Hacking is big business, and business is good since black hats discovered they can fund their activities through identity theft.
The Federal Trade Commission estimates that about 9 million Americans have their identities compromised every year. The Secret Service just busted one 11-person ring holding 40 million pieces of stolen information. Eleven down; tens of thousands to go.
Identity theft is so easy; common street gangs find it a nice complement to their traditional income streams from drug and gun running. Thieves as far away as China and Estonia are building files on Americans that can be sold in pieces or as a whole on the thousands of websites that traffic stolen information. The big prize is your Social Security number, a master key that can be used to unlock all the doors to your financial life.
So why is Todd Davis advertising his number on radio and TV? Because the CEO of Tempe, Arizona-based LifeLock has fraud alerts on his credit files, which force the bureaus to call him if anyone tries to open an account using his information. That's the most common--and most devastating--ID exploit, says the FTC. You don't know you've been compromised until the collection agencies start calling. Though the pain varies, 10 percent of victims waste at least 55 hours and/or $1,200 resurrecting their identities--temporarily. The bad guys wait for you to repair your credit, explains Davis, then come back for a second helping.
Putting red flags on your accounts is another hassle that has to be repeated every 90 days. But LifeLock will do it for $110 a year, and if you still get compromised, the company will spend up to $1 million to fix your credit. So far, the 3-year-old company has had to make good on that promise for only 153 of its more than 1 million customers. In other words, about 0.015 percent of LifeLock subscribers have been compromised, compared to 3.7 percent of the population at large.
LifeLock is far from your only choice. Redwood City, California-based Trusted-ID offers a similar program and a similar guarantee, but slightly different pricing at $99 a year. Either company will design a plan for your business, too, and those prices include a variety of complementary response services.
How about just being careful: shredding bank papers and securing your PC? It can't hurt. But we've been throwing technology against this plague for 20 years. Now it's bigger than ever, and ID attacks are multidimensional. Massive Zombie PC networks disperse keystroke loggers and phishing e-mails to make you more vulnerable to hacks on your computer and wireless network complemented by good old, low-tech wallet and laptop theft. Thieves won't hesitate to hijack your bank's ATM or website (pharming) or bully information out of your employees over the phone (vishing).
Yes, you do need to harden your PC with a robust shield like ZoneAlarm Security Suite and have your guard up online and off. But here's the thing: You'll still be forced to surrender your Social Security number to institutions that, frankly, do a lousy job protecting it.
Research has found that 8 in 10 credit bureau reports contain some form of error, banks are the most exploited target and, right now, half of all web address servers have a software vulnerability making them wide open to hijack. Recently, hackers compromised the online profiles of dozens of IT professionals--just to show they could.
It's 2008; nobody is going to protect you but you.
Mike Hogan has been covering technology issues for magazines with more than 1 million readers for 25 years.