ID Theft and National Security

75 pts.
Tags:
Application security
Auditing
Biometrics
Business/IT alignment
California Security Breach Information Act
Can Spam Act
Compliance
CRM
Database
Digital certificates
Disaster Recovery
E-business
Encryption
Gramm-Leach-Bliley Act
HIPAA
Identity & Access Management
Incident response
Information risk management
Instant Messaging
ISO 17799
Laws
Microsoft Exchange
Policies
provisioning
Regulations
Risk management
Sarbanes-Oxley Act
Secure Coding
Security
Security management
Security products
Security Program Management
Security tokens
Single sign-on
standards
USA Patriot Act
vulnerability management
If it turns out, as I believe, that enemies of the United States are behind a lot of the major ID thefts in the US, that would mean that a lot of money is going to our enemies. Can we therefore surmise that those who mishandle our identity information, by means of their poor stewardship of our identities, are also responsible for endangering our national security? Craig Herberg

Answer Wiki

Thanks. We'll let you know when a new response is added.

You all have not seen what is mandated for May 2008
Real ID Cards & Drivers Licenses with the Radio Frequency Chip Embedded on it, along with your personal Information (DOB, SS#, Place of Birth, Mothers & Fathers Personal Info.
Banking info, Credit Card Info.)

This REAL ID with the RF Chip will not stop ID theft, it will only increase it due to the possibility using a remote transceiver in a hackers pocket within 3 feet of your wallet or purse.

How much information is safe with DHS…They stated there is nothing to worry about…
if that is so why do they need all of my information stored on the National Governments Data Base.

We all know anything can be hacked, even with 256k of encrption…
Example Monster.com was hacked into, stealing 1000s of personal data off resumes.
DOD’s Email was hacked too…

Read about the reverse effects of using PGP, or Stunnel Encryption…
I do not believe that my personal information is going to be safe using the REAL ID
when I buy gas, food, or take my family out to dinner.
This ID will be used along with your credit cards to make purchases, and the data will be stored on some businesses data base, then sent to DHS National data Bases servers.
I am a Microsoft Engineer, and Technician…I have lots of faith in any data bases security if it is set up securly.
The threat is not always from outside or some remote hackers site…it comes from within…
Underpaid or disgruntled employees can make huge profits from stealing personal information at $100 per file.
Hiring Technicians now for as little as $10 per hr, that do not have security background checks is a very dangerous threat to any large or small corporation that stores private and personal data.

Sean O

Discuss This Question: 23  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • EXPERTJohnBrandt
    You can not only come to that conclusion, but stretch it into a true violation of many data security rules. 1. Don't place data where it is at risk. 2. Don't allow data to be located where it cannot be destroyed to prevent loss. 3. Don't allow complete data to be exposed to a single source. 4. Don't allow related secure data to be in the proximity of the other pieces. 5. Don't allow related secure data from different companies to be handled by the same location. 6. Don't allow secure data to be stored or transmitted to a country outside the purvue of the laws of the US, Canadian, UK or Western EU countries. 7. Don't allow secure data to be transmitted in an unencrypted network environment. 8. Make all release of secure and private data criminal from the lowest to the highest corporate officers. Prosecute a person and a company for lax security. John Brandt iStudio400.com
    2,520 pointsBadges:
    report
  • Bobkberg
    Interesting question you've posed. Both John Brandt and MadMaxB have made valid points. However, sad to say (and I mean "sad") I don't believe that your point is the crux of the matter. The bottom line in all computer/network security issues is, and will likely always be is failures in human behavior. Where this leads may well involve our enemies - I have no doubt of that - but human greed and laziness tend to rise to the top of the pile where problem are often found. This is admittedly going off on a little bit of a political tangent (for this forum - which is supposed to be technical), but as long as there are people who do not understand that their personal security is THEIR business, then we will collectively be guilty of providing a fertile ground for those who would use our our weaknesses against us. And that final point makes no distinction as to whom that enemy might actually be. Bob
    1,070 pointsBadges:
    report
  • MrOperator
    Do you have a computer? If you do, is it secured or are you just going by what the news says? Listening to others talk isn't really good unless you have gone through it. I wouldn't listen to advertisements either that pertain to people who invite viruses, spyware, and other types of programs to watch and prey on your computer. What can and does happen is that people are too self centered, and think computers will be obsolete in the near future. They are wrong. People in general don't have a clue to what they can do on the Internet? Their needs can never be met, and they think they will never be hit by hackers. Most hackers are inside companies and get mad if they don't get what they want. They know how to make programs that will take down all networks until a solution is found to stop it. Please don't think that I'm a bad guy, because I have been around members in a company and at home who don't do anything but play games, download music movies, etc. not knowing when a virus will hit their computer. The members that I am talking about get angry when their desktop gets wiped out. Then they want me to fix it. This is the real world. Yes, we do have people in this world who try to be sneaky, but sooner or later get found out. That is all. Have a nice day!
