Dumpster-Diving for Your Identity 344
The NYT magazine has a story titled Dumpster-Diving for Your Identity - the author interviews two convicted identity thieves talking about their methods and successes.
This discussion has been archived.
No new comments can be posted.
Dumpster-Diving for Your Identity
Related Links Top of the: day, week, month.
Swap read error. You lose your mind.
I tried, really! (Score:3, Funny)
Dumpster-diving bears at greater risk [cjonline.com]
It's not about bears stealing your identity, though I pity the bear that applies for a Visa card with a FICO [myfico.com] as bad as mine! But it is an interesting tale:
Then there are the people: One older woman set out a batch of syrup-slathered pancakes for the bears, and some parents smeared peanut butter on their children's faces so they could photograph cubs licking it.
Where's Darwin [darwinawards.com] when you need him?
Dumpster Diving Moose, Too! (Score:2, Funny)
""Initially they were Dumpster diving (a few years ago), but now they've actually progressed into tearing open black garbage bags in cans that don't have lids," said Jessy Coltrane, the assistant area biologist for the Alaska Department of Fish and Game. "When moose start getting into garbage, they're almost worse than bears because they're pretty persistent about it."
Re:Dumpster Diving Moose, Too! (Score:5, Funny)
I cant believe you people... (Score:5, Funny)
Re:I tried, really! (Score:5, Funny)
Shredding doesn't offer much protection either... (Score:5, Interesting)
But seriously, we use a shredding company here at my office for our important papers. They're supposed to do all the shredding "on site" in their truck. Yesterday they were here to empty our shred bins, and they brought in a big trash bin to haul our stuff out to the truck. One of these bins was sitting in the hallway, and no one was around, so I took a peek inside. It was papers from an accounting firm down the street! I mean, we're supposed to be paying these guys to keep our info secure, but here they are waiting until their bin is full before they shred anything?! Needless to say, I had a long conversation with our facilities manager after this...
If you want something done right, better do it yourself! I'm now using a $30 shredder BEFORE I dump anything in our shred bins! Who knows where our important documents have been travelling to before they actually got shredded?!
This is why I burn all my important docs, credit card offers, old checks, etc... at home, who knows who is going through your trash? All they need is an account number, and a shredded document can be taped back together with enough motivation and time... (although with some people being easy marks, I guess the harder you can make it, the better!)
Re:Shredding doesn't offer much protection either. (Score:5, Insightful)
Jason
ProfQuotes [profquotes.com]
Re:Shredding doesn't offer much protection either. (Score:5, Informative)
The difference between a $30 Office-Depot Shredder and a good commercial shredder is significant. The Cheapo shredder usually shredes only vertically, and does so usually so that there are about 20 cuts down one page. People sending 3-4 documents in at once will find that they have those 3-4 documents nearly intact, just cut into 20 vertical peices which are easy to put back together if someone is careful in extraction.
On the other hand, good commercial shredders litterall demolish the paper, turning it into sawdust like material that would be impossible (virtually) to reconstruct. Along these same lines, good document security companies use combination of methods, not just shredding to ensure security (read: chemical treatment, randomization, etc).
Brushfireb
Re:Shredding doesn't offer much protection either. (Score:5, Interesting)
On the other hand, good commercial shredders litterall demolish the paper, turning it into sawdust like material that would be impossible (virtually) to reconstruct.
I have the second-cheapest cross-shredder I could buy from WallyWorld (Yeah, I know, evil, but show me a Mom&Pop that carries cross-shredders). For USD$25, I end up with 0.25" by 1.5" confetti. Good luck putting that back together.
And for a teensy bit extra security, when I empty the bin, I dump a cup of water on it for good measure. 15 minutes later I have paper mache - Even if you could still recognize a word here and there, how do you scoop it out of the wet blob to reassemble without obliterating it?. I suppose I could go a step further and burn it as well, but really, why bother? Anyone wanting my personal data that badly can get it a lot easier than searching my garbage for paper mush.
Re:Shredding doesn't offer much protection either. (Score:5, Insightful)
And there lies the answer. You don't have to perfectly destroy the papers. Just make it cost more to get the data than the data's worth. Even the most basic methods (straight shredder) will deter most thieves. Unless you're being specifically targeted, there's always the idiot down the street (or next door) that's an easier target.
Re:Shredding doesn't offer much protection either. (Score:3, Interesting)
Its simple, you dump the stuff out on a scaner, do a boundry scan and then run length encode each end and then sort thouse. The result is a map of how to put it all back together. No big deal and there is shareware that will do it.
That size of paper is good for running through a blender with a bit of water.
