yARN: Identity as we know it is dead

Criminals have been stunningly successful at compromises, what they haven’t been so efficient at, which they will improve, is exploiting the compromised information

“Identity as we know it is dead.” So came the blunt message from Alastair MacGibbon, Director of the Centre for Internet safety at the University of Canberra and founder of the Australian High Tech Crime Centre while a Federal Agent with the Australian Federal Police.

According to MacGibbon, “There are well established black markets trading in all of our credentials today. I make the assumption that every single card in my wallet has been compromised. I just don’t know it yet and neither do the card issuers.”

But that’s not all, he adds, “Criminals have been stunningly successful at compromises, what they haven’t been so efficient at, which they will improve at over time by the way, is exploiting the information that they’ve compromised.

“So you have to make the assumption that credit cards are compromised, bank accounts are compromised, they could own my email account if they wanted (if they don’t already). The fact is they haven’t yet mined it for the right type of information. And we are seeing gains in the efficiency of criminals at that back-end. They’ve been so good at the front-end that prices have dropped dramatically.

“Now where the real money is online; is when criminals can steal lots of different types of data and re-amalgamate it into your full identity. So they have my postal address, documentation to prove I am who I am, as well as my financial credentials, mobile phone to be diverted etc. So that’s where the real money is.”

So, after that rather dismal view of the world, where are we at?

Probably even worse off than this commentary suggests!

In a recent quarterly Threat Report , AVG noted that while the price of card data was falling on the black market (in full agreement with MacGibbon) there was a matching increase in interest in other payment technologies – mobile phone systems in particular. After-all, how easy is it to sign up to a premium SMS service? And these days it’s also easy to create billing events where your telco will forward money to a third party on your behalf – out of your phone account. Drink vending machines being a very simple example.

Allow me to give some sage advice. You would be very wise to assume all of this is true and act accordingly.

Who knows, you might be pleasantly surprised to find that it’s not true. Or not!

The author attended Alastair MacGibbon’s presentation as a guest of SAI Global.