http://www.latimes.com/business/la-fi-scam14mar14,1,3115785.story?coll=la-headlines-business
Low-Tech Methods Used in Data Theft By David Colker LA Times Staff Writer
March 14, 2005
Executives at besieged information broker ChoicePoint Inc. have said they had no idea how vulnerable the company was to the identity thieves who recently tapped into personal data on 145,000 Americans, igniting a national furor over privacy.
Chairman Derek Smith told CNBC last week, for instance, that management "never realized the sophistication organized crime" would demonstrate in order to access ChoicePoint files.
But documents in a criminal case against a brother-and-sister team that pulled a similar scam several years ago suggest that penetrating ChoicePoint's defenses could take little more than a home computer, a fax machine and a bottle of Wite-Out.
"This is an old-fashioned kind of thing," said Deputy Special Agent Dale Pupillo of the U.S. Secret Service, which investigates cases of credit card fraud and identity theft. Hackers capable of stealing data electronically increasingly pose a threat, but "this was kind of low-tech."
That worries consumer advocates and lawmakers. Several members of Congress have proposed laws that would require data brokers to establish effective security systems to keep the Social Security numbers and other confidential data they gather and store out of the hands of fraud artists.
ChoicePoint executives declined to be interviewed for this article but issued a statement reiterating the company's view that recent data thefts from ChoicePoint and rival information broker LexisNexis provide "ample proof of the seriousness and sophistication of this type of fraud."
Both ChoicePoint and LexisNexis, a unit of Reed Elsevier, have said they will institute new policies to ensure that only government agencies and legitimate businesses can gain access to their data, which are used to verify employment applications, screen credit applicants and investigate security risks.
But it might not be wise to trust the companies to police themselves, said Edmund Mierzwinski, consumer program director for the advocacy organization U.S. Public Interest Research Group.
"I question whether companies [that have been] so cavalier with confidential consumer information will really change their attitude without tough new laws and a lot of lawsuits," Mierzwinski said.
Court documents in the 2002 case of Bibiana and Adedayo Benson — who were convicted and sentenced to federal prison — shed light on what it took to steal data from ChoicePoint and open fraudulent credit card and bank accounts in the names of unknowing victims.
The case, which led to at least $1 million in losses, attracted no public attention at the time. Like the most recent security breach, it involved con artists using simple and time-tested methods to hoodwink the data broker.
According to the court records, Bibiana Benson applied for a ChoicePoint account in the name of Christine Lorraine Burton on April 2, 2000.
To get the account, Benson needed two things: Burton's Social Security number and a professional or business license. ChoicePoint requires a copy of "business or professional licensing," according to its current application form, because information obtained from its databases may be used only for "business reasons."
Benson had the Social Security number. (The documents don't say how she obtained it, but authorities say there was evidence her brother was involved in identity theft before the ChoicePoint infiltration.) The California real estate broker's license in Burton's name was a fake. Benson faxed the license to ChoicePoint along with the application form.
The real Christine Burton, who was living in a small town in Indiana, told a Secret Service investigator that she had no real estate license and never had resided in California, and the California Department of Real Estate said there was no license on record in Burton's name.
But it's easy to fake a document such as a real estate license if it only has to withstand scrutiny as a fax, forgery expert James Black said.
"Piece of cake," said Black, who has testified in many forgery cases. "All you need is a [valid] license form, Wite-Out and a copy machine."
Investigators discovered the fake real estate license when they searched Bibiana Benson's home, the court records show. There is no indication in the records whether ChoicePoint attempted to check on the authenticity of the license.
Benson — who pleaded guilty in September 2002 to a felony count of unlawful use of identification — told an investigator after her arrest that she was working with a ring of identity thieves.
She said ring members would give her names, often taken from building mailboxes, and that she would then do the research using her online account with ChoicePoint, securing the Social Security numbers and other information needed to steal people's identities.
Ring members paid $45 to $65 per record, she said. ChoicePoint accounts given to investigators showed she examined at least 7,000 personal data files in a two-year period.
Her brother Adedayo, who pleaded guilty to three felony counts, used the information to establish fraudulent accounts.
The first step was to rent mailboxes at private mailbox companies in the San Fernando Valley and Beverly Hills.
Then he would apply for credit cards in the name of consumers whose data his sister had stolen, using the mailboxes as the return address, the court records show.
"Once I took over the box," he told investigators after his arrest, "I just called the bank and asked them to send me a credit card to the mailbox number. I called several banks."
He would then use the card to buy expensive goods and take out cash advances.
The court documents detail only a few of his purchases; one receipt from Circuit City is for two laptop computers.
Another part of the scam was producing fake driver's licenses. One that Adedayo Benson used, complete with his picture, was in the name of Dale Patterson.
Investigators determined that the person whose identity was lifted for the card was a woman whose full name was Dale Veronica Patterson.
Forgery expert Black said that obtaining fake driver's licenses was one of the least challenging jobs for the fraud ring.
"We could go over to MacArthur Park," Black said, referring to the Mid-Wilshire area park that has long had crime problems, "and come back about an hour later with 10 fake licenses, with pictures.
"It's an old game."
================================ George Antunes, Political Science Dept University of Houston; Houston, TX 77204 Voice: 713-743-3923 Fax: 713-743-3927 antunes at uh dot edu
Reply with a "Thank you" if you liked this post.
_______________________________________________
MEDIANEWS mailing list medianews@twiar.org
To unsubscribe send an email to: [EMAIL PROTECTED]
