Bank or Credit Card Fraud which are related to abusing one of your existing accounts.
    6. Business: As above, if the credentials were your Business TIN (instead of your personal SSN) or some other business credential, a thief can transact or commit crimes as if they were your business. This could be buying inventory, billing for service, securing contracts they don't honor, etc.
    7. Of the Deceased: If any of the above types 1-5 are stolen from a deceased person instead of a living person, then this may be classified as Identity Theft of the Deceased.
    8. Child: A minor may not have a credit profile until they are 18, in most cases, so if the SSN of a newborn or young child is stolen and abused it may be 18 years before anyone even notices. This is still commonly SSN ID Theft as per 2 above.
    9. ID Cloning: As illustrated very well in the Steven Spielberg film To Catch a Thief, and many spy movies including James Bond, someone can effectively impersonate you with enough information. This is basically a combination of all the types of ID Theft but can also involve transactions conducted in person with a witness as opposed to electronic transactions where there may be no one willing to say they are sure you were who they were dealing with.
    10. Synthetic: By combining one Driver's License, another SSN, a third medical account and possibly also someone else's credit card or business entity a composite person maybe synthesized to create "Synthetic" Identity Theft. Again, this often involves one or more of the initial 5 basic types of identity theft.

    Anthem Data Breach

    After an online attack on Anthem, by far the largest breach in the industry, security experts warned on Friday that more attacks on health care organizations were likely because of the high value of the data on the black market.

    Notice that if  

    "The information stolen from the insurance giant includes names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses and employment information, including income data," that may be enough information to file your income taxes and do plenty of other damage, including getting new insurance in your name with your credentials.


    Welcome to my blog. The primary purpose of this Blog is to provide links to source material that I may have quoted in a presentation or training or researched in answer to a question I have been asked.

    I hope this site helps you share this information with others and/or conduct your own research. Please contact me with any questions. Thank you for visiting.