Glut In Stolen Identities Forces Price Cut

CowboyRobot writes "The price of a stolen identity has dropped as much as 37 percent in the cybercrime underground: to $25 for a U.S. identity, and $40 for an overseas identity. For $300 or less, you can acquire credentials for a bank account with a balance of $70,000 to $150,000, and $400 is all it takes to get a rival or targeted business knocked offline with a distributed denial-of-service (DDoS)-for-hire attack. Meanwhile, ID theft and bank account credentials are getting cheaper because there is just so much inventory (a.k.a. stolen personal information) out there. Bots are cheap, too: 1,000 bots go for $20, and 15,000, for $250."

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Change your passwords ASAP!

[sycodon]

We need a bounty on cyber criminals. How about $25 per ear?

Re:

[swillden]

Your suggestion that we punish a non-violent crime with body mutilation seems contrary to your signature. Not arguing either point, they just seem dissonant to me. Perhaps you can introduce me to new information that will resolve the two.

There is a simple but deep philosophical perspective shift you need to make to resolve the apparent dichotomy between the statements. Put simply, you need to realize he was joking. I'll leave it as an exercise for you to determine which of the statements was a joke, or if perhaps both were.

Re:

[sycodon]

Yet...

I am not completely convinced that just because someone doesn't attempt to perpetrate violence upon you, that you are not justified in responding to the non-violent crime with violence.

Re:

[swillden]

Well, technically, kidnapping and imprisonment are violent acts, and we have our police and courts do those to non-violent offenders all the time. Mutilation is a little beyond the pale, though.

Re:

[sycodon]

Actually, I'm suggesting that we kill them first. THEN, cut off their ears.

And this situation and the sig are not related at all. We aren't talking about saving Humanity, we are talking about exterminating rodents.

Re:

[swb]

A friend of my wife just went through this TWICE in a week because she presumably didn't scrub her computer.

She had her total identity stolen -- addresses changed, a mortgage applied for, thousands charged to her credit cards, bank information stolen (although they didn't actually take her bank account yet).

She changed everything -- new cards, new bank account, etc, and a few days later had it all stolen again.

What I find strange is that she was re-targeted. Given the apparent low cost of an identity with

Re:

[g0bshiTe]

Why do you find it strange that she was re-targeted after the first attack worked?

Now I see you responded early in your post to your last statement, so I'll refer you to the response to your last statement. "thousands charged to her credit cards", makes me think the attack was successful to some degree which is why she was re-targeted even though she wasn't worth six figures.

Re:

[Anonymous Coward]

I guess that leaves Linux, Windows, and OS X out.

Re:

[ahabswhale]

Amiga OS ftw!

Re:Change your passwords ASAP!

[ifiwereasculptor]

I don't know how it is in the US, but here banks seem to deeply dislike OSs not retardedly easy to compromise. I have accounts in two banks. One of them started working in Linux only about four years ago, the other only did so last year. They both regularly splurt errors because of openJDK incompatibility - they want Sun's Java. And one of them hilariously has its https certification broken for almost a year now. Airlines are even funnier. At least one of them still only works on IE.

Re:

[ewieling]

If a bank can't keep their SSL cert up to date why should you trust them with your money?

Re:

[dotancohen]

Then change banks, and tell them why.

I called Bank Leumi monthly for years about Firefox-on-Linux compatibility and they always told me that "it is in the works". I finally left the bank for another bank (Poalim) after sitting with the new bank's manager in his office with my Fedora laptop (~2009) checking that their site works on my system. When it did, I changed banks and wrote letters about why to both banks' presidents.

Re:

[ahabswhale]

WTF do they need Java for?

Re:

[MaskedSlacker]

BeOS came on CDs?

Re:

[LoRdTAW]

Not to be a pedant but:
Sure did. Still have my R4 cd. Starting with R5, the personal edition or PE of BeOS was a free download with only a developer edition available on CD.

Re:

[PopeRatzo]

I still have BeOS floppy disks. I bring them out on occasion to show people who don't believe me.

Re:

[TheRaven64]

BeOS 5 is not easy to compromise remotely because the network stack crashes under load, or after a few minutes of low load. Does Haiku have the same feature?

those numbers seem unsustainable

[ffflala]

Purchasing $150,000 for $400 (vary currency as necessary) would seem to be a loophole that would quickly undermine the world economy. Perhaps "price" of a stolen identity isn't a proper measure of "value".

