Understanding the dangers of identity theft and how a company or individual can be protected from it - Essay Example

?Understanding the Dangers of Identity Theft and how a company or individual can be protected from it I. Introduction As advancement in technology made access to information easier, many unscrupulous people take advantage of their skills and steal sensitive information from companies and private persons online. According to the Identity Theft Resource Center, a non-profit organization based in the United States (www.idtheftcenter.org), in 2010, there were about 662 cases if information security breaches reported in the United States but the actual number may be higher since not many people and organizations report breaches on their information security system. People whose identity have been assumed by another can suffer tremendous loses. Note that once somebody steals another person’s identity, he or she may be able to access the bank accounts and other personal information of the victim (Abagnale, 2007). As it is, there is a big possibility that the victim may lose money and assets on the process. Aside from taking money and other assets from their victims, some identity thieves use the identity of their victims to commit crimes (Cullen, 2007). For instance, an identity theft can sue the identity of his or her victim in fraudulent online transactions so when the fraud is reported to the police, the police go after the identity theft victim. As it is, it is very important that individuals and organizations understand the kind of risks that they are in and do something to protect themselves from identity thieves. II. Ways and Means Employed by Identity Thieves to Gain Access to Important Information There are a number of ways to commit identity theft but the most common are social engineering, phishing and hacking attempts. Social engineering is committed by exploiting human psychology to gain entry to databases, computer systems and even buildings with sophisticated security system (Hadnagy, 2010). Note that instead of attacking the software or system used by a company or individual, the identity theft uses mind tricks to retrieve sensitive information for the people inside the building and the people who are running the databank or the system (Hadnagy, 2010). To get the information that he or she needs to gain access into the building or the database, the identity does a lot of research and identify the key persons who he or she will retrieve the needed information (Wilhelm, 2010). For instance, if the identity theft wants to gain access to a database, he or she may pose as a computer technician or IT support person and trick an employee in the IT division to divulge passwords and codes to gain access into the system. Although the basic principles of trickery used in social engineering may sound simple, the execution of the act requires careful planning and psychological manipulation skills (Mitnick, 2003; Allsopp, 2009). When planning its strategies to defraud his or her victim, the identity needs to gather all the necessary information to trick the victim. To do this, he or she may access the personal information of the person targeted using existing social networks such as facebook, linked in and others (Mitnick, 2003; Wilhelm, 2010). Note that a good number of users of these online networking sites tend to give out personal information such as e-mail addresses and even telephone numbers online which may them relatively easy preys for identity thieves (Wilhelm, 2010). From the information gathered from these social networking sites, the identity may now be able to psychologically manipulate the victim into giving him or her sensitive information. In most cases, the deception happens online or through the phone so the identity theft and his or her victims do not actually come face to face (Allsopp, 2009). Aside from social engineering, phishing is also commonly used by identity thieves to steal information from their victims. To steal information from their victims, identity theft pretends to be a reliable online entity such as a bank, a well known courier, website and the like (Abagnale, 2007). Phishing is usually done through emails and online instant messages which carries a replica of the design and logo of the company that the identity theft is supposed to represent (Abagnale, 2007; Cullen, 2007). For instance, an identity them may use the logo and designs of paypal in an email to capture the passwords of some unsuspecting clients. Once the clients click on the link provided in the email, they will be diverted to another site which look similar to paypal. Since the site look legitimate to the unsuspecting eye, many clients automatically type their password into the page to open their accounts. The keystrokes of the victims are monitored by the identity theft so he or she now gains access to the paypal account of the victim. Another commonly used method of stealing identity is through computer hacking. This method of getting sensitive information from unsuspecting people online has been a major problem for many companies and individuals for the past several years (Street, 2010). Computer systems that are connected to the internet are the most vulnerable to hackers (Street, 2010). The most common approaches to computer hacking are network enumeration, vulnerability analysis and