Experian, Ford, and Identity Theft 193
corebreech writes "The mighty New York Times (I think they might want you to register) is reporting that hackers posing as Ford employees have managed to pilfer some 13,000 credit reports (Quality is Job 1.) Supposedly the info isn't restricted to merely credit card numbers, but rather includes such delectable delights as address, SSN, bank account info and creditworthiness. Glad I take the subway." The original story was from the Boston Globe.
uhoh (Score:1, Offtopic)
graspee
Cripes! (Score:1)
Re:Cripes! (Score:1)
Bah. Just mail it it in. Most creditors give you a few days grace period and/or require the envelope be postmarked on or before the due date
Even if they charge you a small late fee, it's likely to be less than next day air shipping charges
Login for NTY (Score:2, Troll)
No need to give them your email address!
I'd be happy... (Score:4, Insightful)
Then I'd just sue Ford for lossing my info. They've already admited to doing it, so there's pretty much no burden of proof. Corporate neglegence should be pretty easy to prove.
That sound you hear is lawyers sharpening their claws.
Re:I'd be happy... (Score:4, Interesting)
Burden of proof isn't the problem. Damages are. In my case, Experian (gee, the same company mentioned in the article), has royally screwed up my report with incorrect info. I did everything proper to try and get them to correct it. They flattly refused. I went to a lawyer specializing in these matters. He told that while I did have a strong case, suing would be a bad idea. Unless I could prove damages, I wouldn't even recover my attorney fees, let alone be compensated. You have to sue in federal court BTW. Expensive.
Best Quote (Score:1)
I don't even know where to begin with that one.
Re:Best Quote (Score:1)
And then having to fire fight the unholy amount of shit that Experian et al caused me, over a period of months I have to wonder, what their definition of a bad guy is.
As businesses go, these guys are really (, really, really) one sided, they sell information electronically about me for sod all to all and sundry (in the blink of an eye), but when they get it wrong, I can only contact them by snail mail, they take an age to fix the problem, and the problem is expected to "percolate" to their customers as they get their monthly/quarterly/half-goddam-yearly updates. They keep no record of who has the latest version of your information and see no obligation upon themselves to supply corrections to those that have bad data.
In effect they wipe their hands of all responsibility, for propagating a lie about you!
Sorry, rant over
Does my anger come through here?
Re:Best Quote (Score:1)
Re:Best Quote (Score:2)
What really sucks is some of the algorithms they use to determine your credit references. This includes the credit references of people who live / lived in the same house as you - even flat mates who you hardly knew - even flat mates who _moved in after you moved out_.
I don't know whether it's commendable or not, but they actually named the people who'd lived at the addresses I'd lived at in my copy of my credit report. Weird.
So, yeah, credit reference agencies suck. They are the bad guys. I've never defaulted on a payment in my life, and I got turned down for credit cards because I'd lived at the same address as people with debts. It's just weird.
Re:Best Quote (Score:2, Insightful)
This all comes down to something I've been painfully aware of for most of my life, though it doesn't seem to be terribly obvious to those who need to recognize it. Which is the very essence of the problem itself: The guys at the top don't know what's going on at the bottom. They have their little meetings where they talk to the guys just under them in the corporate hierachy who in turn have had their little meetings with the folks under them and so on and so forth until you get to the bottom where the first line supervisors are more concerned with protecting their own butts than communicating anything of importance to their own supervisors. The former head of the company where I work once called this an "inversion layer," implying that there was some particular point where communications break down. This is how it looks, but it's not how it is. The lack of communications results from the fact that each individual level of organization in a company is not totally transparent to the level above it. It is simply the accumulation of many layers of less than complete transparency that results in the appearance of this mythical inversion layer. The real problem is too many levels of management and more precisely the whole multi-layered managerial system itself, where the guys at the top really don't won't to "dirty their hands" looking at anything more than one level below them. Not only is it impossible for them to know what's happening using the current organizational model, they don't really want to do anything that would allow them to know.
If they did know, they would have to take responsibility. And nobody sitting behind an expensive desk making obscene amounts of money for having little meetings about his "vision" of the future wants to have to worry about being responsible.
Re:Best Quote (Score:1)
What model do you suggest to replace the "multi-layered managerial system"? At large companies like Ford, I think that it's not a question of not wanting to dirty one's hands, but how does a CEO run a company with a few hundred thousand employees in a flat managerial hierarchy? Those management levels are in place not because he doesn't want to get in the "trenches", but because there aren't enough hours in the day.
A CEO (or whatever you call the top person) must trust the lower level managers; the alternatives are micromanagement of each tier, or fire all managers and have EVERYONE report directly to the top person.
