August 03, 2005

A trifecta of identity and ID-theft stories

Three separate stories that caught my eye in the last 24-hours.

First, from Australian IT, a story entitled Banks question fraud report that notes how some in the US banking industry are taking up with a report from Garntner analyst, Avivah Litan. Why? Here's the top-note of what she has to say:

AN unprecedented wave of internet-based bank fraud has been enabled in part by banks that don't bother to check security codes on cash cards, according to a new report.

Roughly half of US banks in recent years have stopped checking codes embedded in the magnetic stripe of ATM and debit cards, making it easier for online con artists to suck cash out of consumers' accounts, Gartner analyst Avivah Litan said.

"The only reason they don't check these things is because they forgot about it," Ms Litan said. "Really, I'm furious."

If true, and I don't know that it is, what we have is another example of the means being available but unused -- kind of like laws on the books that simply aren't enforced.

Second item is about one of my favourite "trade" shows: Defcon. I've never been but would love to go. Frankly, I don't know why more people on the "right" side of the law don't attend. To know the enemies ways, says Sun Tzu, . . . (I think.) Anyway, BusinessWeek online dutifully carries a story (Hackers demonstrate their skills in Vegas) that has a spectacular quote from a security industry expert:

The Internet has become "crime ridden slums," said Phil Zimmermann, a well-known cryptographer who spoke at the conference. Hackers and the computer security experts who make a living on tripping up systems say security would be better if people were less lazy. [Ed. Note the unanticipated consistency with the previous block quote?]

To make their point, they pilfered Internet passwords from convention attendees.

Anyone naive enough to access the Internet through the hotel's unsecured wireless system could see their name and part of their passwords scrolling across a huge public screen.

It was dubbed the "The Wall of Sheep."

Gotta love it.

And, finally, a story I found on Physorg.com reporting on IBM's latest Global Business Security Index report (Report finds online attacks shift toward profit -- well, really, it had to happen eventually). A few culled highlights, although both the story itself and the underlying report are good reading:

IBM has seen a resurgence of targeted phishing attacks for money laundering and identity fraud purposes, believed to be largely driven by criminal gangs that have become more astute in the creation and delivery of such attacks. According to its latest Global Business Security Index, in the first half of the year, there were more than 35 million phishing attacks launched to steal critical data and personal information for financial gains.

Spawns of phishing threats such as 'spear phishing' . . . increased more than ten-fold since January of this year alone. Unlike in previous years, when viruses were mainly created and launched to slow down and cripple IT systems, these types of 'customized' attacks have shown their potential to defraud businesses, steal identities and intellectual property and extort money, while damaging the brand and eroding customer trust.

The ratio of spam to legitimate email continuously decreased over the course of the last six months, from 83 percent in January to 67 percent in June 2005, while virus-laden email increased fifty percent over the same period. . . . Hackers have turned toward more criminal and lucrative areas of directing attacks to specific individuals or organizations, often financially, competitively, politically or socially motivated. IBM's Global Business Security Index shows that in December of 2004, one in every 52 emails was infected by some sort of malicious security threat; by January it was one in every 35 emails, and by June, that ratio increased to one in every 28 emails - signifying a fifty percent increase from last year - a disturbing trend for businesses and consumers alike.

And, in another story I couldn't find when I wanted to post comes the prediction that ATMs are the new pot-of-gold on the hacker and crypto-thief's radar.

Posted by Grayson at August 3, 2005 07:45 AM