Identity Thieves Not Big On Technology

alphadogg sends us to Network World, as is his wont, for a summary of a new study of identity theft based on the outcomes of more than 500 Secret Service cases from 2000 to 2006. Here is the study report (PDF). The AP has coverage emphasizing other slants on the findings. Among the surprises: just 51% of convicted ID thieves were sent to prison. Only 20% of the cases involved use of the Internet, and such cases may be on the decline. More perpetrators used good old-fashioned dumpster diving and stealing stuff out of mailboxes.

Lies, Damn Lies, and Statistics...

[gbulmash]

From the AP article: "The Federal Trade Commission has said about 3 million Americans have their identities stolen annually." And this study covers 517 cases over 7 years (2000-2006). I'm sorry, but I can't see a study of 517 cases during a period of approx. 21 million crimes providing really useful data.

Re:Lies, Damn Lies, and Statistics...

[Tanman]

Team Leader: Mr. Cheney, please calculate our chances of successfully finding the correct identity theft information from our study of 517 obscure cases of random WMDs in Iraq this time.

Mr. Cheney: 0.0001273% repeating, of course

Mr. Bush: G.DUUUUUUUUUUUUUUB-YAAAAAAAAAAAAAAABUSH!

PEW PEW PEW PEW!

Team Leader: Damnit, G.Dubya!

Mr. Bush: Tacos rule!

Re:Lies, Damn Lies, and Statistics...

[hchaos]

From the AP article: "The Federal Trade Commission has said about 3 million Americans have their identities stolen annually." And this study covers 517 cases over 7 years (2000-2006). I'm sorry, but I can't see a study of 517 cases during a period of approx. 21 million crimes providing really useful data.

The 99% margin of error on this study is about 5.5% (e.g. there is a 99% chance that the real percentages are within 5.5 points of the reported percentages). If the sample size were 1000, we would see a margin of error of 4%, and a we'd need a sample size of 10,000 to give us a 1.2% margin of error. One of the things that you learn if you ever take a statistics course is that, regardless of your actual population, you just don't get much better results when your sample size increases beyond a few hundred.

Re:Lies, Damn Lies, and Statistics...

[Tanman]

Lets take 100 cases of identity theft from silicone valley. Now lets take 100 cases of identity theft from bucksnort, arkansas. I bet th

You can take smaller samples only from a homogenous larger sample. Fact is that the 3 mil overall represents some extremely different circumstances, and a study would need to take representative samples from each demographic to insure an accurate result. However, we only have samples from the demographic of people who involved the secret service.

Re:Lies, Damn Lies, and Statistics...

[king-manic]

From the AP article: "The Federal Trade Commission has said about 3 million Americans have their identities stolen annually." And this study covers 517 cases over 7 years (2000-2006). I'm sorry, but I can't see a study of 517 cases during a period of approx. 21 million crimes providing really useful data.

A fine product of the US education system I see. Stats was your major?

Re:Lies, Damn Lies, and Statistics...

[gbulmash]

A fine product of the US education system I see. Stats was your major?

So, if you didn't major in Statistics, you're not allowed to distrust them? 517 was the number of cases the agency closed in a 7 year period. This was not a representative sample of all cases from all law enforcement agencies dealing with this problem. It was all cases handled by one specialized agency.

And furthermore, let's talk statistics. There are like 100 things I can do that will statistically reduce my "chance of death" by 10%. How the fuck can I reduce my chance of death? Statistically, based on ALL available data, my chance of death is 100%! All these statistics do is tell me that if I quit smoking now, my chances of dying in the next 10 years go down by 40%. Now that doesn't mean I go from a 100% chance of death to a 60% chance of death. As a man in his 30s, it means my chances of dying go down from about 15% to 9%. That 9 percent includes drunk drivers, gang bangers, suicide bombers, tainted meat, crimes of passion, poisonous snakes, chainsaw accidents, unexpected heart attacks, and 18 types of cancer that smoking doesn't much influence one way or another.

Re:Lies, Damn Lies, and Statistics...

[king-manic]

So, if you didn't major in Statistics, you're not allowed to distrust them? 517 was the number of cases the agency closed in a 7 year period. This was not a representative sample of all cases from all law enforcement agencies dealing with this problem. It was all cases handled by one specialized agency. The only thing that matters is 517 is a random sample. If it isn't sufficiently random then you can't conclude much but a random sample 517 is sufficient to draw some correlations, patterns, data, or even some conclusions depending on the data. Merely stating 517 / 21 million is not sufficient to dismiss it.