Now, highly paid executives probably DON'T want to get their hands dirty, but that doesn't mean they are shirking responsibility. Again, flatter hierarchies can work, depending on the size of the corporation, but what do you do for the really huge ones?
so... they should learn from motorola (Score:1)
What? (Score:1, Funny)
BTW, i have a nice set of Firestone tires that came new on my Explorer to sell.
He got it wrong (Score:5, Insightful)
Re:He got it wrong (Score:2, Funny)
___
A never-ending struggle? Think about it. It seems that Ford and Experian have an agreement so that Ford can get credit information from Experian. The only thing needed is this security ID. A "never-ending struggle" seems to suggest it took them some time for Experian to come up with this system. How did it used to work?
Ring Ring.
Experian: "Hello Experian Credit Inquiry Line, whose personal details would you like?"
Caller: "Err, I didn't say who I worked for yet."
Experian: "Sorry what company are you calling from?"
Caller: "Ford"
Experian: "Whose personal details would you like?"
Caller "Err, don't you want me to prove I work for Ford?"
Experian: "Who would pretend they worked for Ford?"
The mind boggles!!!
Bob.
Re:He got it wrong (Score:2)
Re:He got it wrong (Score:2, Funny)
Just In Case... (Score:5, Informative)
Experian [experian.com] , Transunion [transunion.com] and Equifax [equifax.com] are the big 3 for reports.
Now that's customer service N O T (Score:4, Informative)
Van Leeuwen of Ford said he thought the company had done everything it could to help the individuals affected by the security breach, and didn't plan to offer them any financial assistance.
Surely Ford have broken some law here ? In the U.K. there is something called the Data Protection Act, c'mon the U.S. has got to have some equivalent legislation.. They're not blaming it on hackers, they admit they don't know how the access code or whatever was taken !
Law?? *WHAT* law? (Score:3, Interesting)
Re:Now that's customer service N O T (Score:1)
Nope, the data protection act has no US equivalent. Are you feeling ressured?
Basically, for those of you in the US, the data protection act, amongst other things, means you have to be careful with people's data. If you're not, they can revoke your license to hold personal data on people, very effectively killing off most
businesses.
Re:Now that's customer service N O T (Score:1)
Well, it's not clearn that it's Ford's problem. Sounds like some group managed essentially to get hold of Ford's password to the Experian database.
Re:Now that's customer service N O T (Score:2)
Give me a brake!!!! It IS FORDS responsibility!!! This has gone on for over a year before they found out. Do the passwords not change on a regular basis? If not then this will ahppen again and both these companies should be held responsible.
Class action anyone?
They didn't just crack Ford owners (Score:5, Insightful)
Read the article again. They didn't just steal the personal financial information of Ford owners.
They just pretended to be Ford so that they could access the credit reports of thousands of people. Subway-riders included.
Re:They didn't just crack Ford owners (Score:2)
Glad I drive a hydrogen powered Jeep
Oh wait! They probably had the same breach but did not report it! Crap! Third thought, good thing my credit is already worthless and nobody would get very far stealing it!
Re:They didn't just crack Ford owners (Score:2)
Even if they did make loans just for Ford cars and trucks, you wouldn't have to be a Ford customer, just a potential customer, for the inquiry to appear valid. Taking the subway doesn't shield you from this kind of fraud.
--Jim
Ford (The Associates) Security (Score:4, Informative)
Come on, Where's my no-login link, Karma Whores? (Score:1)
Re:Come on, Where's my no-login link, Karma Whores (Score:1, Informative)
Guarding / checking against Identity Theft (Score:5, Informative)
Sig: What Happened To The Censorware Project (censorware.org) [sethf.com]
The bad news though, (Score:5, Insightful)
These credit bureaus have too much centralized data on citizens. They are a one stop shop for crooks, be they crackers or whatever.
Re:The bad news though, (Score:4, Informative)
As to your second point, I agree completely. At one point, Equifax was trying to gain control of medical records for people to link with the existing stuff. I'm not a fan of big government but Equifax,Transunion and Experian need to have STRICT government regulation because of the impact the information they carry can have on an individuals life. Forget that stupid cracker shit in "The Net". All it takes is a fucked up keystroke and you can't even rent an apartment.
The biggest piece of legislation I would love to see is this: Private companies are forbidden to use SSN's as customer identifiers. How fucking hard is it for a company to generate a random account number?
Re:The bad news though, (Score:2)
You do have a choice: don't provide the SSN. Businesses are free to ask for you SSN. Unless there is a compelling reason (financial transaction with a bank, safety of the President is at stake, or access to government confidential information), you don't have to provide it.
