Identity Theft

Clocker

Storage? I am Storage!
Joined
Jan 14, 2002
Messages
3,552
Location
USA
Until today I have only had to deal with a few credit cards over the past 25 years where the number was somehow skimmed and attempts at purchases were made but denied by the credit card company before anything was even bought. The result was nothing more than an annoyance....cancellation of the card and re-issuance of a new card with the ensuing domino effect of pain that happens as a result of that (with respect to automated payments etc.).

Today I got something new. My work HR department called me to let me know that back in April someone filed for unemployment benefits using my SSN. Since I keep both of our credit reports frozen solid, I'm not worried about any new fraudulent accounts or anything. I will of course check my credit report but it should not be a problem. But now I have to research this and make sure I will not get gigged with some type of tax bill next year and also see if I can find out the name of the person who tried to make the claim. In MI, you can apply for and collect unemployment for 6 weeks without even showing up with an ID. Complete stupidity but for the convenience of those who frequently get laid off.

Anyone here have to deal with anything identity theft related?

It really sucks that so many institutions have our personal information but there's no way to know if they are responsibly handling it!
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
It really sucks that so many institutions have our personal information but there's no way to know if they are responsibly handling it!
You nailed it. It is frustrating dealing with this kind of moronic stupidity and self-centeredness on the part of institutions.

Sorry to hear of your problem. At least you had the foresight to have your credit frozen.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,315
Location
Monterey, CA
This year I didn't get around to filing taxes until the last minute (waiting on docs from a refi). Afterwards I received a letter in the mail from the IRS asking me to call them while having the last two years returns and backup handy. After asking me many questions to confirm my identity, they said that mine was the third tax return filed this year with my SSN.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
Shit, what's happening? Since I've been out of the US for the last 10 years, I hope my SSN isn't being abused. My US tax returns are filed annually by a CPA there, and so far there hasn't been an issue. I hope it continues that way.
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
3,980
Location
Flushing, New York
Never happened to me but it did happen to my mother and my brother. In both cases, someone charged airline tickets to their credit cards. We didn't have to pay of course and they sent us a new card.

My understanding is there are two kinds of identity theft. One is where someone gets your personal info and pretends to be you. A far less common kind is when someone gets to family members and associates and it's like you no longer exist as a person to these people. You're alone in the world and someone else pretending to be you replaces you at home and work.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,362
Location
I am omnipresent
Website
s-laker.org
I really do wish we had European style ownership of personal information here in the USA. California has a state law that requires notification of theft of personal information and that's a start. I have a feeling that if that were not law in California, we'd never even know about a lot of data breaches.
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
3,980
Location
Flushing, New York
Stuff like that is exactly why I think IoT is a horrible idea. I don't need some hacker screwing with my lights or heating system or any other device of mine. The downsides of having everything connected to the Internet outweigh the relatively minor convenience of being able to dim your lights with your phone. No thanks, I'll stick with my old fashioned, dumb, stand-alone devices.

As Mr. Scott once said "The more they overthink the plumbing, the easier it is to stop up the drain."
 

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
3,172
Location
Gold Coast Hinterland, Australia
I read about it, quite sad. But when botnets can produce a DDOS of over 1Tbps (http://securityaffairs.co/wordpress/51726/cyber-crime/ovh-hit-botnet-iot.html), it takes a lot of resources to mitigate against them.

Seriously, most people I know have been calling IoT, BoT instead... (Botnet of Things). Unless there is a fundamental shift in responsibility in relation to security in manufacturers, it'll only get worse.
 

snowhiker

Storage Freak Apprentice
Joined
Jul 5, 2007
Messages
1,668
Since I keep both of our credit reports frozen solid, I'm not worried about any new fraudulent accounts or anything.
Can you give a brief description and/or procedure to "lock down" you credit? Much thanks.
 

blakerwry

Storage? I am Storage!
Joined
Oct 12, 2002
Messages
4,203
Location
Kansas City, USA
Website
justblake.com
Makes Akamai look pretty bad.
Agree. Dumping a pro-bono client under major attack may be good for the immediate bottom line, but I think the free advertising of keeping the client would have made up for it in the long run. I think the pro-bono arrangement between Krebs and Prolexic was one that Akamai (the current owners of the anti DoS service) probably didn't want to maintain and now was just a good time for them to get out.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,363
Location
USA
Makes Akamai look pretty bad.
Maybe in some ways. I saw his earlier statements had clarified that he wasn't upset with Akamai taking his site down but I can see that Google seized the opportunity to use its infrastructure muscle to help out.
 