exploitation (Street, 2010). Network enumeration is a way of gathering information about the operations of the intended targets to make it easier for the theft to hack into the system and steal important information (Street, 2010). Vulnerability analysis, on the other hand, work by scanning the computer network for possible weaknesses which can be exploited to gain access into the system (Street, 2010). There are different types of tools that are used by hackers to gain access into the system, namely, vulnerability scanners, port scanners, packet sniffers, password crackers, rootkits, social engineering, keyloggers, viruses, worms, Trojan horses and others (Wilhelm, 2010). These tools can be used independently or may be used in combination with each other. For instance, vulnerability scanners and port scanners are usually used by hackers to gain entry into the system by using the weaknesses that are inherent in the system itself. Once the identity theft accesses the system, it may use a rootkit to conceal the breach in the system. Note that rootkits are designed to blend into the background and it can take on any program form to hide itself in the system so it is often difficult for most people to spot this type of bug (Blunden, 2009). Moreover, some sophisticated rootkits are designed to subvert standard computer security to prevent itself from being discovered and removed from the system (Blunden, 2009). III. Computer Security and the Laws Punishing Identity Theft In an era where people rely on computers to transact business from all over the world, having a secure computer network is very important. At present, there are a number of ways for individuals and companies to protect themselves from identity thieves. There are a number of anti-virus and anti-malware software available online and most of these software are quite reliable (Cullen, 2007). Companies, establishments, government agencies and other organizations that keep records of its costumers and members now use strong encryption to protect the personal information stored in its databank (Cullen, 2007). Also, there are some companies that require the use of biometric information to identify the users of their system (Cullen, 2007). However, although the use of biometrics is one way of effectively thwarting identity thieves, this technology has its limitations so we cannot really be hundred percent sure that the system is foul-proof (Cullen, 2007). Aside from software and security measures that are used to deter identity thief, there are many laws that protect individuals and companies from identity thieves. In the United Kingdom, the Data Protection Act 1998 punishes people and organizations that knowingly and unlawfully transfer or use information for any purposes. Other countries like the United States, Canada, France and others also have their own laws and regulations regarding identity thief. Yet, despite the many security measures employed by individuals and organizations to protect the integrity of their system, there are still instances when hackers and thieves find their way inside the system and steal important information. Note that even the strongest computer network security system can still be compromised. This only shows that in one way or another, we are all vulnerable to identity thief so we need to be eternally vigilant to prevent any untoward incidents. IV. Conclusion Identity thief is a problem that may not go away in the near future. As individuals and organizations strengthen their defenses against social engineering, phishing, hacking and other illegal activities that are used discover sensitive and personal data, identity thieves are also constantly looking for ways to steal personal information and use this information to their advantage. Given this situation, we all need to take extra precautions in storing personal information especially when we are connected to the internet. Setting up firewalls and installing anti-virus software is very important especially when you have sensitive information stored in your computer. Aside from using firewalls and anti-virus, it is also very important to be careful when it comes to selecting password for your files. References 1. Abagnale, F. W., 2007. Stealing Your Life: The Ultimate Identity Theft Prevention Plan. Broadway Books 2. Allsopp, W., 2009. Unauthorised Access: Physical Penetration Testing For IT Security Teams. 1st ed. Wiley 3. Blunden, B., 2009. The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. 1 ed Jones & Bartlett 4. Cullen,T., 2007. The Wall Street Journal. Complete Identity Theft Guidebook: How to Protect Yourself from the Most Pervasive Crime in America (Wall Street Journal Identity Theft Guidebook: How to Protect). Three Rivers Press 5. Hadnagy, C., 2010. Social Engineering: The Art of Human Hacking. 1st ed. Wiley 6. Mitic, S., 2009. Stopping Identity Theft: 10 Easy Steps to Security. 1st ed. NOLO 7. Mitnick, K., 2003. The Art of Deception: Controlling the Human Element of Security. 1st ed. Wiley 8. Street, J., 2010. Dissecting the Hack: The F0rb1dd3n Network, Revised Edition. Revised Ed. Syngress. 9. Welsh, A., 2004. The Identity Theft Protection Guide: Safeguard Your Family Protect Your Privacy Recover a Stolen Identity. 1st ed., St. Martin’s Griffin 10. Wilhelm, T., 2010. Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques. Syngress Read More