computer vulnerabilities & criminal activity identity theft & credit card fraud 6.1 march 1,...
DESCRIPTION
Identity Theft and Assumption Deterrence Act 18 U.S.C § 1028 Makes it a federal crime to: “knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law” Makes it a federal crime to: “knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law”TRANSCRIPT
![Page 1: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/1.jpg)
Computer Vulnerabilities & Criminal Activity
Identity Theft & Credit Card Fraud
6.1March 1, 2010
![Page 2: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/2.jpg)
Definition of Identity Theft
A person commits the crime of identity theft if, without the authorization, consent, or permission of the victim, and with the intent to defraud for his or her own benefit or the benefit of a third person, he or she does any of the following:
1. Obtains, records, or accesses identifying information that would assist in accessing financial resources, obtaining identification documents, or obtaining benefits of the victim.2. Obtains goods or services through the use of identifying information of the victim.3. Obtains identification documents in the victim's name.
US Legal Definitions
![Page 3: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/3.jpg)
Identity Theft and Assumption Deterrence
Act18 U.S.C § 1028
Makes it a federal crime to:“knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law”
![Page 4: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/4.jpg)
Connecticut Criminal Law - Identity Theft
http://law.justia.com/connecticut/codes/title53a/sec53a-129a.html
![Page 5: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/5.jpg)
Protected Information Name Date of birth Social Security number Driver's license number Financial services
account numbers, including checking and savings accounts
Credit or debit card numbers
Personal identification numbers (PIN)
Electronic identification codes
Automated or electronic signatures
Biometric data Fingerprints Passwords Parent's legal surname
prior to marriage
![Page 6: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/6.jpg)
States with Mandatory ID Theft Investigation
California Louisiana Minnesota
![Page 7: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/7.jpg)
Motivation for Identity Theft
Financial DesiresGreed
Strain Theory
![Page 8: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/8.jpg)
Individuals Committing Identity Theft
Individuals May have some relationship to the victim Often have no prior criminal record
Illegal Immigrants Methamphetamine Users Career Criminals Gangs
Hells Angels MS-13
Foreign Organized Crime Groups Asia Eastern Europe
![Page 9: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/9.jpg)
Victims of Identity Theft Higher education / higher income Age 22 - 59 Married Basically, individuals most likely to
have a good credit rating / credit history
![Page 10: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/10.jpg)
Methods of Obtaining Identity Information
Dumpster Diving Skimming Phishing Change of Address Theft of Personal Property Pretexting / Social Engineering
![Page 11: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/11.jpg)
How the Internet is used for ID Theft
Hackers Interception of transmissions - retailer to
credit card processor Firewall penetration - data search Access to underlying applications
Social Engineering / Phishing / Pretexting
Malware / Spyware / Keystroke Loggers
![Page 12: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/12.jpg)
Crimes Following Identity Theft
Credit Card Fraud Phone/Utility Fraud Bank/Finance Fraud Government Document Fraud Employment Fraud Medical Fraud Misrepresentation during arrest
![Page 13: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/13.jpg)
Problem with Identity Theft Investigation
Lapse of time between crime and the time the crime is reported
Monetary amount Jurisdiction Anonymity
![Page 14: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/14.jpg)
Identity Theft Investigation
http://www.ftc.gov/bcp/edu/microsites/idtheft/law-enforcement/investigations.html
Identity Theft Data Clearing House Identity Theft Transaction Records
Subpoena or victim’s permission Request for documents
Must be in writing Authorized by the victim Be sent address specified by the business Allow the business 30 days to respond
![Page 15: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/15.jpg)
Credit Card Fraud
“Wide-ranging term for theft and fraud committed using a
credit card or any similar payment mechanism as a
fraudulent source of funds in a transaction.”
Wikipedia
![Page 16: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/16.jpg)
“Carding”“The unauthorized use of
creditand debit card account
information to fraudulently purchase goods and
services.”DATA BREACHES:WHAT THE UNDERGROUND WORLD OF “CARDING” REVEALS - US DOJ
![Page 17: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/17.jpg)
Carding Terminology Dumps - information electronically
copied from the magnetic stripe on the back of credit and debit cards. Track 1 is alpha-numeric and contains the
customer’s name and account number Track 2 is numeric and contains the account
number, expiration date, the secure code (known as the CVV),and discretionary institution data.
PIN - Personal Information Number BIN - Bank Information Number
![Page 18: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/18.jpg)
Carding Terminology cont.
Full Info” or “Fulls” - a package of data about a victim, including for example address, phone number, social security number, credit or debit account numbers and PINs, credit history report, mother’s maiden name, and other personal identifying information
![Page 19: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/19.jpg)
How Credit Card Information Obtained
Online In bulk from hackers who have
compromised large databases http://www.privacyrights.org/ar/ChronData
Breaches.htm Phishing Malware
![Page 20: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/20.jpg)
Types of Carding Carding Online
Using stolen credit cards to purchase goods & services online
Carding to a drop - having goods sent to another physical address
Cobs - changing billing address with credit card company
![Page 21: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/21.jpg)
Types of Carding cont. In-Store Carding
Presenting a counterfeit credit card that had been encoded with stolen account information to a cashier at a physical retail store location
More risky Higher level of sophistication
![Page 22: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/22.jpg)
Types of Carding cont. Cashing
The act of obtaining money, rather than retail goods and services, with the unauthorized use of stolen financial information
Pin Cashing - Using dump information to encode a strip on a card to use at ATMs
![Page 23: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/23.jpg)
Types of Carding cont. Gift Card Vending
Purchasing gift cards from retail merchants at their physical stores using counterfeit credit cards and reselling such cards for a percentage of their actual value
Sales maybe online or face-to-face
![Page 24: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/24.jpg)
Carding Forums Online Tutorials on different types of carding-related
activities Private and public message posting enabling
members to buy and sell blocks of stolen account information and other goods and services
Hyperlinks for hacking tools and downloadable computer code to assist in network intrusions;
Other exploits such as source code for phishing webpages
Lists of proxies Areas designated for naming and banning
individuals who steal from other members
![Page 25: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/25.jpg)
Carding Websites (all disabled)
www.shadowcrew.com www.carderplanet.com www.CCpowerForums.com www.theftservices.com www.cardersmarket.com
![Page 26: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/26.jpg)
Sample Carding Web Sites
![Page 27: Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010 Identity Theft & Credit Card Fraud 6.1 March 1, 2010](https://reader034.vdocument.in/reader034/viewer/2022042619/5a4d1acd7f8b9ab059970235/html5/thumbnails/27.jpg)