    0 pointsBadges:
    report
  • Mustan
    I do certainly agree with the ideas posted by all you intelligent. I sincerely respect and appreciate your views. But I have a valid ("at least i see it as a valid point") that to a certain extent even we are responsible for not handling and managing our ID with precaution. That mishandling could be poor data management, lack of caution while using identity over net, unencrypted access to various sites, trying to buy or acquite a cheap deal on the net without concerns of valid digital certificates etc. So here goes life's three rules protect yourself, protect your home and protect the nation. If somehow every user becomes more cautious while using thier IDs & those who manage our IDs should take responsibility of any mismanagement happening to it, this problem can be tackled. Thanks Mustan
    0 pointsBadges:
    report
  • Longshanks
    As someone who's major ocupation has moved from managing 40 remote users to firefighting malicious code on 40 remote laptops I know how frustrating user ignorance and vulnerable software can be, All comments by the other writers are good and valid and true. We have to make software and hardware more secure and EDUCATE the users, but... I worry when "enemies of the United States are behind .." etc is used in posts as it shows a paranoia that can cause an over reaction such as the new anti terror laws that have just come in here in Britain. In World War II there were German spies and saboteurs at work in the UK, but they were dealt with by the correct use of valid laws. In Britain (as of yesterday) a politition now has the right to put me or anyone else in this country, under permanent house arrest, without trial or any external contact, for an indefinate period. That scares me, that is how the nazis started. Yes terrorism is a threat. Lord knows we had 30 years of bombimngs and killings and millions of people living in fear for their life at the hands of the IRA (who got SOME funding from SOME Americans, but I dont consider Americans to be enemies of the UK ) Please do not be paranoid. Be sensible, and thorough, and educate, educate, educate. Knowlege (after all) is power.
    0 pointsBadges:
    report
  • Perk32725
    If the holders of the data aren't keeping that data secure from theft, then yes, they are responsible- just like any other asset, be it capitol equipment, intellectual property, or whatever. If that information (asset) is stolen (replicated, revealed, whatever), the company is in a lot of trouble. As individuals, we are responsible for our assets (cars, houses, posessions) and it is our responsibility to protect these assets, at least with minimal "best practices", i.e. insurance, locking doors and windows when you are away, not leaving appliances running that don't have to be, smoke alarms in houses. How much security you place on your assets is a combination of being able to afford time and/or money for the security, but a minimum level has to be reached.
