- Email: [email protected]
Fraud rises with ID theft on top
news Institute of Technology, and transactions on it. Some attempts made to 5000 credit card numbers were among the sensitive erase information from the examined drives were useless. information unearthed. Out of the 158 disks, pur- Files under the folder “My chased from eBay and second Documents” had been delethand computer stores, only 12 ed, but were easily recoverdisks had been properly sani- able using a simple “undelete” tised. 69 still had recoverable utility. Approximately 60% of files on them and 49 contained the disks were formatted sensitive information. before being sold, but this P e t e r still isn’t Stephenson, to Checklist for Secure enough Director of permanently Delete Software Research at remove data. QinetiQ said Must allow multiple Stephenson “the stories overwrites recommends about data being Must clean the entire that in order recovered from disk to ensure that to ensure data hard drives are ambient data in slack is completely legion. I almost space and unallocated wiped, a never see a propspace on the disk is secure delete erly cleaned hard not missed. program drive when I do Random write pro should be a forensic analygrams rather than sis of drives in an used to overzero write programs investigation. It write the data are preferable. amazes me that on the disk up people one to several would expect to know better times. A forensic tool should still leave their drives unclean”. then be deployed to check the For hackers, criminals or disk for forensically recoverenemy governments, bidding able data. on eBay for second-hand computers could reveal unlimited information sources. More than 150 million disk drives were retired from primary service in 2002. The MIT research found a Fraud complaints rose by drive originating from an auto- around two-thirds in the US matic teller machine in Illinois according to the Federal with a year’s worth of financial Trade Commission (FTC)
Fraud rises with ID theft on top
ISSN: 1361-3723/02/$30.00 © 2003 Elsevier Science Ltd. All rights reserved. This journal and the individual contributions contained in it are protected under copyright by Elsevier Science Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. Permissions may be sought directly from Elsevier Science Rights & Permissions Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, email: permissions@ elsevier.com. You may also contact Rights & Permissions directly through Elsevier’s home page (http://www.elsevier.com), selecting first ‘Customer Support’, then ‘General Information’, then ‘Permissions Query Form’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (978) 7508400, fax: (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) 207 436 5931; fax: (+44) 207 436 3986. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal
2
with identity theft accounting for 43% of complaints. The cost of fraud in 2002 more than doubled that in 2001. J Howard Beales from the FTC believes that the increase is due to “more people know where to complain about fraud and ID theft.” Beales also attributed the rise to the fact that the FTC database has more data contributors such as the Internet Fraud Complaint Center and the National Consumer League’s National Fraud Information Center. The top 10 categories of consumer fraud complaints in 2002 were: • Internet Auctions - 13% • Internet Services and Computer Complaints - 6% • Advance Fee Loans and Credit Protection - 5% • Shop-at-Home/Catalog Sales - 5% • Foreign Money Offers - 4% • Prizes/Sweepstakes Lotteries - 4%
and
• Business Opportunity and Work-at-Home Plans - 3% • Telephone Services - 2% • Health Care - 2% • Magazines and Clubs — 2%
Buyers
IP theft at DirecTV A temporary worker has been charged with stealing secret documents from DirecTV, a US satellite TV company, and posting the information on hacking websites. Igor Serbryany, from Los Angeles is accused of distributing sensitive documents revealing details of DirecTV’s access-card technology, which could give hackers enough information to hack its latest anti-piracy software. Serbryany, who was charged under the Economic Espionage Act of 1996, is thought to have obtained the information while working part-time at a Californian firm called Uniscribe Corp. The imaging company created copies of court papers to be used in a lawsuit involving DirecTV. Serbryany is believed to have sent over 800 megabytes worth of electronic copies to three websites according to investigators but is not suspected of selling the information. The papers included details and architecture of DirecTV’s P4-cards, which have so far not been pirated.
circulation within their institutions. Permission of the publisher is required for resale or distribution outside the institution. Permission of the publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Contact the publisher at the address indicated. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the publisher. Address permissions requests to: Elsevier Science Rights & Permissions Department, at the mail, fax and email addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by Mayfield Press (Oxford) Ltd
Fraud rises with ID theft on top
ISSN: 1361-3723/02/$30.00 © 2003 Elsevier Science Ltd. All rights reserved. This journal and the individual contributions contained in it are protected under copyright by Elsevier Science Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. Permissions may be sought directly from Elsevier Science Rights & Permissions Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, email: permissions@ elsevier.com. You may also contact Rights & Permissions directly through Elsevier’s home page (http://www.elsevier.com), selecting first ‘Customer Support’, then ‘General Information’, then ‘Permissions Query Form’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (978) 7508400, fax: (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) 207 436 5931; fax: (+44) 207 436 3986. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal
2
with identity theft accounting for 43% of complaints. The cost of fraud in 2002 more than doubled that in 2001. J Howard Beales from the FTC believes that the increase is due to “more people know where to complain about fraud and ID theft.” Beales also attributed the rise to the fact that the FTC database has more data contributors such as the Internet Fraud Complaint Center and the National Consumer League’s National Fraud Information Center. The top 10 categories of consumer fraud complaints in 2002 were: • Internet Auctions - 13% • Internet Services and Computer Complaints - 6% • Advance Fee Loans and Credit Protection - 5% • Shop-at-Home/Catalog Sales - 5% • Foreign Money Offers - 4% • Prizes/Sweepstakes Lotteries - 4%
and
• Business Opportunity and Work-at-Home Plans - 3% • Telephone Services - 2% • Health Care - 2% • Magazines and Clubs — 2%
Buyers
IP theft at DirecTV A temporary worker has been charged with stealing secret documents from DirecTV, a US satellite TV company, and posting the information on hacking websites. Igor Serbryany, from Los Angeles is accused of distributing sensitive documents revealing details of DirecTV’s access-card technology, which could give hackers enough information to hack its latest anti-piracy software. Serbryany, who was charged under the Economic Espionage Act of 1996, is thought to have obtained the information while working part-time at a Californian firm called Uniscribe Corp. The imaging company created copies of court papers to be used in a lawsuit involving DirecTV. Serbryany is believed to have sent over 800 megabytes worth of electronic copies to three websites according to investigators but is not suspected of selling the information. The papers included details and architecture of DirecTV’s P4-cards, which have so far not been pirated.
circulation within their institutions. Permission of the publisher is required for resale or distribution outside the institution. Permission of the publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Contact the publisher at the address indicated. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the publisher. Address permissions requests to: Elsevier Science Rights & Permissions Department, at the mail, fax and email addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by Mayfield Press (Oxford) Ltd