Granted, the business can say "sorry, we don't want to do business with you" but I've only had two places (an apartment complex, and Verizon, when I tried to cancel my service with them after they bought Powertel even though I had a document which said that would not be considered a valid form of identification. Bastards.) absolutely refuse to do business with me.
If you have alternate forms of identification, they're almost always more than willing to do business with you.
Re:The bad news though, (Score:2)
The legislation has to forbid asking you for it and forbid denying goods or services based on refusal to give it to them even if they ask.
It should ONLY be required for tax or social security identification purposes, and only if required by law. Otherwise it should remain private to the SS# holder.
Re:Don't give out your SSN? What planet are you on (Score:4, Interesting)
My standard script:
"I'd rather not provide my SSN, I have deeep, personal beliefs against doing so. I'd be happy to provide alternate identification, such as my driver's license or my passport."
Sometimes this works, sometimes this does not.
If it does not work, ask to speak to the supervisor. Repeat spiel.
If you are calm and considerate and polite, they're not going to refuse you. Don't fill out the part that asks for your SSN, or make a big mark through it, or put it "REFUSED". This works. Really.
Re:The bad news though, (Score:2)
you can't document that you have been a victim of identity theft (or a similar type of crime), then you have to shell out about $10 per report.
Just lie and say that your wallet was stolen. You are then entitled to a free credit report. This worked for me.
Re:Guarding / checking against Identity Theft (Score:2)
Of course they urge you to check your credit file once a year. These "experts" are - shock amazement - people who benefit from your credit report being up to date.
When a consumer requests their credit report, they want your address so they can mail it to you. Of course, they could just provide it to you on the 'net once you verify your identity, and this would be no less secure, as the same information is used to verify either way. A web validation program would probably be MORE restrictive and picky about your credentials than a human who is subject to social engineering. But they want your contact information so that people can track you down to collect your debt.
Credit reports list your addresses and the dates you've been living there, as you report them. Any time you apply for credit, your information gets attached to the record. Credit reports are easy to get given a SSN. Credit reports always list the SSN used on the report because it's the only meaningful identifier; Go take a look in the merlin databases (You can get access by giving money to flatrateinfo.com) and see how many times even unusual names come up. It's fairly astounding.
So of COURSE they want you to check your credit report. Just make sure to get it mailed to a PO box.
Re:Guarding / checking against Identity Theft (Score:2)
Oh geez....if you have any account that reports to a credit bureau, they have your current address.
Let's see, do you rent an apartment or have a mortgage? Most apartment management companies report to credit bureaus, and of course mortgage co.s do.
Credit card?
Loan? Be it student, car, or whatever, the holder reports.
Cell phone?
Utilities?
There are all kinds of companies you deal with every day, who already have your correct address and give it to the credit bureaus.
Re:Guarding / checking against Identity Theft (Score:2)
national ID card (Score:5, Funny)
Re:national ID card (Score:2)
Dude, I know this was meant to be funny, but instead it's really sad - because few people ever look at ID, even in face to face transactions.
My next-door-neighbor recently told me that someone had found a single check in her trash, and used it to buy stuff at the local Fred Meyer (grocery store that also sells home stuff and clothes). Nobody bothered to ask for ID... for over US$500 worth of stuff! She was able to convince her bank it wasn't her, but jeez. I went to Fry's the next day and finally got a paper shredder =) Suddenly tearing up my mail didn't seem good enough any more...
Identity theft insurance (Score:3, Insightful)
It seems to make sense (well, to me at least) that the corporations charged with the information of your identity should be forced to have this identity insurance. Sure people could get it, so if they gave up their identities by accident (people going through their trash) they would be covered.
However, corporations like Ford saying "oops, sorry! but i'm not paying for our mistake" is unacceptable. They should be required by law to have identity theft insurance, and reimburse those who's identity has been stolen through the identity insurance.
Re:Identity theft insurance (Score:2)
Ford sent out the warning of unauthorized access, but that's not really proof that they were the hole. Merely that they are taking a bit of responsible action.
I will admit that it's likely that the leakage happened at Ford. But if it happened at the credit agency, this may only be the tip of the iceberg. The Ford account has now been patched, but if some other passwords were stolen at the same time
we knew this already, but... (Score:2, Offtopic)
Ford Really Sucks [fordreallysucks.com]
Ford's Fault? (Score:2)
Re:Ford's Fault? (Score:1)
If you want to use a gun analogy, it is more like storing your gun in a bank vault and the bank allowing somone posing as an employee to steal the gun, shooting someone and framing your for the crime.
Ford had information that was their duty to protect. They failed to protect it. Not really that complicated of an issue.