    0 pointsBadges:
    report
  • BillNichols
    A few points: 1) Education is an ongoing requirement; 2) Education in and of itself is never going to be sufficient; 3) The people behind phishing and related criminal activity are *very* smart; 4) The attack vectors are constantly changing and "morphing", hence the fact that educational efforts will always lag; 5) One of the things we're seeing now is that the distribution of attacks is becoming professionalized -- an example is the way new attacks are coming from fairly localized originator sources (i.e., attacks on mid-tier US banks originating in Romania); 6) The "originators" are then distributing pre-packaged "kits" down stream to the "kiddie scriptors" and "wanna be's", hence clouding the trail 7) There appears to be an evolving pattern where those who harvest personal information do not attempt to utilize it -- they sell it; 8) There is a corresponding rise in keylogger attacks where the money in your bank account is looted while you're online to your financial institution the first time after the keylogger has been installed; Given the above, it is safe to say that at least some percentage of the funds acquired via compromised personal identities is probably going to terrorist organizations. With the complexity of the attacks and the rapid evolutionary pace of their growth and the associated distribution channels, holding end users responsible would be criminally stupid. Requiring (much) stricter privacy controls on the part of aggregators and resellers of privacy and identity data is a necessary first step, but it won't be enough by itself. This is an ongoing problem that cannot be completely solved without fundementally constraining the way the net works. Some form of two-factor authentication combined with "friendly" desktop monitoring will probably emerge as the near term most viable option. Expect a long, drawn out process on this -- markets are effecient at some things, this type of problem set is not one of them. The attacks will then morph again, and the whole cycle will be repeated. We'll be back to playing "whack a mole" until the structural weeknesses are dealt with.
    0 pointsBadges:
    report
  • Thepete
    The current situation is that we cannot rightfully say that identity theft is fully the fault of the victim any more than we can say acid rain is fully the fault of the factories. What this means is that you have consumers who are unaware of the full effects of their demand, law makers unaware of conflicts in regulations, and industrialists unable to combine both demand and regulation successfully into a viable and safe product. The resulting portrait is a victim whose safety is dependent on so many variables that he/she cannot control whether it be faulty OS, applications, internet providers, and all those who the victim must entrust electronic information to either directly (banking) or indirectly (garbage pick-up). So until there is veritable trust in computing at all levels, we can't hold the victim responsible without intent of malice or proof of disregard for legislated standards. Before this happens, people need to stop buying bad products from lying vendors, legislators need to base legislation on factsinstead of fear, and users need to have a clear concept of what role they play in security. So don't be so quick to oppress the already subjugated victims by labeling them as enemies of the state until we can figure out how to prove which party is truly guilty.
    0 pointsBadges:
    report
  • Biyahero
    The number one responsible for ID Theft is the United States Government for attempting to force the citizens to use the Social Security number as a National ID Number, and the Number Two responsible is the public which has allowed that to take place. The SS number was never intended to be a National ID Number. When several states opposed using the SS number as the Driver's License number, the Federal government tried to blackmail them by threatening to withold Federal Highway improvement funds to their states. Fortuanately the Federal Government lost that battle and some states which previously had the SS number as the Driver's License number have now issued their more recently renewed licenses with a different kind of number. But with the SS number tied to everything else in life, it makes identity theft so much easier. The original question seems to reflect the paranoia the government wants the citizens to feel. The "enemies of the United States" are responsible for all this. More likely it is the criminal element in the United States, composed of US Citizens who saw a new money making opportunity. In reality the terrorists have already won. They wanted to change our lifestyle... they did it. The governments of the so-called "Free" countries used the fear of the "terrorists" to do things they have always wanted to do and the citizenry would never allow until now. There would have been no chance of fascist measures such as the so-called "Patriot Act" and it's similar law in England which "longshanks" referred to previously becoming public policy until the "terrorism" craze took hold. So you could look at it like the terrorists were the allies of the repressive elements in the previously free societies, and vice versa. On the one hand we have to so-called "privacy laws" which are implemented in idiotic ways such as the phone company asking your permission for them to look at your records when you call them to ask about your bill, and not being able to have access to the medical records of your dependant children which you need to make informed decisions about their treatement, and on the other hand you have the government being able to look at your video store rental records, library book checkout records, and force credit card companies to have on file a physical address for all their cardholders... so that the swat teams can appear at your location at the commission of any real or imagined offense you might have commited against them, and send you off to some secret camp without charges... alleging you are a "terrorist" and thus they do not have to provide any proof in the short term in the interest of "national security". Is Joe Sixpack really stupid enough to believe that we have any privacy anymore? So I guess.. returning to the first posters hypothesis that those who fail to safeguard the identity data of others properly are aiding the terrorists (aka enemies of the United States) should we dispatch swat teams to data centers to incarcerate those careless IT technicians whom we want to (rightly or wrongly) blame for this failure in stewardship of our identity date and pack them off to camps in Cuba?
