Slashdot Mirror

← Back to Stories (view on slashdot.org)

Identity Theft Is Usually an Unsophisticated Crime

Posted by Soulskill on from the skilled-in-refuse-investigation dept.

apatrick writes "A recent research report by Heith Copes (University of Alabama at Birmingham) and Lynne Vieraitis (University of Texas at Austin) has examined identity thieves and their methods. Copes and Vieraitis searched federal court records in the US for people convicted of identity theft and then tried to find out where they were serving their sentences. They were able to find 297 inmates, from which they sampled 59 inmates in 14 prisons across the country. The convicts agreed to do detailed interviews, in private, to talk about themselves and their crimes, and the results are reported in a recent issue of Criminal Justice Review. According to Copes and Vieraitis, 'it is best categorized as an economic crime committed by a wide range of people from diverse backgrounds through a variety of legitimate (e.g., mortgage broker) and illegitimate (e.g., burglar) occupations.' As to the issue of whether these are white-collar criminals, the authors say: 'Despite public perceptions of identity theft being a high-tech, computer driven crime, it is rather mundane and requires few technical skills. Identity thieves do not need to know how to hack into large, secure databases. They can simply dig through garbage or pay insiders for information. No particular group has a monopoly on the skills needed to be a capable identity thief.'"

25 of 86 comments (clear)

  1. people are usually stupid by Anonymous Coward · · Score: 4, Funny

    news at 11

  2. These are just the ones being caught by Anonymous Coward · · Score: 5, Insightful

    The sophisticated high tech criminals are not in prison. They're on a beach somewhere enjoying your money.

    1. Re:These are just the ones being caught by Jurily · · Score: 4, Insightful

      And the penalty for identity theft should be the same as the penalty for taking someone's life (because that's what the do, sort of), at least if it's done for criminal reasons.

      Taking life is penalized so harshly because it's irreversible.

    2. Re:These are just the ones being caught by John+Hasler · · Score: 2, Informative

      I don't think that the Federal Correctional Institution near Littleton, Colorado has a beach (hint: he is in prison, as is Fastow).

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    3. Re:These are just the ones being caught by bitt3n · · Score: 4, Funny

      The sophisticated high tech criminals are not in prison. They're on a beach somewhere enjoying your money.

      The joke's on them. I've applied for a job at Club Med where I'm going to earn back every cent right out of their clammy hands. And thanks to my prompt and courteous service, they won't suspect a thing until it's too late!

      --
      how many pairs of boxer shorts should you own?
    4. Re:These are just the ones being caught by noidentity · · Score: 4, Funny

      Here's another one of their findings: "Based on our sample of the identity thieves in prison, we found that every single one of them had been caught. We thus conclude that law enforcement is doing unusually well at catching identity thieves."

    5. Re:These are just the ones being caught by Sulphur · · Score: 3, Interesting

      It is a gated community.
      The staff are ready to listen 24/7/365.
      You can lift weights on the beach.
      You have baseball games and television.
      There are no loud radios or drag races nearby.
      There are educational opportunities not readily available elsewhere. The Twenty Third Psalm (modified "... I am the meanest bastard in the Valley.") hangs on every wall.

    6. Re:These are just the ones being caught by gnick · · Score: 4, Insightful

      This sounds like my door-to-door survey which indicates that homelessness is a complete myth. Or my phone survey where I did a random sampling from the Yellow Pages and discovered that not a single person has so far given up their land-line.

      --
      He's getting rather old, but he's a good mouse.
  3. Sample error? by jonbryce · · Score: 4, Interesting

    This is a self selected sample of people who were stupid enough to get caught. The sophisticated ones generally don't get caught, or at least not so quickly.

    1. Re:Sample error? by girlintraining · · Score: 2, Insightful

      The sophisticated ones generally don't get caught, or at least not so quickly.

      They usually get caught because they become complacent or greedy. It's a statistics game: And one they will lose because they are human and will make a mistake eventually. Usually, the mistake is because of one of those two reasons.

      --
      #fuckbeta #iamslashdot #dicemustdie
  4. Checkbooks by causality · · Score: 3, Interesting

    I remember several times I have listened to the radio talk show host Clark Howard and heard him say that most ID theft that goes on is a case of someone's paper checkbook being stolen. The implication was that it's a bad idea to carry one around unless you really need to and that a good place to store it at home would be in a safe or other secure location so burglars could not easily obtain it. That would be consistent with what this article is claiming, that mostly it's a low-tech crime involving a compromise of physical security, not digital.

    --
    It is a miracle that curiosity survives formal education. - Einstein
    1. Re:Checkbooks by alen · · Score: 3, Insightful

      i still can't believe how many people write checks because they think it's safer than computers. that one piece of paper gives a thief your name, sometimes your address, bank account # and the ABA routing #. if it's someone working in a mail room they can just copy the address from the envelope if you don't have it on the check. Then they can buy the rest of the info for cheap from some company and they have your entire profile. if you own property then all your info is available via your county courthouse and some company that organizes all this info.

