One of the most common crimes online involving everyday people – are ID theft. This crime can happen to almost anyone, even those that dont frequent the internet all that much. Most government and private systems are now online, and criminals can do great damage to a persons private life if their identlity is stolen. Primarily there are two reasons for id theft – turning a profit or vengance. More rare are stealing identities to commit political crimes – but they do exist.
As an excersise we were given a number of questions we should answer for us selves, and then write some reflection on this in our journal. Which I am now currently doing. But. When browsing the list of questions – my paranoid mind began to question wether I really wanted to answer some of them publicly. The first one was fine, go out there and find some crime figures from 2012 and 2013 showing costs related to ID theft, and then some currect figures. Now, those are easy to find depending on your criterias, the most recent article discussing the increase in incidents (in norwegian) can be found here at NorSis.
Now. For the second part, our professor wanted us to reflect on certain issues regarding our own “digital identity”, like how many places do you use password-authentification, and what are my password routines (in short). I did some reflection on this, but I have also (like previously mentioned) decided to not publish this on my journal for all to see. I have a system that I am using for my passwords which is unorthodox in some ways – and in case someone wanted to attack me – this information would be useful. So for now, you should only trust that I have really tight password routines based on best practice.
Another question raised is regarding to the time cost related to an identity theft. As mentioned there is an estimate saying 60 hours for a user to address these problems and recovering from them. But what about one password? Well, I would think that this depends on the level in which a hacker has done “damage”. Has he also changed the email account attached to the service, or only poked around? Are there files missing or altered? If there is just a simple stolen password – this can be solved very quickly. The more damage, the more time. But what if the password is used for all the users accounts? Then there are considerable time issues.
Lastly, we were given a link to Ebays tutorial page for avoiding ID theft. Now, many of these advices are good based on a number of different attack approaches. But I would like to add some more:
- Use two-step authentification
- Dont use passwords that are too hard to remember.
- Use passwords that are long and hard to guess (like sentences).
- Dont click on links on emails/popups – go to the company page.
For further advancement in how to face the challenges of ID theft – I came across a good book on the subject. It is posted free online for viewing and downloading, and the link and name are Taking Charge – What To Do If Your Identity Is Stolen.