Re:those numbers seem unsustainable

[ATMAvatar]

Exactly. You aren't going to successfully withdraw all $150k in one go. Withdraw $100 once or twice a week, and there's a decent chance the owner may not notice for some time.

Re:

[AK Marc]

I've moved $60k in a single overseas transfer. Though, they wouldn't move it without me showing up in the branch in person. I could have transferred the same amount domestically from online.

Re:those numbers seem unsustainable

[MaskedSlacker]

Moving $60k online doesn't do you any good. You move it from their bank account to...what? Another stolen account that you can't withdraw from? Or one that has your address? Or one with a stolen SS#, but that has you on security cam footage? You move that kind of money out and you are going to be caught.

Re:

[AK Marc]

You move it from one they have direct access to, to an intermediate account, which they can't immediately block you from. You get days from when the loss is discovered, rather than hours. Then you can transfer it to another account, or withdraw it at a more leisurely pace.

Re:those numbers seem unsustainable

[Sique]

That's where the real valuable asset comes in: the money mule.

Money mules are people tricked into agreeing to whitewash the stolen money by accepting the money withdrawn from the stolen account and then transferring it via wire transfer to the plunderer.

When the original owner of the account sees the transfer, he will call the bank and reverse it. At this time, the money mule will already have withdrawn the money from their account and transferred it. This leaves the money mule with the debt incurred, because they now lose the money from the stolen account, and are thus effectively paying the plunderer from their own money.

This puts the value of a stolen account to about the amount of money the money mule will be able to cough up until their own bank takes action.

Re:

[TheCarp]

Yup. And the thing is, there really isn't much you can do about this loophole in humanity. Hell a while back (maybe someone has a link to the story) there was an investigation done where someone tracked one of these people down through a scam.

This guy has met a woman online, on a dating site. She told him she ran an international business and needed help doing shipping in the US, next thing you know, packages are arriving at his door and he is accepting them and forwarding them on.... often out of his own

Re:

[ub3r n3u7r4l1st]

In fact, most money mules are recruited via "work-at-home" schemes.

Re:

[Big Hairy Ian]

Convert it to bitcoins :)

Re:those numbers seem unsustainable

[artor3]

I think it goes without saying that when someone sells a $150k bank account for $400, it's because they know they can't withdraw more than $400 without getting caught.

Re:

[Joining Yet Again]

Risk/reward, homecat.

It's like selling toxic debt for 10% of the amount of the debt. The new creditors know that they're going to have little luck with maybe 3/4, and the remaining 1/4 will take money+time to cough up.

Re:those numbers seem unsustainable

[AmiMoJo]

Usually the plan is not to withdraw money from the account directly. Too easy to get caught, owner of the account usually notices pretty quickly. Instead the account is used to open other accounts or take out loans which are then defaulted on.

This is pretty common in the UK. We have these shitty pay-day loan companies that charge 5000% interest and do only the most basic checks before handing over the cash. People give them someone else's name and bank account, so the first thing the victim knows about it is when Wonga starts taking internet payments by Direct Debit.

Re:those numbers seem unsustainable

[sjames]

Criminal activity often involves taking a great deal of value from the victim and converting it to a much more modest value for yourself.

In economic terms, the difference represents the risk taken. The guy who grabs the ID info sees little risk in that, but there is considerably more risk in actually using the info, so it sells at a steep discount.

This sort of thing actually is undermining the banking system. How long will it be before a transaction is as likely to be fraudulent as not?

Re:

[ffflala]

When it comes to transactions of currency, it seems like one never has to look too far back to find some egregious level of fraud. I'm still convinced that the essential reason that gold is worth so much, and probably will as long as humans exist within proximity to gold, is because gold is shiny.

Re:

[sjames]

While it has many useful physical properties and is even essential for a few practical applications, a fair part of the demand is for such things as jewelry. As such, it's value is very much tied to the fact that it is shiny and people like that. If people woke up one day and decided they were much more into matte, the 'value' of gold would fall considerably.

Re:

[AK Marc]

That, and how can we verify this? Where are the links to the online marketplaces?

