2-Year ID Theft Investigation Yields 86 Arrests; 25 More Sought

angry tapir writes with this bit from TechWorld: "Prosecutors call it the biggest identity theft bust in U.S. history. 111 bank tellers, retail workers, waiters and alleged criminals were charged with running a credit-card-stealing organization that stole more than $US13 million in less than a year-and-a-half. 'This is by far the largest — and certainly among the most sophisticated — identity theft/credit card fraud cases that law enforcement has come across,' the Queens County District Attorney's office said in a statement announcing the arrests."

Identity "theft"

[Elbereth]

It's not theft, if you still have the ability to use the identity. I just made a copy.

What, why are so mad at me?

Re:Identity "theft"

[WillDraven]

I know you were making a joke, but I feel like pointing this out anyways since you brought it up.

"Identity Theft" is a bit of a misnomer, but it's not because of the 'theft' part. Something is being stolen, it's just not the identity. What's been stolen is the persons credit. The identity is just the tool used to do so.

"Credit Theft" just doesn't have the same punch to it though, so I doubt we'll see the name being changed in the name of pedantry anytime soon.

On a different note: ((13 million / 111) * 2) / 3 = $78,078.08 per year, if it was distributed evenly among all conspirators. Since some of the comments here quote the article as having some of the perpetrators renting jets, it certainly looks like some of the people involved in this sure got the short end of the stick considering the risk they're facing.

Remember kids, if you're going to steal millions of dollars, you need to incorporate first to avoid liability! ;-)

Re:Identity "theft"

[Jason+Levine]

My identity was stolen, so I have personal experience here. The thieves had my name, SSN, DOB, and address. They used it to open a credit card in my name. (Curiously, they had my mother's maiden name wrong yet Capital One still approved the online application.) They also requested rush delivery and changed the address on the card from my home to some other location. Unfortunately, for them, Capital One sent the card out BEFORE changing the address and it went to me. I was able to stop the fraud and lock down my credit, but I never found out who stole my personal info or how.

I was lucky. If the card had gone out how they hoped it had, they would have been able to activate it and run up a huge tab under my name. Then, when they didn't pay, the collection agencies would have come knocking down my door. My credit would have been ruined for years as I fixed the damage they did.

Yes, I would have had my credit but it would have been completely trashed.

To use a car analogy (since this *IS* Slashdot), identity theft is like "borrowing" someone's car at night and returning it with the windows smashed, two doors missing, dents all over, paint smeared all over the interior and three tires flat. Sure you have your car to use, but you aren't going to get much actual use out of it until you spend a lot of time and money restoring it. (And unlike the car analogy, you can't just ditch that car and get a new one.)

I'd say depriving someone of the credit that they earned by fraudulently gaining access via stolen personal information is "theft". This isn't a case of someone making a copy of your identity and it not affecting you. The results are real and can affect you for years to come.

Re:Identity "theft"

[AK+Marc]

I don't mind if they take out a loan in my name then default. That's theft from the bank. The problem is that the bank then illegally holds me responsible for theft. It's no different than if someone broke into a bank at night and sole the money and they decided that the cash removed belonged to you and then the bank steals your money to cover their losses. That's the real theft in identity theft.

If the financial institutions didn't hold the provably innocent party responsible, then identity theft wouldn't be an issue and the losses from it would drop.

Re:This is thanks to Bush's failed policies.

[tech4]

It's not stealing, it's just making a copy. The original person still has his/her identity left.

improves my opinion of banks

[bcrowell]

This significantly improves my opinion of banks. I knew that they were full of the kind of people who would hold the economy hostage and demand a bailout from the federal government because they were too big to fail. I knew they were full of the kind of people who would robo-sign documents fraudulently, sometimes causing families to be kicked out of their houses by mistake. I knew they were full of the kind of people who would convince working people to sign mortgages that the banks knew they could never repay, based on income information that the banks knew was fraudulent.

