Slashdot Mirror
Biggest Identity Thief Ever Gets Put Away
Anonymous Brave Guy writes "Apparently computer helpdesk employee Philip Cummings had more than just a day job: he's just gone down for 14 years in the biggest identity theft case ever. Lots of fascinating nuggets of information in that story: apparently fake ID goes for as little as $60, and the total stolen over just a couple of years was somewhere in the $50m-100m range."
I absolutely did not see this Cumming.
Free XBox, PS2
People like this should be put away for a long time for ruining one's credit rating and making their lives a living hell. Restitution will be good too, but how much can you make in the can? not much.
Good riddance.
Some call me Howie Feltersnatch
What I want to know is, when they caught the guy, did they have a positive ID?
Be relentless!
How much would my 'secret' identity go for?
Why does a help desk operator have access to my credit report?
Surely you can design a system where very few humans ever have contact with all of a persons information.
I've dealt with on UK bank where when you wanted to perform certain transactions using telephone banking you were passed to a second tier operator and instructed not to give them your name.
Presumably the system was set up such that no one person had enough confidential information on a single customer.
The US really needs far stricter controls on SSNs - it's insane how often i need my ssn for day to day transactions.
Hay, so I could use a second identity ;-}
Where can I go and get one?
For $60, it is a bargain! ;-}
--E--
Cummings, who is still free on bail, must report to prison on 9 March.
It's not like the guy could change his identity or anything.
this s**tbag's employer, Teledata Communications, was heavily fined...they must have had hundreds of complaints over the course of the thievery and never turned enough scrutiny on their own orgnaization to see the problem until way too late. I will be looking at which credit card issuers, banks, etc use Teledata Communications services and seeing if I can avoid doing business there.
but who says their competition is any safer?
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
Of course, this sort of idiotic greed is what got them to start doing these bad things in the first place. I can't imagine trying to steal identities no matter how much the profit, myself.
The CB App. What's your 20?
... but the biggest ID theif ever caught.
If someone says he and his monkey have nothing to hide, they almost certainly do.
Sales Support
Tel: (800) 824-9069 option 2
e-mail: sales@tcicredit.com
Technical Support
Tel: (800) 492-2001, option 1
e-mail: support@tcicredit.com
Corporate Offices
Tel: (631) 231-6700
e-mail: kpalmer@tcicredit.com
...to prison on 9 March.
Are you kidding me? 14 years in Jail or move to Ecuador, hmmmmm?
Seems like all the huge criminal acts these days are inside jobs. Companies from grocery stores to office buildings are spying on their employees for this exact reason.
Here in NYC anyone can obtain a fake ID for under $50 bucks and it looks legit enogh to pass...And it's legal too because it has a disclamer in he back. I used to use one to get into clubs but i also used it (with my real info on it) to goto the bank because i always loose my wallet and i just get one for $30 bucks and i never had a problem with it...People who deal with money should be educated on whats real and whats not.
I'd like to see the sentence doubled, if not tripled.
For those of you that haven't experience it, you have no idea what a living hell identity theft can make your life.
Come to think of it....maybe a public execution would be in order.
HE's not Philip Cummings!
I AM!!!
there's also a "see aslo" link on the side of that story that's talking about the same thing...the real kicker is the quote right from the article.. If convicted, he faces up to 30 years in prison for fraud, and millions of dollars in fines. '$30 a time' nice..only gonna take a couple years to get that one paid off.
-shan
I agree. When I read the story, my first thought was.... "I'll bet this guy skips the country." After all, they're giving him 2 months to plan where to go. Bye bye Phillip! or given the fact he helped steal millions should that be Buy Buy Phillip?
When I worked for a broker, I had access to client SSNs, clearing house info for EFT, the whole nine yards. We were monitored, but that only went so far. Our tech support guys had all the same info.
