Identity Theft Computer Forensics to the Rescue - Research Paper Example

Identity Theft Abstract Identity theft and online consumer protection have become exceptionally significant areas in technological studies demanding special consideration in order to protect the identity rights of e-consumers. This report is a discussion about identity theft. First of all, an introduction has been given which gives a better understanding of the topic. Common ID theft crimes and security issues are discussed. Then, a personal account is given which shows how I became a victim of this crime. Some important laws have been discussed to have a clear view of what steps have been taken to ensure the e-consumers’ identity protection. Then, social, ethical and moral issues regarding identity theft have been discussed. The report is summarized in a concluding paragraph. APA referencing has been used properly. Keywords: identity, theft, criminal, bank, information, computer, forensic, internet, security Introduction Before going into the niceties of how I became a victim of identity theft in the online world, let’s first get introduced to what identity theft actually is. Identity theft is the crime that involves stealing of a person’s private information “in order to impersonate that person in a legal sense”, according to Vacca (137). When a person’s identity is stolen, he is at great risk of facing a terrifying number of monetary and individual dealings done in his name by the thief. Technology, along with its pros, has introduced exceedingly technical and chic means of acquiring someone’s basic identifying information. Whatever means the thief uses, identity theft brings great damage to the victim’s name and reputation as the victim is solely left responsible for whatever financial or personal loss he faces. One often has to reveal bits of his personal information while doing online transactions, such as, his name, address, telephone number, bank information, credit card information, and etcetera. The thief, after stealing this information, can misuse it by, for instance, applying for loans in the victim’s name, changing his billing address, obtaining driving license, applying for jobs, applying for insurance or new banking accounts, getting authorization for electronic transfers by using the victim’s electronic signature, or any other fraud. On the internet, identity theft is being accomplished using techniques like sending Trojan horses, which are destructive programs, into the computer system, and important passwords and useful information like social security number is transferred to the thief. Another way to steal identity is email phishing. The victim is sent emails telling the victim that they are from so-and-so enterprise and scamming him by directing him to a fake website which asks for his personal information. Though, internet identity theft has made people uncertain about shopping and selling online, checking their bank statements online, visiting auction websites or entering into business contracts or transactions; however, computer forensics has played its part in helping law enforcement agencies in gathering digital evidence and identifying stolen identities as well as the criminals involved (Newman). Common Identity Theft Crimes Financial crimes mainly take account of the misuse of the victim’s credit card information, bank account information, social security number, or insurance information. Anderson asserts that “criminals can acquire this information easily by searching through discarded trash, social engineering over the telephone or through outright theft of the data”. The thief can initiate fraudulent financial activities by creating fake identities. Counterfeit bank statements and checks can be created using special softwares and tools. Photographs can be edited using easy applications. Thanks to computer forensics methods and tools, it is possible to discover and document electronic evidence. A thief, who happens to steal a person’s social security number (SSN), has all chances to get to his detailed personal information, according to Social Security Administration (2). The thief can then have access to all identification information from the databases and other data repositories that use SSNs as primary keys. He can then use his credit card information to apply for loans, do shopping and the leave the victim to pay the bills. The situation may lead to bankruptcy which can blow the victim out of his senses. Another form of identity theft is the taking and sharing of nude pictures of persons without their ever knowing it and distributing it over the internet as pornographic material. Placing hidden and covert cameras at public and private places, taking pictures and then disclosing them is also regarded as identity theft. Websites taking personal information from children and softwares helping the criminal to edit photographs has made it much easier to illegally distribute the images and enhance child pornography. Identity theft has also raised the problem of cyber stalking. Anderson, who works with NTI (New Technologies, Inc.) writes that: NTI was involved in a case where an individual assumed the identity of a past employee that had been discharged by a business. That identity was used, over the Internet, to terrorize a female Human Resources Manager who had fired the individual. After several weeks of investigation we discovered that the communications were fabricated by a peer worker within the corporation. This, and many other such cases occurring due to insecure internet environment, have been identified and solved by forensic computing strategies. Safe Shopping Online The internet has devised new ways and methods of shopping online while sitting in the comfort of one’s home. But, along with this ease, many concerns have also arisen which consumers must consider if they want to enter into protected and secure transactions with the seller companies without any security risks involved. They must watch what information they are going to share with the companies online. Companies might ask them to give their