And furthermore, let's talk statistics. There are like 100 things I can do that will statistically reduce my "chance of death" by 10%. How the fuck can I reduce my chance of death? Statistically, based on ALL available data, my chance of death is 100%! All these statistics do is tell me that if I quit smoking now, my chances of dying in the next 10 years go down by 40%. Now that doesn't mean I go from a 100% chance of death to a 60% chance of death. As a man in his 30s, it means my chances of dying go down from about 15% to 9%. That 9 percent includes drunk drivers, gang bangers, suicide bombers, tainted meat, crimes of passion, poisonous snakes, chainsaw accidents, unexpected heart attacks, and 18 types of cancer that smoking doesn't much influence one way or another. So you're one of those "me hate science because I smartest" types? Most studies come up with correlations. Often weak patterns which then get blown up by the media. You can take the advice or not, with the media new advice will come along in a week. General trends look like a more traditional diet, lower calorie consumption, moderation of of all habits, and plenty of protected sex lead to a fairly long and likely fulfilled life. If that is not for you, fine. Please continue your smoking, chronic burger munching, promiscuous unprotected anal sex with rodeo clowns, and heroin habit.

Re:Lies, Damn Lies, and Statistics...

[JCSoRocks]

One of the things that you learn if you ever take a statistics course is that, regardless of your actual population, you just don't get much better results when your sample size increases beyond a few hundred.

My understanding is that this statistical quirk holds true for women as well.

Re:Lies, Damn Lies, and Statistics...

[gbulmash]

The only thing that matters is 517 is a random sample. If it isn't sufficiently random then you can't conclude much but a random sample 517 is sufficient to draw some correlations, patterns, data, or even some conclusions depending on the data. Merely stating 517 / 21 million is not sufficient to dismiss it.

Really? Let's say you're looking at 7 characteristics of the crimes and each has 3 different possibilities. That gives you 2187 different variations. And at 2187 variations, given an even distribution among 21 million instances, you can have 9602 instances of *each* variation. Yet even if the distribution is even and the sample is sufficiently random so it produces no duplicates, prove to me that a sample of 517 events will give sufficient insight into all 2187 possibilities in a set of 21 million instances.

And saying "So you're one of those 'me hate science because I smartest' types?" or suggesting I don't understand because I haven't obtained a degree in statistics just reinforces my subject line, a partial quote of: "There are three kinds of lies: lies, damn lies, and statistics."

Re:Lies, Damn Lies, and Statistics...

[king-manic]

Really? Let's say you're looking at 7 characteristics of the crimes and each has 3 different possibilities. That gives you 2187 different variations. And at 2187 variations, given an even distribution among 21 million instances, you can have 9602 instances of *each* variation. Yet even if the distribution is even and the sample is sufficiently random so it produces no duplicates, prove to me that a sample of 517 events will give sufficient insight into all 2187 possibilities in a set of 21 million instances.

And saying "So you're one of those 'me hate science because I smartest' types?" or suggesting I don't understand because I haven't obtained a degree in statistics just reinforces my subject line, a partial quote of: "There are three kinds of lies: lies, damn lies, and statistics." Lets draw a distinction here, that quote "There are three kinds of lies: lies, damn lies, and statistics." is an emphasis on how people can use statistics to distort the truth. Individuals like Frank Luntz are very good at using it this way. However statistics itself is not at fault it's the generally low level of mathematic literacy that is at fault.

Case in point: The size of your sample varies with the confidence level you want and the margin of error that you will accept. The actual population size is not a significant factor. For some studies if the trend is strong enough a sample size of 30 is sufficient even if the total pop is 100,000,000. If the trend or trait is subtle you may need more samples as the margin of error is as large or larger then any pattern you discern. Your "characteristics" is a irrelevant as a sample of 517 out of 2187 possibilities will still give information on frequency etc... If your results lead to 517 separate variations of those 7 characteristics then indeed your study has advised you to get a larger sample size. But most studies look at much fewer then 7 variables or characteristics at a time. Dismissing it because it's not a significant % of cases underlines a significant misunderstanding of statistics making you part of the problem with "There are three kinds of lies: lies, damn lies, and statistics." (As others have pointed out mroe eloquently then I)

If a sample is random and the data gives a pattern that is significantly stronger then the error margin then it says something. The conclusion may be distorted but you can't write off a study merely on it's sample size when the sample size look adequate statistically. If they had a sample size of 7 then yes the sample size can be used to write off the conclusion, however 517 ought to be fine in most cases. 30-100 is usual for many studies. 517 is not too shabby. Now the real criticism (as I pointed out) is if it was random or not.

