1 / 27

Computer Vulnerabilities & Criminal Activity

Computer Vulnerabilities & Criminal Activity. Identity Theft & Credit Card Fraud 6.1 March 1, 2010. Definition of Identity Theft.

ata
Télécharger la présentation

Computer Vulnerabilities & Criminal Activity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Vulnerabilities & Criminal Activity Identity Theft & Credit Card Fraud 6.1 March 1, 2010

  2. Definition of Identity Theft A person commits the crime of identity theft if, without the authorization, consent, or permission of the victim, and with the intent to defraud for his or her own benefit or the benefit of a third person, he or she does any of the following: 1. Obtains, records, or accesses identifying information that would assist in accessing financial resources, obtaining identification documents, or obtaining benefits of the victim. 2. Obtains goods or services through the use of identifying information of the victim. 3. Obtains identification documents in the victim's name. US Legal Definitions

  3. Identity Theft and Assumption Deterrence Act18 U.S.C § 1028 Makes it a federal crime to: “knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law”

  4. Connecticut Criminal Law - Identity Theft http://law.justia.com/connecticut/codes/title53a/sec53a-129a.html

  5. Name Date of birth Social Security number Driver's license number Financial services account numbers, including checking and savings accounts Credit or debit card numbers Personal identification numbers (PIN) Electronic identification codes Automated or electronic signatures Biometric data Fingerprints Passwords Parent's legal surname prior to marriage Protected Information

  6. States with Mandatory ID Theft Investigation • California • Louisiana • Minnesota

  7. Motivation for Identity Theft Financial Desires Greed Strain Theory

  8. Individuals Committing Identity Theft • Individuals • May have some relationship to the victim • Often have no prior criminal record • Illegal Immigrants • Methamphetamine Users • Career Criminals • Gangs • Hells Angels • MS-13 • Foreign Organized Crime Groups • Asia • Eastern Europe

  9. Victims of Identity Theft • Higher education / higher income • Age 22 - 59 • Married • Basically, individuals most likely to have a good credit rating / credit history

  10. Methods of Obtaining Identity Information • Dumpster Diving • Skimming • Phishing • Change of Address • Theft of Personal Property • Pretexting / Social Engineering

  11. How the Internet is used for ID Theft • Hackers • Interception of transmissions - retailer to credit card processor • Firewall penetration - data search • Access to underlying applications • Social Engineering / Phishing / Pretexting • Malware / Spyware / Keystroke Loggers

  12. Crimes Following Identity Theft • Credit Card Fraud • Phone/Utility Fraud • Bank/Finance Fraud • Government Document Fraud • Employment Fraud • Medical Fraud • Misrepresentation during arrest

  13. Problem with Identity Theft Investigation • Lapse of time between crime and the time the crime is reported • Monetary amount • Jurisdiction • Anonymity

  14. Identity Theft Investigation • http://www.ftc.gov/bcp/edu/microsites/idtheft/law-enforcement/investigations.html • Identity Theft Data Clearing House • Identity Theft Transaction Records • Subpoena or victim’s permission • Request for documents • Must be in writing • Authorized by the victim • Be sent address specified by the business • Allow the business 30 days to respond

  15. Credit Card Fraud “Wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction.” Wikipedia

  16. “Carding” “The unauthorized use of credit and debit card account information to fraudulently purchase goods and services.” DATA BREACHES:WHAT THE UNDERGROUND WORLD OF “CARDING” REVEALS - US DOJ

  17. Carding Terminology • Dumps - information electronically copied from the magnetic stripe on the back of credit and debit cards. • Track 1 is alpha-numeric and contains the customer’s name and account number • Track 2 is numeric and contains the account number, expiration date, the secure code (known as the CVV),and discretionary institution data. • PIN - Personal Information Number • BIN - Bank Information Number

  18. Carding Terminology cont. • Full Info” or “Fulls” - a package of data about a victim, including for example address, phone number, social security number, credit or debit account numbers and PINs, credit history report, mother’s maiden name, and other personal identifying information

  19. How Credit Card Information Obtained Online • In bulk from hackers who have compromised large databases • http://www.privacyrights.org/ar/ChronDataBreaches.htm • Phishing • Malware

  20. Types of Carding • Carding Online • Using stolen credit cards to purchase goods & services online • Carding to a drop - having goods sent to another physical address • Cobs - changing billing address with credit card company

  21. Types of Carding cont. • In-Store Carding • Presenting a counterfeit credit card that had been encoded with stolen account information to a cashier at a physical retail store location • More risky • Higher level of sophistication

  22. Types of Carding cont. • Cashing • The act of obtaining money, rather than retail goods and services, with the unauthorized use of stolen financial information • Pin Cashing - Using dump information to encode a strip on a card to use at ATMs

  23. Types of Carding cont. • Gift Card Vending • Purchasing gift cards from retail merchants at their physical stores using counterfeit credit cards and reselling such cards for a percentage of their actual value • Sales maybe online or face-to-face

  24. Carding Forums Online • Tutorials on different types of carding-related activities • Private and public message posting enabling members to buy and sell blocks of stolen account information and other goods and services • Hyperlinks for hacking tools and downloadable computer code to assist in network intrusions; • Other exploits such as source code for phishing webpages • Lists of proxies • Areas designated for naming and banning individuals who steal from other members

  25. Carding Websites (all disabled) • www.shadowcrew.com • www.carderplanet.com • www.CCpowerForums.com • www.theftservices.com • www.cardersmarket.com

  26. Sample Carding Web Sites

More Related