Re:

[hodet]

Or maybe the $150,000 is not the real prize. If you can access an account with that much money in it you can use it as part of your new "identity" to leverage even further into another account. The person whose identity has been stolen would be none the wiser and the thief could make off with 10 times that amount. If you try and access any of that 150k the bank would shut it down immediately after you pulled out the first $500. If a different bank really thought you were the owner of the account you can

Re:those numbers seem unsustainable

[Jason Levine]

Exactly this. When my identity was stolen, the thieves didn't use it to find and break into my bank account. Instead, they opened a credit card in my name (with my address, SSN, and DOB, but NOT with the correct Mother's Maiden name - red flag #1). The only reason they didn't get away with it was that they 1) paid for rush shipment of the credit card and 2) then immediately changed the address (red flag #2). So the card got shipped out quickly to my address and THEN the address was changed. The card arrived at my doorstep instead of theirs. Of course, that didn't stop them as they tried to get a $5,000 cash advance before even activating the card (red flag #3).

And the credit card company's response to me? "Are you sure your wife didn't open the card in your name without telling you? No? Well, we can't give you any information on the account because if you go and kill them then we're liable." They stonewalled me and when I got the police involved, they directed them to a number that was never answered. To them, they just closed the account and the problem was solved. Actually helping to catch the people who did this would involve effort that they weren't willing to put in. That's why Capital One credit card's are not and will never be "what's in my wallet."

Re:

[g0bshiTe]

Come on now, you aren't purchasing $150k for $400, it's like market speculators, you are purchasing a chance to increase your $400 to $150k, you still have to figure a way to milk that from the accounts and then actually get away with it.

Those selling the accounts are doing so because it's $400 in hand and much much lower risk.

Get rid of spam?

[SB9876]

So, if I'm to follow the reasoning of this article, if we all use weak passwords , the market gets flooded and they all go out of buisness?
SWEET
password:password, here I come!

Re:

[Arethan]

passwordistaco

enough said.

Capital Crime

[Z00L00K]

Identity theft should be a capital crime.

Re:Capital Crime

[sjames]

'Identity theft' should be recognized for what it really is, bank fraud.

First the crooks defraud the banks by performing transactions in someone else's name. This is aided by the banks insistence on not implementing secure authentication.

Then the banks defraud you by insisting that you are responsible for the transactions in spite of not having a single shred of evidence that you made them.

The credit agencies compound it by repeating the bank's financial gossip with a wanton disregard for the truth.

The 'justice system' then aids and abets by not telling the banks to pound sand and by not convicting the credit agencies for libel./p.

Re:

[jhol13]

How do you make secure authentication in banks?
You do know people in UK refuse to have ID cards of any kind, therefore in bank a gas bill is considered "identification".
In Finland a (very old) driving licence suffice - the picture usually is so bad as to pass if you look even a bit like.

Banks are not always the culprit.

Re:

[MysteriousPreacher]

Opening an account requires a bit more than that:

http://www.barclays.co.uk/CurrentAccounts/Identificationdocumentsrequired/P1242557966027 [barclays.co.uk]

I know as well that Natwest asked for my passport when I wanted to change my contact details.

Re:

[sjames]

The 'victim' or 'identity theft' certainly isn't the culprit. The banks COULD take a photo of the person when they sign up and issue them a smart card with a unique key pair. They could check to see if you answer the home phone and give them an agreed upon code word to verify that you really live there. They could insist on mailing the smart card to your current address (but not activate it until you call them with the a code word and read off a unique serial number).

The point is that it's on them, to verif

Re:

[aheath]

There is no requirement to carry identity cards in the UK or the US. Ration cards were used as a national identity card during the second world war. My grandfather committed an act of civil disobedience when he was stopped for speeding after the war. He refused to show his ration card because the war was over. His act of civil disobedience was debated in parliament and is one of the reasons why there are no national identity cards in the UK. British Identity Cards: Arguments For and Against their Retention [statewatch.org]

Re:

[onepoint]

I'm not sure about the statement of Identification in the USA. I know some states require you to have some sort of ID. But then again I am not a lawyer so what do I know.

Re:

[IamTheRealMike]

A lot of banks outside the EU already are pretty secure, using hardware second factors to authorize logins and wire transfers to unknown/new destinations.

