computer vulnerabilities & criminal activity identity theft & credit card fraud 6.1 march 1,...
Post on 06-Jan-2018
225 Views
Preview:
DESCRIPTION
TRANSCRIPT
Computer Vulnerabilities & Criminal Activity
Identity Theft & Credit Card Fraud
6.1March 1, 2010
Definition of Identity Theft
A person commits the crime of identity theft if, without the authorization, consent, or permission of the victim, and with the intent to defraud for his or her own benefit or the benefit of a third person, he or she does any of the following:
1. Obtains, records, or accesses identifying information that would assist in accessing financial resources, obtaining identification documents, or obtaining benefits of the victim.2. Obtains goods or services through the use of identifying information of the victim.3. Obtains identification documents in the victim's name.
US Legal Definitions
Identity Theft and Assumption Deterrence
Act18 U.S.C § 1028
Makes it a federal crime to:“knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law”
Connecticut Criminal Law - Identity Theft
http://law.justia.com/connecticut/codes/title53a/sec53a-129a.html
Protected Information Name Date of birth Social Security number Driver's license number Financial services
account numbers, including checking and savings accounts
Credit or debit card numbers
Personal identification numbers (PIN)
Electronic identification codes
Automated or electronic signatures
Biometric data Fingerprints Passwords Parent's legal surname
prior to marriage
States with Mandatory ID Theft Investigation
California Louisiana Minnesota
Motivation for Identity Theft
Financial DesiresGreed
Strain Theory
Individuals Committing Identity Theft
Individuals May have some relationship to the victim Often have no prior criminal record
Illegal Immigrants Methamphetamine Users Career Criminals Gangs
Hells Angels MS-13
Foreign Organized Crime Groups Asia Eastern Europe
Victims of Identity Theft Higher education / higher income Age 22 - 59 Married Basically, individuals most likely to
have a good credit rating / credit history
Methods of Obtaining Identity Information
Dumpster Diving Skimming Phishing Change of Address Theft of Personal Property Pretexting / Social Engineering
How the Internet is used for ID Theft
Hackers Interception of transmissions - retailer to
credit card processor Firewall penetration - data search Access to underlying applications
Social Engineering / Phishing / Pretexting
Malware / Spyware / Keystroke Loggers
Crimes Following Identity Theft
Credit Card Fraud Phone/Utility Fraud Bank/Finance Fraud Government Document Fraud Employment Fraud Medical Fraud Misrepresentation during arrest
Problem with Identity Theft Investigation
Lapse of time between crime and the time the crime is reported
Monetary amount Jurisdiction Anonymity
Identity Theft Investigation
http://www.ftc.gov/bcp/edu/microsites/idtheft/law-enforcement/investigations.html
Identity Theft Data Clearing House Identity Theft Transaction Records
Subpoena or victim’s permission Request for documents
Must be in writing Authorized by the victim Be sent address specified by the business Allow the business 30 days to respond
Credit Card Fraud
“Wide-ranging term for theft and fraud committed using a
credit card or any similar payment mechanism as a
fraudulent source of funds in a transaction.”
Wikipedia
“Carding”“The unauthorized use of
creditand debit card account
information to fraudulently purchase goods and
services.”DATA BREACHES:WHAT THE UNDERGROUND WORLD OF “CARDING” REVEALS - US DOJ
Carding Terminology Dumps - information electronically
copied from the magnetic stripe on the back of credit and debit cards. Track 1 is alpha-numeric and contains the
customer’s name and account number Track 2 is numeric and contains the account
number, expiration date, the secure code (known as the CVV),and discretionary institution data.
PIN - Personal Information Number BIN - Bank Information Number
Carding Terminology cont.
Full Info” or “Fulls” - a package of data about a victim, including for example address, phone number, social security number, credit or debit account numbers and PINs, credit history report, mother’s maiden name, and other personal identifying information
How Credit Card Information Obtained
Online In bulk from hackers who have
compromised large databases http://www.privacyrights.org/ar/ChronData
Breaches.htm Phishing Malware
Types of Carding Carding Online
Using stolen credit cards to purchase goods & services online
Carding to a drop - having goods sent to another physical address
Cobs - changing billing address with credit card company
Types of Carding cont. In-Store Carding
Presenting a counterfeit credit card that had been encoded with stolen account information to a cashier at a physical retail store location
More risky Higher level of sophistication
Types of Carding cont. Cashing
The act of obtaining money, rather than retail goods and services, with the unauthorized use of stolen financial information
Pin Cashing - Using dump information to encode a strip on a card to use at ATMs
Types of Carding cont. Gift Card Vending
Purchasing gift cards from retail merchants at their physical stores using counterfeit credit cards and reselling such cards for a percentage of their actual value
Sales maybe online or face-to-face
Carding Forums Online Tutorials on different types of carding-related
activities Private and public message posting enabling
members to buy and sell blocks of stolen account information and other goods and services
Hyperlinks for hacking tools and downloadable computer code to assist in network intrusions;
Other exploits such as source code for phishing webpages
Lists of proxies Areas designated for naming and banning
individuals who steal from other members
Carding Websites (all disabled)
www.shadowcrew.com www.carderplanet.com www.CCpowerForums.com www.theftservices.com www.cardersmarket.com
Sample Carding Web Sites
top related