Identity theft is far from new, but with the growing popularity of online accessibility, this has become a major risk that affects pretty much everybody. While most Americans are well aware of this risk and are taking several measures to prevent it, for others this is not so simple.
For Americans, the most common type of identity theft is a stolen password to an online service. If someone was clever enough to get you to hand over your password (with Phishing, for example), he can login to your account and if it's a bank account or PayPal, steal all your money. Another type of identity theft is stealing a person's Social Security Number. With that, a thief can gain access directly into things like medical records, bank accounts and much more. Most people are aware of this, and safeguard their SSN closely, but in other countries, this is not the case.
In Israel, for example, the equivalent of a SSN is the Identity Number, which is a 9 digit number assigned to each person when he/she is born. This number is unique, and will follow that person to the grave. It's printed on each citizen's Identity Card and drivers license and is the primary means of authenticating a person's identity. Unfortunately, the national identity card is notoriously easy to forge, which is why the Israeli government has been working on a smart-card based replacement. What's even more unfortunate is that the entire database of the Israeli population has been leaked to the public, and is freely available to anyone who knows how to download pirated music. In fact, this database, known as "Hipuson", "Shimoshon" or "Mirsham", has been going around for many years now. It's available on the Emule network, as well as many file hosting services, although the plethora of versions in the wild make it a little hard to find the most updated version. This database contains not only the full names and ID number of every living citizen in the state, but also their full address, birth date and parents name. With simple correlation, one can locate his parents, siblings, children and even his neighbors, and some versions of the database even have this function built in. Politicians, singers and other celebrities are not exempt, and their info is also included even if it was specifically redacted from the national phone directory. Using this database, anybody can choose a random person, or his enemies, and create a fake ID with their details and his/her picture. As I said, it is rather easy, and anyone with color laser printer, bitmap editor and laminating machine can do this. Once you have an ID card, you can access the targets bank account, his medical records and even sell his/her house and disappear with the money.
What can the Israeli citizen do? Basically, nothing. No one knows exactly how the database is leaked, but there are many parties who have access to it. When the Israeli Police started investigated this issue in March 2008, multiple breaches were detected, from unpatched servers to server-rooms left unlocked and unsupervised. Changing your ID number is not possible for a citizen, and this has been done only in rare cases where serious damage has been done to a person. In the recent report filed by the Auditor General exposes this outrageous conduct, but like most of these reports, it is likely to be completely buried or acted-upon very slowly. Perhaps the best solution is to keep your cash under the mattress?
Showing posts with label ID. Show all posts
Showing posts with label ID. Show all posts
Tuesday, May 12, 2009
Monday, December 1, 2008
Is it safe?
After much debate, Israel's new smart ID Cards are going forward. This has been debated for the past 10 years, and seems that it's finally going to happen...but are we happy about it?
Israel is one of a handful of countries where every citizen is issued an ID card, and is required by law to carry it with him at all times. This immediately brings concerns about big-brother and that sort of thing, but I'm worried about some other stuff too. The "ID number" serves as the Israeli equivalent of the American SSN. Most official forms require it to be filled out, but despite the sensitivity of these numbers, the security level is astounding. A few years ago, the entire population registry database has been leaked to the internet, and now, everybody who knows how to use a browser or a P2P program can download it and search for anything. The software is called "Rishumon" or "Hipuson", and sometimes just "Mirsham" (registry in Hebrew), and it's about a 2 GB download. With this kind of data one can find anybody's ID number, as well as who are his parents, siblings and even neighbors. Are you scared yet? You should be, because Israel's ID cards are notoriously easy to forge. Sure, they use special paper and some anti-counterfeiting measures, but when you show it to a bank teller through the 1" glass, he won't notice if it's original, printed on some laser printer, or hand painted by a 4 year old. This has been tried and tested. What's even worse is the fact that there is so much demand for fake IDs - not only criminals and Identity thieves, but also illegal residents, which are flowing from the occupied territories on a daily basis, hoping to score some work in Israel.
So now you know why a smart ID is important. With something like that, it will be harder to steal someone's identity, but if the ID database has been leaked repeatedly (there were at least 4 "updates" to it since the year 2000), what happens if the smart-ID database gets leaked too? It's true that the hardware is more complicated, but it's still digital data, and if you can't trust the people who operate the entire thing, it could lead to a lot of problems. One of the aims of this program is to allow citizens to work with various government offices remotely, which takes the human factor out of the game. A crook with the right tools and inside-information can do pretty much everything with a slim chance of being detected. What then? Will they just replace all the IDs? Will they even notice it? I'm not so sure.
What I am sure of is that so much money is involved with this idea that it's definitely not the end of the mess. The process has been trusted in the hands of HP, who won the auction, but have earned a lot of scrutiny about their customer service in Israel. It's not a bad company, but if the past has taught us anything is that better hardware can't rid us of basic flaws in the system. In this case...the human factor.
Israel is one of a handful of countries where every citizen is issued an ID card, and is required by law to carry it with him at all times. This immediately brings concerns about big-brother and that sort of thing, but I'm worried about some other stuff too. The "ID number" serves as the Israeli equivalent of the American SSN. Most official forms require it to be filled out, but despite the sensitivity of these numbers, the security level is astounding. A few years ago, the entire population registry database has been leaked to the internet, and now, everybody who knows how to use a browser or a P2P program can download it and search for anything. The software is called "Rishumon" or "Hipuson", and sometimes just "Mirsham" (registry in Hebrew), and it's about a 2 GB download. With this kind of data one can find anybody's ID number, as well as who are his parents, siblings and even neighbors. Are you scared yet? You should be, because Israel's ID cards are notoriously easy to forge. Sure, they use special paper and some anti-counterfeiting measures, but when you show it to a bank teller through the 1" glass, he won't notice if it's original, printed on some laser printer, or hand painted by a 4 year old. This has been tried and tested. What's even worse is the fact that there is so much demand for fake IDs - not only criminals and Identity thieves, but also illegal residents, which are flowing from the occupied territories on a daily basis, hoping to score some work in Israel.
So now you know why a smart ID is important. With something like that, it will be harder to steal someone's identity, but if the ID database has been leaked repeatedly (there were at least 4 "updates" to it since the year 2000), what happens if the smart-ID database gets leaked too? It's true that the hardware is more complicated, but it's still digital data, and if you can't trust the people who operate the entire thing, it could lead to a lot of problems. One of the aims of this program is to allow citizens to work with various government offices remotely, which takes the human factor out of the game. A crook with the right tools and inside-information can do pretty much everything with a slim chance of being detected. What then? Will they just replace all the IDs? Will they even notice it? I'm not so sure.
What I am sure of is that so much money is involved with this idea that it's definitely not the end of the mess. The process has been trusted in the hands of HP, who won the auction, but have earned a lot of scrutiny about their customer service in Israel. It's not a bad company, but if the past has taught us anything is that better hardware can't rid us of basic flaws in the system. In this case...the human factor.
Subscribe to:
Comments (Atom)
Posts