Re:Shredding doesn't offer much protection either. (Score:3, Insightful)
If someone happens to get ahold of your sensitive data, it's nice for the bigwigs to have someone to blame other than themselves....
Think about it. Someone forgets to shred some confidential documents in their own personal shredder, and they get into the dumpster intact. That would be a whole lotta egg on the company. But, if the shredding company acidentally let a document "leak", then they'd probably lose more than just face... they'd probably lose a lotta
Re:Shredding doesn't offer much protection either. (Score:5, Informative)
Because $30 personal shredders suck ass. They're cheaply made, their motors burn up if you put more than 5 sheets at a time through them with any regularity, and they jam very easily.
Spend a hundred for each one and you might get something worth using.
Spend $1500 for a serious industrial crosscut confetti model and let 30 employees share it and your company is probably far better off than with either of the above options, or the shredding service.
Bonus points if the company then sells the shredded paper *directly* to a pulp mill
p
Re:Shredding doesn't offer much protection either. (Score:5, Insightful)
That's one of the reasons the military and (some) government agencies have adopted standarized protocols to deal with this kind of stuff and generally are quick to reprimand those who violate policy.
Many security problems these days have to do with the fact that people for some reason refuse to apply common sense -- requiring people to wear ID tags at all times and conducting thorough background checks is not going to do any good if you just dispose of confidential documents into some backyard alley dumpster.
Re:Shredding doesn't offer much protection either. (Score:4, Insightful)
The cost of having every employee or department having their own shredder isn't restricted to the initial $30/seat investment. There's also the time involved in shredding documents.
Probably not a good example, but:
I once had a job which involved faxing purchase orders to suppliers. When I first started, the process was:
- Print batch of purchase orders.
- Go to accounting department. (I didn't have a fax machine on my desk.)
- Fax each purchase order individually.
This process consumed 2 to 3 hours of each of my days.COST: 2 to 3 hours employee time per day.
SAVINGS: $100 one-time cost of fax machine
Upper management greatly improved the situation when they donated a fax machine from their office for my desk...because it didn't meet their needs - it didn't automatically identify the sender in the page headers.
COST: 45 to 60 minutes employee time per day; plus additional 40 minutes of long-distance calling per day for the header page.
SAVINGS: $100 one-time cost of fax machine; 2 to 2-1/4 hours employee time per day.
Although it saved the daily trip to the accounting office, faxing now required a header page identifying where the fax was coming from. At least I could be mostly-productive while doing the mindless hours of fax work.
Eventually, we did end up with a fax modem which was connected directly to the mainframe which saved even more time.
COST: $300 for the fax modem; software written in-house in about an hour
SAVINGS: 2 to 3 hours of employee time per day
Queue batch of purchase orders.
Time is money - even if it is 15 minutes.
Re:Shredding doesn't offer much protection either. (Score:4, Insightful)
Another reason is liability. Having a company you can sue is nicer than having to cut your own throat by firing someone who screws up.
Re:Shredding doesn't offer much protection either. (Score:5, Funny)
$30 personal shredders won't handle many items such as old badges, bernoulli disks, floppies, backup tapes, CD's, last year's Xmas fruitcake, whistleblowers, etc.
Re:Shredding doesn't offer much protection either. (Score:5, Insightful)
The man who picks ours up is a toy short of a happy meal. He rarely says more than an incoherent mumble or two. Something usually about the damn lock on the door (I share his frustration).
We started using them after we shred about 5000 pounds of confidential data. I filled 12 large bins that they provided for us. These were probably 3.5 feet tall and large enough for at least two of my fat asses to fit inside easily.
Why do we use them? Because it would take me two or three days to destroy a single box of paper records that we have. I don't have time for that.
It's something like $500 for 5000 pounds. You do the math... Pay an employee $15/hr to shred documents for 3 days ($15 x 8) x 3 or $500 for 5000 pounds.
Re:Shredding doesn't offer much protection either. (Score:3, Informative)
I can vouch for the effectiveness of dumpster diving; I snarfed the entire budget info for the science dept. in college once.
avoid recycling bins for financial mail (Score:5, Interesting)
My local police department recently published a blurb asking residents to dispose of identity theft-related materials (e.g., financial statements, anything with a SSN, etc.) in the ordinary garbage, instead of the "mixed paper" recycling bins as we've been asked by the rest of the city government.
It seems that identity thieves are very happy about the shared, clean, and portable "mixed paper" recycling containers found throughout my (rather affluent) city, and they tend to pick them up, quickly sort through the cereal and microwave dinner boxes for the good stuff, and have the container back before anyone notices.