Oh, we passed all the industry regulation background searches, etc. In fact, I saw a number of people kicked out of my training class when the searches uncovered bounced checks, forgeries, and other financial crimes. But that's the thing - many people who do that stuff do keep trying to get jobs in the industry. Which makes me think there's a high likelihood that people prone to doing that in general try to take those jobs. I know it's a bit presumptuous, like assuming all pedophiles without records will try to get jobs with kids simply in order to molest them - I'm sure less than 100% of them molest, but as an aggregate group they're unsafe - and it scares me to know how open this access is, especially when I know what they get paid and the educational requirements involved for the job.
bail coulda been secured by someone's residence...
every day http://en.wikipedia.org/wiki/Special:Random
I'm not sure how the laws are down in US, but up here in Canada, the judge can rule that you are forbidden from profiting from your crime.
Specifically the law can provide that you are not permitted to sell publishing rights of any sort. Hopefully this will apply, and if not, it would be nice to see 30,000 people take up a class action law suit to recoup their losses after he makes his supposed $100M.
We just did everything we could to try to grow convincing facial hair. I was lucky (or unlucky, depending on how you think of it), since that and premature grayness run in my family. I could pass for 18 easily when I was 15, and even when I was 14 I had a hard time convincing the theater that I was still young enough to get the under-18 discount. Only a few places carded me for liquor by the time was 17 since I'd developed some visible gray streaks in my hair. That was before my state passed tougher laws on that, though, I doubt I could get away with it now givin the same circumstances.
and the total stolen over just a couple of years was somewhere in the $50m-100m range."
I don't see where $0.05 to $0.10 is a lot of money. (^_~)
Like hell. First, that would be as useful as the references on a job application - no one pays attention to those, because if you can't get 3 friends to lie for you, you must be a real psychopath, let alone a credit risk. Second, those recommendations are only any good when considering the character of the referrees, so this quickly becomes a boundless recursive problem.
Also, where are these little communities anymore where everyone knows each other? Do you live in Mayberry? I know like 5 people in my entire building.
Overall, this process of trying to holistically determine credit worthiness without a centralized system would be slow as hell and obscenely expensive, if for no other reason than it would be so ineffective that banks would have to charge higher rates to account for their inability to determine credit worthiness. I don't like credit fraud either, but let's not toss the baby with the bathwater here.
And if nothing else, what if you move? Do you just get charged the highest possible rate in your new town because the community doesn't know you?
-Looking for a job as a materials chemist or multivariat
it's about stealing people's identities (by obtaining as much information about them) and setting up loans etc. in their name. The criminals then don't repay, the loan company comes knocking on the victims door and they then have to spend time and money reinstating their good name and credit rating.
Identity theifs really are the lowest of the low as far as "white collar" crime goes, I hope this guy rots in a stinking cell for as long as possible.
I am NaN
To add insult to injury, Mr. Cummings has now learned that everything he has purchased with his stolen ID's has been confiscated, including his new robot... his new girl robot. Heh heh heh...
Actually, that's me.
Those who do the most for the system should get the most out of the system. These 'ID theives' destroy the system and can possibly profit the most. Every time I give my personal information to some rude unknown face behind a desk I feel the paranoia take over. If he, she, or their shady friends in the back decide to use my information to destroy the quality of my identity it is definate that I will suffer. Yet it is not definate that they will be caught. We aren't reading the story of the guy who made X millions and willingly moved to unknown paradise. You'll never hear the story of the ultimate hack. The solutions of tiered systems, biometrics and others may bring profit to corporations but ultimately the information still exists and may still be abused. Debt has no meaning if it applies to anyone who can claim to be anyone. The "Information Age" is flawed indeed.
Up here in Canada only goverment agencies, employers and banks are allowed to require SIN (equivilent to SSN). Anyone else you just tell them no you won't give them your SIN, and they have to provide whatever service or product anyways.
32,000 staff and student ID records, including photographs and SSN's have been exposed to {h|cr}ackers, possibly for as long as two months. GMU is home to The Center for Secure Information Systems. In other news, the cobbler's children are going barefoot...
Does the UK still file credit reports by physical address? This bit quite a few people when they moved into an address, and the previous resident racked a bunch of bad debts. The new residents suddenly found they were being denied credit based on the history of the address.
