PROTECTING
YOURSELF AGAINST IDENTITY THEFT?
Sometimes That's Not Enough
09/03/04
Take a recent
case in point: The president of a Florida bulk e-mail company
was recently indicted on charges of illegally hacking into the database
of another company--one that operates one of the world's largest computer
repositories of financial, corporate, and personal data from major banks,
credit card companies, corporations, and the U.S. Government. A virtual
treasure trove of personal data on Americans--and closely protected.
Yet this bulk e-mail
company managed to hack into the database more than 139 times and download
more than 8.2 gigabytes of personal information over a 16-month period.
It was one of the biggest cases of computer intrusion we've ever seen.
How much is
8.2 gigabytes of information? Think 4 million type-written pages...or
the complete works of William Shakespeare--copied 8,000 times.
How was the
downloaded information used? Fraudulently. The company is charged
with sending e-mail blasts of advertisements--on behalf of unwitting
client companies--to targeted customers in massive spamming campaigns.
It is also charged with selling customer lists to other companies and
falsifying their demographics. For example, the people named on the list
from a well-known casino were allegedly sold to a pharmaceutical company
as people who used prescription drugs.
How was the
case cracked? Local investigators looking into a separate computer
attack on the victim company in this case last year discovered evidence
of additional intrusions and sought assistance from the FBI, the Secret
Service, and several U.S. Attorney's Offices. Working with experts from
the Dallas Regional Computer Forensics Laboratory--and with the superb
assistance of the victim company--federal investigators established a
joint task force and immediately set out analyzing massive amounts of
computer evidence and conducting dozens of interviews. They ultimately
uncovered a cyber trail which led straight back to the bulk e-mail company.
The moral of
the story? With our partners in law enforcement and the private
sector, we will leave no stone unturned in protecting Americans and their
personal data from cyber criminals. In the words of Assistant Attorney
General Christopher Wray, "The protection of personal information
stored on our nation's computer systems is critical to public trust in
those networks and the health of our economy--we will aggressively pursue
those who steal private information from computer networks and make it
clear that there are serious consequences for such crimes."
Links: DOJ
Press Release | Cyber
Investigations