1 / 41

Identity Theft

Privacy and Identity Theft in the 21st Century Shaw High School December 2010 http://csc.colstate.edu/summers/Research/privacy-in-the-21st-century4.ppt. Identity Theft. Citibank Identity Theft commercial - Darrel P. Babe Magnet- Identity Theft Commercial Thelma and Norma

Download Presentation

Identity Theft

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Privacy and Identity Theftin the 21st CenturyShaw High SchoolDecember 2010http://csc.colstate.edu/summers/Research/privacy-in-the-21st-century4.ppt

  2. Identity Theft • Citibank Identity Theft commercial - Darrel P. • Babe Magnet- Identity Theft Commercial • Thelma and Norma • Citibank - Computer Geek • Citibank identity theft commercial - underpants on • Digital Armageddon • Citibank Identity Theft commercial - Darrel P. • Babe Magnet- Identity Theft Commercial • Thelma and Norma • Citibank - Computer Geek • Citibank identity theft commercial - underpants on • Digital Armageddon Columbus State University

  3. OUTLINE • Definitions • ID Theft & Privacy Issues • Future ID Theft & Privacy Issues • Regulations • Safe Guards • Q&A

  4. Privacy (Confidentiality) Limiting who can access your information.

  5. Identity Theft Using another’s identity for ones benefit (usually financial gain) • social security number (32%) • credit card account numbers • date of birth • driver’s license • passport • mother’s maiden name • addresses

  6. Social Engineering “getting people to do things that they wouldn’t ordinarily do for a stranger” – The Art of Deception, Kevin Mitnick

  7. Definitions • Spyware - computer software installed on a computer to intercept the user's activities on the computer, without the user's informed consent. • Phishing - attempt to fraudulently acquire sensitive information by masquerading as a trustworthy entity. • Botnets - collection of software robots (bots), which run autonomously and automatically on groups of remotely controlled zombie computers.

  8. Vulnerabilities • How many of you access the Internet from home? • Wireless networks have become pervasive. • How many of you have wireless networks at work? at home? • How many of you use wireless networks when you are “on the road”? • How many of you have web-enabled cell phones? • How many of you have networked PMPs? Columbus State University

  9. ID Theft News • Dec. 9, 2009 (Wired) - Verizon: Data Breaches Getting More Sophisticated: “more than 285 million sensitive records that were breached in 90 forensic cases Verizon handled last year.” • Dec. 4, 2009 (darkReading.com) - Bank Phishing Attacks Snare Few Victims But Tally Major Damage: Phishers actually land a tiny percentage of victims, but the end result is big bucks -- to the tune of $2.4 million to $9.4 million a year • Dec. 8, 2010 (NY Times) - Over all, identity theft is on the rise; in 2009, the nationwide rate crept up to 4.8 percent, with each person losing $373 on average

  10. ID Theft News • August 17, 2009 (Foxnews) Federal Authorities indicted three men in New Jersey in a massive identity theft case that the Justice Department is labeling as the largest in American history. Authorities say more than 130 million credit and debit card numbers were stolen in a corporate data breach involving three different corporations and two individuals. The card numbers, along with additional account information, were allegedly stolen from Heartland Payment Systems; a Texas-based convenience store chain and a Maine-based supermarket chain. • Oct. 5, 2009 - BlueCross BlueShield of Tennessee, Inc. employees discovered a theft of computer equipment at a network closet. BlueCross has established that the items taken include 57 hard drives containing data that was encoded but not encrypted.

  11. ID Theft News • March 2008 (Newsmax.com) “Criminals who seize control of tens of thousands of home and office computers through what are known as "botnets" are a dramatically growing threat, Shawn Henry, deputy assistant director of the FBI’s Cyber Division, tells Newsmax.” “Since last spring, the FBI has arrested 11 individuals who allegedly infected and commandeered 1 million personal computers and turned them into robots that did their bidding, Henry says. “ • August 17, 2009 (Wall Street Journal) “Russian hackers hijacked American identities and U.S. software tools and used them in an attack on Georgian government Web sites during the war between Russia and Georgia last year, according to new research to be released Monday by a nonprofit U.S. group.”