How am I supposed to fit a pithy, relevant quote into 120 characters?
yacht?
I'm not condoning the behavior, I just don't like the wording.
France for example....
And their system is working fine.
As long as you have a paycheck or a parent with a paycheck that can back you up you can usually rent an appartement.
Also French people use credit a lot less tahn American, and I guess thats better for everybody.
If you make $10/hr or less, you're allowed to rip people off at will? I've heard of relative moral codes before, but this takes the cake.
You know, I feel that crime is bad and all... I wouldn't risk my future on it -- I know first-hand how damaging a felony can ruin a person's life as I've seen it. It's frightening really. Losing all those rights... even the ones you think you don't need. That said, it tweaks me more to see how stupid the average criminal really is. Take this guy for example.
Using information collected from your work place is a REALLY stupid thing to do. When masses of ID theft cases are compiled, it seems pretty obvious that these collections will have things in common such as places where the stolen information was used. It stands to reason that there would be one or two places where a collection will have information in common such as where they shopped. This fact brings the people responsible one big step closer to being caught. From there it's simply a matter of detective work to narrow the selection of people down to a few or even one.
When a crime is repeated over and over and over again, it simply increases the likelihood of being caught. I read somewhere here on Slashdot a bit of criminal advice that just makes too much sense. If you are going to commit a crime, make sure it has two criteria met: (1) It's big enough that it is worth the risks involved and (2) that you never EVER do it again.
Criminals get caught because they do it and keep doing it. They also don't seem to plan to get away with it. Stupid stupid stupid....
I've heard this about France before, that they don't have a US-style credit report system; What are mortgage rates like there, compared to the US?
no one said anyone is allowed to rip people off. Simply that if you pay your employees shit, you get shit employees. Like this guy.
It has been statistically shown that helmets increase the risk of head injury.
The actual "victim" in these cases is almost always the creditor
Of course, the creditor makes up that money by charging everyone higher interest rates. Also, it IS possible for identity theft to lead to someone walking into a bank with your info, SSN, valid ID, et cetera and clear out your bank account. But most of the time it's the far easier credit card fraud.
My other first post is car post.
The USA uses the Social Security Number to apply for credit. How do citizens of other countries apply for credit? What unique identifying number do they use to identify themselves? Do they have companies similar to Experian, TransUnion or Equifax?
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
If they had done a better job of checking the applicant's identity, maybe they wouldn't have the problem.
It used to be, you had to show up in an office to get something as simple as phone service. But hey, that's too inconvenient for today. Gotta make things easy for the applicant, so they'll be more likely to do it.
Making people show up would introduce an extra check into the process. At least the thieves would need to go through the trouble of making fake IDs.
Maybe if instead of moving to a whole new state every time someone offered you another perk you put down some roots and started contributing to your own home town
Maybe instead of contributing to your home town you could grow up out of the 1920's and started contributing to society as a whole?
Some of see the bigger picture here. Like contributing to society as a whole, or making the world better as a world instea do fjust making your little slice of it better. We tried the small town concept a hundred years ago. It doesn't work. It never worked. It's a fantasy. And today, small towns can only exist as leeches off the cities. Look at what happens to any little hick burg when the one or two major employers shut down and move away? Answer: the town dies. Why does it die? Because it only existed because of the infusion of money provided by those in the city buying the goods produced by that industry.
And while it's nice and well and good to like where you live (and I love where I live), not everybody wants to live in some hole so small that you could know everybody else. Because that's essentially what you're saying here. Everybody knows everybody and so it's easy to judge a man's character or his honesty and thus gauge the risk involved. That's fine when everybody does indeed know everybody, but in a big city that's not only infeasible, but impossible.
Seriously, if you like living in the sticks then that's fine. But applying your small town logic to bigger areas simply makes no sense. A credit reporting system is necessary. It may not be fair, and it may be badly made, but the correct solution is to fix the system, not to dump it.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
He only stole somewhere between 50 cents and a dollar? Is it just the engineer in me or do other people hate the use of 'm' for "million" instead of 'M'? And yes, I use an ERP system at work that shows things in millidollars. Woo.