Good thing

My mail slot goes straight to a shredder so I'm safe.

Re:Good thing

Thats why I install multi-layer infrared scanners in everyones mail slot. Scans all documents before they ever actually get inside.

Damnit

[Anonymous+Crowhead]

Did they really need to spread that out over two pages? There's only one god damned sentence on the second page.

Re:Damnit

[ls+-la]

Ad revenue.

Did they catch everyone?

Maybe those who use high tech did not get caught?

Hmm...

[Thyrteen]

Either tech for ID theft is on the decline, or hackers have seeded data to the secret service to make them look the other way! I cry Conspiracy! heh, but seriously, isn't this sort of flip-flop normal? It would always make sense to take care of it the easier way. And if computer security goes beyond the point of paper security, it's time to make the switch! It'll go back though, if the mail / dumpster maintainers start to see their faults.

Three words

[greg_barton]

Use a shredder.

Re:Three words

[geekoid]

In had one, but those damn turtles kicked his ass.

Re:Three words

[stefanlasiewski]

A shredder doesn't help when a credit card company delivers a pre-approved credit card offer, or when the community college uses your SSN as your 'Student Identification Number' on a freshly printed postcard.

If Credit Card companies really cared about identity theft, then why do they mail out millions of unsolicited, pre-approved credit card offers every year? Even if someone signs up for the 'opt-out' list, some unscrupulous lenders will ignore the list and send unsolicited offers in the mail.

What percentage of identity theft occurs from someone stealing one of those little envelopes, I wonder.

Re:Three words

[greg_barton]

What percentage of identity theft occurs from someone stealing one of those little envelopes, I wonder.

That's why, when you get 'em, you shred 'em.

Security is not absolute. It's always about probabilities. You reduce the chance of a breach, but you can never make it absolutely impossible.

Re:Three words

[Drakin020]

That doesn't exactly prevent people from taking it out of your mailbox before you get to it first.

Re:Three words

[greg_barton]

Get a mail box with a lock.

Re:Three words

[UncleTogie]

Get a mail box with a lock.

Sure, 'cause no one would think to pick a mailbox lock, would they...?

Re:Three words

[greg_barton]

Probabilities.

Re:Three words

[CodeBuster]

If Credit Card companies really cared about identity theft, then why do they mail out millions of unsolicited, pre-approved credit card offers every year?

This would be a really easy one to fix with just a bit of legislation really. The consumer credit contract should be like applying for any other major loan, consumer signature required for contract to be valid or the contract is void and all claims arising out of it are also void (i.e. the credit issuer or backer shoulders all of the responsibility for loaning out money to a phantom that they couldn't verify). This would place all of the risk for verifying identity and preventing theft on the credit card issuers. Some people might complain that this would make credit harder to get for "deserving borrowers" but really the last kind of credit that those marginal borrowers need is yet another unsecured, high rate, short term borrowing instrument (i.e. the credit card). So what if credit is a bit more expensive because we actually implement security and sound verification practices? The easy credit binges are what brought us the housing bust, the subprime mortgage meltdowns, the dotcom crash and a host of other financial disasters. Do you help an alcoholic with a hangover by giving him another drink? Do we have to give pre-approved credit card offers in the mail to everyone who is breathing and has a pulse? Who needs it?

Re:Three words

[SCHecklerX]

Good advice. But what about those who would steal from your mailbox? There was a story on /. not so long ago about exactly that happening (guy made a copy of the mailbox key, and idiot bank was sending account info in the mail!).

Re:Three words

[UncleTogie]

Probabilities.

Indeed...

Re:Three words

[zippthorne]

They used to run a spy series on Discovery channel. In it, they would describe a few of the braindead things people do. For instance "secretaries" would, instead of taking time to take classified documents to the shredder, tear them in half and toss them in the regular waste bin. The flaw in this should be blatantly obvious: instead of making it harder for an intelligence agent to acquire interesting information, they basically highlighted the most interesting bits!

If you put a lock on your mailbox, you instantly flag your mail as interesting. If you really need a lock, get a PO box at an actual post office. Where it's not only a federal crime to tamper with your mail, but there are actual officers of the law present for much of the day.

Re:Three words

[Kharny]

Totally agree, it's an unfortunate trend nowadays in europe too. It is getting easier and easier to get yourself into such huge debts that it will cause serious problems.

Debt and loanfree since 1998 after paying my last uni. fees back to the dutch gov.