Presumably today's dumpster divers have the luxury of avoiding coffee grounds, so you can go a long way towards protecting yourself by dumping the financial correspondence in with the smelly stuff.
Re:avoid recycling bins for financial mail (Score:5, Funny)
Re:avoid recycling bins for financial mail (Score:3, Funny)
Re:avoid recycling bins for financial mail (Score:5, Funny)
Each form had the person's name, date of birth, Social Security number -- all the information necessary for taking out a line of credit.
Interesting. William Henry Gates, III, 539-60-5125, October 28, 1955. Now, how do I take out that line of credit?
Re:avoid recycling bins for financial mail (Score:2, Insightful)
So that won't work for me.
link=http://seattlepi.nwsource.com/local/152676_re cycle16.html
I'm not as worried... (Score:4, Interesting)
The solution is easy (Score:5, Interesting)
I knew someone who got screwed big time by a gas station who would keep the carbons, and double bill her every time she filled up, the cash going straight into the owners pocket. She was a dope for letting it go on so long, as she never bothered scrutinizing her Visa bills. Turned out the station was owned by a Russian mobster. This was long before the world wide weeb.
Just don't toss your sensitive data into the dumpster where any bum can get your CC number.
Important add-on (Score:5, Insightful)
Re:The solution is easy (Score:5, Interesting)
How does that protect you from the information theft that occurs with others that you have to deal with? If you have to see the doctor, and had it billed to insurance, most likely you're Social Security Number was seen by many people. Anyone of them could copy the number name and start opening accounts. I guess you could avoid the doctor offices too.
Having gone through this a few years back, it not as simple as you state. They didn't have any personal Credit Card numbers, just the SS # and they opened new accounts with that. Luckily one of the companies actually took time and flag the application for inconsistencies... Credit Report showed working at a computer company, yet the application said I cut hair... not many people make that kind of job change. The lady actually track me down, and I was able to clean it up relatively easy. If I had to wait for the next review of my credit report (which is recommended every year) with could be upto 12 months before this is detected, would make it much harder to clean up.
When a few companies was questioning me, as if I was involved in the scheme: "How did you find out about this if you weren't involved", it was quite satisfying to respond: "Mrs. X at company Y actually inspected the credit application and contacted me to verify that I didn't sign-up. She was the first to notify me and you can reach her at: xxx-xxxx. Don't blame me for your companies lack of verification."
Re:The solution is easy (Score:5, Interesting)
And those people don't necessarily work for your doctor or your insurance agency. I worked as a temp for a few weeks at a medical imaging billing company. Since a doctor that works in medical imaging processes a *ton* of patients, the billing becomes a large portion of their office's work. This is (I suspect) almost always outsourced.
My first day on the job, they handed me a stack of several hundred people's names, addresses, phone numbers, SOCIAL SECURITY NUMBERS AND MEDICAL RECORDS. This is pre-HIPAA. Dunno how it works now.
Let alone identity theft, one of the records they handed me that week was a well known elected politician's totally routine mammogram. Her results were clear. Imagine what that kind of leak could do to an election if it were not.
Obviously their entire business process needed to be completely redesigned if they wanted to provide some semblance of privacy. And you don't know if this company handles your bill or not. And such a redesign would raise their costs astronomically. It might even make them non-competitive with in-house billing. This doesn't mean it's ok, it just means it's not going to happen unless they're forced.
Obviously, I could go on and on.
Re:The solution is easy (Score:2)
Many of those people weren't even supposed to see it. I was just in the doctor's office recently and when I looked in through their window I could see a woman's name, DOB, and SSN on a piece of paper right in front of me. The SSN was helpfully written very large on a pos
Re:The solution is easy (Score:3, Insightful)
You throw these out!?!? Never, in my wildest imagination would I consider taking such critical records and disposing of them. I've got my account histories (at the touch of a lock) form three banks over 15 year - I've even got records fom companies that closed, long before the whole 'get it online' rush. This is why I request paper copies of those records: so I can keep them.
Certainly, someone can break into my house, ignore all the shiny,
My solution is better (Score:5, Funny)
Easy way to do it is to not pay a utility at an old residence (People's Energy is trying to extort $50 for the 0.07 therms of natural gas I used at my last apartment, and they will never see a dime of it. And no, I'm not kidding about the 7/100ths of a therm.)
But... (Score:5, Funny)
"A thief stole my credit card and has been using it for the past couple of months."
"Oh my! Why haven't you reported it?"
"Because it still works out to be cheaper than me using it!"