    0 pointsBadges:
    report
  • InfoSafety
    Dear Mad MaxB et al, Certainly it is not my intent to blame the victims of identity theft. While we should certainly encourage everyone to adhere to sound information security practices (i.e., don't respond to phishing emails, keep computer security up to date, shred, rather than recycle, confidential papers, etc.), we should hold data aggregators accountable for lax policies and practices that facilitate identity theft. Craig Herberg
    75 pointsBadges:
    report
  • 1911snapon
    That's similar to saying that the alcohol manufacturers are responsible for someone's inability to control their consumption.
    0 pointsBadges:
    report
  • CanConHipster
    Major work needs to be done with those organizations and enterprises that compile personal and financial data on people with or without their knowledge. There is no oversight of how our data is protected. For example, I recently received a letter from a mortgage company informing me that all of the financial data that I submitted to apply for a mortgage "may" have been on a laptop that was stolen. The letter went on to say - don't worry, the laptop was "password protected" and it is their belief the thief didn't know the value of what was on the laptop !?!?! Security standards for personal information need to be legislated. If standards can be enforced for private health information, why are we not doing more for even more sensitive data? Companies will always try to maiximize their profits and minimize their costs. As things stand - there is no real incentive for companies to implement proper safeguards. Security is only looked at as an expense.
    0 pointsBadges:
    report
  • Kerm
    The scary part is that the post and all replys so far are correct. Those who store our information are not careful enough. Those that provide the information are not careful enough. The government's job would be easier if we gave up more rights. We the six-packers are at extreme risk if we do so. The software products we use are not secure enough. The "computer industry" (manufacturers and customers) is spinning out of control whild corporate management is tarnishing their record quality and concern for product safety". HIPAA is so misunderstood on the ground I've seen patients being denied access to their own records! Encrypt everything? With what (that will always be secure)? There used to be extended public debate on the front page when gasoline prices went up a few cents. Have we (the six-packers) lost the ability to drag issues into the news and press the issues until all the dusty corners see the light?
    0 pointsBadges:
    report
  • Kerm
    The scary part is that the post and all replys so far are correct. Those who store our information are not careful enough. Those that provide the information are not careful enough. The government's job would be easier if we gave up more rights. We the six-packers are at extreme risk if we do so. The software products we use are not secure enough. The "computer industry" (manufacturers and customers) is spinning out of control while corporate management is tarnishing their record for quality and concern for product safety". HIPAA is so misunderstood on the ground I've seen patients being denied access to their own records! Encrypt everything? With what (that will always be secure)? There used to be extended public debate on the front page when gasoline prices went up a few cents. Have we (the six-packers) lost the ability to drag issues into the public news and press the issues until all the dusty corners see the light?
    0 pointsBadges:
    report
  • MadMaxB
    Craig I think I need to clarify my definition of victim: ?One that is injured or consequence in a crime? end user to software designer. We need to report, investigate and adjudicate the crime. We need to have rougher punishment and the ability to seize funds from offshore banks, this is a worldwide problem. A few weeks back a few criminals basically got off scott free ?one got five years probation? they have millions, most of there victims lost money. I think this is one of the best strings started, I have learned a lot?. Mad MaxB.
    0 pointsBadges:
    report
  • Theroyala51
    I suppose so but there doesnt seem to be much criminal intent and the damages aren't clear cut so there isn't much we can do about it.