    2. Re:Checkbooks by alen · · Score: 3, Insightful

      and if you're one of the idiots writing a check to pay for a retail purchase because you think credit cards are evil then the store probably puts all kinds of other info on the check like driver's license # to track you down in case it bounces

    3. Re:Checkbooks by LackThereof · · Score: 4, Interesting

      Having worked in retail and foodservice industry, I hate checks. I'm flabbergasted that any retail outlets still take them.

      The rate of fraudulent checks accepted at retail is astronomical; in foodservice it's even worse. The last check-accepting restaurant I worked at that had nearly a 50% rate of fraud on them; mostly from checks being written against closed accounts. The vast majority of these bad checks we never saw a cent from.

      The corporate office required that we accept checks as a form of payment; they were located in some rural ghost town, where debit card use still hasn't caught on, and set national policy based on that. In a modern urban area, Visa/MC logo'd debit cards have all but replaced paper checks, and the only people who still use them are the fraudsters.

      Checks are terrible, for both those using them and those accepting them.

      --
      Legalize recreational marijuana. Seriously.
  5. Retailers are finally getting serious about it by alen · · Score: 4, Interesting

    i have a store credit card that my wife uses once every few months to buy something. usually baby clothes. a lot of times the card is in the drawer and she would just go the store and tell them my name and they would find the card in the system and ring up the sale. now she says they want to know identifying information like driver's license expiration date, SSN, birthday, etc. she asked about this and they said that they were losing too much money to ID theft.

    back in 2006 and 2007 no one cared since business was good. when a recession hits you start to look at every penny you can save

  6. Capable...? by esocid · · Score: 4, Informative

    No particular group has a monopoly on the skills needed to be a capable identity thief.

    Being a successful identity thief, however, is a different story, I believe. Measuring that success by remaining uncaught. It's ridiculous how much of the information necessary to "steal" someone's identity is easily available, without needing to dig very deep. The hardest part would be SS#, but even then it's not that hard to get, considering how often someone asks for mine, and refuses to take anything else.Having lost my entire wallet once, I called the 3 credit monitoring groups and put a fraud watch on it, or whatever it is they called it, and I really think it should be standard. It requires that they contact you personally to verify any new openings of credit cards.

    --
    Absolute power corrupts absolutely. indymedia
    1. Re:Capable...? by girlintraining · · Score: 2, Informative

      The hardest part would be SS#

      Actually, SSNs are assigned sequentially. If you have enough of them (even 10% of the dataset would be enormously useful) and a DOB, you can get pretty close. Plus you can eliminate certain combinations: any field with all zeros, for example, is not used. A useful thing to know if you need to give your SSN out to someone other than an employer, bank, or the IRS -- most systems accept the input (no sanity checks, oops), and you can be sure you're not interfering with somebody else's credit doing so.

      --
      #fuckbeta #iamslashdot #dicemustdie
    2. Re:Capable...? by zippthorne · · Score: 2, Insightful

      Why should your bank have a right to your SSN? Only your employer and the SSA have an actual need for the number, to remit the required payments.

      --
      Can you be Even More Awesome?!
    3. Re:Capable...? by Rick17JJ · · Score: 2, Interesting

      About a year ago, I purchasing a used .357 Magnum revolver at a gun store here in Arizona. The clerk verbally asked me for information such as my Social Security number. Then, the clerk noticed someone behind me, who had a pen and piece of paper, who was starting to write something down. He sternly interrupted the person, and asked what he wanted. He said that he wanted to know if the gun store owners wanted to donate to some charity.

      After kicking the guy out, he then called in my information over the phone, to get the sale approved. He verbally repeated all the information over the phone, while several other customers were still in the store. I could have heard those answers from anywhere in the store, even at my age. So after purchasing my first handgun, I felt less secure about crime, due my concern about the possibility of my identity having been stolen. I have been checking my credit reports regularly since then, but everything seems to be OK.

      There should be a password associated with our Social Security account number. In fact, they should really get modern and offer the option of using both a password and also a electronic key on our key chains. If a password were used, I would have changed my password after the above incident.

  7. Distortion of the truth by girlintraining · · Score: 5, Interesting

    Despite public perceptions of identity theft being a high-tech, computer driven crime, it is rather mundane and requires few technical skills. Identity thieves do not need to know how to hack into large, secure databases. They can simply dig through garbage or pay insiders for information. No particular group has a monopoly on the skills needed to be a capable identity thief.

    No, but that's like saying theft is a mundane crime that requires few technical skills. You'd be right -- the majority of those caught are unsophisticated and generally of low intelligence. The only other common traits is that they're generally desperate and were presented with an opportunity. But if they are organized and sophisticated, like say the mafia, or botnet authors -- those very few people who have refined their skills and moved beyond immediate opportunity and are refining their methodology are capable of far, far, more. And the police are ill-equipped to deal with this sophistication because most people who reach that level of competency have researched police investigation methods -- by trolling the same public records this report did and figured out what the common pitfalls are.