Burn Them. (Score:5, Funny)
Re:Burn Them. (Score:2)
We used to shred constantly until we moved out to the country. Now, we're never short of kindling for the trash barrel! Too bad I didn't "remember" to update the address on all my domain name registrations, though. Heh.
Compost them, don't burn them! (Score:5, Interesting)
I doubt that many id theives would want to rummage through your compost bin, if they even thought to look there in the first place.
For added security, add a couple of large dogs to your backyard. They will help deter personal property thieves in addition to compost-diving identity thieves!
Re:Compost them, don't burn them! (Score:3, Funny)
Re:Compost them, don't burn them! (Score:5, Informative)
a little while back (Score:5, Insightful)
Honestly, if people would just be a bit more paranoid, and not worry about being casual with risk as a fashion statement, these guys would have a lot less to go on.
That's with regard to personal papers. Businesses should know better, and should get their asses sued for failing to protect sensitive information that was entrusted to them by their clients.
Re:a little while back (Score:3, Interesting)
The dumb bit? They were useless to deal with. Despite the fact a male had been paying his utility with her card (her name's Katie, it's not like that could be mistaken
Re:a little while back (Score:2)
"But it's my card!"
"I'm sorry miss, but it's obviously not your card as this account belongs to a male; now can we speak to him?"
Recycling.... (Score:3, Interesting)
Properly rolled and bound newpaper "logs" burn for a long time, and give up some nice heat.
I use the cheap single cut shredder to shred everything with personal info, this is good enough for starting the fire.
I cut the address from my old trade periodicals before I drop them off at the waiting room at my Doctor's office. Better computer magazines than Women's Day.
Now before all of you green geeks flame me, the county stopped collec
Punishment != Harm Caused (Score:5, Insightful)
I'd argue that was nothing but a slap on the wrist, and not much of a deterrent to future fraudsters.
Re:Punishment != Harm Caused (Score:2, Funny)
Re:Punishment != Harm Caused (Score:3, Funny)
Nathan
Re:Punishment != Harm Caused (Score:3, Interesting)
I'd be willing to bet that most Americans would choose to put away criminals like those in this article for much longer sentences than they would choose to put away marijuana pushers, if ever give na direct choice.
Regrettably, most of our politicians, DAs, and judges don't have the backbone to rethink our drug policies.
I'm getting off-topic, clearly, but the point is that if they had locked these guys up for 20 years, it woul
Cringely articles on identity theft (Score:5, Informative)
Ego, Super-ego, and ID Theft [pbs.org]
How to Steal $65 Billion [pbs.org]
How ironic (Score:5, Funny)
Just wondering (Score:3, Insightful)
Same Story without the Registration (Score:4, Informative)
A little googling resulted in the same basic story without the registration:
refers to future article in NY Times [here-now.org]
and
Over a year ago on CBS News [cbsnews.com]
Dumpster Diving for MY identity? (Score:3, Funny)
Anonymous FTP (Score:5, Interesting)
Somewhat popular among the consulting types, they upload client data to an FTP server, then fly off to the client's office, and download it from there...or maybe use it as a means to "share" data among themselves. Some forget to password-protect it, relying instead on security through obscurity.
How is this related to dumpster diving? Well, if you look hard enough, those servers are just like public-access trash bins fit for people to...um...recycle data.
If you're a consulting group, make sure you treat your client data with absolute confidentiality. If you're a business working with consultants, make sure they don't leak your info to the world.
same goes for Kazaa (Score:2, Interesting)
In just a few hours he found documents related to national security and bussiness. Mostly because careless employers of crucial national institutions carelessly install Kazaa just to download junk, and don't even know (or understand) that they share C:\My Documents\ directory. This is outrageous.
The journalist said th
NYT random login (Score:2, Informative)
Use this to randomly generate a login for you
http://www.majcher.com/nytview.html
Just do what my parents do... (Score:2, Interesting)
Full Article Text without Karma Whore (Score:5, Informative)
By STEPHEN MIHM
Published: December 21, 2003
tephen Massey was only a few minutes late, yet he apologized profusely as he strode into the lobby of a crowded restaurant in downtown Eugene, Ore. ''I'm very punctual about my time,'' he said, clasping my hand in a firm shake. With his freshly combed hair, crisp white shirt and trimmed mustache, he looked like an off-duty cop or fireman -- a ''pillar of the community,'' as he later described himself, a wolfish smile playing across his lips. Far from it: Massey, 39, directed one of the most extensive and notorious identity-theft rings prosecuted so far by federal authorities. By the time investigators broke the case, Massey and his partner in crime, a computer whiz named Kari Melton, had ruined hundreds of people's credit. A judge sentenced them to prison in 2000; Melton was released in 2001, Massey the next year.