If you see bank details being sold that only have a username/password, it's probably an American bank. The 2-factor auth system used outside the USA is based on EMV (it's a variant called CAP). In the US they never deployed EMV aka chip and PIN so the banks don't have any pre-existing secure hardware issued to end users they can auth themselves with.

Re:

[green1]

Canadian banks all have chip and pin now too, but it is used only for debit card transactions.(Bank machines and in store purchases). I am not aware of any Canadian bank that uses anything more than account number and password to use online banking, and I know of one that required (at last check) a 4 digit purely numeric password. I am quite disappointed in the complete lack of any security for online banking and purchases in this country.

Re:

[Jason Levine]

Given my experience with identity theft, I'd say a step in the right direction would be not allowing someone to sign up via a web form, get the mother's maiden name wrong, and STILL issue them a credit card.

Of course, that's just me. Credit card companies and credit agencies actually don't care about identity theft. When it happens, they just shift the cost to the person whose identity was stolen and call it a day. If it does impact them, it falls under "cost of doing business", not "severe threat to pro

Re:

[sjames]

My cat once got a credit card offer. I was REALLY tempted to fill it in and have her sign it with a paw print, but I just didn't need the potential hassle of trying to cancel it later.

With that sort of thing going on, banks claims have no credibility at all.

Re:

[lxs]

Cue the YES BUT THE EVIL GUBMINT crowd.
Sometimes identity cards are a good thing. If the mailman brings me a valuable package he'd better check my identity and not leave it on the stairs or give it to the first fool who manages to scrawl something illegible on a rain soaked piece of paper or touchscreen.

Re:

[L. J. Beauregard]

You must also think that literacy tests were about ensuring that voters could read the ballot and that poll taxes were about raising revenue.

The purpose of "voter ID", which is the least of the shenanigans that the Plutocrat Party is pulling, is job security for the scumbag politicians who are trying to push it through.

Re:

[g0bshiTe]

I enjoy how you could vote this last election without providing ID yet signing up for ACA I have to establish my identity by providing ID?

Re:

[jmac_the_man]

You must also think that literacy tests were about ensuring that voters could read the ballot and that poll taxes were about raising revenue.

The purpose of "voter ID", which is the least of the shenanigans that the Plutocrat Party is pulling, is job security for the scumbag politicians who are trying to push it through.

I'm sorry, I was unclear on my statement earlier, and Slashdot doesn't have an edit button. My last sentence should have read "I wonder what Democrat politicians think the difference is between people of Mexican descent in Mexico and people of Mexican descent in the US."

Of course, as you and I both know, Democrats are the people who supported literacy tests and poll taxes to keep African-Americans from voting, and oppose Voter ID laws so they can keep scumbag plutocrats in power.

However, I didn't explic

Re:

[sjames]

The difference is who they have to sign up with and what requirements exist for that. It's far too easy (as history has shown in the U.S.) to slant the process so that it is a minor hassle for one demographic but a major problem for another.

Re:

[jmac_the_man]

It's far too easy (as history has shown in the U.S.) to slant the process so that it is a minor hassle for one demographic but a major problem for another.

It's far too easy to win an election by stuffing the ballot box with votes that weren't cast by actual voters. It's also far too easy to win an election by claiming that the opponents are racist.

If you want to talk about a specific process that you feel is slanted, I'm willing to do that, but the fact that you can come up with a theoretical implementation that "makes it a minor hassle for one demographic group but a major problem for another" doesn't validate the GPs claim that Voter ID supporters are rac

Re:

[sjames]

It's not a matter of race, it's a matter of demographic. That is, adding just a bit more hassle for some demographic or another that tends to vote against your party. For example, if the elderly tend to vote against you, you insist that a presented ID be current. Easy enough (practically automatic) until you reach an age where you don't drive anymore.

Re:

[jmac_the_man]

The biggest (historical) attack on the electoral system relies on the vote of a specific demographic group. It turns out, if you can dig up the votes, Necro-Americans tend to vote in huge numbers for machine Democrats and incumbents generally.

Of course, in the American electoral system, the dead aren't supposed to be voting. That's why you should have to have current IDs.