Re:Ford's Fault? (Score:1)
So I can see how you wouldn't want to blame Ford. It can't be their fault. This must have happened when they were making exploding cars, or covering up a tire saftey issue on the Ford Exploder. Sure.
Re:Ford's Fault? (Score:2)
Blaming Ford is like being accused of murder when you put your gun in a safe deposit box, J. Random Criminal says "I'm Amazing Quantum Man", and the bank gives them the gun, and J. Random Criminal kills someone.
no SSN (Score:2, Insightful)
Re:no SSN (Score:1)
Re:no SSN (Score:1)
Re:no SSN (Score:2)
The last time I put in for a card at Blockbuster, I left that part of the form empty. They didn't even ask me for it when they went to plug everything into their computer system.
(I haven't rented from them in months...Netflix [netflix.com] has a much better selection and is cheaper and more convenient.)
Just goes to show (Score:1, Redundant)
The unfortunate reality of the information age is that information is power - though you may not realize it, giving out personal information, no matter how well-intentioned the recipient is, can have adverse side effects. Systems get hacked; judges can order spyware to track users; businesses can be bought and sold. Worse, we live in a society in which someone's creditworthiness, that is, their ability to get loans, and even find work, is very much dependent on the accuracy of a credit reporting company's data; a simple keystroke error or a bug in a computer program could literally put an otherwise good employee out on the street.
Oh, and one last thing - never give anyone your social security number. Or your mother's maiden name.
Re:Just goes to show (Score:3, Funny)
"
Are they not necessary to open a bank account in america? or to get a credit card? or a hotel room or a train ticket? or to file a tax return on the internet?
I can't wait to see the governments' look of surprise when people start using cash again for serious things. "Airline ticket by cash? Right, bodily-search for you, boy. We'll not have anyone who doesn't trust the Credit Corporation"
Re:Just goes to show (Score:2)
Besides, nobody takes trains anymore...the rail system is pretty much only used for cargo. (Amtrak discontinued service here years ago.)
Re:Just goes to show (Score:1)
Not giving out personal info is great, and should be done when possible (I should have asked for a unique Student ID, like i did for my driver's license), but very often it's highly, highly inconvenient, and a person would miss out on things by sticking to it. For the vast majority of people, the [fairly] small risk of identity theft is worth the convenience (which sounds like the way the gen public feel about most security issues).
Re:Just goes to show (Score:4, Insightful)
Mother's maiden names are similarly public records. In practice they have been harder to track down in the past, but wiht various records including those of the Mormon church coming on-line that information is not fully accessible as well. See first paragraph for implications.
sPh
SSN intentions and uses (Score:2)
What they may have been intended for, and what innumerable private companies use them for, may not be the same thing.
SSNs seem to be the stock in trade as unique IDs. I know my old bank's automated phone service would ID you with a) your account number (found on any check you've every given out), your SSN, and a private pin which defaulted to the last four of your SSN. With that you could do just about anything, including transfer funds.
Did I mention that is was my OLD bank. 8) It also took them about a year and a half to catch on that someone else was writing and signing my checks, but that's wandering off topic. (It was my wife, so I knew about it, otherwise I would of caught it.)
Because it's a ready made unique identifier, that people will most likely remember, businesses love to use it. I think that you don't have to give it our if it doesn't involves taxes (like interest bearing accounts, jobs, etc), but that doesn't stop companies from asking you - you need to police it, they will try and get away with as much as they can.
It seems pitifully simple to steal an identity today.
=Blue (23)
Re:SSN intentions and uses (Score:2)
And any database designer worth his paycheck should bloody well know that (there's a good summary of the problems here [cpsr.org]). And any software designer worthy of the name should include a "Generate Unique ID" button on any data entry screen that otherwise might want SSN just as a key.
Heck, even if there's a requirement for SSN in the database (eg tax-related info), don't use that as the bloody key. Banks don't use your SSN as your account number, after all. (At least, not the ones I deal with.)
Re:SSN intentions and uses (Score:2)
Which is, by all means, an issue. However, if you ask me, it's far more an issue that
*SSN's are issued consecutively
And why not? There only purpose was to maintain records for the Social Security administration, so what did it matter?
Many of us who are
Furthermore, and this gets more into the oddities of how the SSA issues SSN's at any particular time...but I'm sure there are some pretty good patterns based on region and time with regards to the first 3 digits of the SSN. So if you know location, you've got quite a lot of information (first 3 digits at least, if you have a good enough match on time and location very precisely.)
Talk about a clusterfuck.
Any SSN is good
I suspect the mathematical ideas for check digits existed when SSN's were being created. However, since they were just account numbers, it hardly mattered. Add a digit to your SSN, you have another SSN, subtract a digit, you have another SSN. That's an invitation for fly-fishing through records. "Well if that one doesn't work...what about this one...?"
