BreachExchange mailing list archives
Re: Is it just about credit?
From: Al Mac <macwheel99 () sigecom net>
Date: Sun, 29 Apr 2007 20:41:43 -0500
How difficult is it for the criminal underworld to manufacture fake driver's licenses? The photo-id looks exactly like the person carrying it (it is their photo), but the identity is whoever identity they stole. Such an id can be used to help get a job, get medical treatment, anything such a fake id is used for. Does not matter if thumb print on there, because fake-id has photo and thumb print of the crook instead of the real person who has the real-id-license that was issued by the state DMV. You right that the DMV record ought to have eye color, hair color etc. But one of the types of data theft has been entire DMV data bases. Crooks in the fake-id business can then match identity to be stolen with person needing fake id with similar characteristics ... eye color, hair color, gender, approx age, etc. This will cease to work when the photo-id gets scanned in some place to compare it to the official copy in DMV records, unless crooks have the sophistication to also mess with the official records, or the communication between police car check point and official records. I expect it will be pretty rare for people running around with fake-ids to have the kinds of hacker skills to real-time spoof whatever is done to validate photo or thumb print on the fake-id. A small fortune is spent on protecting the nation's currency from counterfeiting, but yet there still are people who get away with passing counterfeit money. Nothing like that expense can be incurred to protect individual states from not having fraudulent driver's licenses and other identification in circulation. A while back, the state of Colorado sorted employee tax reporting data by SSN to get a count of how many different places same SSN being used ... I think the biggest was like 50 or 100 employers had someone simultaneously working there with same SSN. We can reasonably assume that if other US states were to do this, that they might get similar numbers. Bigger in the more populated states. Similar story other nations. The feds have done this with critical infrastructure ... people working at Pentagon, Nuclear weapons facilities, etc. & yes found lots of fraudulent identities there. We can hope most of them are people who just need a job, not many potential terrorists in the bunch. Is there a serious risk that the states will crack down on the real people, in whose names those 50 other people using their SSN? Or is there temptation for states to look the other way, since this is tax money being paid for services that the fake SSN holders may be less likely to claim than valid SSN holders? You may be better off with a bunch of people paying extra taxes in your name, than only one of them. Except with how easy it is to fraudulently claim income tax refund, which is big problem for IRS, and also the person in whoever name this got done. More risks than you said. You don't even get on the plane at airport to go home, because your identity was used by someone stopped by the police, let go on minimal bail, supposed to return for court date, never did. Now you have the legal expense of proving you not whoever that is running around the country committing more crimes in your name. Let's suppose the real Rodney Wise is in the hospital for serious treatment, and while there, persons with fake identity for Rodney Wise steal his car, sell it, occupy his home, sell everything there, get second mortgage on it, sell house, run up ungodly bills, clean out bank accounts. Real Rodney gets out of hospital & try to go home, be arrested as intruder in home now belong someone else. This has happened to people in nations where possession is 9/10 of law. Credit monitoring helps with some of the problems but we need more. Some day, DNA testing will be as rapid as stick some skin cells or spit into a gadget that will say "You born in nation X, legally in nation Y, have a blood relative criminal Z" and we pray that long before that reality the data bases locked down with good support for people to correct errors about themselves.. - Al Macintyre _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 207 million compromised records in 634 incidents over 7 years.
Current thread:
- Is it just about credit? Rodney Wise (Apr 29)
- Re: Is it just about credit? (question 1 / health care) security curmudgeon (Apr 29)
- Re: Is it just about credit? (question 1 / health care) nepen (Apr 29)
- Re: Is it just about credit? (question 1 / health care) Rodney Wise (Apr 29)
- Re: Is it just about credit? (question 1 / health care) nepen (Apr 29)
- Re: Is it just about credit? (question 1 / health care) Adam Shostack (Apr 30)
- Message not available
- Re: Is it just about credit? Al Mac (Apr 29)
- Re: Is it just about credit? Chris Walsh (Apr 30)
- Re: Is it just about credit? Al Mac (Apr 29)
- Re: Is it just about credit? (question 1 / health care) security curmudgeon (Apr 29)