    0 pointsBadges:
    report
  • Bobkberg
    MadMaxB makes a good point. I've watched this thread with interest. One thing that has become very clear to me is that everyone, (myself included) has taken a slightly to dramatically different interpretation of the original question. At a few points in reading various replies, I thought "That guy is off-base - he didn't read the question right". Then, when I went back and re-read the original post, and my own initial response, I found that I hadn't read it clearly either. I'd answered based on my own pre-conceived ideas of how the world is or ought to be. With that, I'd like to take another whack at it, also bearing in mind other's responses as well. InfoSafety - to paraphrase your original question - what I think you're asking is: "Are the various people who handle information security at different levels and places endangering our national security by allowing identity theft to be used to help finance our enemies?" The second portion of your question (your belief that enemies of the United States are behind many identity thefts) makes the overall question difficult to address, but I'll try. I believe that in general, people who mishandle our identity information (government agencies, credit reporting agencies, banks, schools, insurance companies, employers, etc.) ARE endangering our national security - directly or indirectly by inadvertently exposing either the personal data directly, or key elements of the overall national infrastructure in a piecemeal fashion. I doubt that any person in this total picture really feels that they're doing that damage. The problem is more one like gathering together a large scattered jigsaw puzzle. No one piece supplies the answer, but if you keep working at it, a complete picture begins to emerge. The second part of your question I can't answer (enemies of the U.S. behind identity theft), simply because I lack the information to make that judgement. I would be very interested to learn what your basis for that belief is. If it's too far off topic for this forum, you can contact me by private message. Bob
    1,070 pointsBadges:
    report
  • Longshanks
    Hi All, Very interesting and thought provoking thread this one, thank you all. Another point about what may be called "commercial phishing" has just been brought home to me. Anyone heard of a freeware address book called "Plaxo"? My boss (who should know better) downloaded and installed this, filled in all the e-mails of our staff and thought no more about it. Since then either the version on their computer or Plaxos server sent out e-mils to everyone, in that address book, "from" my boss, asking for a whole raft of extra contact info because "I noticed that I didn't get a response from my last email to you" etc. Most of our staff responded to this and took up the offer to install Plaxo on their laptops and so each one of them has "sent" an "I noticed that I didn't get a response from my last email to you" etc message. This is a commercial company creating a stupidly open contact system and it is spreading like wild fire in the company I work for. It wouldnt take much for this to become more insidious, So I take BillNichols piont about education allways lagging very much to heart! On thepete's point about legislation, I dont know about America, but in Britain we have this whole "self regulation" and "the market will decide" ethos that lets folk get away with making dodgy products (If it is no good the market will not support it etc). So in effect, more regulation is against percieved government policy and how can you legislate against "the market" when there is a lot of vested interest and campaign dollars there!
    0 pointsBadges:
    report
  • Solutions1
    As noted by several other respondents, this question "blames the victim." Rather than argue that point, let's consider the question "What does success look like?" If you drive through the typical American community, you will see businesses and homes that are far below ?best practice? in security. There will be no 12 foot high chain link fence topped by razor wire. The locks on the doors will be of laughable capability from the perspective of a good lock picker. The windows will be glass, not advanced high-strength super plastic. People wander in and out of homes and businesses without going through metal detectors or biometric ID processes. Crimes will of course occur, but by and large not enough to alter this picture and the perpetrators will be vigorously pursued and prosecuted. Similarly, in my view a picture of success in the cyberworld is not strong security, it is minimal security much like that found in the bricks and mortar world. How is this accomplished in the bricks and mortar world? 1. Millions of people who have committed crimes are in jail, and many others are deterred by threat of punishment. 2. Much more importantly, people believe that activities ranging from ?peeping Tom? looks through open windows to vandalism to breaking and entering are wrong, with no ?blame the victim? ambiguity. Even the criminals accept that such acts are criminal, and there is no ?its OK because the victim didn?t have a high fence.? 3. There are no universities and other hi-tech institutions and individuals publishing ?how to be a more effective burgler? books and articles, and then blaming business owners and home owners for being too slow to patch. I have no quarrel with those discovering holes, but publicizing them and, sometimes, creating executables to "arm" the criminals is itself wrong. The whole tenor of the cybercrime discussion is one of playing defense. Not only aren?t we playing tough ?offense? but, particularly, we do not consistently and vigorously assert the fact that what would be a crime in the bricks and mortar world is a crime in the bits and bytes world. In my view, our mutual vision of ?success? should be an environment in which someone can leave an unpatched, lightly secured server on the Internet and have people respect the rights of those who own it and depend on it. In getting there, my guess is that 10% of the solution is fast, tough enforcement, while 90% is a matter of persuading a critical mass of people to accept that cybercrime is crime, and morally repugnant. The remarkable reduction in bricks and mortar crime across the U.S. can easily be matched by similar improvement in the cyber world, given a change in attitudes and a recognition of what success looks like.