Re:Just goes to show (Score:1)
Oh, and one last thing - never give anyone your social security number.
Guess it's too late for me, then. A number of emplyers have had possession of my social security number at one point or another, as have any number of lenders (student loans). It's a little difficult to keep your SSN from everyone. There's no reason to consider HR-types or loan processors beyond the likelihood of turning to the dark side and misusing the data to which they have access. Not as a rule, just possibly, mind you. So, what, I'm screwed for participating in payroll taxes and funding my education? :P
The FBI wants to prosecute the wrong people! (Score:3, Interesting)
While the "crackers" (who did nothing more than use a leaked password), should be held accountable, so should FORD and its executives
I hope each and every victim files a separate multi-million dollar lawsuit. I'd bet that juries would be very sympathetic to these cases.
Re:The FBI wants to prosecute the wrong people! (Score:2, Insightful)
Ford credit report (Score:1, Interesting)
Ford uses employees social security number as employee numbers. This means every time I go visit any type of doctor. get prescription drugs, register for classes, etc. I have to give out my social security number.
With that said, I do not believe Ford is very concern about giving out peoples
social security number.
Gotta think up a new acronym (Score:4, Funny)
Found On Roadside, Dead
Now I guess it has to be:
Fumble Our Records, Daily
Freak Out, Records Damaged!
Find Our Reports, Dammit!
Faked Our Reliability Data
Ah well. Never reply when hungover.
Re:Gotta think up a new acronym (Score:1)
Fix or repair daily
hehehe
(disclaimer: proud owner of a 2001 Ford Focus)
Re:Gotta think up a new acronym (Score:2)
Fscked-Over Rebuilt Dodge
Text of Article (-5, Redundant) (Score:3, Informative)
Hackers posing as employees of the Ford Motor Credit Company have in recent months harvested a trove of 13,000 credit reports -- a virtual one-stop shop for fraud and identity theft -- with data on consumers in affluent neighborhoods across the country.
The company said in a letter to the victims that computer intruders used an authorization code from Ford Credit to get the credit reports from Experian, one of three major reporting agencies.
Advertisement
"I've never seen anything of this size," a spokesman for Experian, Donald Girard, said. "Privacy is the hallmark of our business. We're extraordinarily concerned about the privacy issue here, and the trust factor."
The inquiries gave the intruders access to each victim's personal and financial information, including address, Social Security number, bank and credit card accounts and ratings of creditworthiness, which can be used to identify the best targets.
"This is not just a credit card number; this is the whole kazoo," said Richard Power, the editorial director for the Computer Security Institute, an industry trade group. A criminal could use the data to make credit card charges or even open bank and credit card accounts in the victim's name.
Thefts of credit records, Mr. Power said, are far more common than is reported. "The unique thing about this one," he said, "is that it has surfaced." The theft was first reported yesterday by The Boston Globe and The Detroit News.
Statistics on identity theft are hard to come by, with estimates ranging as high as 700,000 cases a year. Betsy Broder, the assistant director for planning and information of the Federal Trade Commission, said the commission received 86,000 complaints of identity theft last year.
Representatives of Ford Credit said they did not know how the hackers acquired the code, which was used by the company's office in Grand Rapids, Mich. The intruders focused on addresses in affluent neighborhoods, often in numeric sequence, said Rich Van Leeuwen, executive vice president at Ford Credit.
The company said it had sent letters via certified mail to all 13,000 people, urging them to contact Experian and the two other credit reporting giants, Equifax and TransUnion, and to report any evidence of abuse to the F.B.I.
The company has also worked with Experian to set up a phone line to let victims get their credit reports and help them resolve discrepancies.
Neither Ford Credit nor Experian has determined how many people have reported fraudulent charges or other problems. Mr. Girard said that Experian had received 2,700 calls since the letters started going out this month. Although the unauthorized inquiries began in April 2001, Ford first heard about the problem in February, Mr. Van Leeuwen said. Only 400 of the 13,000 victims were customers of Ford Credit, he said.
Dawn M. Clenney, a special agent at the F.B.I. office in Detroit, said that she could not comment, except to say, "We're on the case."
Mr. Girard, the Experian spokesman, said the company would work with the F.B.I. to catch and prosecute the intruders. "It just shows that today, even big companies can be victimized," he said. "it's a never-ending struggle against the bad guys."
Re:Why is this -5? Some asshole modgeek strikes ag (Score:2)
Trash Talk (Score:2, Redundant)
Look mate, if anybody is victimized here it's those 13000 er! customers while you guys obviously didn't protect their data adequately.