Also, I asked for a specific example of a state Voter ID law that you claim "makes it a minor hassle for one demographic group but a m

Re:

[sjames]

I see you believe it is only democrats that play such games. The 'alternative' 'for free' IDs you speak of are not quite as convenient as a drivers license for someone who doesn't drive. I'm unsure how 'Necro-americans' are going to use an old ID anyway since they will no longer look at all like their picture. Surely voter registration is checked against death certificates.

The U.S. has an unfortunate history of playing games with ID, poll taxes, and various tests to deny citizens their vote. In recent years

Re:

[jmac_the_man]

I see you believe it is only democrats that play such games.

No, I said "machine Democrats and incumbents generally." It's easier to steal an election by stuffing the ballot box when there's a large electoral bureaucracy/party machine in place, which tends to be in big cities. Residents of big cities tend to vote for Democrats, which leads to Democrats being in power and staffing the electoral bureaucracy, so ballot box stuffing specifically is a technique usually associated with Democrats. However, electoral fraud generally helps ALL incumbents, not just Democrats.

Re:

[sjames]

You misread just a bit, the 'alternative' 'free' IDS are not generally as convenient for non-drivers as a drivers license is for a driver.

The fake robo-calls were almost universally used by non-incumbent Republicans. The correct fix for dead voters is properly cleaning up the voter registration. Unfortunately, that too has been a problem, including a distinct demographic slant to the improperly removed entries.

As for the rest, since I have explicitly stated that race is NOT the issue, you have either confus

Re:

[jmac_the_man]

You misread just a bit, the 'alternative' 'free' IDS are not generally as convenient for non-drivers as a drivers license is for a driver.

Again, what specifically is wrong with non-driver IDs? If they require the same steps to obtain except for the driving exam, why are they "less convenient?"

reverse race card play

Doesn't exist. The first guy who responded (note: this wasn't you) said that the people who were in favor of voter ID were people who would have been in favor of poll taxes. The people who were in favor of poll taxes and Jim Crow laws were the liberal Democrats of a generation ago. The only thing I have in common with them is the color of my skin. The st

Re:

[sjames]

Whichever group tends to vote against the party in power when the law is enacted. It could be race, age, income level, or anything else they can find. It could even be urban vs rural.

As for ID card, most people (after they get their learner's) DRIVE to the DMV for their license. If you no longer drive, it's already harder. The voter ID (unlike a driver's license) is something they would likely use once every 2 to 4 years so it's easier to just forget about it and let it expire even if you have one. It's not

Re:

[jmac_the_man]

Whichever group tends to vote against the party in power when the law is enacted. It could be race, age, income level, or anything else they can find. It could even be urban vs rural.

So you're saying that the demographic group it hurts is "whichever group votes against the party in power?" So you're saying that you're against voter ID laws because they hurt Democrats? I'm sorry, but the Democrat Party doesn't deserve special protection under the law. Laws should apply to both parties equally.

The fact is, the reason that people are in favor of voter ID laws is that they help prevent attacks against the voting system. The specific attacks they work against work more easily in urban area

Re:

[g0bshiTe]

The Mexican Americans have been subjected to American television which studies have shown kills more braincells than LSD.

Re:

[Sockatume]

Identity theft is usually prosecuted as bank fraud. Laws against identity theft in and of itself do exist, but usually the fraud is what people get done for. However you still have to demonstrate that you did not perform the transactions and therefore have been defrauded by some John Doe.

Re:Capital Crime

[sjames]

Why would I, I never had any dealings with John Doe at all. I am not the one demanding money, why should the burden of proof fall to me?

It's the bank that had unfortunate dealings with Mr. Doe and rather carelessly handed him a wad of cash without knowing who he was.

If they want any money from me, it's up to them to prove I owe it to them. And I don't mean a piece of paper with an illegible scrawl anyone could have made, I mean actual proof. A picture of me (that actually looks like me) holding the paper and smiling might help, but given the reputation of banks (they have, after all, a history of foreclosing on homes they don't hold a loan on and many other acts of fraud) and the existence of photoshop, it wouldn't constitute absolute proof.

At one time, banks were quite careful to avoid even the tiniest hint of impropriety and deserved a reputation for honesty so strong that often enough their word was nearly proof in itself. That day is long gone and they have well and thoroughly squandered their reputation (along with a great deal of other people's money).

Re:

[sjames]

Exactly.

Re:

[Z00L00K]

And in the process they destroy the life of the people they did steal the identity from, therefore the means of capital crime is justifiable.