The only loan i would take would be for buying a house, because those are atleast backed by a physical object of reasonably stable value.

Re:Three words

[porcupine8]

What really drives me crazy are the blank checks Discover keeps sending me. All the necessary info, right there, in a form that they can actually fill out and mail to someone as payment. The thief could be completely internet-illiterate and still max out my card for me, plus rack up the extra cash advance fees that come with using those checks.

Re:Three words

[cubes]

Credit card companies don't care as much as you might think. The credit card companies have very little incentive to prevent or prosecute fraud.

Fraudulent credit card charges are either paid by the consumer (if the consumer fails to take the proper steps to dispute the charge), or paid by the merchant (if the consumer does dispute the charge). The burden of proof that the charge is valid falls on the merchant. If you dispute a charge, and the merchant does not have adequate proof that the charge is valid, the credit card company takes the amount of the charge back from the merchant -- and may also charge penalties or higher service charges in the future if a merchnt has too many "chargebacks".

Last year I, as a merchant, came across an order submitted to our retail website using a stolen credit card number. We contacted the owner of the card, who refused to cancel the card because it would be too much of a hassle and he knew he wouldn't be held responsible for the fraudulent charges anyway. We reported it to the credit card company, who refused to act unless the cardholder reported the problem. Same with the police in the city to which the thief tried to have the merchandise shipped. They all consider the cardholder the "victim" depite the fact that the merchant is the one who stands to lose money due to the fraudulent charges. I finally filed a complaint with the FTC against the credit card company, but nothing has come of that as far as I know.

Re:Three words

[zenofjazz]

What percentage of identity theft occurs from someone stealing one of those little envelopes, I wonder. That's why, when you get 'em, you shred 'em. Security is not absolute. It's always about probabilities. You reduce the chance of a breach, but you can never make it absolutely impossible.

Yes, but that only works if you get to your mail BEFORE the people stealing your mail.

Re:Three words

[stefanlasiewski]

That's why, when you get 'em, you shred 'em.

I'm talking about the period before I get 'em, before Ipick up your mail and drop it in the shredder.

The unsolicited credit card offer sits in the mailbox until I return from work, or return from a long weekend.

Re:Three words

[greg_barton]

1) locked mailbox
2) mail slot in your door
3) get mail sent to a p.o. box

If you don't do any of those things then the security isn't important enough to you.

Re:Three words

How about not sending the unsolicited credit card offers in the first place, eh?

Identity theft on the Internet

[suv4x4]

Why should I bother. I have access to your bank account in minutes, I just directly wire money overseas and start laundering them.
There's no even time to start stealing "identities" as it's understood in the classical sense.

Re:Identity theft on the Internet

[rk075245]

You should bother about identity of theft on the internet. If not you will be the victim for the theft to wiretaping all your personal information. Be alert !!

Declining use of the Internet for ID theft?

[olehenning]

That's odd. This summer in Norway, over 100 000 people got their identity stolen when web-services using the registry of all norwegian citizens (to perform tasks like credit check etc.) leaked personal information. I was one of the victims after 60 000 of those thefts happened through Tele2's website (and I have never had anything to do with Tele2 before). Funny thing is, Tele2 knew about the flaw for about 8 months (after several warnings from the Norwegian Data Inspectorate) before the attack and did nothing to fix it. With that kind of mentality and ignorance among people who have access to our personal information, why should I believe that it is declining? Because someone somewhere have statistics that might suggest that it is?

Re:Declining use of the Internet for ID theft?

[pimpimpim]

What does a company have to do to get the registry of all norwegian citizens? If I start a little reseller shop, can I get one? Isn't the system to give these data to companies in the first place flawed by design?

Re:Declining use of the Internet for ID theft?

[olehenning]

We've actually discussed this at university. There's something clearly wrong about handing out access to everyone who wants it. A Ph.D. student and a professor who wrote an article on the vulnerability before the attack on Tele2 actually took place spoke with the people in charge of the registry, and the people they spoke to were quite proud of the fact that they had given access to 1400 or 1700 or so different businesses. There's something disturbing about that, and it's clear that a lot of people need to be educated about the dangers.

You could probably raise questions about the practices of all the involved parties in the theft, from the article discussing the vulnerabilities, to the registry to the Norwegian Data Inspectorate who might have been a tad too polite when informing Tele2 about the vulnerabilty (like I mentioned earlier, they knew about the flaw for 8 months before the attack) to the people who actually wrote the software used (among them, a 16 year old kid inspired by the article). The contract businesses have with the registry however, states that no information they have access to, can be given to a third party. That's where Tele2 failed and they were even in violation of Norwegian law in doing so.

