Computer Hacking and Identity Theft
Identity theft criminals come in all shapes and sizes these days. If you're ever unlucky enough to be a victim of identity theft, the culprit is far more likely to be a local meth user than a professional hacker. That said, most organized crimes gangs around the world are becoming much more involved in computer hacking. Computer identity theft can happen in a number of ways. Criminal organizations can use their own hackers, hire college students, or simply buy large amounts of stolen information from professional hackers. And the result is a spike in the number and size of reported data breaches by hackers:
- More than 50 of the reported data breaches in the last year have been attributed to computer hacking.
- Hacking accounted for the largest number of compromised personal records in the last 12 months, involving an estimated 43 million Americans.
- Well-known brands that have lost data through computer hacking in the past 18 months include DSW Shoes, Polo Ralph Lauren, and BJ's Wholesale.
What happens to stolen credit card and social security numbers?
Much of the data stolen through computer hacking — including stolen credit card numbers and Social Security Numbers — will end up on a network of illegal trading sites where hackers and criminals from around the world will openly buy and sell large amounts of personal data for profit.
Stolen data networks have flourished in the open, with names like Network Terrorism Forum, Shadowcrew, Carderplanet, Dark Profits, and Mazafaka. The Shadowcrew network was believed to have more than 4,000 active members who made more than $5 million in less than two years trading 1.5 million stolen credit cards, before it was shut down.
A typical credit card hacking transaction on one of these sites might take place as follows:
- Stolen credit card numbers and other personal information are posted for sale, either to be purchased or used in a "joint venture."
- In a joint venture, other network members will use stolen numbers to purchase goods and send them to a drop site for pick-up by other members. The goods are then sold and the proceeds shared amongst the participants.
- New or unproven sellers on the credit card hacking network are often required to prove their credibility by participating in a number of dummy runs to test that both the seller and the stolen cards are genuine.
Some credit card hacking sites will also include a rating system, where members can post feedback on the quality of stolen credit card numbers and other information offered for sale by members. And many of these computer identity theft sites will accept requests for specific types of stolen information and will also sell complete phishing websites and email templates so that even absolute beginners can easily run phishing scams with little technical knowledge.
There has also been a shift in the professional computer hacking community, where hackers who used to do it for the thrill or the fame are now doing it for profit. In the words of one hacker, "In the old days of hacking it was a bit like base-jumping the Chrysler building. All you got was a slap on the wrist and front page headline."
But now hackers are facing serious jail time for even the smallest hack and they want to make hacking worth the risk. In most cases, all they do is find the opening, commit identity theft, and then sell the stolen credit card numbers; or just find the credit card hacking opportunity and sell that information for others to do the stealing.
Another source of computer identity theft involves former employees hacking into the networks and computers of their old job, using either insider knowledge or password accounts that were never cancelled. For example, the thief who stole 30,000 credit records from his employer in New York committed the crime over a two-year period after he left the company. The cost of his crime was estimated at more than $100 million.
He simply used his insider knowledge and a password that someone forgot to cancel. And if employees are disgruntled or angry after they leave the business, maybe because they were fired, they may justify their actions by convincing themselves it's "just compensation" for money they should have been paid.
Opportunist hackers also continue to be a problem. These are amateurs and professionals who spend hours a day running random port scans on the Internet looking for unprotected home computers. When they find one, they'll often just poke around inside the network or computer to see what's worth taking, and these days they know that any personal or customer information on that computer will be of value to someone somewhere.
And with nearly 4,000 hacking sites on the web, any petty criminal can now learn how to become an accomplished hacker free of charge, and possibly earn a much better living for a lot less risk. The criminals who used to lurk in doorways armed with a crowbar now lurk in front of laptops armed with a chai latte. These guys know that it's much easier to break into a business through the Internet to commit identity theft than through a skylight, and there's no chance of being bitten by the owner's Doberman.
Small businesses computer systems are especially vulnerable to identity theft, because they usually offer easy and unguarded access to things like customer credit card records and employee payroll files. Most small businesses don't use or keep access logs, so even if their information has been stolen, they probably won't even know it.
How Computer Hacking Happens
Hacking attacks can be launched in a number of ways:
- Attacking computers that don't have firewalls installed.
- Installing keystroke loggers or other malicious code by hiding it in email attachments.
- Exploiting browser vulnerabilities that have not been properly patched.
- Exploiting weak or poorly protected passwords.
- Hiding malicious code in downloads or free software.
- Hiding malicious code in images on websites and waiting for unsuspecting users to click on them.
- Employees or other trusted users simply accessing an unprotected computer.
- Exploiting poorly installed networks, and especially wireless home networks.
So What Can You Do About Computer Hacking?
- Make sure all computers you use in your home or business have the latest firewalls and anti-virus software installed.
- Keep up-to-date with the latest patches, especially for your browser.
- Use a good-quality anti-spyware solution, and scan your computers regularly for any pests.
- Be careful about the types of websites you visit, what you click on, and what you download. And make sure that everyone who uses your computer understands the security risks and rules.
- Scrutinize suspicious emails that may actually be phishing scams.
- Visit the the Privacy Matters IdentitySM Learning Center for news feeds about the latest security breaches, scams and other threats to identity theft.