Re:

[sjames]

No, the banks and credit agencies do that. Perhaps they should be put up for a capital crime.

Re:

[Bob the Super Hamste]

I would also accept interstate wire fraud in most cases as well.

Re:

[gsslay]

Mitchell and Webb have this covered...

http://www.youtube.com/watch?v=CS9ptA3Ya9E [youtube.com]

Re:

[sjames]

It's nice to know someone else sees it :-)

Re:

[sycodon]

We need a bounty on identity thieves.

Open season year round!

Re:Capital Crime

[Joining Yet Again]

Calling for something to be a capital crime should be a capital crime.

O shi-

I want to cut out the middle man

[the_Bionic_lemming]

I'd like to cut out the middle man and sell my Identity.

40 bucks buys a few cases of beer - just sayin...

Take Mine For Free

[Anonymous Coward]

Here, take my identity, please!

You get to assume a recent bankruptcy, a child support obligation, a spotty employment record, a sub-500 credit score, three maxed-out credit cards, a beater car, and a psychotic ex-wife.

Clean arrest record and a good tech education, though. Maybe you could apply to a NSA contractor.

Re:Take Mine For Free

[Jason Levine]

Clean arrest record and a good tech education, though

Sadly, there's more than just financial identity theft. There's criminal identity theft also. Here's how it works:

1) Criminal arrested for some crime.
2) Criminal gives your name/SSN/DOB/etc to the police.
3) Arrest goes onto your criminal record and not the real criminal's record.

Now you go for a job interview and your potential employer runs a background check. Suddenly, they find out that you've committed felonies across three states and were arrested nine times. You don't get that job offer - or any other one. Plus, if the local police stop you for any reason, they'll find out you're a "felon" and will treat you as such. No matter how many times you try to clear this up, if even one database still links you to the crimes, it will flow back over and start again.

At one point, I was following the blog of someone who had this happen to him. He couldn't find a job, was being harassed by police, and nobody would help him. All this.despite the fact that the photo of "him" at the arrest was clearly not really him. People just trusted what was "in the system" even if the system seemed wrong. Last I heard, after years of struggling, he had finally gotten some people to listen and begin the process of clearing his record.

It's insane that one criminal with a stolen identity could ruin someone's life like this but it does happen.

Re:

[ub3r n3u7r4l1st]

A national guaranteed job program (or employer of last resort) will solve all this issue. Not to mention it will reduce recidivism rate. But of course some "religious" people will outright object, even though their scripture said otherwise.

Most people wants to work for the check. Unemployment is not a choice, despite what the mainstream media told you.

Re:

[Jason Levine]

It might solve the problem of "no employer wants to hire you because some criminal committed crimes and then said he was you", but it doesn't solve the root problem of "criminal can say he is X and now the real X's record contains his conviction." There's got to be some way for police to verify identity or, at the very least, some standard way of flagging when erroneous IDs are made. The current system of "we don't believe that the system is wrong and that you aren't a criminal because our system says you

Re:

[maestroX]

CoastieThaMostie, is that you?

No NSA joke?

[Sockatume]

It's time to get the government out of the identity theft business, as it is clearly wildly distorting the market.

Need To Flood Market With Fake Identities

[retroworks]

It should be easy enough for someone here to harvest phonebook or other records from 70 years ago, refresh and randomize birth dates, and begin to flood the identity theft market with fake personalities and random government identity records. That would greatly increase the amount of work for identity thieves, who actually benefit from passwords (which provide evidence it's bonafide identity they are stealing). For years I've promoted "camouflage" rather than invisibility. I now think the reason it has not taken off (disappearance of AntiPhorm?) is that it's equally a threat to Google, Bing, and advertising-based search engines. We can be less careful of our "identity needles" if we construct bigger "digital haystacks".

See article on digital haystacks and cookie camouflage http://retroworks.blogspot.com/2010/09/simpler-ideas-cookie-camouflage-digital.html [blogspot.com]

Oh, by the way, I'm not really Retroworks. I find I get higher mods if I steal a /. identity rather than to submit AC

Re:

[AthanasiusKircher]

It should be easy enough for someone here to harvest phonebook or other records from 70 years ago, refresh and randomize birth dates, and begin to flood the identity theft market with fake personalities and random government identity records.