No need to thank me
corporate identity theft (Score:4, Informative)
As a result. these script kiddies^w^w^w Ford was able to get identity theft kits on a truckload of (mostly) rich people just based on their home addresses.
If anything is going to put a big "oomph" behind online privacy initiatives in the states, I think that this may be it.
these are NOT hackers! (Score:3, Informative)
Repeat after me: this is not hacking.
Repeat after me: this is not hacking.
Repeat after me: this is not hacking.
This kind of activity is cracking, theft, robbery, a crime; but it is most definitely not hacking.
Re:these are NOT hackers! (Score:2, Insightful)
Re:these are NOT hackers! (Score:2)
Boy, this takes the cake for lameness. "If everyone calls it..". Who is everyone? If everyone around you calls you a fool, would that make you one?
What are these "multiple definitions" you speak of? Is stealing anything "hacking"? Should we let the ignorant in the media label anything as they see fit, and just follow them like sheep? Use your brains, for cryin' out loud.
Re:these are NOT hackers! (Score:2)
If that happened, I'd have to consider that there was a distinct possiblity that I was in fact a fool.
What are these "multiple definitions" you speak of?
I should have said multiple meanings. IIRC, the most overloaded word in English is "set", which has 1 or 2 dozen meanings. I have no problem distinguishing the difference between "setting an option", a "TV set", a "union of sets", "game set and match", "setting a glass on the table", etc. using the context around the word.
"Hack" has at least the meanings:
Striking with a sharp implement like an ax
An incompetent practitioner of a skill
Programming computers in a "cool" fashion
Attacking the security of computer systems
It's just not that big of a deal. If English language scholars can't hold back the masses from changing the usage of "shall" and "will" over the last century, a few computer geeks won't convince the general population to drop the word "hack" in favor of a term easily confused with a crispy biscuit.
Re:these are NOT hackers! (Score:2)
That aside, you are correct that there doesn't seem to be any hacking, under any common definition of the word.
Re:these are NOT hackers! (Score:2)
This kind of activity is cracking
Repeat after me: The purpose and culture of hacking are about thinking for yourself, and not following authority blindly, so put down the jargon file and think.
Creating dichotomy helps no one. "Cracking" is a useless and harmfull term. This situation involved no hacking (or cracking, by definition), but in general we should not create the image that the use of computers is bad. If someone figures out some amazing new concept to break down TCP/IP trust and codes an example, and uses that exploit to get into a bank and move funds around, is he a hacker? Yes. Absolutely. He's also a thief, but that doesn't take away from his insightful and impressive computer skills. It just means he's also an asshole. By applying terms like "cracker", it makes people think the actual use of a computer is somehow wrong or bad, which is very dangerous, considering how few people understand computers or hacking.
Re:these are NOT hackers! (Score:2)
This situation involved no hacking (or cracking, by definition),
Okay, so I'm waaaaay too bored (hey, it's 4:30 on Friday), but if you wanted to give it a 1337 term other than the boring "fraud" I think it would fall under phreaking [tuxedo.org] (emphasis mine):
"1. The art and science of cracking the phone network (so as, for example, to make free long-distance calls). 2. By extension, security-cracking in any other context (especially, but not exclusively, on communications networks)"
Shayne
Quality (Score:2, Funny)
Seriously though a big company has more to worry about from people you thought were employees than from any computer system breach.
Full Text for those that don't want to register (Score:1)
Hackers (Score:1)
Some people will argue loudly that the press should understand the difference between Hackers and Crackers. Be careful of these people, as they are the worst Crackers of them all. :>
big deal (Score:2)
It blows my mind that any company would take a credit report as anything but mild information that is suspect. It is really easy to wipe your credit report clean, and to seed it with "good credit reporting"... hell there are companies that will for $9.95 a month post a good payment history every month to your credit report (They report that they lent you $1000.00 and you are paying it on time and are a perfect client.... after 6 months pay them $19.95 to close the account and they report you paid it off and you are A+)
Credit reports are wildly inaccurate.. other than the SSN (of which I have 2 credit reports I found out.. they mis-typed my SSN once and attached it to my Drivers License number.. Again that entire credit history was deleted because the SSN was not mine.)
Re:big deal (Score:2)
My understanding is that scoring algorithims taken that into consideration. Take person x, who has a great payment history on her car, mortgage, credit cards, gas bill, et cetera, but for some reason has a $500 credit card in default on her account. The computer will just throw that out as an anomaly and score normally. If it were a $10,000 card, the computers should think that something is clearly wrong, and flag the history for deeper research.