personal data like name, address, phone number, e-mail address, spouse’s name, name of parents and children, social insurance number, bank account number or credit card number. Consumers should make sure that the seller companies have a privacy policy mentioned on their websites and that the security of their credit cards or any other mode of payment is also guaranteed. They should give special consideration to the concern that the vendors should have a protected transaction scheme which will keep their financial information private and secured. If the credit card number has been given, then the statement must be checked regularly so as to make sure that there are no unknown charges that are not in the consumer’s knowledge because there have been cases in the past regarding fraudulent activities associated with the credit cards. It is also a sensible idea to keep a copy of all agreements, transactions and communications that have been carried out with the online vendors so that a proof is always there in case of complaints- minor or severe. Scams One should always do some research before falling for such offers by studying online reviews by other people and searching for any scam reports that the company might be having. For example, there are a lot of work-at-home jobs being offered at the internet with offers like lotteries or gifts or bonuses, most of which are just a scam trying to get the consumer’s personal information leading to their online profiling. Thus, it is very important to do some research work before giving out one’s curriculum vitae or resume which definitely contains all private information. It is also important to install an up-to-date anti-virus software program so as to protect the computer from scams and viruses that might travel to the system through malicious code. The e-mails must also be scam protected. The key sentence is that one should never give out one’s identity without making sure that the second party is a legitimate one. How I Became a Victim of Identity Theft Let me relate my own story how I became an identity theft victim. I used to visit a famous social networking website to interact with my friends and make new ones. Once I logged in by typing in my username and password, I saw a little window pop up which asked me if I wanted to save the password for that website. I clicked on the ok button. My password got saved and whenever I opened the page to log in, my password would be already there. I was happy to have been saved from typing in my password again and again. I did not know that all such passwords are saved on special files of the operating system which is very easy to access by even an amateur hacker. I did not even have my firewall settings on. I started seeing changes happening in my social network profile. I suspected that someone had viewed my friends’ and my personal information and have done some changes as well. My friends started getting messages from my profile of which I did not know a bit. My photograph albums seemed to have been viewed a number of times by an unknown user. I did not know what was happening. It was after a meeting with a computer forensic investigator that I came to know that the password file that had been saved on my operating system had been hacked and misused. My fault was that I did not even have enabled the firewall settings. So, a hacker intruded in my system, got my password, logged into my account, and got access to God-knows-what and how much information. The main thing I was worried about was my photographs and albums because I had heard too much about the misuse of photographs over the internet. Anyhow, I got some awareness through this mishap. I came to realize about the importance of long passwords with a mix of letters and numbers. The forensic investigator told me to go for unusual passwords and not to use a same password for all applications because if one account gets cracked, all get cracked. He told me to write them down on a piece of paper if I had the tendency to forget them, instead of having them saved by pop-up windows. This was when I started studying what identity theft is and how can one avoid it. Boyer (164) states that one must clear the cookies after using internet or using websites where you use passwords. This way, the hacker will not be able to accomplish his mission. Laws and Legislation To my surprise, I went through a lot of laws and legislation that have been passed to ensure e-consumer’s protection. I wondered why there were so many cases of identity theft despite these practical laws. I found some very fruitful laws some of which include: Computer Fraud and Abuse Act (CFAA) CFAA was designed in 1984 and deals with penalties for the intruders who gain access to sensitive information stored in a computer without authorized access. Computers have to be protected when the consumers carry out commercial activities, engage in cross-border e-commerce, and make online business transactions and email communications with online traders. It is illegal for anyone to get access to the transactional information without the consent of the party involved. The term protected computer is used in the Act to refer to those computers which is being used by financial institutions for the purpose of carrying out national or international e-commerce. The Act applies penalties upon the identity thieves starting from 10 years to 20 years of imprisonment. Electronic Communications Privacy Act (ECPA) ECPA was designed in the 1980s and enacted by the Congress. It applies penalties upon the persons who gain access to and make illegal use of the sensitive information that has been exchanged between the consumers and the online vendors through electronic communication techniques such as electronic mails, text messages, video conferences, chatting, and etcetera. Title I of ECPA deals with the protection of electronic communication that is transferred through voice, wire, sounds or signals; whereas, Title II, which is also referred to as Stored Communications Act (SCA), deals with the protection of stored communication like text messages