Slashdot Mirror
Biggest Identity Thief Ever Gets Put Away
Anonymous Brave Guy writes "Apparently computer helpdesk employee Philip Cummings had more than just a day job: he's just gone down for 14 years in the biggest identity theft case ever. Lots of fascinating nuggets of information in that story: apparently fake ID goes for as little as $60, and the total stolen over just a couple of years was somewhere in the $50m-100m range."
Why does a help desk operator have access to my credit report?
Surely you can design a system where very few humans ever have contact with all of a persons information.
I've dealt with on UK bank where when you wanted to perform certain transactions using telephone banking you were passed to a second tier operator and instructed not to give them your name.
Presumably the system was set up such that no one person had enough confidential information on a single customer.
The US really needs far stricter controls on SSNs - it's insane how often i need my ssn for day to day transactions.
While I agree, having been a victim of identity theft (only once that I know of) Perhaps part of the problem is credit ratings themselves.
There are other ways for a lender or landlord to learn whether a person is a risk. Most people have a reputation in their community that one need only ask to learn. Most credible people can provide credible references. The current addiction to putting everyone's number in a New Jersey database does more harm than good, especially when folks like Cummings come along.
Trying to use sarcasm in text-based forums does not work.
Sure write it off. Or go after Teledata Communications the guy's employer. They should have some liability in this. 30,000 people makes for one powerful class action.
... but the biggest ID theif ever caught.
If someone says he and his monkey have nothing to hide, they almost certainly do.
I totally agree. The employer should be somewhat accountable for the actions of their employee and the negligence on their part. Obviously the system was designed in an insecure manor if the help desk technician had access not only to the accounts, but to the codes as well. The company is the one that should be on trial here.
When I worked for a broker, I had access to client SSNs, clearing house info for EFT, the whole nine yards. We were monitored, but that only went so far. Our tech support guys had all the same info.
Oh, we passed all the industry regulation background searches, etc. In fact, I saw a number of people kicked out of my training class when the searches uncovered bounced checks, forgeries, and other financial crimes. But that's the thing - many people who do that stuff do keep trying to get jobs in the industry. Which makes me think there's a high likelihood that people prone to doing that in general try to take those jobs. I know it's a bit presumptuous, like assuming all pedophiles without records will try to get jobs with kids simply in order to molest them - I'm sure less than 100% of them molest, but as an aggregate group they're unsafe - and it scares me to know how open this access is, especially when I know what they get paid and the educational requirements involved for the job.
Writing this and being modded insightful +3...and they call the moslems barbaric.
i'm sure someone retired with that money.
just not this little drone in the circles...
world was created 5 seconds before this post as it is.
It is shocking, simply shocking that someone who gets paid $10 an hour steals customer information if he has the chance because the company's security policies were virtually useless.
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
Like hell. First, that would be as useful as the references on a job application - no one pays attention to those, because if you can't get 3 friends to lie for you, you must be a real psychopath, let alone a credit risk. Second, those recommendations are only any good when considering the character of the referrees, so this quickly becomes a boundless recursive problem.
Also, where are these little communities anymore where everyone knows each other? Do you live in Mayberry? I know like 5 people in my entire building.
Overall, this process of trying to holistically determine credit worthiness without a centralized system would be slow as hell and obscenely expensive, if for no other reason than it would be so ineffective that banks would have to charge higher rates to account for their inability to determine credit worthiness. I don't like credit fraud either, but let's not toss the baby with the bathwater here.
And if nothing else, what if you move? Do you just get charged the highest possible rate in your new town because the community doesn't know you?
-Looking for a job as a materials chemist or multivariat
it's about stealing people's identities (by obtaining as much information about them) and setting up loans etc. in their name. The criminals then don't repay, the loan company comes knocking on the victims door and they then have to spend time and money reinstating their good name and credit rating.
Identity theifs really are the lowest of the low as far as "white collar" crime goes, I hope this guy rots in a stinking cell for as long as possible.
I am NaN
You know, I feel that crime is bad and all... I wouldn't risk my future on it -- I know first-hand how damaging a felony can ruin a person's life as I've seen it. It's frightening really. Losing all those rights... even the ones you think you don't need. That said, it tweaks me more to see how stupid the average criminal really is. Take this guy for example.
Using information collected from your work place is a REALLY stupid thing to do. When masses of ID theft cases are compiled, it seems pretty obvious that these collections will have things in common such as places where the stolen information was used. It stands to reason that there would be one or two places where a collection will have information in common such as where they shopped. This fact brings the people responsible one big step closer to being caught. From there it's simply a matter of detective work to narrow the selection of people down to a few or even one.
When a crime is repeated over and over and over again, it simply increases the likelihood of being caught. I read somewhere here on Slashdot a bit of criminal advice that just makes too much sense. If you are going to commit a crime, make sure it has two criteria met: (1) It's big enough that it is worth the risks involved and (2) that you never EVER do it again.
Criminals get caught because they do it and keep doing it. They also don't seem to plan to get away with it. Stupid stupid stupid....
You never hear of the ones that do learn and do stop in time.
no one said anyone is allowed to rip people off. Simply that if you pay your employees shit, you get shit employees. Like this guy.
It has been statistically shown that helmets increase the risk of head injury.
The actual "victim" in these cases is almost always the creditor
Of course, the creditor makes up that money by charging everyone higher interest rates. Also, it IS possible for identity theft to lead to someone walking into a bank with your info, SSN, valid ID, et cetera and clear out your bank account. But most of the time it's the far easier credit card fraud.
My other first post is car post.
The USA uses the Social Security Number to apply for credit. How do citizens of other countries apply for credit? What unique identifying number do they use to identify themselves? Do they have companies similar to Experian, TransUnion or Equifax?
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.