Network News

X My Profile
View More Activity

How to Be Someone ... Else

I'm in the middle of an engrossing book from the "Stealing the Network" series called "How to Own an Identity," a narrative penned by at least 10 different authors about ways in which criminal hackers evade detection and capture by creating and assuming new identities.

The subtitle of the book, "You Are Who the Computer Says You Are," is a chilling truth when you stop and consider what it's really driving at. A paragraph from the beginning of the book explains:

"The people of the world have granted control of their existence to computers, networks, and databases. You own property if a computer says you do. You can buy a house if a computer says you may. You have money in the bank if a computer says so. Your blood type is what the computer says it is. You are who the computer says you are."

That passage resonated with me. I've recently interviewed several people who were either arrested or denied a job because of some erroneous information that turned up in their credit records or background checks. The scary part is that many of the anecdotes in this book probably are based at least in part on actual events about which the authors had direct or indirect knowledge. 

Reading this book sheds light on a oft-overlooked reason that identity theft is the fastest growing white-collar crime in America today: it offers crooks the ability to wipe their criminal and/or credit slate clean -- if only at someone else's expense and headache, of course.

Among the most insidious types of identity theft, known as criminal ID theft, occurs when someone committing a crime provides identification information that belongs to someone else. Then one day, when the innocent person gets pulled over for a speeding ticket, WHAM! He gets thrown in jail.

In some cases, where the crime the real perpetrator is wanted for is serious enough, that innocent victim can stew in jail for days before things get straightened out, a misunderstanding that can endanger a victim's family or their job.

I had the pleasure of meeting many of the book's authors while in Las Vegas this year for the annual Defcon and BlackHat (in)security conferences, including Raven Alder, Riley "Caezar" Eller, Johnny Long of "Google Hacking" fame, and of course Defcon/Blackhat founder Jeff Moss.

By Brian Krebs  |  September 30, 2005; 9:56 AM ET
Categories:  Fraud  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft Issues Security Pack for Office 2003
Next: Fun With Your Credit Report


I worked as a computer service engineer in the late 1960s, for a major employer. Even then there were enormous computer data based. A company that I viseted, Hooper Holmes, in NJ had over 1,000,000 names on file as individuals with bad credit history. I found this out while taking classes on computer inter communications, a clas my company was giving at the time. We went to the NJ company because they made such high use of communications technology of that time.

The real difference between then and now has been the common use of personal computers and flawed software from large, anticompetative companies. The internets invention then allowed hoards of individuals with all thier personality defects, flaws and plain out criminal nature access to all the data that has been around for a long time.

We do not rely too much on computers, we rely too much on single source, flawed software that allows questionable individuals to access all the information on the large corporate and government systems. We suffer from a lack of security and a real concern for protecting the individuals information. No one assumes responsibilty for data security and therefore there isn't any real data security. It is a human problem not a computer problem, at the bottom line.

Bob Lawrence

Posted by: Bob. Lawrence | September 30, 2005 12:35 PM | Report abuse

agreed with Bob Lawrence; this problem is one of human-making. It will only get worse.

What will it take to make it better?

How can the market find better solutions for this problem when the market is controlled by a single software company? In the late 20th Century, one man stood up and fought exactly the kind of fight we need now. His name was Teddy Roosevelt and he brought down the trusts and the monopolies.

I don't know if Teddy could accomplish such a task today. But it needs attending to.


Posted by: Anonymous | October 1, 2005 12:57 PM | Report abuse

What Makes these computers own the stuff is the human intent to store large amounts ,and ascess the information using these devices.I think a universal system governing the Information tansaction is essential for Internet Businesses as well other Netwrok related issues.

The monitoring of manipulations has to be made globally .A global body shud be responsible for governing the networks.

Posted by: karthik | October 3, 2005 1:20 PM | Report abuse

If you actually read 'How to own an identity' the comments above would be largely moot. Most of the compromised systems in the book are Unix based, web-based, ssl-based, etc. Only a couple of windows exploits are used. While I agree that there are holes in the software, the book really points to the problem of 'default permit'. Machines are designed to do anything you ask, and then you try to restrict all the bad things you can think of, instead of the other way around...

Posted by: Dave H | October 24, 2005 9:51 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company