blakerwry

Storage? I am Storage!
Joined
Oct 12, 2002
Messages
4,203
Location
Kansas City, USA
Website
justblake.com
The Chinese are involved?
Given the sustained DDoS against Krebs, now is probably a good time for network admins to be monitoring their pipes for unusual outgoing/upload activity from their networks. The last information I saw indicated that hacked DVRs and webcams were the devices generating the traffic (probably sending video streams to Kreb's site). I have seen no information about attribution of the attack to a specific organization or persons.

If your network is sending an unusual amount of data somewhere, it would be good to ensure that you know what device is sending the data and why it is sending it. Incidentally, I have been monitoring the ISPs I'm responsible for closely over the last few days (10's of thousands of customers) and haven't seen any indication that devices on my customers' networks are to blame.
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
3,980
Location
Flushing, New York
Which devices were being hacked to send all this data? If it was webcams and DVRs in the offices where Krebs operates, why not just physically unplug them?
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
15,268
Location
USA
It's devices all over the world.
All the hacked devices were attacking one single company's internet site? The only thing I know about Krebs is the cycle, but the internet seems poorly designed.
If the website was so critical, couldn't multiple copies of the contents be distributed to other sites or is that what the Google is doing?
 

blakerwry

Storage? I am Storage!
Joined
Oct 12, 2002
Messages
4,203
Location
Kansas City, USA
Website
justblake.com
Everywhere. Either as intended for service providers as an ingress filter on customer facing ports or as an egress filter using stateless ACLs at my network border on my own ports facing my service provider or both. I manage several ISP networks as well as my business' network (servers/office) and all implement BCP38 in some form.

Not only does it stop spoofing of some random victim's IP address, it can often prevent miscreant users from manually configuring IP addresses of other hosts on the network or block some shmuck that has connected a router to the network and is attempting to use and give out RFC 1918 private IP addresses.
 

blakerwry

Storage? I am Storage!
Joined
Oct 12, 2002
Messages
4,203
Location
Kansas City, USA
Website
justblake.com
If the website was so critical, couldn't multiple copies of the contents be distributed to other sites or is that what the Google is doing?
That's essentially what the anti-DoS services are doing. They are breaking the amount of traffic into manageable levels by distributing to different servers at different sites and then filtering out the undesirable traffic while attempting to preserve the desirable traffic.

I wouldn't consider an independent journalist's site critical, but it is informative. Krebs is self-employed, and claims he doesn't have the revenue to make up for the cost (a claimed $150k-$200k per year) for the anti-DoS services that Akamai was providing pro-bono. For someone like Akamai with 10's of thousands of servers in thousands of sites, it would probably be simple to host the site. It's just a matter of cost vs revenue.
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
15,268
Location
USA
I probably wouldn't put it in the card like that. Maybe two factor authentication by getting a code from my phone or something.
My personal phone rarely works in most countries. What if the person has no smartphone?
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
15,268
Location
USA
Lots of companies still use those. I used one a few months ago for a client.
It's one thing in business, quite another to buy gas or something at a store. In 2017 I plan to revert to cash for most local purchases.
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
I probably wouldn't put it in the card like that. Maybe two factor authentication by getting a code from my phone or something.
It's a LCD kind of thing. Two factor via sms can be hacked if they steal your number, and not everyone has a smart phone for web serviced authentication.
 

snowhiker

Storage Freak Apprentice
Joined
Jul 5, 2007
Messages
1,668
Do people actually have their CC card numbers and security code memorized for ALL of their CCs??? I don't. Therefore I'd need my CC card, in my hand, in order to make an on-line purchase.

I can see a few problems right off the bat however: 1) Merchant places an authorization on your card for your purchase, but doesn't actually charge the card until the item ships, and by then the security code will have changed. 2) Code changes within the few moments it takes to enter data into the web form but before the charge occurs. 3) Monthly re-occurring charges.

The changing security code idea does seem to have some potential for some fraud protection.
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
15,268
Location
USA
I have some memorized, but not all in case I am forced to divulge the numbers.
 
Top