    Professional criminals may make up a minority per capita, but their "take" is orders of magnitude higher, and risk exposure orders of magnitude lower.

    --
    #fuckbeta #iamslashdot #dicemustdie
  8. Regarding dumpster diving by Awptimus+Prime · · Score: 3, Interesting

    I know this is probably something most people have looked down upon, but my friends and I used to dumpster dive at hardware distributors in my area just about every weekend. I got things like tower cases, empty raid chassis, piles of working hard drives, decent office supplies, etc. If not ordained, you'd be amazed at how 'clean' most computer company's dumpsters are. No food waste, diapers, or other grizzly things. Just cardboard boxes, all the anti-static bags you could ever want and the occasional soda can.

    We all grew older, made more money and cut out the practice, but I was wondering if any of you currently do this? We would often run into police officers since they are curious about people in a business complex at 12am, but were often friendly and left us to our task. Is this still how it goes? I'd imagine with identity theft, coppers may be a little more agressive with people digging through the garbage.

  9. The *real* flaw in the system is exposed by erroneus · · Score: 3, Insightful

    This entire identity database system, usually based on one or two numeric identifiers, makes tracking people easier. It means larger and larger businesses can exist with larger and larger customers paying them larger and larger amounts of money with a great deal less overhead. The problem is that these relatively simple information "keys" are was is being exploited by identity fraudsters.

    I refuse to call it identity theft -- the identity isn't being stolen and the name seeks to imply that the victim is the person whose numeric identifiers are being used to commit fraud against commercial activities. The commercial activities aim to place the burden of the problem onto individuals whose identities are being spoofed instead of accepting the blame for trusting fraudsters too easily. The requirements for proof of identity are too low and it is by no means the fault of the people who have these systems forced upon them. It is the fault of the lenders and other business and government entities who have all adopted this ridiculously simple and vulnerable form of identity verification.

    There was a time when a person had to actually SIGN a document or contract to be held liable for a debt or obligation. These days, the requirements are much more trivial and the requirement of evidence is a great deal lower. Now the burden of proof is largely on the people who are literally innocent of any wrong doing while the burden of proof from the victims or plaintiffs (the commercial activities) is really quite low.

    The system is VERY weak and VERY exploitable and the people who are most interested in keeping the system going (government and commercial activities) prefer to shift the blame and burden of damages on to innocent parties rather than themselves. "I'm sorry sir, someone has pretended to be you and now your assets are frozen until we can sort this mess out." How is that right, fair or reasonable? The "system" is forced upon us all and so we have little choice or ability to "protect" ourselves. All of the data that is misappropriated usually comes from government and business databases and no so much from the person's own negligence (though I recognize that some is) but the fact is that people cannot "protect" their information when they have to share it with so many strangers so often... strangers who have little if any obligation to safeguard the information and when they do have an obligation to safeguard, often fail with no punishment at all.

    In short, the government issues you a number whether or not you use it and it is somehow YOUR problem if someone else were to learn that number and use it to steal from someone else.

    Now I know why bank robbers on TV have been known to use Richard Nixon masks when robbing banks! They are not held accountable while Nixon is blamed for the crime.

    1. Re:The *real* flaw in the system is exposed by erroneus · · Score: 4, Insightful

      This is the effect of the system blaming the person whose identity was spoofed rather than blaming themselves or the system in general.

      It is a very bad system and punishes the innocent more than it punishes the guilty. The response you describe is exactly why and how this system fails. This system only benefits large government and large business. Why? Because they don't actually have to KNOW their customers to confirm their identities. They only have to know some numbers. Not only does this system serve to strip away human identity, it punishes completely innocent people quite often.

      The system either needs to be fixed or done away with. The harm outweighs the benefits.

    2. Re:The *real* flaw in the system is exposed by colfer · · Score: 2, Informative
      The Kansas Supreme Court has ruled that electronically recorded mortgage records do not suffice for foreclosures sometimes. There are 60 million real deeds in the U.S. that list "MERS" (Mortgage Electronic Registration Systems) as a creditor instead the name of a bank, etc. An army of lawyers should be on this issue as it pops up around the country, or federally.

      http://www.lasvegassun.com/news/2009/oct/03/ruling-rattles-mortgage-industry/
      http://www.nytimes.com/2009/09/27/business/27gret.html

  10. If you're in jail, you're unsophisticated by gilgongo · · Score: 3, Informative

    Anyone who thinks ID theft and the mechanisms used to achieve it are unsophisticated, badly needs to read this (700K PDF). Badly.

    --
    "And the meaning of words; when they cease to function; when will it start worrying you?"