RSS Alerts

Share

More services

Related Links

  • BH Consulting
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Sophos ID theft experiment proves UK public are careless with personal data
    Research carried out with interviews on the streets of Bristol last week has revealed that the public are too careless with their personal data, with too many being prepared to share their private information with complete strangers.
  • Trend Micro expert releases internet security best practice schedule
    Hard on the heels of the unveiling of its new enterprise management services, Trend Micro's TrendLabs IT security research operation has revealed some interesting figures that show a dramatic rise in ID theft and associated malware infection rates.
  • Mobiles put four out of five commuters at risk of ID theft
    A survey of commuters by data protection company, Credant Technologies, has reported that 80% of mobile phone users store information on their devices that could be used to steal their identities.
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Interview: Barclaycard's Neira Jones
    It has taken Neira Jones only three years to earn herself a reputation in the information security industry to be proud of. Eleanor Dallaway met the Barclaycard security expert to find out how she did it…

Top 5 Stories

News

RSA Europe: Identity theft is too easy and can even be automated says IT security expert

21 October 2009

The realities of identity theft and the modus operandi of cybercriminals were explained to delegates at this week's RSA Security conference in London by Brian Honan, a principal security consultant with BH Consulting of Ireland.

In a practical ID theft security exercise that he shared with delegates, Mr Honan explained how a colleague - Marie Boran - set him the challenge of stealing her ID, but subject to the same parameters that an online fraudster would be limited to.

These working parameters, he explained, including not being able to directly contact her friends and family, and only having access to internet resources.

In his presentation - entitled `Knowing me, knowing you, how to steal an identity using Google' - he stepped through the procedures of using online portals such as LinkedIn, Bebo, MySpace, Flicker and Twitter, to mention but a few, to start to assemble a data file on Ms Boran.

By cross-referencing personal data on the lady in question, he was able to work out her date of birth, plus her mother and father's name, as well other personal data.

By constantly cross-referencing and inputting this data on Google, he was able to refine the data set and eradicate any false leads, allowing a near-complete set of personal details for Ms Moran to be compiled.

"From there I was able to log into the Irish online register of births and deaths, and pin down where she was born. From there I was able to obtain a copy of her birth certificate", he said.

"At that point I could have obtained a duplicated passport, as well as a driving licence for her, since she didn't drive, and start opening bank accounts and credit cards", he added.

How easy was the process? It took, he told his audience, many evenings of intensive effort.

But the really bad news is that applications and services on the web now exist that automate the process. These apps and services, which include PIPL and Maltego, allow someone's name to be punched in and the software then goes away and does everything automatically.

The conclusion?

"Don't give any personal information away on sites like Facebook and Twitter. Whatever appears on these services stays online and can be accessed using historical data services. I ended up with 40 pages of Marie's Twitter data, which allowed me to work out the name of her mother and father, as well as where she was born," he said.

This article is featured in:
Identity and Access Management  • Internet and Network Security • IT Forensics

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012