Defining Identity Theft

With modern technology, identity theft has become easier to commit by the minute. Identity theft refers to when someone uses someone else’s personal identifying information such as their name, social security number, checking routing number, or their credit card number, without their consent with the intention to commit fraud or any other crime.

According to the Federal Trade Commission (FTC), approximately 9 million Americans have their identities stolen each year. Often times the victim is not aware they are the victim of identity theft until months or years afterwards, when their credit and their reputation have already been damaged.

Identity theft thieves use other people’s identifying information to commit a broad range of crimes. They may use the information to rent an apartment, obtain a credit card or checking account, or establish a cell phone or cable account in the victim’s name. The victim doesn’t usually find out they have been a victim of identity theft until it’s too late, or until they have been contacted by a creditor.

Identity theft begins when the thief acquires personal identifying information such as another person’s social security number, driver’s license number, or credit card. It doesn’t matter if the victim is dead or alive; it’s still a criminal offense and is prosecuted to the full extent of the law when the perpetrator is caught. Personal information can be illegally acquired in a variety of ways including:

Skimming – This occurs when a special devise is used to steal a credit or debit card number when processing the person’s card.

Changing the Victim’s Address – The person changes the victim’s address by mailing in a change of address form. As a result, the billing statements are diverted to another location.

Theft – This is the oldest type of theft in the book. This refers to stealing the victim’s purse, or wallet, pre-approved credit card offers, new checks or other tax information.

Dumpster Diving – This refers to rummaging through someone’s trash to find bills, bank statements, voided checks etc. with identifying information on them.

Phishing – The thieves pretend to be a financial institution such as the victim’s bank, or a credit card company and send spam to try and get the person to reveal their social security number or bank account information etc.

Pretexting – The thief uses false pretenses to obtain personal information from a bank, credit card company, telephone company and other sources.

Identity theft is taking very seriously in all fifty states. In Washington, there are two levels of identity theft. How they are prosecuted depends upon value of the credit, money, goods, or services that were taken. If the value of the goods or services etc. obtained through someone else’s identity were valued more than $1500, it is prosecuted as a Class B felony. For any goods or services obtained below the value of $1500, it is prosecuted as a Class C felony and the penalties range from up to 10 years imprisonment, a fine up to $20,000, or both. If you have been charged with identity theft, it’s critical to enlist the services of an aggressive defense attorney as early as possible. An attorney will be able to investigate every aspect of your case and negotiate with the prosecutor, the judge, or jury on your behalf when it comes to sentencing.

Identity Theft Is A Creation Of Both The Laws Of Nature And Man

The need or the desire to steal another person’s identity was created by both the laws of nature and the laws of man. Identity theft has been with man from the beginning of time. Today, it’s the fastest growing crime in the global community It is the crime of taking and using as one’s own the identity of another person without their consent. It is an intentional deceptive behavior that is designed to deprive the rightful owner of the continuous and uninterrupted enjoyment of his or her identity.

The first recorded report of this theft was found in Genesis 25:27-34 and 27:19-36, and addresses an issue created by the birth of twins. This reporting presents a clear picture of the second-born son desires to have the birthrights and blessings of the first-born son, The report presents a step-by-step procedure taken by the mother and her second-born son, to convince the blind father that he was giving the first-born blessings to his first-born son. The cleverness of the father’s ability to use all of his sensing faculties to make-up for his inability to see was equally impressive. The premeditated steps taken by the mother and her second-born son to counter the father’s cleverness in order to steal the first-born blessings, is an indication of the level of cleverness and determination today’s identity thieves will use to claim the identity of others for their personal usage.

Identity thieves steal identities for different reasons. In all cases the information needed to steal the identity of others, includes but is not limited to, the name, address, phone number, driver’s license numbers, credit card numbers, medical records, bank account numbers, social security numbers, income information, or other personal information. Records at the drug store usually contains enough information to allow an identity thief to steal someone’s identity. According to the Non-profit Identity Theft Resource Center, identity theft can be subdivided into five categories:

  • Criminal identity theft which is posing as another person when apprehended for a crime.
  • Financial identity theft which is using another’s identity to obtain credit, goods, and/or services.
  • Identity cloning which is using another’s information to assume his or her identity in daily life.
  • Medical identity theft is using another’s identity to obtain medical care and/or drugs.
  • Child identity theft occurs when a minor’s social security number is used by another person for the imposter’s personal gain.