Ahh, the freedom to waste karma on a point of order...
In the case of Identity Theft, much more is likely to be taken than just running up bills on an unsecured cretid card, and even that is bad enough. Identity thieves have taken out loans, mortgages, and even given the stolen identity when arrested for crimes.
For all of these, the victim must mount a REAL defence. This costs enormous amounts of time and money and a lot of aggravation.
A huge part of the problem is that he banks and other institutions PRESUME that YOU are lying, and that you are responsible for the debts.
I have friends who have had to deal with relatively light versions of account theft. It is an absurd and expensive distraction even when the bank acknowledges you are right. The banks can't get the mess cleaned up efficiently, and you must hound them for months.
Try doing a few hundred hours of utterly unproductive work with people who are uncooperative at best and hostile at worst, to merely not pay debts that aren't yours and to recover good standing that was yours. Also spend some real money on documentation and lawyers.
THEN tell me that it is only the companies that are victims.
And how would you get there? Hidden in the back of a car or in someone's luggage? You won't get through customs. Your passport is definitely revoked in such case.
Yeah, if only he had some way of getting a new identity.
Give me Classic Slashdot or give me death!
Hey now, we're not all hicks up here. Yes, we have those people who part cars on blocks in front of their trailer, but so does every other state.
We're rather intelligent, atleast when it comes to test scores. North Dakota has some of the highest educational test scores in the nation. We might live in a rural part of the country, but that doesn't mean we just live scattered out on the prairie, drinking beer and riding our tractors. Most people in North Dakota actually live in cities (well, what we call cities...population 10,000 or more) and have jobs in the service industry. Agriculture is a huge part of our state economy, however its really made up of a rather small group of people, and even the farmers usually aren't too hickish.
Tourism is our second largest industry-sector, behind agriculture. You'd be surprised what North Dakota has to offer.
There, feel better now?
Oh well, what the hell...
It makes me sad that no one who's identity was stolen will ever see a dime. I am going to write angry E-Mails to the government with all of my identities.
Wrong. Not legally, at any rate.
The keyspace is limited, however. Ideally, 1 billion distinct values. In practice, somewhat fewer. Groups 800-999 are not assigned, and Railroad Retirement Act numbers extend the range with "R##" "area" numbers.
What part of "gestalt" don't you understand?
You notice that when the Americans cover the story, they conveniently leave out the names of the companies involved?
... and investigating cases that do occur, in concert with our partners. And private sector companies--like the ones victimized in this case--are working to install better safeguards to protect consumer information.
---
NO ORDINARY CASE OF IDENTITY THEFT
The Largest in U.S. History
10/18/04
Uncovering Identity Theft graphicIt began with a crooked "insider" who had access to a nearly unending supply of personal consumer information.
It ended up the largest case of identity theft ever investigated and prosecuted in the U.S.--with 30,000 victims across the U.S. and Canada and millions of dollars in losses.
It's also a cautionary tale for you--the consumer.
First, the crime. The "insider" was Philip Cummings, a help desk employee with a Long Island, NY, company that provided special software to its client companies--like banks and other financial institutions--allowing them to download consumer credit reports from the three major commercial credit reporting agencies.
Cummings had access to his clients' codes and passwords, which meant he could download virtually all the consumer credit reports he wanted. And he did, after being approached by a ring of Nigerian nationals who offered to pay for copies. Even after leaving the company, Cummings continued using his inside knowledge to download and sell credit reports to this identity theft ring for another two years.
The damage. Considerable. Thousands of personal savings accounts were looted. Fake charges were racked up on credit cards. Addresses on bank accounts were changed so that new credit, check, and ATM cards were mailed directly to the thieves.