Advertisement
The Federal Trade Commission estimates that identity theft costs nearly $53 billion annually. Some seven million people were victimized in 2002. Yet little is known about how the perpetrators actually operate. It's a popular perception that most identity theft happens on the Internet, but over the course of dinner, Massey quickly made clear that low-tech methods of getting people's personal information are far more effective. ''Every day was exciting,'' he recalled between mouthfuls of potato skins. ''We went to Vegas, Atlantic City. We made a business of it. It was like James Bond . . . 'Mission: Impossible.'''
In late October, Massey disappeared, violating the terms of his supervised release and prompting a national warrant for his arrest. It had become clear to me in five months of interviews that not everything he said was to be trusted, although much of it was verified by the detectives and prosecutors who had already investigated his crimes and by Kari Melton. As for Massey's current whereabouts, Steve Williams, a detective in the Eugene Police Department, who worked on the first case against Massey and is once again on his trail, said: ''My gut feeling is that he is in the Seattle area'' -- where he has family -- ''back to his old tricks, doing drugs, identity theft and counterfeit checks.''
If Massey has indeed resumed operations, it's a sure thing that he's not working alone. His identity-theft crimes depended on the work of a carefully built ring, one that employed hordes of petty thieves and drug addicts. If he sticks to his old techniques, his crimes will originate in Dumpsters and garbage cans, where information can be culled from discarded personnel files and other trash. It's not the most glamorous crime, but that doesn't make it any less devastating to its victims.
Discovering the Dump
Massey's life began to unravel in his late 20's, soon after he started experimenting with the highly addictive stimulant methamphetamine. Before that, Massey achieved some semblance of success, managing an awning-maintenance company, marrying and, with his wife, having two daughters. Then he and his wife divorced in 1992. Soon after, he remarried, and divorced a year later. His business began to decline. Sometime in the mid-90's, his teenage girlfriend offered him some meth. ''So here I am with no place to live, on the rebound and with a habit,'' Massey recounted. ''Who wants to look for a job again?'' Massey began hanging out with a much younger crowd of meth addicts, called ''tweakers,'' and forging checks to feed his drug use. It was during this time that he began to wonder if he could hijack people's identities for profit. He stumbled onto the answer soon after, when the meth-heads invited him to go ''Dumpster diving'' for junk. Massey and the teenagers piled into his Ford Explorer and drove to the outskirts of Eugene.
''It was the first time I had ever been to the dump,'' Massey recalled, wrinkling his nose. ''I said, 'I'm not going to get dirty,' so I wandered over to a shed where the recycling was stored. I notice there's a big barrel for rec
As long as banks can write off 100% of loss (Score:3, Insightful)
Why should they? It's a 100% writeoff.
Start changing the writeoff to 95% next year, 90% the year after that, 85% 3rd year, and see how fast they change their attitude.
.seeth. .seeth. (Score:2)
Of course, by which he means, "Take that, people who have spent their lives helping other people and getting paid for it! All that money you saved is mine now!"
Not only is a two year sentence too short, it'd be fine with me if this guy were beaten to death.
Re:.seeth. .seeth. (Score:2)
Nice political-identity theft.
Re:.seeth. .seeth. (Score:2)
Re:.seeth. .seeth. (Score:2)
DESERVES TO DIE
I don't know if he was kidding... (Score:2, Interesting)
Re:I don't know if he was kidding... (Score:4, Interesting)
Re:I don't know if he was kidding... (Score:4, Interesting)
Even "Confidential" requires a cross cut shredder built to certain standards to destroy. The most common reason for confidential classification is the document contains personal information, such as SSNs. It's common for military units to read a briefing statement that explains what a SSN is being asked for each and every time it is mentioned, and to warn service members when it is optional to provide one.
"It is your option not to provide your SSN for this insurance document. The Department of the Army may have difficulty tracking the issued policy, and it may delay your designated heirs receiving benifits if you elect not to do so".
Can you imagine if the average doctor's office took it this seriously?
Not news (Score:2, Informative)
Get a locking mailbox too. (Score:5, Informative)
If your mailbox is on the curbside like mine, seriously consider getting a secure lockable one where the mailman can only drop mail off, but a key is required to retreive it. I just received mine from oregontrailbox [oregontrailbox.com]. I did some research, there are a few places that sell those under different names, but the ones I liked are actually the same box that seems to be manufactured by pinnacle [lockingmailbox.com] (or pinnacle is yet another reseller of the same box made by a unknown third party....)
In any event, I will be installing my Heavy Duty Standard tomorrow...
