Tools required: clipboard, pen, plausible yarn
By Paul Hales: Thursday 24 March 2005, 16:48
http://www.theinquirer.net/?article=22103
SNOOPS in the employ of Infosecurity Europe, an exhibition company, wandered around London streets with clipboards and managed to extract enough information out of gullible shoppers to enable them to perpetrate identity theft on over 90 per cent of those they questioned.
The company said the intention of the stunt was to "raise awareness of the need to be very careful about the information people give to complete strangers."
A copper, detective Inspector, Chris Simpson of the Yard, said he was "disturbed" by the findings.
The researchers admitted to a certain amount of subterfuge in extracting information such mothers’ maiden names, or first schools attended from the 200 folk interviewed.
Pretending to be looking into Londoners’ theatre-going habits, the researchers told pedestrians that if they took part in the survey they would be entered into a draw for theatre ticket vouchers worth £20. Using this tactic they managed to get the names and address of all those questioned. Ninety-nine per cent coughed up their address and postcode and 92 per cent their home phone number.
Interviewees were told actors often combined their pets name and mother’s maiden name to come up with their stage name and were asked what they thought their stage name would be. Ninety four percent of respondents were thus duped into giving up their mother’s maiden name and their pet’s name.
Continuing the theatre-based theme, the question: "Did you get involved in acting in plays at school?" was followed by: "What was the name of your first school?". Ninety-six percent coughed this information too, giving over the key pieces of security information used by banks.
Infosecurity said the three-minute questionnaire gave researchers sufficient information to open bank accounts, credit cards, or even to start stealing their victim’s identity. The researchers did not offer any verification of their identity, their only tool was a clipboard and the offer of the chance to win a voucher for theatre tickets, the company said.
Claire Sellick Event Director for Infosecurity Europe who took part in the research said, one man provided all his information without question, "but returned five minutes later asking for it back, as he thought that we could use it to gain access to his on-line bank account, we gave him back his survey form," she said, "but did not provide any evidence of who we were. If we had been fraudsters he would have been too late."
Detective Inspector, Simpson, Head of Scotland Yard’s Computer Crime Unit said, "The results of the survey are disturbing to say the least, however they do highlight the need to raise public awareness of identity theft, what it actually means, how it can happen and the potential consequences".
By a spooky coincidence, DI Simpson is speaking in a keynote session on, ‘Law Enforcement - Cybercrime and International Co-Operation, Prevention, Detection and Punishment,’ at Infosecurity Europe 2005 – Olympia, London, UK 26th–28th April. µ
I’Inq
© 2005 Breakthrough Publishing Ltd.
http://www.theinquirer.net/?article=22103
Its me its really me I promise. April Fools
Posted by: Ian Grigg at April 1, 2005 12:12 PMI can't help thinking that there is a certain amount of scare mongering here.
If I let my passport expire then I would not be able to withdraw cash from my own bank account, let alone open a new bank account even in my own name, so I don't see how the information mentioned is supposed to suffice to open an account in someone elses name!
Date of birth and mothers maiden name may be a popular way for banks to establishing identity for the purposes privacy protection (such as when requesting a balance over the phone), but that is highly questionable in any case as it is all information publicly available from the registry of births, deaths and marriages.
It would be like having the banks decide to verify identity by asking for your eye colour, and then saying that not wearing dark glasses is creating an identity theft problem. The problem is using stupid methods of identity confirmation.
Posted by: Digbyt at April 1, 2005 01:32 PMI agree, Digbyt. These kinds of articles fit so easily into the current-day mindset that they almost write themselves. It's like outsourcing articles last year, identity theft is today's big panic. Six months from now it will be forgotten.
How the heck is knowing someone's dog's name going to help you get a loan in their name? Come on! I've never been asked that question on a credit card application.
Posted by: Cypherpunk at April 1, 2005 03:18 PMThe presence of FUD and sensationalism does not actually prove the absence of an concern. The underlying phenomenon is a leaky authentication system: it works most of the time. The question of whether the world is going to hell in a handbasket is one of risk-analysis and tipping points. It is entirely concievable that some types of fraud will reach a point where those getting burned (institutions) will just stop exposing themselves to this sort of risk. How much, and how fast are the quantities of interest.
I've poked around with this, but I haven't seen anything that tries to tease out what conditions would be necessary for failure, what such a failure would look like. Jean had a good workshop a few years ago, but has anyone seen anything more recent?
Posted by: allan friedman at April 1, 2005 05:32 PMUnfortunately we are somewhat shackled with FUD as a modus operandi, there is no media outlet that is going to let the truth stand in the way of a good story. Still, the basic facts as described were interesting.
Note that this is Britain not US. So far, the figures and most of the observers agree that only the US is badly hit with identity theft in whatever form. The question that a lot of people are asking is whether it will migrate out of the US as so many things do. My guess is not, as even though some other countries have adopted a strong credit society, american style, they have not adopted the same open identity structure.
Posted by: Iang at April 1, 2005 07:06 PM