Identity Theft Getting More Sophisticated, More Profitable (New York Daily News) May 24, 2005 -- It is the hot crime of the 21st century - and YOU are the target. Sophisticated super-hackers are turning identity theft into a multi-billion-dollar criminal enterprise, plundering data about ordinary people from alumni directories, ATM machines, credit cards, tax returns and myriad other sources.
Rings of international terrorists, money launderers, and petty street thieves are in the business, according to Manhattan District Attorney Robert Morgenthau and other law enforcement officials.
"How the information is stolen - high-tech or low-tech - is one thing, but what happens in the end is just as important; how the information is used and the impact on the victim, or credit card companies and other businesses," said Aaron Karczmer, chief of the Manhattan district attorney's identity theft bureau.
Nearly 10 million American identities are hijacked a year, with more stolen worldwide, according to the FTC.
Theoretically secure databases with personal and credit information on millions of American have been penetrated recently, including the Polo Ralph Lauren customer list.
"It's not just the money lost, but the time it takes for a victim to clear their credit and get their identity back," said Dave Foley, of the Identity Theft Resource Center.
He and other experts say the nine-digit Social Security number is the single most important key for the ID thief. Date of birth and mother's maiden name are the two other critical elements.
"Once they have your name and Social Security number, they pretty much have your ID and they go to work," said Bruce Helman, supervisor of the FBI's computer hacking squad in the agency's New York office.
Credit card numbers are the major target, sold and traded on a vast underground international Internet market.
Dealers later sell the card numbers - often manufacturing embossed new cards with the requisite magnetic strips - at a high markup to street thieves.
Electronics, clothing, a wide variety of mail-order merchandise, airline tickets and hotel stays are among the most common illicit charges.
"ID thieves love Manhattan because there's every store imaginable and they are all in close proximity," said Karczmer. "Also, Manhattan has the wealthiest victim population."
Hustlers generally expertly tailor their use of the cards, he added.
They "bang" them repeatedly with single purchases they know are below the dollar amount that might trigger a credit card company fraud alert or telephone call to victims.
"At the same time, we have had cases of cards whacked for $6,000 - that was for Cristal champagne at a club - to $50,000 on a corporate card," said Karczmer.
Enterprising thieves also use stolen identities to loot bank and brokerage accounts, take out mortgages and bank loans, set up cell phone service, and even pay utility bills, said Richard Staropoli, a New York-based Secret Service agent who specializes in ID theft.
Most of the direct cost of ID theft is borne by credit card companies, banks that issue cards and other businesses "whacked" by ID thieves. But those losses are later passed onto consumers with higher fees or insurance premiums.
"We are all paying for identity theft," said Morgenthau, noting that the crime is now so widespread his office has 66 prosecutors assigned to stolen ID cases. In the six months ended March 29, they handled 1,052 prosecutions.
In some cases, subscribers to commercial databases access information and sell it on the ID theft underground.
In April, it was revealed that a thief posing as a legitimate customer of ChoicePoint, a commercial data broker that serves prospective employers, insurers, banks and credit card companies, downloaded ID information on more than 145,000 people.
The tab, thought to be in the millions of dollars in bank and credit card charges, is still being calculated by various law enforcement agencies.
This new underworld is confounding software companies, virus protection companies and law enforcement: Every time a new security measure is conceived, the hackers find a new weakness to exploit.
Nothing is sacred or secure, not even encrypted wireless traffic broadcast by individuals or company networks.
The hackers can decipher it using transmission "sniffer" software tools available at no cost at underground Internet sites, according to an investigation by the New York Daily News.
The hacker with his own wireless-equipped computer drives or walks around until a wireless signal is detected.
"The software can break the encryption and provide the information for the password," said Alfred Huger, senior director of engineering for the Symantec Corp., a computer and software security company. "Then the hacker can `listen,' or record transmissions unencrypted and get whatever information is broadcast," he said.
Cellular phones and pocket PCs that have computing or Internet access also can be hacked.
Wired networks and individual computers connected to modems can be "cracked" as well by the illicit impresarios. They use a variety of tools that probe passwords and vulnerabilities in commonly used file sharing and software, including various Microsoft, Unisys and Linux programs.
Once the hacker gets into a computer or network, he typically installs undetectable BOT programs (short for robot) because they can be remotely controlled.
The BOTs can be instructed to seek out credit card numbers, bank account information and other identity information.
"The bottom line is once hackers are in they can do whatever they want, take your files, run your computer, erase files, deny your Internet service or use your computer to attack other computers," said A.T. Smith, agent in charge of the Secret Service's New York field office.
"Call me paranoid if you want, but I wouldn't do any banking online, not with what I know," said the FBI's Helman. "Victims only find out when they get the bills or find out that their ID has been used in other ways."
The Daily News investigation uncovered a site - findnot.com - where for $6.95 a month hackers can conceal their computer address while they're using the Internet. The system, located outside the United States, guarantees anonymity in all chat rooms, E-mail accounts, file sharing and Internet surfing. It operates using servers located in Russia, Malaysia, the Netherlands and Germany.
Meanwhile, for ID thieves who don't want to go to the trouble of advanced hacking, there are numerous Internet sites where thousands of stolen credit cards and other ID information are available.
The traffickers, who also frequently trade lists of numbers, are known as "carders," and the lists of numbers are known as "dumps."
On one site found by The News a Russian hacker was offering a wide variety of credit cards.
The price ranged from $20 for large number of "USA Visa Classic" numbers to $170 for "dumps" of Visa Gold cards issued in France, Spain and Turkey. The price per card hovers around $1 but drops closer to each card's expiration date.
The Daily News found more than 15 sites selling credit cards and other ID information. FBI and Secret Service agents have found many more.
The top-dollar underground product is the "full info card," with a victim's name, passport information, Social Security number, credit cards, date of birth and mother's maiden name.
"That costs about a thousand dollars," said Larry Johnson, agent in charge of the Secret Service's criminal investigation unit. | 