I say this because I believe that the good identity theft artists are not getting caught (though, few are getting caught anyway.) The way someone gets caught for identity theft is by destroying an entire credit record, then law enforcement gets on the paper trail. However, I believe the future is in "copying and pasting" credit report data...identity theft person gets out a credit card, defaults on it, makes sure it's associated with only one credit report, then does the same to another credit report. Or is copying and pasting good data into another credit history file "for some reason this credit card is showing up under SSN xyz, but my SSN is really xyz, can you make the change for me?"
On a side note, i used to live at a dormitory that also held about 14 floors of university offices. for some reason, my credit report said I worked for the university travel agency located in that building. amusingly, i never got my credit reports to say where i actually worked.
anyway, the worst part of the credit report system is this: the bear of it is the data, data coming in, data going out, processing hundreds of millions of records, giving data to hundreds of thousdands of different companies, and receiving the same data from the same companies. with all that in mind, it simply is impossible to be in control of the data...i don't think that anybody here would disagree with the concept that you could, with the proper information, do anything you want with someone else's credit history--make it better, ruin in, copy and paste from it, et cetera.
Experian is not in control of the data...they simply keep the computer powered up. the problem is, they *think* they are in control of the data, and the way they treat you whe you have a claim indicates this. nothin causes identity theft more than the fact that these bozos have legitimacy. (their downfall is more arrogance than anything if you ask me.)
Re:big deal (Score:2)
sorry, but banks can do tons of things that you and I think are illegal... but because they are banks... they can legally do it
Gotta love it when someone uses the evil system for good.
It happened to me (Score:4, Informative)
I was the victim of ID theft. You do not want this to happen to you. Ever. It involves filing police reports, calling every company that showed up on your credit reports and providing all kinds of info to their fraud departments. It took me over a year and a half of phone calls, faxes and emails to straighten everything out. I'm still getting calls from creditors about unpaid credit cards and such that clearly aren't mine.
I think it's obvious that if the only thing between theives and your identity is your mom's maiden name, your address, and your SS number, that it's been made pretty freakin' easy for them.(Granted it's not quite that simple, but it's damn close)
One thing that struck me throughout the entire process of cleaning up my credit reports was that I was doing the cleaning up. Here are 3 companies that basically control whether you can ever buy a house, and when they screw up and allow someone to assume your identity using their services, it's the victim that's left picking up the pieces.
my sob story. (Score:2)
I was also a victim of identity theft. Someone with the same first and last names as me, living in another state, began forwarding my home mail to his address. Then he began contacting my online brokerage directly and changing my account address to HIS address! I immediately changed my address information back, but he changed it again.. EIGHT TIMES! My online brokerage did not care. The postal inspector in my state did not care. The postal inspector in his state did not care. The local police in my state did not care. The local police in his state did not care. The FBI did not care. He was committing inter-state mail fraud, threatening my brokerage accounts, and repeatedly giving us his REAL HOME ADDRESS but still no law enforcement agency cared. The postal inspector in my state even had his handwriting and fingerprints on the change-of-address postcard he mailed, but the postal inspector did not care.
One year later, he tried to apply for credit card using my SSN. Because I had put a warning on my credit report accounts (at my hassle and cost), the credit card company called to warn me. Finally, the police were interested. They nabbed him the next day. After not showing up in court once, he eventually was sentenced to three months in jail. I later found hundreds of dollars of HIS debts on my credit report. I called the police again, but they did not care. They said that since he already spent three months in jail, he has done his time. Nevermind that he went to jail for the credit card fraud, a separate instance of a different crime!
After these two stressful years, this "gub'mint-fearing liberal hippy" has lost any shadow of confidence that our impotent law enforcement can protect the innocent from the criminal. Or that they even care to try.
IMPORTANT - Opt out (Score:5, Informative)
Call this telephone number. This number is maintained by the three credit reporting agencies and it allows you to "opt-out" of certain marketing games; basically, this means the three credit reporting agencies will no longer be allowed to give your credit report to marketers, but only to people with whom you actually have business.
Ford is a legitimate business; if you don't "opt-out," they can get a credit report on you. I opted out and I've never done business with Ford, so this story doesn't affect me.
Another nice thing about using this number to "opt-out": I no longer receive any junk mail. No more pre-approved credit cards, no more free offers, no more anything. I now look forward to checking my mail every day, as it only contains only bills and personal correspondence. I also say "put me on your do-not-call list" to telemarketers and I don't watch TV, so live in an almost completely ad-free world. It's a very nice world and I invite you in.
Re:IMPORTANT - Opt out (Score:1)
I think I'm going to have to Opt-out. Thanks though.