and chats. Title III deals with the prohibition of using trap and trace devices that could record the electronic communication going on between the two parties without obtaining a search warrant for doing so. It is also obligatory for the Police to take the consent of the party involved prior to using his taped conversation. ECPA is said to have restricted the concept of online consumer profiling. Consumer profiles are made by the websites by the use of cookies which tend to store the consumer’s information when they visit a specific website. This information can then be illegally used by the websites which make online profiles of the consumers and make illegal use of their transactional information. The only exception here involved is that the consumer’s information can only be used with his consent. Thus, this Act ensures that consumers do not face the risk of identity theft. Children’s Online Privacy Protection Act (COPPA) COPPA was designed in 1998 and became effective on April 2000. COPPA put forward rules and regulations that are to be applied on the commercial website owners and internet service providers who know which websites are being used by children and collect personal information from them with or without their parents’ consent. They are checked how they make use of this information. The operators are told to maintain a privacy policy on their websites and on every such page where personal information is being collected from young children. They are required to take the parental consent before collecting the information and are under the obligation of keeping that information confidential and safe. COPPA ensures that the parents are provided a description of the personal information collected from their children along with the confirmation that the information has not been disclosed or sold to any third party so that they may decide to let their children keep using the website or block it. Health Insurance Portability and Accountability Act (HIPAA) This law was passed in order to eliminate the menace of identity theft. This information could either be stored in and exchanged through hard copied files or computer systems. The need for secure online networks initially arose when issues like computer viruses and internet fraud posed a threat to the security and privacy of data stored on online servers and health records. The consumers began to worry about their personal information so they had to be made sure that their data will not be affected or disclosed without their consent. So, Health Insurance Portability and Accountability Act (HIPAA) was put forth by U.S. Congress on August 21, 1996. Title II of HIPAA deals with the privacy issue of the consumer’s data and presents Privacy Rule which ensures fines and punishments for fraud and violation of the rule. The rule gives consumers the right to file complaints if they find anybody obtaining, selling or disclosing their information. This way, they can have their data protected and their communications confidential. Ethical, Moral and Social Issues There are some socio-ethical issues regarding identity theft. It is important to educate the users of internet and computer systems about “intellectual property rights issues, privacy/ surveillance issues, access to data issues and issues of human-computer interaction” (Stahl, Carroll-Mayer and Norris 298). They should be able to relate principled reasoning to ethical cases. They should know that the other person’s identity is something that is his own property and not theirs; that they have no right upon others’ personal information, and they cannot use or disclose it without the owner’s permission. A virtual world businessman should respect his employees’ and clients’ personal identification data and should take measures to lock and protect the databases and data warehouses from unauthorized access. Even at very personal level, an internet user must know that he is supposed to protect and defend the second person’s identification information and at the same time, he should be aware of security breaches proposed by the World Wide Web so the he is able to protect his own identity. I could have saved my account from getting cracked by enabling firewall and intrusion detection settings if I had known the importance of these issues. Conclusion Putting everything together, it is very important for the consumers to remain alert while they are interacting with the online community. In spite of so many laws, legislations and Acts that have been passed to ensure the consumers’ protection online, still cases happen where they can become a victim to fraudulent activities and scams put forward by retail companies and vendors. Though, there are numerous true and honest websites performing in a sincere and straightforward fashion, but still, it is always a sensible idea to protect one’s identity and personal information before giving it out. It is vital to educate the e-consumers about their rights of protection so that they do not get trapped in the hands of criminals. The more the awareness about the consumer protection, the lesser will be the fraudulent activities taking place in the online world. References Anderson, Michael R. “Identity Theft in Financial Crime Cases.” Identity Theft: Computer Forensics to the Rescue. NTI, 2008. Web. 31 Mar. 2010. . Boyer, Alison. “Passwords and Pins.” The Online Identity Theft Prevention Kit: Stop Scammers, Hackers, and Identity Thieves from Ruining Your Life. USA: Atlantic Publishing Company, 2008. Newman, Robert C. Computer Security: Protecting Digital Resources. USA: Jones & Bartlett Publishers, 2009. Social Security Administration. “Identity Theft and Your Social Security Number.” Social Security. SSA, 2009. Web. 31 Mar. 2010. . Stahl, Bernd, Moira Carroll-Mayer, and Peter Norris. “Legal, Professional, and Ethical content.” Forensic Computing: The Problem of Developing a Multidisciplinary University Course. Idea Group Inc., 2006. Web. 31 Mar. 2010. . Vacca, John R. “Identity theft.” Computer Forensics: Computer Crime Scene Investigation. USA: Cengage Learning, 2005. Read More