Online Identity Theft: Curbing the Tragedy Beforehand
The lone biggest hazard we face online these days is to our identity and reputation. In the real world, you are most likely to know if you are engaged in misbehaviour and our carelessness mostly affects only ourselves. However, one of the most problematic features of the computer age is that we may have no inkling of the harm that our computers are wreaking on others. Our identities and reputation is what gives us social status. A name is a person’s most fundamental attribute.
When you want to dehumanise a captive, try giving him or her a number instead of a name. Reputation or what people think about us, is our currency in society. Without a reputation, you are at the mercy of the trust people offer to strangers. With a bad reputation, your past misdeeds trace your steps into your future. Computers, for all the benefits they have brought in other respects, have also been essential in eroding the integrity of both.
However, many of us are unlikely to have a reputation of adequate profile to warrant a premeditated attack. After all,it would be easy to smear your reputation as a fraudster, or your wife as a prostitute, if you are at the receiving end of a grudge, a prank, or business rivalry. But there exists an attack more vulnerable than this- impersonation. The CEO of TechDefence, Cyber Security Expert, Sunny Vaghela, shares some insight over the online identity theft.
Be it for fun or mostly sinister reasons, impersonation is very easy on the internet. We are used to shower our trust on people online whom we have never met in person, on the basis of fragmentary clues which can be reproduced by any third party. Under impersonation, the identity is not stolen: it still belongs to the person concerned. Just because someone stole your keys, credit card, passport and driving licence does not make him turn into you. It means he has taken things which allow him to pretend to be you, and therefore do things under your identity. However, you are becoming the culprit of all illegal activities, despite you having no knowledge of them.
In the real world, impersonation is quite difficult: we depend on plenty of real-world clues to supportthe physical objects that grant us our identity. For example, if someone sees a shady-looking person unlocking your front door, the fact that the thief has the right key does not make him less worrying, he is now more likely to be caught whether or not he commits a theft. Similarly, a stolen passport works only if nobody checks the photograph. The stolen credit card functions only as long as the spending pattern is not uncommon, and so long as the aggrieved does not report it missing. None of these safeguards is fool-proof, but it is hard to evade them all, and certainly hard to do so for a sustained length of time.
Cyber Alter Ego
But impersonation on the internet is a lot easier. In real world, your posture, demeanour, appearance, voice and other unique elements help other people recognise you. But your online self isjudged only by bits and bytes – by digital data, which is nothing but a string of 1s and 0s. If you are lucky enough, maybe these will be encrypted and complicated, backed up by other factors of authentication such as SSL structure, or by the answers to cleverly designed questions. Else, most of the times, your online identity consists of a simple login and a short password. Anyone else who can create the right digital signal can pretend to be you, and most people will believe him.
A successful impersonation involves stealing data and privileges. Since it is a connected process, each stage reached makes the next one easy. For example, access to your computer gives command of your e-mailaccount. Authentic seeming e-mails sent from your account can be used to change youremail address (or redirect yourmail). Then, the attacker can simply apply for new documents on your behalf. Once he is possession of new documents (for example a driving licence or utility bill) registered on a new address, he can start applying for loans or credit cards in the pilfered name. The real you may come to know about it when you find that your credit rating being collapsed, or when debt collectors start hounding you for unpaid bills which you never incurred.
All this has become extremely easy due to our over-dependence on computers and networks.Long ago, intercepting someone’s communications required close physical proximity (hence theword ‘eaves’ in eavesdropping). Even in the early electronic age, tapping a telephone or planting a microphone was perilous, complicated and conspicuous. It was well above the capabilitiesof an ordinary private citizen: only government agencies or professional detective agencies had theknowledge, and the chances of getting caught were severe.
Now you can simply look at people’s Facebook pages, which lists all their friends in plainsight. Facebook gives their biographies, hobbies and peeves, as well as theirbirth date, the school they went to and the names of their parents and siblings. Unsurprisingly, it even liststheir pets, and whether they are alive and dead. All of it matters: all these details are important for those trying tospeculate a password, or answer a security question.
A report published in May 2014 by a computer-security firm- iSight, exposed‘Newscaster’ – essentially an operation wherein Iranian hackers had since 2011 used more than adozen fake identities on social networking sites such as Facebook, Twitter and LinkedIn to trick atleast 2,000 targets, including high ranking American political,military, diplomatic and media figures, as well as notable pro-Israel voices. The hackers claimed that they worked in the media,defence industries or government, and had cautiously constructed biographies with credible sounding details (including links from a false media website, which copied content from genuine news outlets such as the BBC).
Thus, in essence, identity theft today is difficult to overcome, but knowing about the possible ways of such a crime helps in being vigilant to such happenings.