  12. ID Theft News • 2009 Security Breaches and Database Breaches: In the last five years, approximately 500 million records containing personal identifying information of United States residents stored in government and corporate databases was either lost or stolen.  Since little attention was given to database breaches prior to 2005, it is safe to assume that every man, woman and child has had their personal information exposed at more than once.  In fact, many citizens have received multiple notification letters informing them that their personal information has been lost or stolen. [http://www.identitytheft.info/breaches09.aspx] Columbus State University

  13. ID Theft News 13 January 2009 (MSNBC) “Facebook ID theft targets 'friends‘” May 24: Mass 'suicide' on Facebook (Thousands of Facebook users have posted "final farewell notes" to friends and families as they threaten to kill off their social network accounts on May 31 - Quit Facebook Day) May 25 (Yahoo News) “Facebook told to set up warning system after new sex scam” May 26: Facebook to change privacy settings in wake of complaints (Facebook currently has 50 privacy settings and 170 privacy options.) Diaspora - http://www.joindiaspora.com/ 11/7/2014 Columbus State University

  14. IRS Phish Columbus State University

  15. PayPal Phishing Site Arrives as Attachment

  16. E-mail from "Microsoft“ security@microsoft.com SUBJECT: {Virus?} Use this patch immediately ! Dear friend , use this Internet Explorer patch now! There are dangerous virus in the Internet now! More than 500.000 already infected!

  17. “You have zero privacy anyway. Get over it.” (Scott McNealy, CEO, Sun Microsystems, 1999) Columbus State University

  18. Who is Wayne Summers? • Google.com • http://csc.colstate.edu/summers/ (resume) • Linked.com, Jigsaw, ZoomInfo, EduCause • Math geneology • Naymz.com, classmates.com • Blogger.com • peoplefinders.com • Age, Cities, parents, spouse, and children’s names & ages

  19. peoplefinders.com • Comprehensive Background Report • Name: SUMMERS, WAYNE • Everything you need to know, all in one report. • Aliases & Maiden Names • Birth Date • Address History • Phone Numbers • Marriages & Divorces • Relatives & neighbors • Property ownership • and much more... • $39.95 • Click below to find out how to get this product for FREE.

  20. Who is Wayne Summers? • Whitepages.com • Work address • Columbus Tech • Home address • Map of neighborhood • Neighbors & home values (zillow.com) • http://www.123people.com • photos

  21. Addresses.com AnyWho.com Google InfoSpace Intelius MySpace PeopleFinders.com PublicRecordsNow.com USA People-Search US Search WhoWhere.com Yahoo! ZabaSearch ZoomInfo SPOKEO.com (Social Network Aggregator) Other personal data websites

  22. Social Media • MySpace.com • Facebook.com - More than 500 million active users • Twitter.com - More than 75 million users • LinkedIn.com - 60 million professionals worldwide • Yelp – More than 30 million • Qzone.cn – More than 60 million • Statistics Show Social Media Is Bigger Than You Think Columbus State University

  23. Future ID Theft & Privacy Issues • Minority Report Mall Scene (36 sec) • Minority Report Scene Gap Store (16 sec) • April 9, 2008 (Computerworld) “RFID keeps tabs on Vegas bartenders -- and soon could track you too” • “The Smart Card Alliance isn't too keen on proposed enhanced driver licenses that the Department of Homeland Security is working on with several states bordering Canada and Mexico. The long range-reading RFID technology suggested by DHS raises privacy, security, and operational functionality issues, says the alliance.”

  24. Future ID Theft & Privacy Issues • March 28, 2008 (IDG News Service) “Spying programs for mobile phones are likely to grow in sophistication and stealth as the business of selling spying tools grows, according to a mobile analyst at the Black Hat conference on Friday…. Neo-Call is capable of secretly forwarding SMS (Short Message Service) text messages to another phone, transmitting a list of phone numbers called, and logging keystrokes. FlexiSpy has a neat, Web-based interface that shows details of call times, numbers and SMS messages, and it can even use a phone's GPS receiver to pinpoint the victim's location.” • April 9, 2008 (Washington Times) “D.C. police set to monitor 5,000 cameras.”

  25. Mediacom Online home watch

  26. “Privacy is the future. Get used to it.” (Marc Rotenberg, Director, Electronic Privacy Information Centre - EPIC) (Fortune, 2001).

  27. Regulations • Privacy Act of 1974 • “No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains... “ • Computer Matching and Privacy Protection Act of 1988 • Health Insurance Portability and Accountability Act of 1996 (HIPAA) • Family Educational Rights and Privacy Act (FERPA)

  28. Regulations • Financial Modernization Act of 1999["Gramm-Leach-Bliley Act" or GLB Act]: protect consumers’ personal financial information held by financial institutions. • Public Company Accounting Reform and Investor Protection Act of 2002 [“Sarbanes-Oxley Act “]:establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms.