    0 pointsBadges:
    report
  • Solutions1
    As noted by several other respondents, this question "blames the victim." Rather than argue that point, let's consider the question "What does success look like?" If you drive through the typical American community, you will see businesses and homes that are far below ?best practice? in security. There will be no 12 foot high chain link fence topped by razor wire. The locks on the doors will be of laughable capability from the perspective of a good lock picker. The windows will be glass, not advanced high-strength super plastic. People wander in and out of homes and businesses without going through metal detectors or biometric ID processes. Crimes will of course occur, but by and large not enough to alter this picture and the perpetrators will be vigorously pursued and prosecuted. Similarly, in my view a picture of success in the cyberworld is not strong security, it is minimal security much like that found in the bricks and mortar world. How is this accomplished in the bricks and mortar world? 1. Millions of people who have committed crimes are in jail, and many others are deterred by threat of punishment. 2. Much more importantly, people believe that activities ranging from ?peeping Tom? looks through open windows to vandalism to breaking and entering are wrong, with no ?blame the victim? ambiguity. Even the criminals accept that such acts are criminal, and there is no ?its OK because the victim didn?t have a high fence.? 3. There are no universities and other hi-tech institutions and individuals publishing ?how to be a more effective burgler? books and articles, and then blaming business owners and home owners for being too slow to patch. I have no quarrel with those discovering holes, but publicizing them and, sometimes, creating executables to "arm" the criminals is itself wrong. The whole tenor of the cybercrime discussion is one of playing defense. Not only aren?t we playing tough ?offense? but, particularly, we do not consistently and vigorously assert the fact that what would be a crime in the bricks and mortar world is a crime in the bits and bytes world. In my view, our mutual vision of ?success? should be an environment in which someone can leave an unpatched, lightly secured server on the Internet and have people respect the rights of those who own it and depend on it. In getting there, my guess is that 10% of the solution is fast, tough enforcement, while 90% is a matter of persuading a critical mass of people to accept that cybercrime is crime, and morally repugnant. The remarkable reduction in bricks and mortar crime across the U.S. can easily be matched by similar improvement in the cyber world, given a change in attitudes and a recognition of what success looks like.
    0 pointsBadges:
    report
  • Kerm
    There are places to learn both high tech and low tech crime. They're called jails. We have laws barring felons from owning guns, but that doesn't stop gun carrying felons. The judciary is far behind the curve when it comes to high tech crime. Most of the small crimes are being paid for by us through credit card companies that ultimately pass their costs on to the consumer through fees and interest rates. Rather than dream about what a "success" might look like, wouldn't it be better to pick the lowest hanging fruit and focus on what is wrong with information security? My vote would be to strongly encourage those who aggregate our personal information to prevent misuse of it. My local grocery store now wants me to trade my personal financial record for the ability to buy groceries with a thumbprint. My wife cleared a waiting line when she asked how the grocery chain would protect our information from identy theft. As one deputy sheriff said, "Thank god most criminals aren't smart or we'd never catch them."
    0 pointsBadges:
    report
  • Solutions1
    Replying to Kerm - A spammer in New York was put out of business, and it turned out that he generated messages by the millions. Worms multiply by the thousands or hundreds of thousands and a new algorthm to crack digital rights could impact tens of millions of devices. Playing offense is far better than relying primarily on defense. There is a huge multiplier effect of locking up those who commit crimes and, better still, in persuading those who might follow suit not to. Defense is still important, but not in my view the main game.
    0 pointsBadges:
    report
  • batye
    Faraday cage/mesh wallet - here is solution to protect your info on personal level
    3,080 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following