IDs stolen from junk computers
|John Millar, Special to the Free Press (London Fr|
There’s an illicit market for personal information and many people are feeding it by failing to remove their identities from decommissioned computers.
Website www.iaaca.com, says a June 22 International Herald Tribune story, ran an ad for available “dump” information. It explains that ‘iaaca’ is short for: International Association for the Advancement of Criminal Activity.
The ad is quoted as stating: “Want drive fast cars? Want live in premium hotels? It’s possible with dumps from ZoOmer.”
A “dump” is credit card information, including name, billing address, phone number, etc. Information about valid, existing credit cards could be purchased for $100.
Anyone purchasing information from the site could use the card information for activity ranging from online purchases to full identity theft.
Anyone not sure how to use someone else’s personal information for gain only has to search the Internet to find plenty of help, including such finer points as the best time of the month to crack an account.
The size of the market for illegal use of personal information is officially available. The U.S. Federal Trade Commission estimates 10 million Americans have their personal information pilfered and misused every year. The cost to consumers is estimated at $5 billion and to businesses at $48 billion annually.
Incidents of data loss that have been given the highest profile have either been the result of hacking or the theft or loss of computers containing files of personally identifiable information.
The losses happening every day everywhere which don’t receive much attention are the result of individuals and businesses giving the information away inadvertently.
How is this happening? Giving or throwing computer equipment away without removing data provides the opportunity for someone else to get the information.
On March 3, the television show Inside Edition aired Discarded Computers (at www.insideedition.com/Default.aspx?tabid=35). It followed an investigative reporter who purchased a number of computers that had been donated to a thrift store for resale and some computers obtained from a local dump. None of the hard drives from the computers had been cleaned of information.
There was sufficient information obtained from the machines for an identity theft.
A surge in demand for shredders shows that a growing amount of attention is being given to destroying hard copies of files and records.
Destruction of electronic files requires more effort.
Every business needs to have a policy on document destruction and to make sure it’s fully implemented to protect sensitive data.
An effective document destruction program will ensure that data is not available when computer equipment is discarded.
Taken from the U.S. National Industrial Security Program Operating Manual Description (www.qsgi.com/usdod_standard_dod_522022m.htm), the following essential elements are to be considered when deleting data or getting rid of computer equipment:
– Media containing sensitive information should not be released without appropriate sanitization;
– File deletion functions can be expected to remove only the pointer to a file (i.e. the file is often still recoverable);
– When data is removed from storage media, every precaution should be taken to remove duplicate versions that may exist on the same or other storage media, back-up files, temporary files, hidden files, or extended memory;
– Media in surplus equipment should be sanitized.
The NISPOM Standards outlined on the website provide explanations about the need for and techniques of destroying electronic data, including employee training.
Making life more difficult for identity thieves must include ensuring you are not giving the information away when you dispose of computer assets.