Now I find out that that isn't the only kind of person who works at banks. There are apparently some who aren't criminal masterminds, just workaday crooks. Small-time white-collar criminals who deal with Russian gangsters during the week to make an extra buck, but on the weekends go home and coach their kids' soccer teams. Very refreshing.

Identity is only worth stealing

as long as identity has value.

We have too much identity. Alleged identity does not assure good intentions or good funds.

The powers that be have been incessantly pushing more identity on us and all it's done is create more identity theft and identity abuse (often from marketers).

We should be moving to chip and pin, a proof of knowledge scheme, rather than this nonsense based on numbers which must be kept secret from thieves but shared with the whole world to do business, and names, an information commodity passed around more than a joint at a Dead concert.

Why should a card be billed by name and number? Are either relevant to assuring funds transfer? No. The only thing which should matter is a positive response from the merchant's bank confirming funds transfer.

A user-friendly payment system would give the merchant neither the name of the person using the secure card nor any unique identifying number. The response should be either VALID $x.yy or INVALID.

Our current payment system was designed by bankers, marketers, and politicians, and it shows.

If it were designed by security experts this would not be a problem.

and they turn away from Synthetic CDOs

[decora]

the subprime RMBS, the Credit Default Swap market.... those were trillions of dollars... a single CDO deal could be worth a billion dollars... and law enforcement some how did not "come across" it.

if you want to know why, three of the best books are Confidence Game by Christine S Richard and The Asylum by Leah McGrath Goodman and EConned by Yves Smith. Another good resource is the film Inside Job by Charles Ferguson.

white-collar law enforcement is flat out corrupted, with guys who head regulatory agencies going soft on big financial institutions, and then getting hired by those institutions a year or two later.

the Synthetic CDO market has been called the biggest ponzi scheme in history, by Janet Tavakoli (who wrote three textbooks on structured finance). and insiders in the industry, like Gregg Lippman of Deutschebank, called it similar names, as revealed by the Levin Coburn senate committee hearings. You can find books like Colossal Failure of Common Sense, by Lehman bond trader Lawrence McDonald (and Patrick Robinson) who flat out call CDS "gambling". and then there is Lang Gibson , high up in Merrill Lynch's CDO business, who wrote an entire book called 'Lost Trust' about it. Then there is Tetsua Ishikawa, who wrote a novel called "How I caused the Credit Crunch" - he was an ex-Goldman Sachs guy .

Now lets not even discuss the Commodity Index Funds, or how "someone in Washington" prevented Goodman's article in a trade journal that blamed the GSCIF for manipulating market prices of commodities, or the article in Harpers that said similar things. Also lets not even go into how JP Morgan and other bailed-out banks have bought entire warehouses to hoard metals (Copper being the one JPM was caught doing), or that the head of JP Morgan's commodities business is none other than Blythe Masters - who was on the original JPM team that invented Credit Default Swaps in the 1990s.

No. Let's go after the half-starving clerks and retail workers, many of whom cannot even afford to go to a doctor, in the richest country on the history of the planet. Yeah. those are the real 'thieves'. arent they?

As Goodman quotes a Trader in her book, about why the cops never go busting the massive cocaine deals going on in places like the New York Mercantile exchange... "[why would they want to get caught up in a shit show like that? Theyd rather be busting Pablo in Harlem]". the same principle applies to other financial crimes, like theft and fraud. Why would a regulator or cop want to get caught up in a shit show like that?

"Fraud" is a better term for it than "theft".

[khasim]

And fraud has been with us for a long, long time.

As the practices of the consumers have shifted (writing few checks, using less cash, increased credit/debit card use, on-line banking) the methods of fraud have shifted.

Unfortunately, the banks were able to also shift the "responsibility" for the fraud to the consumers.

If someone uses your identity to commit fraud then YOU are responsible for cleaning up the mess.