I get what you're saying here, and perhaps it could have some benefits.

For years I've promoted "camouflage" rather than invisibility. I now think the reason it has not taken off (disappearance of AntiPhorm?) is that it's equally a threat to Google, Bing, and advertising-based search engines. We can be less careful of our "identity needles" if we construct bigger "digital haystacks".

See article on digital haystacks and cookie camouflage http://retroworks.blogspot.com/2010/09/simpler-ideas-cookie-camouflage-digital.html [blogspot.com]

I'm less clear about how your proposed ideas work in practice when I read your link.

I understand how it might serve to hide and distort data about your searching and browsing habits if your computer randomly searched and browsed for other things in the background. But it has some pitfalls.

For one, I would never consider using such a system unless it had definitely solved the "child porn problem." What happens if your computer goes

Re:

[ottothecow]

This seems like a decent short term business model. I wonder how many identities and credit card numbers you could sell (for bitcoins of course) before people realized that every single one was bad (at least with stolen CC numbers, you expect many to be no good when you buy then) and stopped purchasing from you? And how many times could you repeat this under a new name?

Re:

[psithurism]

From your blog:

Who develops software? The same people who make money on our searches...the people who develop software aren't going to develop that program

You are never going to find helpful developers with an attitude like that. I don't work for a web advertiser, in fact of the 100s of professional software acquaintances I have, only two work with google, and they aren't in search or advertising. We are people too. We have varied political opinions and we have identities of our own to protect. We use and write whatever software we believe will be best for ourselves and others. There is no conspiracy against implementing your ideas, we just fin

Re:

[negRo_slim]

but wait what about

to $25 for a U.S. identity, and $40 for an overseas identity

Is that 25 FOR? or it's lessened by 25... So cunfused how math?

Re:

[ifiwereasculptor]

"The price of a stolen identity has dropped [...] to $25 for a U.S identity [...]"

Seems pretty clear.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[TheCarp]

And especially pays off for anyone who can get it out...especially if they can do it while leaving someone else (or many other people) holding the (empty) bag(s). I still laugh about this one:

http://www.nytimes.com/2013/05/10/nyregion/eight-charged-in-45-million-global-cyber-bank-thefts.html?_r=0 [nytimes.com]

two precision operations that involved people in more than two dozen countries acting in close coordination and with surgical precision, thieves stole $45 million from thousands of A.T.M.'s in a matter of hours.

Re:

[Joce640k]

How many bitcoins could you mine with a $250 botnet?

Re:

[TheCarp]

Ahhh but then, how many botnets could you get for 70k-150k?

Re:

[Joce640k]

If a $250 botnet is profitable then the sky's the limit. All you do is reinvest the profit in more botnets and you bank balance will go up exponentially. You'll be buying up islands in the Pacific in no time.

Botnets for Bitcoins Don't Work Well Any More

[billstewart]

When Bitcoin was new, you could successfully mine bitcoins using your CPU. But the parameters on Bitcoin keep making the amount of computation higher, and these days the CPUs have been left in the dust, GPU-based miners are getting passé, and it takes ASICs to really keep up. Part of that's competitive speed, and part of it's the cost of electricity, which as a botnet herder you don't actually care about, but you've got to have a mining client that can run on the GPU without being noticed, so it can'

Re:

[AK Marc]

Too late, I have had private insurance for years.

Re:Hurry up and sign up for ObamaCare

[Anonymous Coward]

Don't you know private industry is the epitome of security and efficiency? That's why the private sector is never plagued by budget overruns or mismanagement.

Why do you hate America, you filthy communist?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[g0bshiTe]

It's the Fed's answer to bypassing HIPAA laws, and a method by which the Fed can bypass Dr patient confidentiality. Now they know you were prescribed Paxil 15 years ago and can use that as an excuse to separate you from your 2nd amendment rights or probable cause for a search of your house, or they know you tell your Dr you regularly smoke weed.

Re:

[ColdWetDog]

You haven't seem my wife with my credit card. The velocity limit appears to be on the order of 186,000 miles/sec.

Card Theft

[nuckfuts]

Reminds me of the time my brother had his wallet stolen. When I asked him if he cancelled his credit card, he said "Hell no! The thieves are spending less than my wife usually does".