Authorities

Discussion in 'other security issues & news' started by Cretemonster, Jul 20, 2008.

Thread Status:
Not open for further replies.
  1. Cretemonster

    Cretemonster Registered Member

    Joined:
    Mar 31, 2005
    Posts:
    79
    https://www.wilderssecurity.com/showthread.php?t=215333&page=2

    This thread is a perfect example of someone getting physically robbed and the local authorities doing what they are actually paid to do to recover the victims personal items.

    So tell me this...what makes it OK when the thief comes into my house via a cable line or a phone line?

    I still get robbed blind,bank account emptied,credit card # stolen and maxed out,identity stolen and used to buy houses,cars and various other items.

    Sad that the authorities arent quite as proactive when this type of violation occurs.

    So this cable line\phone line is a welcome mat,a door with no locks?

    I think not,so what are we to do?

    I dunno....something...cause nothing is getting us no where. ;)

    I often wonder if there is any real solution for this,seriously doubting it.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    Answer: house to house robbery has been going on for 5,000 years, so the authorities are pretty solid on that one. E-robbery is new, 10-15 years max, and most likely only half that on any non-microscopic scale, so it will take a full generation to get a-hold of this (20-30 years), at the very least.

    BTW, why should your account get robbed? What kind of bank allows money withdrawal and transfers (galore) to other accounts without some sort of identity verification?

    Why would you have your ID, SSN, Credit Card no. or any other such info on the computer?

    Mrk
     
    Last edited: Jul 20, 2008
  3. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Well, as someone who has experienced both situations.... the emotional drain from a physical violation is a lot more significant. I lost fewer and less valuable physical assets than DVD+R, got virtually all of them back, but it took a while to feel comfortable again. My recent bout with credit card fraud was much simpler. The card provider notified me of suspicious activity, and the situation was nipped in the bud within 8 hours of starting with some minor inconvenience. It was a lot less invasive physically and emotionally.
    Obviously, it doesn't.
    I find the authorities equally active in the two instances. Jurisdictional ambiguity is a part of electronic crime. My credit card information was compromised somewhere. Not via my own machine, presumably at a vendor I used, the actual compromise event remains unknown. The attempted theft involved electronic assets (very large iTunes purchases, contracting for domain/website services, etc.), again from locations unknown (to me at least). Punchline, the scene of the crime is nebulous and that does create issues.
    What one always does - be vigilant.
    There's still some catching up to do from a law enforcement perspective, and we also see that occurring from, for example, credit providers. The activity monitoring performed by credit providers has become rather sophisticated of late. Electronic login to bank accounts is more complex now. It's important to realize that measures to control crime need to balance conflicting objectives. For example, let's sit in the physical world for a moment. If you want to eliminate physical theft, draconian and comprehensive video monitoring of all locations you wish to protect will be fairly effective. Obviously this could have a negative impact on a number of facets of privacy/individual freedom, so this need must be balanced against the need to police the situation. It's the same with cybercrime. Some of the more draconian measures which could be contemplated would have enormous privacy implications. Balancing these competing needs is not a simple process.

    Blue
     
  4. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    What if the thief has all the proper identity verification?

    Ever hear of keyloggers?

    With all of your experience on the forums you should know by now that no one has to get malware, period. It's too easy to prevent write access to the registry and to directories and prevent cached files from executing.
     
    Last edited: Jul 20, 2008
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hi,

    Even if the thief has all the data ... which you should not keep on the PC, the credit card company and the bank should not allow any such activity without physical proof.

    Example: I cannot transfer money to 3rd party accounts without physical approval at my bank - signing docs, showing in person etc - except a limited number of pre-approved numbers.

    Second, your ID, SSN etc should only be kept on paper, never electronically.

    And lastly, don't get infected.

    Mrk
     
  6. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    Good point, but what if its typed in?
     
  7. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    At some point the "what ifs" have to give way to the "what's realistic".

    Obviously, a system infected with an active keylogger is extremely problematic. The question is - how frequently is this a real issue vs. more mundane situations such as stolen databases, vendor employee based compromises, or willing surrender of the information via a phishing exercise? I can't put an informed number on that, but I have a difficult time believing that a remotely deployed and administered keylogger is a more frequent occurrence than any of the other situations listed (and probably many others).

    As Mrk noted - don't get infected.

    Blue
     
  8. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    Well, I guess its never happened to you.
    Thank you. That is what I said in my original post.
     
  9. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    It hasn't..., and when you sit down and carefully examine the sequence of events that have to occur for a remotely installed/administered keylogger to successfully execute the topic of this discussion..., it simply doesn't appear to stack up as a high probability event relative to other routes.

    Blue
     
  10. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    With your particular Windows configuration and web surfing habits, probably not.
     
  11. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Many of the recent ID exposure incidents involve corporate database weaknesses. Since companies are trying to avoid paper records, the customer has no say in the matter.
    One current example involving SSN transmission and recording is electronic filing. You don't send a tax form via snail mail or fax, but via your PC directly. People who use these programs or websites are storing sensitive information in them. There is a strong push to move people away from the paper forms and the numbers of electronic filings keep increasing every year. :doubt:
     
  12. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Welcome to the Digital Age *waves goodbye to his old friend privacy*
     
  13. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I will probably be among the last people who still send returns via snail mail. :D
     
Loading...
Thread Status:
Not open for further replies.