Your Identity Is Worth Less Than $15

I Don't Believe in Imaginary Property writes "One of the more interesting tidbits in Symantec's Global Internet Threat Report (PDF, 105 pages) is the price sheet, which suggests that someone's 'full identity' is worth in the range of $1-$15. Your email password goes for $4-$30 and your bank account might fetch $10-$1000. With those prices, I wonder how often they pay more for the bank account than is actually in it? There's also an executive summary (PDF, 36 pages)."

No way!

Of course this article is wrong. Just look at how much all these politicians care about us.

Re:I want to sell mine

Just post your account info here and we'll deposit the $1000.

British ID card system

So when the British government introduce their fantastic, shiney, new, biometric, uhackable ID card system, can we get them to buy our ID off us?

Who would trust Symantec

Whilst I am sure identity theft is a very real problem, I'm not sure I want Symantec to be my source of information about it. They have done more to reduce internet security than most, with bloated, unusable virus checkers that people end up simply disabling. Furthermore, there is a pretty obvious marketing angle to all of this.

Re:Who would trust Symantec

Yes. You said what I wanted - why should I trust the people who gave us Norton with my internet safety?

Re:Who would trust Symantec

Hey... waidaminute... that wasn't me!

Re:Who would trust Symantec

Peter Norton gave us Norton. Symantec bought out his company in 1990, and has been slapping the brand name on everything they've put out since. Bloat and decline in quality followed.

from http://en.wikipedia.org/wiki/Norton_Utilities [wikipedia.org]
"The Norton Utilities releases were collections of software utilities. Peter Norton published the first version for DOS, The Norton Utilities, Release 1, ca 1981. Release 2 came out several years later, subsequent to the first hard drives for the IBM PC line. Peter Norton's company was sold to Symantec in 1990. However his name remains as a "brand" for Symantec's range of utility and security software for home users."

Simple business model

[Symantec has] " done more to reduce internet security than most, with bloated, unusable virus checkers..."

Whenever I encounter a computer with Symantec software installed, I uninstall it before doing anything else. My experience with Symantec is that the company's software is VERY buggy.

"Furthermore, there is a pretty obvious marketing angle to all of this."

Having insecurity is profitable for Microsoft, anti-malware software companies, and weapons investors like Cheney and Bush. It's a simple business model:

1) Do evil.

2) Profit!

You're kidding, right?

a bank account might fetch $10-$1000. With those prices, I wonder how often they pay more for the bank account than is actually in it?

How much do you assume the average person has in their bank accounts? I realize that living at home with your parents and not having to pay for rent, utilities, food, and clothes may allow you to skate by with a very low monthly balance, but the vast majority of people who work for a living have to have the cash on hand (in their checking account, anyway) to pay for all these necessities.

But I don't suppose someone whose name is "I don't believe in imaginary property" would have a very solid grasp of the real world.

Re:You're kidding, right?

It depends which account. I'm 18 months out of University, have finally got on to the housing ladder (which isn't easy in the UK with stupidly inflated house prices), and am supporting myself, my wife, and soon a baby as well. We've got more than that in one of our bank accounts. Granted, it isn't our Current Account (which I assume is what the Americans call their Checking Account because they write their cheques from it), but it's still an account with more money than that in.

But as someone else mentioned, they probably want them for laundering rather than emptying.

Re:You're kidding, right?

Do you know how many people in America live paycheck to paycheck?

Quite a few people have bank balances that hover between the grand total of their most recent paycheck and $0. Or don't they count?

Re:You're kidding, right?

...but the vast majority of people who work for a living have to have the cash on hand

Ever look at discarded bank slips from ATM's? I have on occasion, and if it is any indication, most people rarely have more than $1000 dollars in their bank accounts. Or are you assuming the average person is a (relatively) high paid professional that doesn't have a mortgage, car, kids, etc? And people who do have any amount of money probably don't keep it in a bank account but in stocks, bonds, mutual funds, treasury bills, etc.

Re:You're kidding, right?

That's because you're looking at the slips from people who don't give enough of a shit to keep them.

Re:You're kidding, right?

I meant to have the poll as:

How much money do you have in your (checking+savings) bank accounts?
1. Less than 1 paychecks
2. 1-2 paychecks
3. 3-5 paychecks
4. 6-12 paychecks
5. more than 12 paychecks
6. I'm an edge case, you insensitive clod.

Re:Why would you?

