identity theft: how safe are you? steven stone. what is identity theft identity consists of: –...

Identity Theft: How Safe Are You?Steven Stone

What is Identity Theft

Identity consists of:

– Social Security Number

– Credit Card Number and Credit Score

– Bank Account

– Name, Address, Phone Number Identity theft is fraud Thief takes personal information for their own

gain usually for financial purposes

Identity Theft Isn't New

Many instances of identity theft before the technology age

Term coined in 1960

Early Forms of Stealing Identity

Kill someone Dumpster Diving Pretexting

Identity Theft and the Internet

Lots of people use the internet to

– Pay bills

– Do taxes

– Shop

– Apply for Credit Cards and Loans

– Work Information is easily accessible to tech savvy

criminals

Identity Theft and the Internet

The two main techniques used to steal information off the internet are

– Malware

– Phishing

Malware

Thieves can steal user information using key loggers.

Most malware is attached to emails or downloaded from malicious websites

Malware is usually attached to Phishing scams

Phishing

Play on the word “fishing” Tricks user to give away information Works by playing off the trust of the victim Early phishing attempts started off as claiming

the victim won a prize or they had a chance for a big investment.

Current phishing involves spoofing legitimate company emails and/or websites such as banks

Zeus*

*Zeus is a Trojan horse and has nothing to do with the father of the Gods.

Zeus

A Trojan horse spread through phishing attacks PC version (Zeus) and mobile version (Zitmo) First appeared in 2007 when it stole information

from US Department of Transportation In 2009 it was attached to over 9 million

phishing emails under the disguise of Verizon Wireless

Zeus

Zeus has infected millions of computers across 196 countries, nearly 3.6 million in USA alone.In October 2010 the FBI shut down a crime ring that stole $70 million with ZeusZeus is easily available to criminalsZeus is hard to detect

“Interested in credit card theft? There’s an app for that.” - Gunter Ollmann, security specialist

Zeus

FireSheep

Firefox extension Used unsecure connections to collect cookies

containing log in information for websites

FireSheep

Notable Case

Name: Albert Gonzalez

Stole 170 million credit card and ATM numbers

Created website called Shadowcrew that sold private information to highest bidder including usernames and passwords to email addresses

Hacked into databases of TJ Maxx, Dave and Busters, Barnes and Nobles, J.C. Penny, and Target

Sentenced to 20 years in prison

What is being done about it?

Identity Theft and Assumption Deterrence Act Internet Crime Complaint Center(IC3) Credit fraud companies popping up

LifeLock

LifeLock - Failure

Todd Davis has had his identity stolen 13 times since his marketing campaign for LifeLock

LifeLock has been sued and fined $12 million by the FTC for false advertising and fraud

Conclusion

The only one that can stop your identity from being stolen is you

Be careful Be aware Be smart

References

http://www.phrases.org.uk/meanings/identity-theft.html

http://www.identitytheftprotection.org/articles/history-of-identity-theft.html

http://www.spamlaws.com/id-theft-history.html

http://www.guard-privacy-and-online-security.com/history-of-identity-theft.html

http://www.identity-theft-scenarios.com/definition-of-phishing.html

http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identity-theft.html

http://en.wikipedia.org/wiki/Identity_theft

http://www.allbusiness.com/government/government-bodies-offices/14207830-1.html

http://money.cnn.com/2010/12/14/technology/firesheep_starbucks/index.htm

http://www.identitytheftfixes.com/the_ugly_history_of_identity_theft.html

References

http://www.protectingmyprivacy.com/

http://searchcio.techtarget.com/definition/pretexting

http://en.wikipedia.org/wiki/Albert_Gonzalez

http://www.ic3.gov/media/annualreport/2010_IC3Report.pdf

http://www.ic3.gov/about/default.aspx

http://www.identity-theft-scenarios.com/definition-of-phishing.html

http://thesop.org/story/20101017/zeus-trojan-horse-stealing-millions-around-the-world.html

http://en.wikipedia.org/wiki/Zeus_%28trojan_horse%29

http://www.eweek.com/c/a/Security/Zeus-Trojan-Variant-Found-on-BlackBerry-Phones-422999/

http://www.wired.com/threatlevel/2010/05/lifelock-identity-theft/