Frank Abagnale Jr. Exposes Security Enigmas at Chicago Confab

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.eprairie.com/news/viewnews.asp?newsletterid=4690

By ADAM FENDELMAN
Editor-in-Chief
adam () eprairie com
6/20/2003

CHICAGO - Chicago caught "Catch Me If You Can" muse Frank Abagnale Jr. 
on Thursday night at the Four Seasons. 

A criminal-turned-celebrity, Abagnale now hails as one of the world's 
foremost connoisseurs of embezzlement, forgery and glut of other 
things no one - he says in retrospect - should ever do. 

Formerly an avid flier of the fraudulently "free" skies, the recovered 
con man flew to Chicago to expose to local security executives his 
real story, how today's high-tech crooks are winning and how they can 
be trounced. 

So reasoned the FBI some 25 years ago, who better could nab elusive 
thieves than one who cashed $2.5 million in fraudulent checks over a 
five-year period? 

Abagnale also posed as a PanAm airline pilot (he remembers thinking 
"equipment" meant a plane's engine rather than the plane itself), an 
attorney (he actually passed the bar exam in 10 weeks rather than two 
as depicted in the movie) and a pediatrician (initially answering just 
as a "medical" doctor and making certain to give cute girls thorough 
"exams"). 

So questioned this reporter, should convicted masterminds be released 
from penitentiaries and put to work for secret services like the FBI 
or CIA? Abagnale told ePrairie: "I can't think of many cases like 
mine. I am a bit of an exception." 

Whether or not Abagnale actually advocates releasing felons for the 
purposes of high-end anti-fraud work, Abagnale modestly asserted that 
the ways he duped our nation's systems were relatively simple and 
weren't necessarily rocket science. He has devoted the last 25 years 
to erect walls so like-minded swindlers can't pull off similar stunts. 

Known especially for his propensity to create fake checks that would 
fund his travels before they had a chance to bounce (some 1 million 
illegal air miles to 26 countries between the ages of 16 and 18 on 
every airline but now-defunct PanAm), one of Abagnale's tricks 
exploited a "big green calculator" at a bank. 

He moseyed into this bank and asked questions like he always would to 
detect the institution's loopholes. He began by opening a new checking 
account under a phony PanAm identity. He then asked for deposit slips. 
He was told to help himself to a community table with blank deposit 
slips. Most people would write their checking account numbers on them 
and turn them in. 

Always the inquisitive kid who likes a challenge, Abagnale used the 
calculator-like device to magnetically encode his account number on 
the bottom of lots of deposit slips. He then put them back on the 
lobby table. Everyone who made deposits that day ended up depositing 
money to his account. Abagnale withdrew some $40,000 shortly 
thereafter and disappeared. 


Catching Who He Can

Now a turn-to man for some 14,000 financial institutions, corporations 
and law enforcement agencies (Abagnale says he has worked with 65 
percent of the Fortune 500 and all 50 of the world's largest banks), 
he asserts that punishment for fraud and recovery of stolen funds are 
so rare that prevention is the only viable course of action. 
"I always knew I'd get caught," Abagnale said. "Though the law 
sometimes sleeps, it never dies." 

Most crimes today are committed internally, he says, adding that 
today's criminals have realized that it's more effective to hack 
people rather than computers. Sure, one could spend the time and 
resources to develop high-tech hacking systems to swipe cash from a 
bank, but why not befriend some bank workers through a few smokes and 
buy information rather than try to steal it? 

Abagnale says Novell, which produced Thursday's gathering of 166 
registrants, is transitioning to managing the identities at large 
organizations to intelligently control who has access to what. As an 
example of a pain Novell is solving, it'd often take a company that 
just laid off thousands of workers months to revoke an employee's 
special privileges. 

Businesses lose an estimated $400 billion each year to fraud. While 
security is advancing, the massive and rapid flow of information is 
making the felon's job easier by the day, he says. 

Though Abagnale used $2 million machines that filled a room to print 
checks during his fraudulent heyday, today he says he could flip open 
a slim laptop, power up a small printer and have access to your 
personal and financial information within five or 10 minutes - all 
thanks to the Internet. 


But how? 

Though there are thousands of free and paid resources on the Web that 
can unsuspectingly be used especially for identity theft, Abagnale 
singled out FamilySearch.org, which he says operates one of the 
world's largest databases and includes death records from 10 days ago 
to 200 years ago. 

A free service of the Mormon church, simple searches reveal public 
information such as social security numbers, birthplaces and death 
dates. 

Sites such as NetDetectiveSoftware.com and DocuSearch.com also offer 
personal but public information - even what the FBI knows about you - 
for fees that range between $49 and $150. Many such sites are used 
malicilously to impersonate identities and steal money. 

"Identity theft is a huge problem today and is the crime of the 
future," Abagnale said. "It absolutely is the simplest crime. Anyone 
can find out at least 22 pieces of information about you instantly 
including your social security number, you mother's maiden name, 
someone who lives in your house who isn't related to you and who lives 
around you in your neighborhood." 

To protect himself, one tool Abagnale uses personally is called 
Privacy Guard. With 4.5 million paid members at $110 per year, 
Abignale says the software sends him instant e-mails or pages any time 
anyone requests his credit report. Best of all, he says, the company's 
own employees can't see the data. 


Lessons Learned

Abagnale regrets his past as a cheat. He says what he did was immoral, 
illegal and unethical. Though he receives some 200 e-mails per day 
from "fans" surfing by Abagnale.com who rave about his brilliance, 
Abagnale says he was just a kid. He added: "If I really was brilliant, 
I wouldn't have broken the law." 

In retrospect, Abagnale says he learned at least four critical 
lessons, which are played out in Spielberg's movie starring Tom Hanks 
and Leonardo DiCaprio: 

* The 1960s were far more innocent. People believed you were who you 
  say you were. 

* You must pay for your mistakes. 

* More amazing than what he pulled off as a liar and a thief, the 
  movie  was about redemption and the family man he transformed into. 

* A divorce can be devastating for a child. 

Why'd he do it all? Because he could. Would he do it all again? He 
vehemently says no. Abagnale says his life hasn't been glamorous. A 
lonely child on the run, he said he'd constantly cry himself to sleep 
through the age of 20. He never had a senior prom or went to a high 
school football game. He added: "I lost much more than I ever gained." 

In addition to the 1980 book "Catch Me If You Can" with reporter Stan 
Redding and Abagnale's 2002 book entitled "The Art of the Steal" 
(Abagnale sold the rights to his earlier book to Spielberg two decades 
ago and didn't profit from the 2003 movie), a "Catch Me If You Can" 
television series will debut in 2004 from the creators of ER along 
with a Broadway musical of the FBI hunt. 

Though many people think Abagnale's redemption draws from religion, 
immaturity or prison, he attributes it entirely to the family he 
created in Tulsa. Amazingly terrified, executives on Thursday were 
caught tearing as Abagnale spoke to his life's true legacy. 

"God gave me a wife. She gave me children," Abagnale said, noting that 
his oldest son is a third-year law student at Loyola University in 
Chicago. "She changed my life. Everything I am is in them. People 
don't truly understand love until they bring a child into the world. A 
real man loves his wife and is faithful. I've done nothing greater 
than being a good husband and great daddy." 

Finally nabbed in France at the age of 21 after an unidentifiable 
"John Doe warrant" was issued when he was 18, Abagnale ran out on his 
parents when he was 16 as they divorced. He didn't see his mother 
again for seven years. He didn't see his father ever again. 


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.