Norwegian Birth Numbers are not secret. The structure of these numbers is known, and it's trivial to generate valid numbers. The problem lies in the fact that a lot of organizations and governmental organs choose to use it as an authenticator rather than an identificator, which is it's intended purpose. By using the generated numbers, it was possible (and still is in some cases) to aquire a wealth of additional information about an individual (or 100 000). That's clearly the wrong way to use the numbers, and it's a flaw that's seen everywhere, from private businesses, to official governmental services.

You can read more if you want, in a short draft from an article about these kinds of attacks here. Your point is discussed in section 2.2:
http://www.nowires.org/Papers-PDF/idtheft_draft.pdf

Three more

[ls+-la]

And a fire.

Re:Three more

[stefanlasiewski]

Nuke it from orbit; it's the only way to be sure.

Re:Three more

[AceCaseOR]

Fireplaces and BBQs are your friend (depending on the paper being used, credit card applications can make for an okay firestarter for your grill - and they always make excellent kindling.) :-)

Re:Three more

[GuidoW]

Burnt paper is often still decipherable, as long as it hasn't crumbled to ashes. And most of the time it doesn't do that on its own. Also, the winds from the fire will make larger pieces of half-burnt paper fly away in random directions faster than you can catch it.

If you really want to make sure, you'll have to think of something else.

Re:Three more

[Oktober+Sunset]

To be certain, shred, then burn, then feed to pigs.

Re:Three more

[Serhei]

Nuke yourself from orbit, then any further activity on your accounts can be positively identified as the workings of an identity thief.

Re:Three more

[AceCaseOR]

Well, if you shred and burn, the little bits that end up blowing to the four winds will end up being of no use to anyone, because the little bits will be mostly decipherable - any bits that remain legible should be no where near any of the bits of paper that were next to it in the original document - unless you packed the paper too tight of course.

Re:Three more

feed pigs, receive bacon

Re:Three more

[skoaldipper]

Eat bacon, leave all traces of identity theft behind.

The perfect crime.

Re:Three more

[slugstone]

I would hate to eat the BBQ at this place since I do not like the taste of plastic.

Re:Three more

[barocco]

That's four.

Re:Three more

[AceCaseOR]

I don't burn the letters with the plastic windows in the BBQ. And, to be honest, I haven't disposed of any sensative letters in the BBQ, as I've got a fireplace. However, not everyone has a real fireplace (as opposed to an electric "fireplace" or a gas fireplace), so I figured I'd put forward an alternative.

Anyway, if I was using sensative correspondance for my BBQ, for cooking purposes, I'd use it as ignition material for a chimmney starter, rather then the sole combustible material for the actual cooking. That's what charcoal is for.

punishment

"*just* 51% of convicted ID thieves were sent to prison"

Why exactly would you want to maintain a non-violent criminal in a prison anyway? What societal benefit could possibly justify this?

Re:punishment

Why wouldn't you want them thrown in prison for some period of time? Obviously not their whole lives, but at least a year or two.

Drug users spend decades in prison for "crimes" that don't hurt anybody. These ID theives seriously fuck up other people's credit and finances, yet they get off with a slap on the wrist.

Re:punishment

> Drug users spend decades in prison for "crimes" that don't hurt anybody.
> These ID theives seriously *--- up other people's credit and finances,
> yet they get off with a slap on the wrist.

So make them repay the losses they caused (to the credit companies and legal system), and compensate their victims reasonably for the inconvenience. If people's credit and finances still remain affected, it is the credit companies that should be made responsible for ensuring this is promptly rectified.

This punishment is not a slap on the wrist, but it does deliberately leave the thief more opportunity to still become a useful part of society, compared to accommodating the thief (at society's expense) to identify closely with serious criminals. Spare the space for those who cannot more civilly be prevented from continuing offence.

Effectively shuffling a few bits in a bank database is in no way comparable to deliberately physically hurting people. The fact that drug users are also punished disproportionately is a circular argument, not a justification.

Re:punishment

[Marcos+Eliziario]

1. Because you make the prospect of getting caught less pallatable for wanna-be criminals. Duh!
2. Because while in Prison, said criminal cannot commit more crimes.
3. Because Death by hanging would be too polemical for that cases.

You're making a poor assumption

[Chmcginn]

The 99% margin of error on this study is about 5.5% (e.g. there is a 99% chance that the real percentages are within 5.5 points of the reported percentages). If the sample size were 1000, we would see a margin of error of 4%, and a we'd need a sample size of 10,000 to give us a 1.2% margin of error.