How the case was solved. Federal authorities--the FBI, with the assistance of the U.S. Postal Inspection Service and the Secret Service--were called in to investigate when a major credit company discovered that thousands of credit reports had been downloaded without permission. Soon other companies were reporting the same thing. A review of the victim companies' 1-800 phone records led investigators to the Long Island company that employed Philip Cummings...and ultimately, to Cummings himself and his partners in crime. Last month, Cummings pled guilty in the massive scheme. Trials for his co-defendants are upcoming.
What you should know about identity theft. The FBI is committed to preventing it
Having atleast some reputation in your community, even if its just in the neighborhood, can be invaluable.
Great. I'm going to have to check my behavior for decades in order to get a home loan. Can't have a funny haircut. Can't put that John Kerry bumper sticker on my car. Can't rally for the reform of marijuana criminalization. It could jeopardize my credit rating, which is dependent on everyone in my conservative small town liking me. Heaven help me if I'm gay and/or black.
I'm not saying all white people in small towns are racist or homophobic. I'm saying that this system you're advocating tends to favor the majority over the minority.
$5 / month hosted VPS on linux = awesome!
From what I saw in a movie once, all he needs is a Bourne Identity, and he can get through any place he needs...embassies, customs, you name it.
I grew up in Hawaii, where the legal age was 18, and I think the unofficial policy at Korean liquor stores near me was that, if you were over 6 feet tall, you could buy booze.
I also started getting gray at 19 years old, and now everyone assumes that I'm at least ten years older than I really am.
When I went to university in the 80's, where the age was 21, I would just special order imports by the case, and pick them up when they arrived. They didn't even want to card me for those...
Put identity in the browser.
It's not particularly difficult to walk across the border into Mexico. After that, all you need is money. $30k or so will buy you citizenship in a few countries down south.
Actually, if this guy really has access to a lot of ready cash, he could just buy or charter a nice boat in Florida, and pay the captain not to worry about his passport.
Fifty to 100 million? Why the hell was he a help desk worker? Why wasn't he out blowing money on yachts and jets and basketball teams?
Click here or here.
You're backwards, I'm afraid, at least for now. The ID card measures proposed by Blunkett, and now supported by Clarke (his successor as Home Secretary), are as yet only that: proposals. They'd love to drive them through, but there's enormous opposition even within the government, and given the current infighting among the majority party, it would be imprudent for them to attempt to force through measures to implement these things any time soon. They're only just now introducing the first bills into parliament to support these, and actually having them as compulsory things is around a decade away, assuming the government can even set up the system to run them effectively, which it probably can't.
And FWIW, my National Insurance number (the closest UK equivalent of the SSN) has only ever been needed for financial and employment dealings, where it's directly relevant.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
The UK credit reporting system is terrible. After surprisingly being completely denied credit, I asked the card company for the name of the credit reference agency they use (there are only three, and they are legally required to tell me which one(s) they use, if any). I got a copy of the report (which the agency is legally required to provide to me, for a nominal fee) and found numerous minor discrepancies. The best bit was when, having finally got through to one of their agents on the phone after something like half an hour in the queuing system, I was asked whether these blatant errors were really important "because it's 5:05 and I'm supposed to have finished my shift by now".
It turned out that I'd been refused because the web page taking the application had one of these automatic address database things -- enter your postcode and the number of your house, and it looks up the rest of your address. This is becoming quite common, and is often a convenient time saver, but in this case it got mine wrong, and so obviously they couldn't find any credit record for me at all, so I got automatic refusal of credit.
Ain't modern technology wonderful?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
As a landlord, I want to know two things:
- Is this applicant likely to pay the rent on time
- Is this applicant likely to take good care of my property
To answer #2, I do as you say. I call previous landlords, employers, references, etc. But to answer #1, I need to know from the gas company, the electric company, the credit card companies, etc., does this applicant pay his/her bills in full and on time? I know of no way to answer that other than to run credit, so credit I run.If you can suggest another way for me to ascertain my risk exposure without running credit, I'd be all ears. Running credit is not free, and I'd love to hear another way to find out payment history from all the applicant's past and present creditors.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
That's my reason (er, excuse) for maxing all my cards out. Good luck buying anything on my mastercard. ;o)
Chika Chik-ah... do-e ow ow.
