Tag Archives: Theft

The Big Ring

Good piece today by my WSJ colleague Cassell Bryan-Low on the Douglas Havard case which I mentioned a week or so back: As Identity Theft Moves Online, Crime Rings Mimic Big Business (subscription only, I suspect):

Most identity theft still occurs offline, through stolen cards or rings of rogue waiters and shop clerks in cahoots with credit-card forgers. But as Carderplanet shows, the Web offers criminals more efficient tools to harvest personal data and to communicate easily with large groups on multiple continents. The big change behind the expansion of identity theft, law-enforcement agencies say, is the growth of online scams.

Police are finding well-run, hierarchical groups that are structured like businesses. With names such as Carderplanet, Darkprofits and Shadowcrew, these sites act as online bazaars for stolen personal information. The sites are often password-protected and ask new members to prove their criminal credentials by offering samples of stolen data.

Shadowcrew members stole more than $4 million between August 2002 and October 2004, according to an indictment of 19 of the site’s members returned last October by a federal grand jury in Newark, N.J. The organization comprised some 4,000 members who traded at least 1.5 million stolen credit-card numbers, the indictment says.

The organizations often are dominated by Eastern European and Russian members. With their abundance of technical skills and dearth of jobs, police say, those countries provide a rich breeding ground for identity thieves. One of Carderplanet’s founders was an accomplished Ukrainian hacker who went by the online alias “Script,” a law-enforcement official says. As with many of its peers, the Carderplanet site was mainly in Russian but had a dedicated forum for English speakers.

Well worth a read as it details how Havard’s UK operation worked.

RFIDs And Shoplifters

Could RFID tags be used by shoplifters?

Robert Lemos of CNET’s News.com writes from Las Vegas that a German technology consultant believes the Radio Frequency Identification tags “could be abused by hackers and tech-savvy shoplifters”. He quotes Lukas Grunwald, a senior consultant with DN-Systems Enterprise Internet Solutions GmbH, as telling a discussion at the Black Hat Security Briefings that thieves could fool merchants by changing the identity of goods, he said.In time-honored fashion, Grunwald had the tools to prove it, unveiling during the session “a new software tool that he helped create that can be used to read and reprogram radio tags”.

The basic idea, it seems, is that such software — called RFDump, or sometimes RF-Dump — could be used on a PDA or laptop to mark expensive goods as cheaper items, allow underage folk to bypass age restrictions on alcoholic drinks and adult movies or create confusion in shops by randomly swapping tags.

How much of a threat is this to RFID? On first flush it sounds major. But I suspect that if it is going to be an issue it’s going to be more closely related to security than shoplifting. How many doors are already being opened by RFID? How many security passes are RFID? Luggage tags in airports? Of course these are probably encrypted but could these be reprogrammed?

News: ID Theft Is A Problem. It’s Official

 The Federal Trade Commission is now wise to the reality: identity theft is a problem. Nearly one in eight U.S. adults has had their credit card hijacked, identity co-opted or credit rating pockmarked by identity thieves over the past five years, Reuters quoted the Federal Trade Commission as saying. The FTC surveyed some 4,000 adults this spring to come up with the most comprehensive picture yet of the fast-growing crime.
 
Amid the grim statistics, the agency found a silver lining: After nearly doubling for two to three years, new incidents of identity theft are growing more slowly and tend to involve less money. That’s because banks are wising up to the problem, making it more difficult for scam artists to set up fraudulent credit cards, and consumers are spotting suspicious activity on their accounts earlier, said Howard Beales, director of the FTC’s consumer-protection division.