Even when YOU do not have any tools to PREVENT the fraud or even to be aware of it before the bank/store files a complaint against you.

A lost cause; but here we go...

[fuzzyfuzzyfungus]

I despise how these cases get treated as "identity theft" rather than "bank/CC fraud with a side of impersonation". An "identity" as it is presently constructed for financial purposes, is basically all public, or near-public information(much of it is public record, the rest is simultaneously treated as Super Secret Proof, and demanded, all the time, by basically everybody, because it is Super Secret Proof, which of course means that it is basically public, like SSNs and CC numbers...) It isn't the person whose "identity" is used to perpetrate a given frauds fault that financial institutions can't be bothered to actually verify transactions properly, although the poor bastards often get stuck with years of hassle for it anyway.

The notion of "identity theft" seems like nothing more than a cynical way to shift responsibility away from the responsible parties, and the parties who could do something about it(hey, Visa, don't want my CC getting cloned by anybody who manages to obtain the numbers visible in plaintext on the card, which have to be used to perform a transaction? Try cryptography...) and onto the suckers at the bottom of the food chain who, realistically, have very little control over the 'security' that a bunch of nearly public information connected to them is given by the large number of people who have access to it.

Re:A lost cause; but here we go...

[ka9dgx]

I love this thread... it is insane to try to keep a system like this designed for a few clients in the 1950s and 1960s alive when it has scaled to a significant fraction of the planet's population. Cryptography would be a great leap forward, but even a few simple things could make it much better like having a website for each of the major CC/Debt card vendors where you can have them generate a new random large number for handing off (via cut/paste, or whatever) to a vendor, which gives them a claim for x dollars from your account... once, or whatever schedule/limits you set.... and would only work for their account, nobody elses.

Even if their computers were stolen, the number wouldn't work for anyone else..... and if they tried to screw you, you'd just revoke the capability from your control panel, and they'd never get another cent.

This could be done with 1970's class mainframe hardware... and would require only a few nano-cents worth of storage these days.... yet we get screwed by the IT systems designed in the 1950s.

Re:That's ... weird.

[fuzzyfuzzyfungus]

Wrong search terms: "Magnetic Stripe Encoders" are what you are looking for.

~$300, won't handle the fancy card graphics and embossed numerals("Magnetic Stripe Card Embossers" are used for that, also perfectly licit off-the-shelf items); but will turn a card blank into something that an automated POS won't bat an eye at(and, in most cases, re-using a bank-issued card, even if the number on the card doesn't match the one on the stripe, should probably escape a retail employee's notice).

Magnetic card stock is also a legitimate off-the-shelf item, as are printers that will dump an arbitrary color image onto blanks(entirely non-suspicious, any organization that issues mag-stripe IDs probably has such a printer on the shelf somewhere.) Getting a card-stock supplier to do a large print run of cards identical to bank blanks would probably raise some eyebrows; so you would presumably have to steal or print your own.

Everything you need to produce fully functional magnetic stripe cards is fully licit, available off the shelf, and not particularly expensive. The only "secret" is the name and number prominently displayed on actual issued credit cards, and handed over during each transaction. The "chip and PIN" stuff is horribly broken; but at least it pretends to be concerned about card cloning...

Re:This is thanks to Bush's failed policies.

[zenthax]

Yup it's not stealing, well at least not from the person. Nobody stole any identities, but rather a good bit of money from banks and creditors. However somehow they have managed to convince everyone that it is not the banks problem. For a comical take on this point Identity theft should not be an individuals problem but rather whatever institution that mistakenly allowed the transaction should be held responsible.

Re:This is thanks to Bush's failed policies.

[jhoegl]

The only way to counter Identity thieves is to have really really shitty credit.

This is why I make my credit score low by being late paying credit bills, not paying other things, etc.
I have been sent to credit collectors a few times, I would pay a little then wait a year and pay a little... etc.
You want my identity? Fine... you have to work for my credit line... sucker!