Re:IMPORTANT - Opt out (Score:1, Insightful)
:)
Junkbuster Declare (Score:2)
I filled this [junkbusters.com] out last summer. Not only does it cut down the junk mail and telemarketing calls (I've had three calls since August, and can check my mailbox for bills once a week), but the reporting agency letters request that many casual inquiry requests not be honored.
If you request your credit report, you can deny access to specific companies (I banned Providian [state.ca.us] many years ago).
Turnabout is fair play? (Score:2, Funny)
Really? So, if I could find the account with my name on it, I could close it out and take the cash? Sounds like an item for News of the Weird's Least Competent Criminals category.
Today on Slashdot... (Score:1, Offtopic)
Anyone else think this is dumb? Please stop linking to NYTimes already! There's plenty of other places out there also carrying these stories.
enter fake info for nytimes.com, etc. (Score:2)
What gets me (Score:2)
This is negligence in Fords part and they should be held accounatble. They should pay ALL legal fees to clear up this mess. What has ever happened to resposibility?
But then again I hate Ford due to past experiance with a LEMON...the AREOSTAR. What a peice of sh1t. The first year the van spent 6 months at the dealership due to transmission and engine problems. Did they take responsibility? No!
Yes the second part is a little offtopic but the attitude of the company is on topic. They refuse to take responsibility. Why do we accept this? Because legally it would cost too much to fight back and I think that is what is wrong with our society today.
/END OF RANT
Wow. Talk about flying off the handle. (Score:2)
Why does the editor lump credit reports with credit card numbers? Not the same thing.
This is not some crackers who broke into ford and stole customer data!
It is some guys who posed as ford employees in order to get credit reports from the nation's largest credit bureau. (Hint: Many, many businesses can get this information).
OH NO! Some kids got the same info your bank, car company, and just about any other place can get about you! Heaven forbid!
Hello! That's the kind of info credit bureaus keep and hand out to the highest bidder. It's not like these kids ripped you off.
It's also not like your SSN is a private, secret number. Anyone who treats it as such is being dumb.
Experian and the automotive business... (Score:2)
Back Story: I am the IT administrator for a midwestern dealership that sells German luxury cars. I am the first person at this dealership to be a dedicated IT person, and I've only been here for a few months. Approximately 20% of dealers nationwide have dedicated IT staff, and even then, it's usually the multi-location/multi-franchise operations, with one IT admin spread across an entire metro area. This isn't overly significant, until you realize that the average level of technological competence at the dealer level is just barely above room temperature. A handful of companies, such as ADP, EDS, Reynolds & Reynolds, and UCS, have figured out how to exploit this particular niche market.
Dealer Management Systems are BIG bucks. What you do is you put together a package of desktop systems (originally, green-screen dumb terminals, but more recently, PCs), a server (Usually Unix-based - Reynolds & Reynolds uses Irix on their older systems and Linux on their newer ones), software that does soup to nuts, and a network to tie the whole thing together. They sell this to a dealership, and then lock them into a support and maintenance contract. Changes, updates, etcetera all cost large sums of money (we spent 6 figures with our vendor last year). They'll also sell you preprinted forms and everything that work with their software - checks, service orders, coupons, you name it.
Experian is pushing the ASP model, because it means that a dealer doesn't have to worry about a server in a closet, swapping backup tapes, and so forth. As part of the hook, Experian is promoting its vast mine of data as a major benefit. As one of the Big Three credit bureaus, they have detailed financial, credit, and personal data on jsut about everyone in the country. They also have a database of (according to them) 335 million vehicles. This is great for doing history checks and such, but it can get very scary very quickly.
Picture this. You want to find out who lives within 15 miles of your dealership and makes enough money to afford your luxury automobiles (when it's luxury, it's more than just a car, it's an automobile). "No problem", says Experian, "we've got all that right here!". They can also tell you if they're credit-worthy, what they drive, and which of your competitors they bought their current vehicle from, and what it's worth as a trade-in. It goes downhill from there. None of the other companies operating credit bureaus have a division catering directly to the automotive business like this.
Let's face it, your personal data isn't personal anymore, it's an asset, and it belongs to companies like Experian.
protect yourself.. (Score:2, Insightful)
How they did it.... (Score:2)
Connected to ilovedancing.org.
220 ProFTPD 1.2.0rc3 Server (ProFTPD Default Installation) [reports.experian.com]
User (reports.experian.com:(none)): ford
331 Password required for ford.
Password: 12345
230 User ford logged in.
ftp> prompt
Interactive mode Off.
ftp> mget *
Don't pass that around!
-1 Redundant (Score:1)
Next time make it more original in some way. I suggest adding an hilarious joke about Microsoft (I mean Micro$oft w00t! ROFLOLOLOL).