Privacy and Identity Theftin the 21st Century

Northside High SchoolApril 2008

http://csc.colstate.edu/summers/Research/privacy-in-the-21st-century2.ppt

Dr. Wayne SummersTSYS Department of Computer Science

Columbus State UniversitySummers_wayne@colstate.eduhttp://csc.colstate.edu/summers

Identity Theft

Citibank Identity Theft commercial - Darrel P.

Babe Magnet- Identity Theft Commercial

Thelma and Norma

Citibank - Computer Geek

Citibank identity theft commercial - underpants on

Digital Armageddon

04/19/23 Columbus State University

2

Citibank Identity Theft commercial - Darrel P.

Babe Magnet- Identity Theft Commercial

Thelma and Norma

Citibank - Computer Geek

Citibank identity theft commercial - underpants on

Digital Armageddon

OUTLINE Definitions

ID Theft & Privacy Issues

Future ID Theft & Privacy Issues

Regulations

Safe Guards

Q&A

Privacy (Confidentiality)

Limiting who can access your information.

Identity TheftUsing another’s identity for ones benefit

(usually financial gain)

– social security number– credit card account numbers– date of birth– driver’s license– passport– mother’s maiden name– addresses

Social Engineering“getting people to do things

that they wouldn’t ordinarily do for a stranger” – The Art of Deception, Kevin Mitnick

Definitions Spyware - computer software installed on a

computer to intercept the user's activities on the computer, without the user's informed consent.

Phishing - attempt to fraudulently acquire sensitive information by masquerading as a trustworthy entity.

Botnets - collection of software robots (bots), which run autonomously and automatically on groups of remotely controlled zombie computers.

04/19/23 Columbus State University

8Vulnerabilities How many of you access the Internet

from home?

Wireless networks are rapidly becoming pervasive. – How many of you have web-enabled cell

phones?

– How many of you have networked PDAs?

– How many of you have wireless networks at work? at home?

– How many of you use wireless networks when you are “on the road”?

ID Theft News March 28, 2008 (Computerworld) “

Hannaford Bros. Co. disclosed this week that the intruders who stole up to 4.2 million credit and debit card numbers from the grocer's systems did so by planting malware programs on servers at each of its stores in New England, New York and Florida.”

March 24, 2008 (Computerworld) “Unencrypted medical information of about 2,500 participants in a cardiac study conducted by the National Heart, Lung and Blood Institute (NHLBI) may have been compromised by the theft of a laptop PC last month.”

ID Theft News March 2008 (Newsmax.com) “Criminals who seize

control of tens of thousands of home and office computers through what are known as "botnets" are a dramatically growing threat, Shawn Henry, deputy assistant director of the FBI’s Cyber Division, tells Newsmax.”

“Since last spring, the FBI has arrested 11 individuals who allegedly infected and commandeered 1 million personal computers and turned them into robots that did their bidding, Henry says. “

April 24, 2008 (Computerworld) “University of Miami officials last week acknowledged that six backup tapes from its medical school that contained more than 2 million medical records was stolen in March from a van that was transporting the data to an off-site facility.”

ID Theft News April 24, 2008 (Computerworld) “University of

Connecticut police are investigating how a hard drive containing personal documents and photos from about 10 students, faculty and nonuniversity individuals was accidentally sold last week by the school's bookstore to a student on campus.”

April 2008 (AARP Bulletin) “But already scammers are contacting targets by phone, saying they represent the IRS, and explaining that they can direct-deposit rebates right away—if the victim coughs up a bank account number on the spot.”

04/19/23 Columbus State University

11

IRS Phish

04/19/23 Columbus State University

12

PayPal Phishing Site Arrives as Attachment

E-mail from "Microsoft“ security@microsoft.com

SUBJECT: {Virus?} Use this patch immediately !

Dear friend , use this Internet Explorer patch now!

There are dangerous virus in the Internet now!

More than 500.000 already infected!

04/19/23 Columbus State University

15

“You have zero privacy anyway. Get over it.”

(Scott McNealy, CEO, Sun Microsystems, 1999)

Who is Wayne Summers?

Google.com

– http://csc.colstate.edu/summers/ (resume)

– Math geneology

– Naymz.com

– Linked.com

– Blogger.com

peoplefinders.com

– Age, Cities, parents, spouse, and children’s names & ages

peoplefinders.com Comprehensive Background Report

– Name: SUMMERS, WAYNE– Everything you need to know, all in one report.

• Aliases & Maiden Names• Birth Date• Address History• Phone Numbers• Marriages & Divorces• Relatives & neighbors• Property ownership• and much more...

   $39.95 Click below to find out how to get this product for

FREE.

Who is Wayne Summers?

Whitepages.com

– Work address

– Columbus Tech

– Home address• Map of neighborhood• Neighbors & home values (zillow.com)

Other personal data websites

Addresses.com

AnyWho.com

Google

InfoSpace

Intelius

MySpace

PeopleFinders.com

PublicRecordsNow.com

USA People-Search

US Search

WhoWhere.com

Yahoo!