He was not just any helpdesk operator. He was a helpdesk operator for "a New York-based software company which helps lenders access major credit databases". He had access to the company's client's passwords, so he just used them.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
You mean to say that Hollywood has lied to me about the drinking hooch and tractor riding??? Thats it, I'm moving to Alabama, where stereotypes are stereotypes!
"Do you suppose that's why God lives in the Heavens? Because he lives in fear of His creations?" - Steve Buscemi
You have cars on blocks in your yards? BAH! Try going to Maine where most rural homes (except for the trophy houses on the coast) not only have old cars rotting in the weeds but also have every water heater they have ever owned sitting in the front yard. If you are a woman over the age of 70 then you are required to maintain a huge collection of the tackiest yard ornaments known to man. Rotting wood shingles and missing roof shingles add that special touch of class!
(In Maine's defense though the state is gorgeous, Baxter SP and Arcadia NP are amazing, and I always stop at Moody's Diner in Waldoboro for wild blueberry pie.)
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
I am such a person. I would like to buy a house soon and not have unreasonable interest payments. Just because some other dipshit can't use credit resoponsibly doesn't mean I should be denied it.
I've worked hard to keep a good credit rating, and I would like to be rewarded as such.
-Looking for a job as a materials chemist or multivariat
Maybe he can steal a fellow inmate's identity and get out a few years early...
The credit card companies simply leave the financial responsibility on the vendor that charged the card. It is the vendor's responsibility to verify that the person charging on the card is them. Therefore the credit card companies don't pay a dime. Speak to any credit card company fraud department and you can verify this.
Actually, I just bought a house in the US, and I got a pretty good rate. I asked some people how it was in France, and it seems to be about the same.
Off course since there is no credit report system, the way it works is that you get a better rate if you have a good relationship with your bank. But guess what: even in the US, my bank is where I got the best rate, not with some random mortgage consultant or online lending company.
The credit report system in the US has nothing to do with protecting you, the consummer, but everything to do with protecting the lender.
But anyway its kind of pointless to compare rates when the banking systems are vastly different.
For example there are no interest on checking account (by law) but almost anybody can open some saving account at about 3% (there are some restriction). All this will change eventually with the EU.
The sad part is that people will spend thousands of dollars more and years and years of their life trying to fix this. It will never really go away. I see this everyday and it is sad.
From a Frenchman living in the US, who just bought a house here after extensive research on alternatively buying an investment property/comeback place in his native country:
Rates are actually a bit lower over there currently, about 4% for 20 years.
Downpayments are about the same, that is, 20% is considered normal, but from that point the banks will do whatever it takes to sell a loan to a solvent candidate, and in practice there are ways to buy with 10% or less, or even with next to nothing except for the high closing costs and taxes which can represent between 5 and 10%
However the loan durations are typically shorter. 10 to 20 years used to be standard, in the last few years it has been extended to 25 years, usually not more. 40 years or interest-only loans are unheard of. Like here there is a choice betwen fixed-rate and adjustable.
The biggest difference is that pre-payment is usually heavily penalized, and that refinancing is rare.
Life, disability and unemployment insurances are usually mandatory. The loan security system is complicated, and since setting up an individual mortgage is complicated and costly, most of people buy security from specialized loan insurance firms which mutualize risks. These firms will still sue you for your house if you default though.
I am totally with you on this. Every instance you use your card is a security risk. I've worked retail before and trust me that most are not subjected to a security check at all.
I'm a web developer. I have always wondered if you conduct credit card transactions over http or send them over email rather than use https exactly how risky that is. My thoughts are that the packets can be intercepted from point a to point b. I.e. the client's computer to buymycrapfakewebsite.com.
Most of these computers are major switches and such. If they are compromised we are ALL screwed!
How does that compare to handing your CC to a waiter or waitress who makes minimum wage?
Without a credit report, how do they know whether or not a buyer is solvent?