--
OpenHosting [openhosting.com] Virtual Servers for the geeks.
Re:Get a locking mailbox too. (Score:5, Interesting)
Most neighbourhoods here have a bank of mailboxes, each with a lock (small door, but deep enough to hold a standard letter envelope). Walk (or drive, if lazy) down the street to your mailbox. I guess Canada Post likes that system because they can deliver our mail much easier this way - essentially in bulk. Each bank has a pair of larger parcel boxes, in case you get a deliver that doesn't fit in your letter-size box. The nice man leaves you a key for 'compartment A or B', you take your package out, and deposit the key in the mail slot so the mailman can retrieve it with tomorrow's mail.
My only annoyance is some neighbours, who don't like receiving junk mail, leave it on top of the cabinet, leaving the garbage for everyone else to see. Why they can't just take it home and stick it in their recycling box is beyond me.
Re:Get a locking mailbox too. (Score:3, Interesting)
Re:Get a locking mailbox too. (Score:3, Informative)
Good Ideas on what to protect. (Score:2)
One thing that was disappointing is that its not always a slip on an individual's part. A hospital could be sloppy with records and you've got a big target on your head. (...or wallet.)
Ron
PS: I do like those Citibank identity theft ads. They're funny. Too bad they didn't tell you more about how to protect yourself except to buy something.
Re:Good Ideas on what to protect. (Score:3, Flamebait)
If jail space is the issue, stop locking up drug offenders and/or bring back corporal punishment. A nice "IDENTITY THIEF" brand on the forehead would be a good start. Perhaps reversed so they can read it for themselves in the mirror every day. My other thought is a tattoo on the fingers, one ring for each guilty conviction. Heck, I'd even c
Comment removed (Score:5, Interesting)
We don't need to abolish it... (Score:5, Insightful)
...because something even more invasive would be put in its place. The Devil that ya know, and all that.
We don't even need to pass new laws to restrict the use of the SSN, because we already have them. It's not supposed to be used for any identification purpose other than actual Social Security.
Once again, the problem is not lack of laws. It's lack of enforcement. (Look at Bush and Kenny Boy, and tell me if you're surprised.)
What I wonder when I read these (Score:5, Interesting)
I keep wondering if for every guy like this they catch, there must be like 3 guys who are really careful and "normal people" (i.e. professionally minded, don't take drugs or hang around prostitutes, etc.) who do these type of crimes to build up some large amount of money, then move someplace and live off the interest. Those would be the guys that would be real hard to catch.
I wonder if those kind of criminals exist and in what numbers?
Dumpster diving old home directories (Score:5, Informative)
He had all sorts of personal data in his home direcrtory: passport & visa applications, paycheck stubs for several years, copies of expense accounts including scans of credit card statements, info about his retirement from the company we used to be a part of, ...
Once I realized what it was I rm'ed it, but what would posses a supposedly rational person to not only save this data to a networked machine at work but to leave it there after leaving the company?
Re:Dumpster diving old home directories (Score:2, Insightful)
The real lesson there is not to have personal information on work-machines to begin with.
Re:No you didn't (Score:3, Informative)
He was root on an NFS client, browsing files on the server. In that situation, root (on the client) is mapped to nobody on the server, i.e. not very useful.
In order to read the data, he need to change his identity to the file's owner first.
Either you're a troll, or you're a pretty stupid sysadmin for not knowing this.
Or, maybe he had only the root password of a couple of NFS clients, but not the server?
for not des
Curtail use of your SSN (Score:5, Informative)
The two primary examples of this use are the medical profession adn the Motor Vehicles establishment, both of whom seem to think the SSN is a handy Unique ID. Obviously, this magnifies the security risk for anyone who complies. Here's how to deal with both.
When you sign up for health insurance, fill in the SSN field with the phrase "assign ID". Sometimes they will just do it, but usually some clerk will complain that you haven't completed the form, they can't process it, etc. Firmly explain (often several times) that this is illegal, and that their companies have procedures to handle this, and that they need to speak to their manager. They will soon return with a sheepish demeanor, and you will get an ID in the SSN format.
Now, whenever you go to ANY doctor, dentist, hospital, or whatever, fill in this assigned ID as your SSN on their form. If asked whether this is your SSN, simply respond that "This is the correct ID.", and do not let pressure you into revealing your SSN.
The DMV and police may be easier or more difficult to deal with. The DMV should have a checkbox on the form which allows you to decline using the SSN, usually with some corresponding inconvenience. E.g., some states will require you to come in for renewed licenses, whereas they will mail them if your SSN is in their system. If your state doesn't have this option and you cannot argue them out of it, transposing a few digits might not be a bad idea.