Once the personal identity has been stolen and put into use by a thief, it can takes months to stop the fraudulent use of the information, and it could take years to clean-up a good name and credit report. The good news is that there are ways to prevent becoming a victim of identity theft. One way is to engage the services of a big guard dog, mutilate or destroy all bank statements, credit cards with name address and accounts numbers on it before it becomes trash. Another way is to change passwords and never use the birthdate of a family member. Protecting yourself and your family from the horrors associated with identity theft that was created by the laws of both nature and man is an important job.

The Fight Against Computer Crime

Computer technology has attracted its fair share of criminal activities from those looking to exploit and capitalise on people’s reliance on the computer to run their daily lives. After all, author Jolly John singled Singapore out for being ‘the most network-ready country’, signifying both our dependence on new-age technology and the capabilities of the talent we have. However, there are dire consequences to be dealt with should the intentions of those with the ability to manipulate the systems deviate to malice.

In their efforts to safeguard against computer crime, the Singapore Government has set up various measures through a multi-pronged approach. The first step is to keep up governing laws with the fast changing developments of technology and the opportunities for dismeanour it presents by passing new legislation. Singapore passed the Computer Misuse Act in 1993, which has since been amended four times.

The Computer Misuse Act punishes perpetrators of computer crime, rather than cyber crime. Computer crime refers to crimes against a computer through acts that attack a computer system. The Act covers unauthorised access to a computer, or computer material without authorisation, modifying the contents of a computer without authorisation, obtaining or intercepting any computer service or function, interfering with or obstructing the lawful use of a computer, impeding or preventing access to or impairing the usefulness or effectiveness of any computer program or data, or disclosing a password, access code, or other means of gaining access to a program or data. To take just the first example, any person who uses a computer to secure access to another computer without authorization shall be guilty of an offence.

On the other hand, the existing Penal Code governs cyber crime, which is traditional crime like fraud, theft or extortion abetted through the computer. As opposed to carrying out crime against a computer, perpetrators carry out their illegal acts through the computer.

Through the Computer Misuse Act, the law punishes and deters computer criminals by meting out harsh penalties including imprisonment and fines. Crimes targeting the bedrock of our nation’s critical industries like banking and finance, communications or transportation and public services warrants the harshest punishment – a fine up to $100,000 and/or imprisonment up to 20 years. It is also noteworthy that a Court can order compensation to be paid by the offender for any damage that is caused, and such compensation which is ordered does not prevent or restrict a civil claim for damages which exceeds the compensation amount.

The next step it has taken is to set up agencies that ensure the enforcement of these laws. These specialised agencies include the Singapore Computer Emergency Response Team, Computer Crimes Branch of the Criminal Investigation Department (CID) and Computer Forensics Branch of the Singapore Police.

Operated by professionally-trained tech experts, they can exercise their power with extra-territorial jurisdiction. They are trained in all aspects of computer investigation, one of which is the emerging field of computer forensics. This intricate process of investigation enables the retrieval of consequential data from computers, computer networks, data storage media and related equipment that may contain evidence which can be presented in court. They first analyse the data and meticulously document and preserve the evidence to be presented before court. This operation requires highly trained professionals as it involves delicate procedures where a single wrong move can destroy or modify the evidence.

If one suspects a breach but don’t want to bring it directly to the authorities, there is the option of approaching private forensic investigators like Adroit Data Recovery Centre (ADRC). Due to the increase in violations of the Computer Misuse Act, ADRC has set up a forensic investigation department to deal with the influx of such investigative requests.

With more than 10 years of experience in the data recovery market, ADRC is well equipped with certified computer forensic experts who are capable of securing and documenting digital evidence with full audit trail suitable for court submission and performing data recovery under all adverse situations. They also have their own class 100 clean laboratory. Without having to move evidence around, this minimizes the risk of evidence being contaminated.
Computer users should also adopt preventive measures to safeguard their computers against computer crime, which is a very real threat that has the potential to be even more damaging given our reliance on computers these days.
Adroit Data Recovery Centre (ADRC) Pte Ltd is South East Asia’s leading data recovery centre equipped with the first Class 100 clean laboratory in Singapore. It has an un-paralleled capability and the setup to acquire and collect the digital evidence from all kinds of working or damaged media while observing the strictest process of computer forensic investigation.

The team of qualified forensic experts is able to provide court-ready reporting of digital evidence for civil and criminal litigation through the installation of rigorous forensic methodologies in order to identify, acquire, preserve, analyze and document digital data (electronically stored information) for use as evidence in court or other legal or administrative proceedings.

How Is Your Personal Data Protected Online? The Law

With the rise in online activities such as social networking, shopping and banking, we now share vast amounts of information on the internet, personal and non-personal, but it should ultimately be down to each individual as to how much information they may want to disclose and what it is used for.

Why Your Information is Wanted
Data is a valuable commodity with many online business including the giants such as Google, Facebook and Amazon effectively trading on its value to power their advertising revenues and marketing strategies. These companies use profiling information to target their audiences more specifically for each product and service they are promoting. The more accurate the profile is the better they can judge whether the individual is likely to convert, i.e., respond to the advert and buy the product. How much information you disclose to these companies is ultimately down to personal choice and it may be that you are willing give more away in return for more personalised services. The common pitfall for online users when signing up for services they want, is to be tempted or encouraged into giving a little extra away without really realising it.

However, personal information is also used for more nefarious means by people in the criminal world, creating stolen or fake identities under which they commit crimes, most commonly fraud. If you’re not careful you can leave a trail of personal information on the internet which can be obtained and aggregated by anyone without any need to break the law. Many cyber criminals, though, also resort to illegal tactics such as phishing (emails which misguide you and encourage you to visit a fake site and supply personal information), pharming (where people try to redirect you to fake sites while surfing the net) and malware (viruses which can steal information stored on computers or log activity such as the keystrokes for passwords)

Data Protection Act
It is easy to see that attempts to steal your information would be classed as illegal but there are also laws that govern the appropriate use of data that you have willingly supplied online.

In the UK we are protected by the Data Protection Act. This act applies to all information whether paper based or electronic and at the heart of it is the stipulation that organisations can only use the personal information they have gathered for the explicit purpose for which you supplied it (this doesn’t apply to non-personal/non-identifiable information). To that end there are further specific principles such as the requirement that data is not held longer than is required for its purpose and that it is kept secure and accurate.

Organisations can however ask for permission to use your information for other purposes when you first supply it. You’ll often find that when you provide your name and email as part of a purchase process for example there is a checkbox asking if the same data can be used for marketing purposes too. The key is to be aware of what you are agreeing to – unfortunately that may mean reading the small print.

Privacy and Electronic Communications
You are also protected by the Privacy and Electronic Communications Regulations which cover the information that organisations use for marketing, data about online behaviour and data on user preferences. The regulations compliment the data protection act, providing more detailed guidance for online marketing, ensuring that your information, whether explicitly obtained or gleaned from online activity, cannot be retained, traded and used for any purpose that you are not benefiting from or have not agreed to. This applies even when the data can’t be used to identify you (e.g., a company just has your telephone number which they want to use for marketing purposes).

A recent update to the regulation in May 2011 tightened up the rules on cookies in particular. Cookies are the temporary files that a site can leave on your computer to help ‘remember’ you when you next visit the site. There are many different types of cookie ranging from those which contain no other information other than you have (or your computer has) been on the site before, to those that remember particular preferences. The majority will not contain any identifiable sensitive personal information. However, because they have often be deployed without much awareness from the end user, the new directive requires that you are initially asked to explicitly agree (to opt in) to each site that wants to use them when you first visit the site. You must also be provided with a sufficient level of information as to what the cookie will do and what information it holds before you do so.

There are of course those who will break the law either with the intention of committing further crimes such as identity theft and fraud or just to improve their business prospects. Part 2 of this article will look at what technology can help us stay secure.