You set up a sweep account [wikipedia.org], or manually perform the same action. Basically you take the funds that you want to keep available (for bills, etc.) and invest them in something that is easy to quickly buy/sell without penalty (e.g. money market [wikipedia.org]). Whenever you need cash in your checking account, you transfer it from that investment account. Whenever you have a surplus in your checking, you move it into the investment account immediately, so that it can get a higher interest rate than it would in you checking account.

You can have sweep accounts set up to automatically move money back-and-forth to maintain a reasonable balance in your checking, so that you always have enough to pay bills. Of course a money market (or similar) will get a better return than a bank account, but won't perform as well as longer-term investments (e.g. GIC), so funds not needed on a short-term basis should still be invested elsewhere.

As the grandparent post said, however, keeping substantial sums in a standard bank account amounts to wasting money.

Where did the data come from?

From TFA - "Bank accounts were the most commonly advertised item for sale on underground economy servers known to Symantec"

I'm curious as to where this data came from. Is it public record from court cases? Or does Symantec know more than the cops?

Work from Home...

1. Open lots of bank accounts
2. Sell them
3. Profit

(It'd be funnier if it didn't sound so plausible)

honeypot identities

what should be done is for banks to work together with law enforcement and create a bunch of fake identities with flags on them that when used it automatically notifies the police and sends all information to the police (photos, fingerprints & whatever else)...

Pretty accurate...

Your Identity Is Worth Less Than $15

(checks bank balance...)

Yeah, that's about right...*sigh*...

IE vs. Firefox statistics

Check out page 3 of the executive summary. In Jan-Jun of 07, they found that 89% of web vulnerabilities were in ActiveX plugins in IE. 1% of vulnerabilities were in Mozilla extensions.

I think we have a clear winner here...

Othello, 2008

Who steals my purse, steals trash; 'tis something,
nothing;
'Twas mine, 'tis his, and has been slave to
thousands:
But he that filches from me my good name
Robs me of about 15 bucks.

I smell profit !

1. Open bank account.

2. Sell account information.

3. Close bank account.

Repeat.

Why buy bamk account information....

When apparently you can just dumpster dive behind your local bank [connpost.com] to get all the bank accounts you would ever need?

Bank accounts provide bandwidth, not cash.

"With those prices, I wonder how often they pay more for the bank account than is actually in it? "

It's not just the funds the fraudsters are after... They are after 3 things:

1) Once you have a bank account, you capacity in the laundering pipeline. With the $10,000 detection threshholds, and the other AML (anti-money laundering) requirements, it takes a lot more bank Xfers to multiple parallel accounts to move money between the point of fraud, to the point of safe harbor. ACH-IN.... ACH-OUT. These are often 'mule' accounts to allow a network of smaller transfers that allow a larger aggregate money movement. Since I have 30-90 days before you notice all these $1-9000 xfers going in and out of your account... I need to constantly get new bank accounts to keep my laundering pipeline at full 'bandwidth.' If I'm lucky, I can pull a change of (email) address on you, so I can completely control the account for a small period of time (NOTE: address change just got 'red flagged' by the US FACT act of 2003... so in addition to Patriot Act reviews at account opening... address changes will (mandatory by all financial institutions by Nov 2008) be audited by regulators to verify the organization did due diligence to check for fraudulent activity).

2) Having a Bank Account makes opening a PayPal, a credit card, a stock trading or another bank account all the easier. All of these are much more lucrative, and they can leverage funds (margin, credit) , and if I open them, there is much less chance of detection by you (since I completely control the contact information). This is classic identity theft ("Officer, I don't have a bank account in the Outer Antilles!")

3) if we get lucky, you got cash... which we'll use in a leverage scam (open a stock account, and seed a pumpNdump).

This is great news, where do I sign up?

So my email address is worth between $4 and $30. Excellent - I can afford to retire now.

If you know someone (hell, anyone) who pays this kinda ca$h, please let me know. With my own domain I can create email addresses indefintely, and at $30 each it's literally printing money.

Now, of course if the reality was that spammers pay a tiny fraction of a cent per address then it's less worth my while (but could still be worth knocking together a script for).

Which option strikes you as most likely? Yes, thought so.

In similar news, my password is worth money too? Really? My password is "chocolate" - that'll be another couple of $$ please (feel free to sell it on yourself, too).

Now, I'll just sit back and wait for all the SPAM^H^H^H^Hmoney to start rolling in. Hmmmm, I think I just burned out my irony circuits.