ZabaSearch

ZoomInfo

Future ID Theft & Privacy Issues

Minority Report Mall Scene (36 sec)

Minority Report Scene Gap Store (16 sec)

April 9, 2008 (Computerworld) “RFID keeps tabs on Vegas bartenders -- and soon could track you too”

“The Smart Card Alliance isn't too keen on proposed enhanced driver licenses that the Department of Homeland Security is working on with several states bordering Canada and Mexico. The long range-reading RFID technology suggested by DHS raises privacy, security, and operational functionality issues, says the alliance.”

Future ID Theft & Privacy Issues March 28, 2008 (IDG News Service) “Spying

programs for mobile phones are likely to grow in sophistication and stealth as the business of selling spying tools grows, according to a mobile analyst at the Black Hat conference on Friday…. Neo-Call is capable of secretly forwarding SMS (Short Message Service) text messages to another phone, transmitting a list of phone numbers called, and logging keystrokes. FlexiSpy has a neat, Web-based interface that shows details of call times, numbers and SMS messages, and it can even use a phone's GPS receiver to pinpoint the victim's location.”

April 9, 2008 (Washington Times) “D.C. police set to monitor 5,000 cameras.”

Mediacom Online home watch

“Privacy is the future. Get used to it.”

(Marc Rotenberg, Director, Electronic Privacy Information Centre - EPIC) (Fortune, 2001).

Regulations

Privacy Act of 1974– “No agency shall disclose any record which is contained in a

system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains... “

– Computer Matching and Privacy Protection Act of 1988

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Family Educational Rights and Privacy Act (FERPA)

Regulations

Financial Modernization Act of 1999["Gramm-Leach-Bliley Act" or GLB Act]: protect consumers’ personal financial information held by financial institutions.

Public Company Accounting Reform and Investor Protection Act of 2002 [“Sarbanes-Oxley Act “]:establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms.

04/19/23 Columbus State University

26Safe Guards

E-mail– should be considered like a postcard

– Don’t transmit personal data unless it is encrypted

Social networks (Facebook, Myspace) are open to others

– Don’t post personal data that could be used for identification

– Don’t post anything you would be ashamed of

Privacy Policies Google

Sample clause: "When you sign up for a Google Account or other Google service or promotion that requires registration, we ask you for personal information (such as your name, email address and an account password). For certain services, such as our advertising programs, we also request credit card or other payment account information which we maintain in encrypted form on secure servers. We may combine the information you submit under your account with information from other Google services or third parties in order to provide you with a better experience and to improve the quality of our services. For certain services, we may give you the opportunity to opt out of combining such information."

Yahoo Sample clause: "Yahoo! collects personal information when you register with Yahoo!, when you use Yahoo! products or services, when you visit Yahoo! pages or the pages of certain Yahoo! partners, and when you enter promotions or sweepstakes. Yahoo! may combine information about you that we have with information we obtain from business partners or other companies."

Microsoft Sample clause: "Microsoft collects and uses your personal information to operate and improve its sites and deliver the services or carry out the transactions you have requested. These uses may include providing you with more effective customer service; making the sites or services easier to use by eliminating the need for you to repeatedly enter the same information; performing research and analysis aimed at improving our products, services and technologies; and displaying content and advertising that are customized to your interests and preferences."

04/19/23 Columbus State University

27

What Else Can You Do?

Do not give your personal information out over the phone or Internet.

Take all outgoing mail to a U.S. Postal Service mail box.

Use a P.O. Box for all incoming mail.

Buy a document/credit card/CD crosscut shredder.

Credit Security Use one credit card exclusively for Internet

purchases.

Monitor activity on all credit cards closely.

Checking your credit history at least twice a year.

Your can buy identity theft recovery insurance.

04/19/23 Institute of Management Accountants

30Computer Protection

Properly configure all devices

Install firewalls, antivirus, anti-spyware

Monitor logs

Removed unneeded cookies

Do not enter personal information on a website over a non-encrypted connection

Keep patches up to date

04/19/23 Columbus State University

31

Home Network how many of you:

– protect your wireless device with a password?

– encrypt the data in your wireless device?

– employ any type of security with your wireless device?

– employ security with your wireless network?

Who to contact Equifax: 1-800-525-6285 www.equifax.com

Experian: 1-888-397-3742 www.experian.com

TransUnion: 1-800-680-7289 www.transunion.com

http://www.ftc.gov/idtheft

www.ftc.gov/credit

www.lookstoogoodtobetrue.com/

www.identitytheft.org/

www.privacyrights.org/index.htm

Conclusions “Security is, I would say, our top priority

because for all the exciting things you will be able to do with computers.. organizing your lives, staying in touch with people, being creative.. if we don't solve these security problems, then people will hold back. Businesses will be afraid to put their critical information on it because it will be exposed.” Bill Gates

04/19/23 Columbus State University

33

04/19/23 Columbus State University

34

Q & ADr. Wayne Summers

TSYS Department of Computer ScienceColumbus State University

Summers_wayne@colstate.eduhttp://csc.colstate.edu/summers