This assumes that the cases taken were representative of all cases in the United States, and were randomly selected out of the pool of available cases. Considering that the Secret Service only gets involved in certain cases of identity theft, this is probably an incorrect assumption.

Re:You're making a poor assumption

[KudyardRipling]

Considering that the Secret Service only gets involved in certain cases of identity theft... If it is a poor schmuck who got screwed out of college by reason of the economic polices of Reagan and his successors, why should the (Waffen) SS get involved? Poor schmucks are of no consequence; they are either cannon fodder or prison fodder (remember Bernie S?). Now let the same situation befall anyone who 'made something of themselves'. One would think that the (Waffen) SS is out to save the world from Megaton BinLaden.

One of the leading causes of identity theft is when people leave their computer at the curbside for pickup with the hard drive unwiped. Not only does that broadcast to all who see the box on the curbside "COME AND GET IT!", but there is the (Oh my Gaia!) greater offense of POLLUTION!

#! No rules are allowed.

Re:You're making a poor assumption

[Chmcginn]

One of the leading causes of identity theft is when people leave their computer at the curbside for pickup with the hard drive unwiped. Not only does that broadcast to all who see the box on the curbside "COME AND GET IT!", but there is the (Oh my Gaia!) greater offense of POLLUTION!

Oddly enough, the laptop I use on trips I got in that exact way. And, no, they hadn't done anything to the hard drive when I picked it up, either...

Re:You're making a poor assumption

[tubapro12]

Oddly enough being the kind of person I am I don't see why anyone would ever get rid of any part of a computer that works. Heck, I've got chipsets that are almost as old as me (a VIC-20, yes, a VIC-20).

Re:You're making a poor assumption

[conureman]

I don't think the tweakers around here know how to boot up a computer. All the identity theft I've seen is pretty lame, mail box theft sort of stuff. Few crimes are committed by sophisticated Hollywood-fantasy thieves. (And fewer are solved by competent Hollywood-fantasy police people.)

Re:You're making a poor assumption

[Tony+Hoyle]

Slowly the banks are realizing this and giving the option to send via email/web only (often under the guise of being 'environmentally friendly'. Short lived SSL transaction > completely unencrypted, unprotected snail mail left outside in the dump for a week (the rubbish collection is going to bi-weekly soon so make that two weeks).

Unfortunately mastercard appear to be the last of mine to do this... all the other cards were very happy to stop sending me paper. I had my mastercard number swiped by some local idiot crawling through the dump. Luckily it was rather easy to prove it wasn't me that had bought an expensive holiday in Switzerland on a card that was almost never used...

Re:You're making a poor assumption

[hchaos]

This assumes that the cases taken were representative of all cases in the United States, and were randomly selected out of the pool of available cases. Considering that the Secret Service only gets involved in certain cases of identity theft, this is probably an incorrect assumption.

No, I'm not making really making that assumption. My only point is that a sample size of ~500 is valid for this kind of study, regardless of the population size. The validity of the sampling is another story completely. If you're taking a skewed sample, a sample size of 100,000 would be just as worthless as 10.

Alternate explaination:

Only 20% of the cases involved use of the Internet, and such cases may be on the decline.

Law enforcement is becoming less and less effective at identifying and prosecuting electronic identity theft. After all, only 20% of thieves who got caught used the internet.

Steal Their Identity Too

[jellie]

If they're not so tech-savvy, I say we send out "V1@gr@ for Identity Thieves" emails en masse, and see who responds. Then we'll steal their info.

After all, all of the respondents must be identity thieves. Damn them!

Re:Steal Their Identity Too

We should nail the dorks whether or not they are id thieves - high time for some gene pool cleansing.

Mod parent up!

[khasim]

From the pdf:

Source of Data
The data for this study was collected from United States Secret Service closed
cases with an identity theft component which were opened and closed between
2000 and 2006. The staff at Secret Service headquarters selected the cases for
the research team, based on the primary and secondary case codes that Secret
Service uses to classify its cases.

That seems to indicate that only cases that had been SOLVED were used in this "study".

Of course, which case would be easier to solve?

#1. Someone in Russia stealing your ID via a keylogger installed on your workstation.

#2. Someone in your apartment building breaking into your mailbox.

maybe because...

[FudRucker]

they are thieves more interested in stealing money, they are not technophiles...

You aren't taking the long view.