When dealing with the police (e.g., in a speeding ticket situation), I've found it is best not to tell them that their request for your SSN is illegal. Best to just say that you don't remember it. Of course you don't want to give false information, right?
These tactics will obviously not close all vulnerabilities, but they will eliminate two major potential sources of identity theft. Good Luck.
Re:Curtail use of your SSN (Score:5, Informative)
There are no laws that forbid the private use of the SSN for any reason whatsoever. Any private entity may demand your SSN as a condition for interacting with you; you must provide it or they may refuse to interact with you. (For instance, getting health insurance or a credit card.) The Privacy Act of 1974 made some restrictions relating to *governmental* (only) uses of the SSN as an identifier; when government agencies demand your SSN, they have to tell you their legal authority for requesting it and what the penalties are for failure to comply. This requirement is largely ignored in practice - for instance, when I was serving on jury duty, the court clerk demanded my SSN (to withhold income taxes on the $12/day jury payment), and when I pointed out that they were violating the law by not disclosing the authority for this request, the clerk was singularly unimpressed. If the court system is violating the law... but I digress.
The rest of the comment (seek to use an assigned number rather than your SSN whenever possible) is good advice, and will often work, albeit at the cost of some hassle. CPSR has a good FAQ [cpsr.org] with some more information.
Trust no one with a fax... (Score:5, Interesting)
If it is not bad intention, it is just stupidity. For a while, I had a fax number, which was the same as that of some medical lab (or insurance company) -- except for the area code.
Twice a week a fax would arrive from a doctor's office in my area -- thanks to an absent minded "office manager" or some such. Due to the nature of the business, all faxes contained not only the patients' names, SS#, but also diagnoses, health histories -- the works! I called them back every time -- boy, were the morons surprised... They never even bothered to check the fax ID string, which I had configured to my company's name.
Not to give any ideas, but how difficult is it for a scumbag to get a phone number similar to that of a claims department of an insurance company?.. Or a mortgage department of a bank? You can guess the other steps she/he will need to make. Mind you, completely passive and impossible to detect. No dumpster diving involved either -- totally white-collar job...
We can moan about the need to use encryption and authentication, but faxes don't have this feature at all. As long as this sort of information passes over telephone lines unencrypted, your info is not safe.
College Anyone? (Score:5, Insightful)
(all sarcasm aside, really what could one do?)
You don't have to give out your SSN (Score:4, Informative)
Re:College Anyone? (Score:4, Interesting)
If you're concerned about the use of your SSN, and your school does something that blantently stupid (especially if they print your SSN on all your documents and on your ID card), you should go to a meeting of the governing body of the University (Regents, etc.) and present your case. Bring some examples of policy from other schools. It's kind of pointless to argue with the desk staff who ask for your SSN, as they are just doing what they are told and can't do much to help your privacy concerns. It might be hard to change the system, but it's worth a try.
Attacking the actual problem (Score:4, Interesting)
The FTC website says that if you're the victim of identity theft, you can contact the credit bureaus to put a FRAUD WARNING on the top of your credit card report. This makes me wonder whether we should all just do this anyway.
I have read that in Europe, getting a credit card is difficult and not instantaneous, and that identity theft (at least, on the credit card side) is less of a problem.
Dumpster-diving for my identity!?!? (Score:3, Funny)
Liability (Score:3, Insightful)
Credit Verification system (Score:5, Informative)
So basically how it works, is that there's a phone number specified on his credit report and a secret question and answer. So if anyone makes an attempt to check my father's credit history, or take out credit in his name or SSN, the creditor must call the listed phone number and my father must answer the phone. They identify themselves and what creditor they're representing. Then they ask the security question and my father gives the correct answer. Now business can proceed as usual.
It gets more secure when the security question/answer must be changed each time it's used. Plus, changing the phone number requires a 30-day written notice.
I think that's a GREAT idea... Why don't more people implement that? Once I get some actual credit, instead of just Student Loans, I'm going to put that security measure on MY credit!
Re:Credit Verification system (Score:5, Informative)
I had to do this a couple of years ago after someone stole my identity and started opening credit card accounts and spending thousands of dollars. Fortunately one of the banks caught some inconsistencies (very similar story to one of the above posts) which alerted me to the whole situation.
Fraud Alerts 'expire' after a certain period (I think 2 years or 7 years depending which credit agency) but you can easily reinstate them. I will definitely continue to 'renew' mine. The minor inconvenience is that it will be more difficult/impossible to open a credit card account for a retail store (but these are mostly pointless) unless your cell phone number is the one associated with the fraud alert.