  29. Safe Guards • E-mail • should be considered like a postcard • Don’t transmit personal data unless it is encrypted • Social networks (Facebook, Myspace) are open to others • Don’t post personal data that could be used for identification • Don’t post anything you would be ashamed of Columbus State University

  30. Sexting • Dec. 8, 2009 (Wired.com) – Parents of Dead Teen Sue School Over Sexting Images Dec. 3, 2009 (Wired.com) – MTV Survey: One-Third of Youths Engage in Sexting • In Georgia, sexting can result in charges of criminal solicitation and corruption of a minor, in addition to possession of child pornography. Prison sentence likely. • In the United States, it is against the law to possess lewd photographs of minors. Columbus State University

  31. Privacy Policies • Google Sample clause: "When you sign up for a Google Account or other Google service or promotion that requires registration, we ask you for personal information (such as your name, email address and an account password). For certain services, such as our advertising programs, we also request credit card or other payment account information which we maintain in encrypted form on secure servers. We may combine the information you submit under your account with information from other Google services or third parties in order to provide you with a better experience and to improve the quality of our services. For certain services, we may give you the opportunity to opt out of combining such information." • Yahoo Sample clause: "Yahoo! collects personal information when you register with Yahoo!, when you use Yahoo! products or services, when you visit Yahoo! pages or the pages of certain Yahoo! partners, and when you enter promotions or sweepstakes. Yahoo! may combine information about you that we have with information we obtain from business partners or other companies." • Microsoft Sample clause: "Microsoft collects and uses your personal information to operate and improve its sites and deliver the services or carry out the transactions you have requested. These uses may include providing you with more effective customer service; making the sites or services easier to use by eliminating the need for you to repeatedly enter the same information; performing research and analysis aimed at improving our products, services and technologies; and displaying content and advertising that are customized to your interests and preferences." Columbus State University

  32. What Else Can You Do? • Do not give your personal information out over the phone or Internet. • Take all outgoing mail to a U.S. Postal Service mail box. • Use a P.O. Box for all incoming mail. • Buy a document/credit card/CD crosscut shredder.

  33. Credit Security • Use one credit card exclusively for Internet purchases. • Monitor activity on all credit cards closely. • Checking your credit history at least twice a year. • Your can buy identity theft recovery insurance.

  34. Computer Protection • Properly configure all devices • Install firewalls, antivirus, anti-spyware • Monitor logs • Removed unneeded cookies • Do not enter personal information on a website over a non-encrypted connection • Keep patches up to date Institute of Management Accountants

  35. Home Network • how many of you: • protect your wireless device with a password? • encrypt the data in your wireless device? • employ any type of security with your wireless device? • employ security with your wireless network? Columbus State University

  36. 10 Tips to Prevent Identity Theft • avoid spoofed websites where phishing is the gateway • If you aren’t familiar with the eTailer don’t even bother clicking the links • make sure the address you end up at is in fact the actual domain of the eTailer • always look for HttpS is the address bar signifying it’s a secure page • Beware of emails coming for eBay scammers • look at the eBayers history • pay close attention to your credit-card statements • Don’t use a debit-card online • Avoid paying by check • Do business with those you know like and trust http://www.bloggernews.net/123204 Columbus State University

  37. Who to contact • Equifax: 1-800-525-6285 www.equifax.com • Experian: 1-888-397-3742 www.experian.com • TransUnion: 1-800-680-7289 www.transunion.com • http://www.ftc.gov/idtheft • www.ftc.gov/credit • www.lookstoogoodtobetrue.com/ • www.identitytheft.org/ • www.privacyrights.org/index.htm

  38. ID Theft FaceOff Game • http://www.onguardonline.gov/games/id-theft-faceoff.aspx Columbus State University

  39. Conclusions • “Security is, I would say, our top priority because for all the exciting things you will be able to do with computers.. organizing your lives, staying in touch with people, being creative.. if we don't solve these security problems, then people will hold back. Businesses will be afraid to put their critical information on it because it will be exposed.” Bill Gates Columbus State University

  40. Columbus State University

  41. Q & A Dr. Wayne SummersTSYS School of Computer ScienceColumbus State UniversitySummers_wayne@colstate.eduhttp://csc.colstate.edu/summers

More Related