[khasim]

The big money is not in taking cash out of someone's account and hoping that they don't notice.

Here, you know what databases are, right? Think of a database of every possible Social Security Number.

Then, think about a criminal organization filling in the information they can find from various sources.

SSN - FName - LName - DoB - MomMaiden - Address - SpouseLink - Child1 - Child2 ..... BankAccnt1 - BankAccnt2 etc

Fill in enough of that information and you can use it to get info on the numbers you don't have filled in.

Now, they are you, as far as any financial institution is concerned. They can take out a second mortgage on your house. They can buy a car in your name. They can steal more from you than you have in any of your accounts.

They can even try to cash out your 401k. They are you.

Yeah, until...

The identity thief sues you for endangering him when he sticks his hand into your shredder while trying to steal your mail.

But at least that only applies to the USA for the time being.

Re:Yeah, until...

[pushing-robot]

The identity thief sues you for endangering him when he sticks his hand into your shredder while trying to steal your mail.

But at least that only applies to the USA for the time being.

Yeah, keep on believing that.

But but, I learned on Slashdot just yesterday

[CrazyJim1]

Technology breeds crime

Racial/nationality/ethnic statistics?

[jihadist]

It would be interesting to see these, and see if I won a bet that they'd be either mostly 30s white men with part-Slavic ancestry or recent African immigrants.

Re:Racial/nationality/ethnic statistics?

You also forget the show Cops, and the occasionally mexican immigrant person who steals some poor homeowners stuff to go try and make it big. I'm not saying that I'm racist, but just a point to be made on who else does it. Then again. the SOB's that do this, do it for a high. Like Mr. Brooks, he was on it for the pleasure high.

Wrong Statistic

[cale]

Looking at the number of cases closed is the wrong statistic. In combating the problem of identity theft, or online fraud in the larger sense, what really matters are the actual losses associated with each case.

I don't really care if some mope dug through my dumpster, stole my credit card pre-approvals, and got caught using the fake card running up $200 worth of porn purchases. The case I worry about is the single criminal or criminal organization that systematically steals millions of pieces of credit card data and efficiently exploits each piece to the maximum extent possible.

If the investigation of each of those scenarios is one case then they have equal weight under the statistic used by the article. In terms of actually combating identity theft the latter example and the resultant prosecution is much more important and effective. Unless they discuss the loss amounts associated with cases of each case, this statistic, the conclusions based on it, and the entire article are missing the point and not talking about actually fighting identity theft and are instead talking about looking like you are fighting identity theft.

The other comments are completely on the money pointing out that this is only closed cases and the difficulty of actually closing an international investigation.

All in all another wholly misinformed article about the real threat of identity theft and online financial fraud.

not too hard

[kryten250]

to know what crimes to commit, robbing a bank or robbing a guy's ssn from the dumpster. At least there's only a 50/50 chance you're going to jail with one and 100% with the other. We'll only see this form become more popular...

Wow

[Roger_Explosion]

The median loss from identity theft was just over $31,000, but in one case, investigated by the Secret Service's Dallas field office, the defendant spent millions on luxury vehicles and then managed to set up shell companies and defraud investors. Total losses: $13 million.

You have to admire his audacity.

Identity thieves interested in a free ride

[bmidgley]

Spice up the headline

No surprise...

[amccaf1]

No surprise that identity thieves aren't big on using the Internet. I mean, think of the risks of their putting personal information out on the 'net... They could have their identities stolen!

worry..

[RK074918]

only 51% of the theft that has been caught to the prison. how do we know how many of them involved out there? if all of them are detected, then they definitely will get caught! that is just some of the prediction from the research. actualy it is very hard to solve. for me it is impossible for us to fully take care of them. even for the time being, i have no worried about this since i don't have credit card, but if i have, i will worry about these people will steal my credit card information and use it to enjoy the porno things!! damn man!!

Re:worry..

[azman075918]

so you just worried about the porno thing?? come on man! haha

Re:worry..

[johnyport]

looks like the way of ur thinking just the same with me..huhu..

Re:worry..

[RK074918]

haha.please do not shit me coz you just the same with me..

Re:worry..

[rk074499]

what are u talking about? of course it is impossible to detect all of them..detecting criminal takes month or even years for big crime. Much worse if he is one of an important or high influential guy to the society. But techniques such as data mining and AI systems may help investigation to be easier. p/s: Im much worried if my credit card was fraud and there is no way to stop the fraud..what a lousy technology if that situation happened.

Re:HOW TO GET A FEMALE TO LET YOU FUCK HER!

