Search This Blog

Tuesday, September 25, 2007


ID THIEVES TURN TO THE DISTRIBUTION OF “TOOLKITS” FOR MORE ILLEGAL INCOME


For the last three years I have been posting on how the identity theft bad guys are growing their technology much faster than our security systems can cope. Now, they have discovered they can sell the software that is the tools of their trade for a premium. Online crooks have formed a distribution network to market this “malicious” software or code, as it is described in an Associated Press story on MSNBC.com. They sell it to “middlemen” for $1,000 per program, even locking them into long term contracts. Like Al Jolson used to say, “You ain’t heard nothin’ yet,” when it comes to the next phase of the identity crisis. My crystal ball says that would be when an organized crime network—not necessarily the mob but it could be—takes over this lucrative scam, and establishes a hierarchy that runs the business like today’s corporations. In a Symantec report taken from 120 million computers running their anti-virus, they found that the US is tops in underground identity thieves, and the fact that malicious code has accelerated 185 percent in the first six months of 2007. However, the research community agreed this new distribution-style approach is the “most alarming trend.” Also for sale are “toolkits” that give criminals the ability to customize their cons for $300 to $800. Yet another toolkit targeting Web browsers moving quite well in 2007 is the MPack which goes for $1,000, and appears to come with tech support. It is so “robust,” as the AP article states, that “it benefited from professional development.” Symantec has a good article on the MPack, as an explanation of what the problem is, and the extent of its seriousness. In closing, there are two points to be made here: One) the need for an organization to track data breaches that lead to victims of ID theft should be a priority now…today in the world of privacy advocates; Two) Number one would not be necessary if consumers were given control over their names and private data.

No comments: