Home > Identity Theft > Identity Theft: Are We Doomed?

Comments 0 Comments

Opening my e-mail reminds me of walking through the bazaar of a third world open air market—the pickpockets are everywhere. In the last 30 days I have received spam purporting to be from the Better Business Bureau, the Internal Revenue Service, the United States post office, the FBI, and most recently (this morning) even one from the AICPA—the American Institute of Certified Public Accountants, a group of which I am not a member. The subject line was “Termination of your Accountant Status” and the body of the email explained to me that my status as a CPA was about to be terminated as a result of my participation in the filing of a fraudulent tax return. I was directed to take immediate action by clicking on the link called “complaint.” An eternal cynic and professionally paranoid, I did some research and determined that the logo of the AICPA was correct, as were the return addresses and phone numbers listed in the email.

While I am a credit guy, not a debits and credit guy (and having no degree in accounting), I didn’t take the threat seriously; similarly, since I hadn’t sent any packages through the post office, nor become a member of the Better Business Bureau, I wasn’t too concerned about the dire warnings I received from those folks, either. I guess these emails are about as credible as the ones from exiled Nigerian diplomats—remember those? But since I’m getting half a dozen of these a day, we all know that some of the people, some of the time, are being fooled and scams like this are working.

Hacking is a continuously evolving epidemic that is often perceived as a battle between evil and good forces. I am not overwhelmed by the proposals that I have seen because they treat the symptoms without paying attention to the infection itself.

Recently both the House and the Senate held cybersecurity hearings again (so many hearings, so much time, so few results—sigh). As one might imagine, the testimony was filled with justifiably dire warnings about the vulnerability of important elements of the U.S. infrastructure, particularly the power grid. Additionally, a fair amount of time was devoted to the hack of DigiNotar, which was owned by the U.S. public company Vasco Data Security, and was an important provider of security certificates for domains based in the Netherlands and beyond. Apparently, the hacker was able to issue about 500 phony certificates for major websites including Google, enabling that fraudster to impersonate a legitimate site and thereby intercept, for example, Gmail communications. The person who claimed responsibility for the attack had asserted namelessly that he was a 21-year-old Iranian student who had hacked several other security certificate issuers, and was cooperating with the Iranian government. Allegedly, the hack of DigiNotar occurred in June 2011; it was discovered in July, announced in August, and the company filed for bankruptcy in September. Such is the impact of being an unlucky target.

The hearings also mentioned the report from last December that hackers in China had breached the U.S. Chamber of Commerce’s castle walls, and gained access to information on its three million members, and pretty much everything else stored on its systems. The complex infiltration involving at least 300 different Internet addresses occurred and continued during a six-month period ending in May 2010, when it was finally shut down after the FBI got involved. Although it doesn’t seem to get a lot of attention, what happened to the Chamber of Commerce is just one skirmish of an apparently well-known war between Chinese hackers and American companies. We live in era where personal identifying information and intellectual property are the hottest commodities, and the ancient battle for superpower preeminence has transformed into digital ninjas’ attacks.

My point here is really very simple: Why can’t the 21-year-old Iranian student be cooperating with the Chinese hackers and sending e-mails masquerading as the AICPA to you and me? Talented young hackers are the equivalent of someone who finds a skeleton key for all the safe deposit boxes in a bank. All they have to do is figure out a way to get into the bank in the first place, and then they can loot the treasure of all the depositors, regardless of whether that depositor is an individual, or a business, or a power grid.

The cybersecurity hearings are necessary and informative, and have produced predictable results in that competing pieces of legislation to deal with the problem have already been introduced in both Houses. Equally predictable: Everyone is arguing about how our security systems can be protected, and what the appropriate role of the federal government is in creating those protections—or forcing them to be established by the private sector. Senator Joe Lieberman introduced legislation that would grant the Homeland Security Department regulatory authority over private sector entities with systems deemed critical to the nation’s infrastructural security. That proposal was immediately attacked by Senator John McCain, who, fearing that the Lieberman bill would turn the DHS into a counterproductive “super-regulator” said, “If the legislation before us today were enacted into law, unelected bureaucrats at the DHS could promulgate prescriptive regulations on American businesses, which own roughly 90 percent of critical cyber infrastructure…”

Private sector representatives seem to agree with McCain (shock). Internet Security Alliance President Larry Clinton said in written testimony: “Traditional approaches, including federal regulation, will not solve the problem as it will be largely reactive and not stay ahead of the changing nature of the threat. Worse, bad regulation could be counterproductive, leading companies to expend their limited resources on building in-house efforts to meet regulatory demands over actually dealing with the threat proactively. Fundamental to stopping the advanced cyber threat is to understand that our biggest problems are not technological, but economic.”

As far as I’m concerned, all of the proposals and comments share one fundamental flaw: They focus on the nature of the person or entity attacked, rather than on the nature of the attacker. Sooner or later someone has to understand that what we don’t want is the Department of Homeland Security chasing the same people as the FBI, the CIA, the Federal Trade Commission, and even the CFPB. And that is precisely what will happen until Washington understands that that same 21-year-old Iranian (if he actually exists) could be used to hack the power grid, or issue phony security certificates, or infiltrate a bank, or send e-mails to you and me pretending to be the AICPA. It’s like reading the work of John Dos Passos—you know that all the characters are related to one another, you just don’t know how.

Bad laws, whether well-intentioned or in a campaign to generate good press, are still bad laws.

However, there was one statement made on the Senate floor, by Joe Lieberman, with which I can heartily agree. In noting the urgent need for action of some kind, and welcoming other legislative proposals, he said that the danger was such that to him “it feels like September 10, 2001.”

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Certain credit cards and other financial products mentioned in this and other sponsored content on Credit.com are Partners with Credit.com. Credit.com receives compensation if our users apply for and ultimately sign up for any financial products or cards offered.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team