[renegadesx]

I'd hate to see this guy trying to give advice on Identity Theft

Sample bias

[insecuritiez]

Two major problems with these numbers. First, they cover 6 years in which technology has become significantly more pervasive. Second, they were done by the Secret Service which is not a generic computer crime organization. The study should have been about how the Secret Service still deals with a much higher percentage of physical identity theft than electronic even though electronic id theft has become a lot more common.

Identity Thieves Not Big On Technology

[tt077143]

As we all know nowadays we can't run out from identity thieves since they are the ones who are concouring the technology world today.so, what we all have to do is just be careful in using this service.

Young 'uns

[JCSoRocks]

Well, at least we know that Generation Y isn't responsible for any of this! http://slashdot.org/article.pl?sid=07/10/24/143247 They're far to "technological fluent". They can't help but use the Internet!

Happened to me Yesterday!

[ender-]

Interesting timing on this article. Just last night, my wife and I got a call from Discover, asking if we had attempted to use our Discover card recently. It just so happens that the ONLY thing this card is [well, was] used for, was the recurring monthly cost of XM Radio. Other than that, we don't use the card at all.

It turns out that at 9:24PM EDT last night, someone tried to buy $986 worth of crap at a Walmart in Jacksboro, TN. I live in Dallas. So it was definitely not myself or my wife. Thankfully, the charge was declined. Someone had also made a whopping $2.51 purchase at some online computer store which I had never heard of. I don't know what kind of nothing they bought, but that usually wouldn't even cover shipping.

What we think happened is this. Our current cards are set to expire at the end of this month. We both still have our cards, so most likely, someone snagged my replacement card out of the mail. Discover says they did send out replacement cards, but we never got them. I'm still trying to figure out where the cards were mailed from, to see if it was somewhere near TN.

I'm guessing this thief isn't too bright. I'm think they weren't able to actually activate the card, which is why it was declined at Walmart. It may have gone through at the computer site because the card number is the same as my active card, and perhaps they don't ask for the 3 digit verification number on the back.

At this point, I'm working with the Walmart in question to have them save their security tapes on all the registers at that time. I'm also trying to get in touch with the online computer store to see if they have records on where the item was shipped. I'll give that info to the fraud group at Discover and hope for the best.

Even though it hasn't actually cost me any money, I want to nail that punk to a tree. Now we have to deal with having our account closed and switched to a new account. We take reasonable precautions to keep ourselves, safe, but you just can't protect mail you haven't even received yet.

Re:Happened to me Yesterday!

Most likely the $2 charge was just a test to see if they could make the card work. It probably wasn't for a physical object to ship to them, but some cheap download software ("Top 100 bland clipart collection!") or ebook or something.

Re:Happened to me Yesterday!

[ender-]

Most likely the $2 charge was just a test to see if they could make the card work. It probably wasn't for a physical object to ship to them, but some cheap download software ("Top 100 bland clipart collection!") or ebook or something. Well I've looked at the site. They don't have software downloads but they do have a $2.00 USB cable. Don't know about shipping costs.

I called the company. It sounded like some Chinese lady working out of her house. I had some trouble understanding her, but she said they had like 1000 fraudulent order attempts in the month of September, and that nothing was actually shipped.
You have to create an account to place an order, so I tried to see if she could get that information. I know it was probably false if it was a test charge, but there's a chance the guy was dumb enough to put his own address for shipping. Or maybe they have an IP logged. I don't think she quite understood what I was trying to accomplish though. She just kept telling me not to worry, that I wouldn't have to pay the charge. She also kept saying 'You have to be careful with your credit cards'. Well duh, as if I have any control of a card mailed to be before get gets delivered.

Makes me wonder, with as much money as is probably lost by all parties in stuff like this, why don't the CC companies send the new cards in some slightly more secure or traceable way? At least with some sort of tracking, they could say, 'ok, it got as far as a transfer station in crapstown, USA, but never got to the next step,' and have some clue of where to start looking for the morons that are doing this stuff.

Re:Happened to me Yesterday!

[maxconfus]

"I'm still trying to figure out where the cards were mailed from, to see if it was somewhere near TN." In my area, it was the postal carrier that was snagging the cards out of the mail. so you know. it may help you backtrack. also just call those places to cancel/reverse the charges.

American post boxes

Why are American houses' post boxes openable by anyone who cares to wander past? Here in the UK all our post boxes are in door/wall of the actual house, and I believe the postmen/women are required to ensure that mail is posted through them, so opportunist thieves cannot easily steal mail.