infosec4all.com

To describe ‘hot’ products – the items that are most likely to be stolen, Ronald Clarke, coined the term CRAVED in a law enforcement training manual produced for the British Home Office (Clarke, 1999). The acronym stands for five properties the item should posses to be ‘hot’: Concealable, Removable, Available, Valuable, and Enjoyable. Setting aside the argument that identity cannot be stolen, identity having properties of information, neatly fits into these categories. As it does not have physical properties, it can easily be concealed. It is not removable but it is multipliable which does not diminish this property. Availability of identifying data is immense. Its value for criminals will be discussed later. And at last, stolen identity can be enjoyed in the following ways (Perl, 2003): direct financial benefits, non financial benefits, and misuse of legal records.

Direct financial benefits are probably the most obvious. It occurs when a criminal directly obtains monetary instruments from the victim or in her name.

Non-financial identity theft might ultimately lead to monetary benefits but it starts with utilities frauds or obtaining of government documents or benefits in victims name that are later used for illegal border crossing or obtaining a job. Another common type of non-financial benefit is revenge.

The third reason criminals would steal identity is to evade legal sanctions and criminal records. (Perl, 2003) According to the same author, this type of crime is the worst case of identity theft. According to Newman (Newman, 2005) this is the major reason for stealing another’s identity. This category also includes growing number of cases where identity theft was used for supporting terrorist activities.

Finally, the concept of opportunity has also been used for explaining crime. Although, its relation to identity theft has not been formally researched, Newman (Newman, 2005) suggests a strong correlation, considering identity to be information that in turn can be perceived as a ‘hot product’.

How does it take place?
In order for identity crime to occur, the criminal must obtain personal identifiers of a person with a good credit or no criminal history, who later becomes a victim. The criminals use various methods including recruiting individuals with access to personal information, stealing documents from companies that store such information, dumpster diving, eavesdropping, shoulder surfing, burglary, stealing mail, phone scam, phishing, and pharming. Although, as we will see, use of technologies does not correlate with increase in identity theft, computer users are also targeted. According to one source, in the last couple of years, there has been a dramatic increase in number of collection methods, with over 65% increase only in key logging (Gordon, 2006) – method in which criminals use stealth key logging software or devices to secretly record key strokes that later reveal various personal information entered into victim’s computer. Personal identifiers can also be purchased on the street or Internet for the going rate of between $25 and $50. (Newman, 2005)

Stolen personal identifiers are then altered to reflect characteristics of the new ‘owner’. Development of desktop publishing technologies and their affordability also allow criminals to produce high quality replicas, while organized crime can use professional equipment that makes fakes ‘better’ than originals. It is also possible for criminals to obtain genuine identification documents through fraudulent methods like using ‘insiders’ at identification document issuing agencies. (Porter, 2005) The identity information bearing instruments obtained in this step are also known as ‘breeder documents’ since they allow criminals to proceed to the next step – obtaining false identification documents like birth certificate, social security card, drivers’ licenses, passports, voter registers, and badges. (Porter, 2005) These documents now allow criminals to further develop their newly assumed identities by creating new life history through rental of mail boxes, storage units, apartments, and vehicles, opening new accounts, and activation of telephone services and utilities, (Porter 2005) – all with timely and accurate payments just like any innocent citizen would do.

The next step – exploitation
Identity Theft is linked to many global crimes, including terrorism, money laundering and financial crimes, drug trafficking, alien and weapons smuggling. (Gordon, 2004) Once the criminal steals identity or creates a false identification document, he is able to create a fraudulent identity for himself which allows him to cross borders and also provides him with access to such identification documents as birth certificates, drivers’ licenses, and social security cards, that in turn create greater access by allowing him to procure employment, credit cards, residency and citizenship, etc. (Gordon, 2004)

Identity theft crimes are often facilitators for crimes that lead to money laundering, mortgage and insurance frauds, computer crimes, weapons and narcotics trafficking, homicide, terrorism, and illegal immigration, (Porter, 2005). As an example, Bruce Schneier (February 2007) suggests that criminals or terrorists could use stolen identities to avoid TSA screenings while carrying on attacks or other crimes. The magnitude of crimes committed with help of identity theft is best captured in Willox’s claim that identity theft is not a tool of a con artist anymore; it is indigenous to any criminal enterprise. (Willox, 2002)

The Other Side of Exploitation
One must not forget that it is not only criminals and terrorist who exploit identity theft. Financial institutions also benefit from various legal requirements by transferring the costs to consumers through disproportional increase in service fees. (Newman, 2005) On the other side there is a fast growing industry that legally profits from selling various services ranging from financial insurance, privacy protection, to credit monitoring. Currently, no supporting research exists that could back up this statement. Only anecdotal cases suggest the existence of this multi million dollar market niche.

Bibliography:

Clarke, Ronald V., Hot Products: understanding, anticipating and reducing demand for stolen goods, Police Research Series, UK Home Office, Research, Development, and Research Directorate, 1999

Gordon, Gary R, et al, Identity Fraud: A Critical National and Global Threat, Journal of Economic Crime Institute, Volume 2, Issue 1, Winter 2004

Gordon, Gary R, et al, The Ongoing Critical Threats Created by Identity Fraud: An Action Plan, Journal of Economic Crime Management, Volume 4, Issue 1, Summer 2006

Newman, Graeme R. and Megan M. McNally, Identity Theft Literature Review, National Institute of Justice Focus Group Meeting, July 2005

Perl, Michael W., It’s not always about the money: Why the state identity theft laws fail to adequately address criminal record identity theft, Journal of Criminal Law and Criminology, 94(1): 169-2008, 2003

Schneier, Bruce, Security Matters – Solving Identity Theft, Forbes.com, January 22, 2007

Willox, Norman A. et al, Identity Fraud: Providing a Solution, Journal of Economic Crime Management, Volume 1, Issue 1, Summer 2002