Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share

Social Engineering, Cybercrime Will Be Challenges In 2009: ITAC

ITAC releases its Identity Theft Outlook for 2009

Dec 03, 2008 | 09:45 AM

By Identity Theft Assistance Center
DarkReading

WASHINGTON, DC, December 2, 2008—The incoming administration should work to reduce barriers to investigating and prosecuting identity theft and financial fraud as part of modernization of the international economic framework, said ITAC, the Identity Theft Assistance Center, as part of its Identity Theft Outlook for 2009.

"Thanks to technology, national borders don't stop the criminals but too often borders slow down or stop law enforcement agencies from finding and prosecuting the criminals who commit identity crime," said ITAC President Anne Wallace. Damages due to cybercrime account for approximately $100 billion annually and are expected to increase.

In addition, ITAC cites the following trends in 2009:

  • More economic crime as economy falters. Hard pressed consumers may turn to fraud to make ends meet and criminals will target anxiety about job loss or unpaid bills with refinancing scams or schemes that promise jobs or easy money. As the recession forces state and local governments to cut their budgets, law enforcement agencies could be asked to do more with less.
  • Ongoing exploitation of new technologies. Cyber criminals exploit weaknesses in poorly configured websites, especially social networking sites, wireless networks and web applications. Information technology experts predict a 10-fold increase in malware objects that can be used to steal personal information in 2009.
  • Exploiting the human factor through social engineering. Federal prosecutors in Newark, NJ, allege that an international identity theft ring used social engineering and other techniques to steal more than $2.5 million from home equity lines of credit (HELOCs). Social engineering is when criminals trick consumers and company employees into divulging information. The defendants allegedly posed as the customers to trick bank, credit union and credit card company employees into revealing information and changing the mailing address on the accounts.
  • Inter-disciplinary research may lead to new solutions. The need to reliably determine a person's identity cuts across all aspects of society, from tracking terrorists to authorizing financial transactions. ITAC partners with the new Center for Applied Identity Management Research (www.caimr.org) to bring together leaders from law enforcement, academia and industry to develop pragmatic solutions to their common identity management challenges across the physical and digital worlds.
  • Online sharing of crime information means better identity theft investigations. The vast majority of identity crimes are investigated by state and local police departments but distance, jurisdictional boundaries, and limited resources and information hamper their efforts. A new online system, the National Identity Crime Law Enforcement network, lets police in Pennsylvania connect credit cards stolen in Philadelphia with a crime spree two states away in Indiana, according to Richard Goldberg, Assistant U. S. Attorney, Eastern District of Pennsylvania.
  • The growth of global identity theft syndicates. In August, the U.S. Justice Department announced "the single largest and most complex identity theft case ever charged in this country" involving suspects from U.S., Estonia, Ukraine, China and Belarus. Using wi-fi hot spots, the criminals hacked into the networks of major retail chains to steal and sell at least 40 million credit and debit card numbers.
  • Stiff sentences for identity theft criminals. A 36-year-old Philadelphia man was sentenced to nearly 18 years in prison for his part in a multi-state bank-fraud and identity-theft ring netting some $400,000. In another case, Philadelphia residents Jocelyn Kirsch and Edward Anderton—dubbed the "Bonnie and Clyde" of identity thieves—were sentenced respectively to five years and four years in prison for using their neighbors' personal information to live a lavish lifestyle.

    About ITAC

    ITAC, the Identity Theft Assistance Center (www.identitytheftassistance.org), is a nonprofit coalition of financial services companies united in our commitment to protect our customers from identity theft. A leading provider of identity assistance services through its ITAC Sentinel' brand (www.itacsentinel.com), ITAC protects all consumers through partnerships with law enforcement, education and identity management services. ITAC has helped more than 45,000 consumers recover from identity theft.


    • Subscribe to RSS










    Bugs
    ENTERPRISE VULNERABILITIES
    Vulnerability:suse linux
    Published:2010-01-22
    Severity:High
    Description:SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
    Vulnerability:ie
    Published:2010-01-22
    Severity:High
    Description:The URL validation functionality in Microsoft Internet Explorer 7 and 8 does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
    Vulnerability:bind
    Published:2010-01-22
    Severity:Medium
    Description:ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
    Vulnerability:ie
    Published:2010-01-22
    Severity:High
    Description:Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
    Vulnerability:ie
    Published:2010-01-22
    Severity:High
    Description:Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.


    Briefing Centers
    POWERFUL INFORMATION
    AT YOUR FINGERTIPS
    (SPONSORED LINKS)