Re:Credit Verification system (Score:5, Informative)
Shredder Chair (Score:3, Interesting)
1. Buy a personal cheapo shredder with a small wastebasket and shred stuff until the basket is full.
2. Buy a beanbag chair.
3. Remove the styrofoam packing peanuts from the beanbag chair, they'll be mashed flat and useless in a week anyway.
4. Place the shredded documents into the beanbag chair.
5. Repeat until the beanbag chair reaches the desired firmness.
Instant furniture, very comfy when playing games.
Dumpster Diving Deterrents (Score:3, Interesting)
This should point the searchers in a different direction, causing them to move on to a more attractive find, much as car alarms doo.
It seems to me (Score:5, Insightful)
Somebody who knows me is better qualified to say "That is the real ajs318" {or not} than some piece of machinery ever will be. A human being can check subtle things like signatures far more reliably than a machine. But the corporate mentality seems to be far too trusting of machines and far too distrustful of human beings. It's well known that humans make mistakes, but who designed and built the machines?
In Britain, we have a National Insurance Number as a unique per-person identifier, but it is only used for taxation purposes. Also, your employer is responsible for stopping your tax right out of your wages before you ever see them, making it physically impossible for the working classes to commit tax fraud.
With no national identity card, anyone requiring ID has to seek it from multiple sources
Now, your name and address are published in the telephone directory. So places insist on official letters. Of course these could be forged
It seems the problem in the USA is that the social security number {which uniquely identifies a person} is treated as though it were a secret, unknown to any entity beyond the person it identifies. That clearly is not the case. Look at how PGP works
The other thing is, when you go into somewhere like a newsagent's shop, you are recognised by the regular staff there. {Kids in my old village used to shoplift from the local newsagents' once at most. The items they took got added onto their parents' slate.} The point is, the main identity used in that situation is the person themself, which is hard to forge. In a large impersonal supermarket, there is less potential for recognition, so if you pay by payment card or credit card then they require a signature {though trials are underway where the shopper will merely have to enter a 4-digit PIN, thus relieving the cashier of the responsibility to check a signature and not at all paving the way for brand new opportunities in crime}; on the Internet, none at all.
If you want security, stick with old fashioned pound notes, because they can only steal as many of those as you actually have. And, until they get RFID in money, it's untraceable. You can't look at a 20 note and see it was won in a poker game, for instance.
This is where you should be worried... (Score:5, Interesting)
Also, per our regulations, if you don't run it through the shredder, you have to manually tear up the piece of paper 6 times. This is social security numbers, addresses, medical information, etc.
I have often wondered how wrong this is, but my boss never seems concerned when I bring it up.i think you're all forgetting something... (Score:4, Informative)
Want to know why? The manager that collects all those receipts might be honest enough, but do you know what a lot of those places do w/ their receipts? After anywhere from 1-3 years, a lot of them just throw boxes full of them in the dumpster. A college bookstore I worked at when I was starting college did just that. Literally thousands of credit card receipts w/ full pin numbers, signatures, and names in the bin. A lot places shred that receipts when they're done, but some don't. And think of the traffic a college bookstore generates.
Before you say anything like "well, you didn't have an id, address, or a social or anything like that", imagine the damage I could have done had I been so inclined to steal some of those numbers and then used them where I had a friend on the inside. Or done the digging to find that person's SSN, address, or whatever.
Trust me, I was so tempted to finance the rest of college education w/ a little bit of scamming. Thankfully, I had a hellish cunt of a girlfriend that ruined my life so badly that I dropped out of college and went to work in IT.
Damn...now that I think about, maybe theft was the better option...
Well... (Score:3, Funny)
Go buy a shredder and port Linux to it today!
Re:Well... (Score:5, Funny)
Linux is still a little behind Windows in the document destruction department.
Re:OK..... (Score:3, Funny)
Hmmm... I can't find the word technology in the phrase "news for nerds, stuff that matters." I even tried CTRL + F. No luck. I'm having serious trouble finding the source of your complaint here. Help?
Re:Solution: Max Your Credit (Score:5, Interesting)
Re:SLASHDOT PERSONALS??? (Score:3, Funny)
Dating must go by the GPL - General Personal License, where if you date someone, you may only continue to date them if they may also date others. This however, is not a viral license. If you already have a partner and pick up another GPL'd partner you need not give up your original partner.
It's really quite simple.
Re:how to find out? (Score:3)
If the offers you get change, its time to start looking at your credit report. If your getting offers for gold cards and then you start getting offers for secured credit cards, there is a reason and it will be on one of your credit reports.