Cisco Blogs


Cisco Blog > Security

When Cyberspace Meets Main Street

Recently, during my daily “let’s see what’s happening today” routine, I read an article that struck me in an eerie — better yet, intriguing — manner. The gist of the story is that a crime ring syndicated from cyber space, consisting of Internet-savvy folks and run-of-the-mill thieves, managed to purchase (let’s just call it what it is, steal) thousands of dollars in products while conducting shopping sprees at Apple stores.

Moments prior to reading this story, I had read yet another story on identity theft (these stories seem to appear daily, if not hourly), and so I was already on “heightened alert.” But what made this story stand on end for me was the process, and in essence, the cultivated procedures and methodology at work here: an effectively organized group where the cyber-literate purchase stolen credit card account information through underground websites, and using readily accessible commercial equipment (also purchased through the web), are able to print credit cards with their names but with magnetic strips that link to the stolen accounts. Moreover, the crime ring relied on shadow games as it enlisted the skills of various “street thieves” who run around on shopping sprees and then sell the purchased items for fair market value (by which we mean fair “street” market value), at which point everything is a profit! Taken a step further, one initial member spawned off his own syndicate, relying on the same construct, which also diversified the nature of the “business” at hand. We have seen identity theft and credit card schemes galore in the past, and much of the operation is based on the ever fruitful opportunities presented by cyber space, but rarely do we look far enough into the process to take note of the “effect” portion of the “cause-and-effect” relationships that occur. This portion resides in the communities around the world, where the culprits or miscreants decide to act on these cyber-imposed schemes, and actually use the information to achieve an intended end result.

What stands out here is not that the thieves, by their habitual nature, stole, but that unlike many cautious or thought-provoking criminals who mask their footprint by limiting their involvement, they decided to take upon the entire process in their operation end to end instead of performing a subset of the scheme, like merely taking the stolen credit card data or printing the cards and selling them off. These brave souls decided (whether due to greed, gluttony, or ignorance) to perform the action of personally using the stolen data as well. While that may sound bad enough or worthy of scrutiny, the perpetual straw that broke the back of this operation was the very essence of their beginning: cyber space! Yes indeed, they were caught due to their own admissions via their Twitter blast, which posted a video of their bravery — no no, wait, their egoism (yeah, that’s better).

Let’s not inundate ourselves in the details that brought this story out, as it’s not about the people who did this but about the manner in which they were able to succeed, which is where the societal “lessons learned” should be extracted. One may ask, and rightfully so, how could this have been prevented? What can we do to mitigate this in the future?

The irony here is that the answer to “what should be done to prevent said acts” is the same as it has been when dealing with the threat of identity theft. This is simply another example of miscreants taking things a step further. Threats and vulnerabilities have an inherent progression and hierarchy. If one does not mitigate a common threat or vulnerability it is likely that the next iteration of that threat or vulnerability will have progressed and evolved into something greater, as is this case here. So what should we be doing? Safeguarding personal information, for one — this all started with stolen credit card/account information. To rid this at the root, ensure that proper safeguards are in place, ranging from consistent analysis of our account(s); leverage monitoring agencies and keep an eye on that credit report; use proper (not easy to determine) PINs and passwords on credit and debit cards; guard your social security number as if it is your life (because it is); only use credit cards for online purchases (not debit cards, and better yet. have a dedicated credit card for online purchases only); stay on the lookout for shoulder surfing when using your cards; shred all personal information prior to discarding; be careful what you share in your networking/web 2.0 (i.e. Twitter, Facebook, MySpace details, etc.); watch your mailbox (especially when expecting credit cards and personal information to arrive), and watch out for those phishing emails and calls! As always, there are countless more things that can be done, but use this list as a good starting point. The reality is while we may not be able to prevent the numerous methods in which miscreants gather this information, we can institute proper practices to limit what can be done with the information.

After reading about this excursion, I am left with the following thought: Where do we stand when we as a society continue to face challenges such as these — challenges using opportunity laden resources that are available enough that these are frequent occurrences — and seemingly the only semblance of capture is held in the mere careless disposition of the miscreants? I guess we can certainly be thankful for the arrogance/ignorance/ [insert your word here] these thieves portray that continues to lead to their capture. And we can also thank cyber space and its friend “social networking” with a cyber high-five and a :-)

References and Helpful links:

Identity Theft Aids
http://www.privacyrights.org/fs/fs17-it.htm
http://www.yourcreditadvisor.com/blog/2006/10/the_ultimate_gu.html

Fighting Identity Theft
http://www.ftc.gov/bcp/edu/microsites/idtheft/

Tags: , ,

Comments Are Closed