Friday, February 13, 2009

Identity Theft: Victimizing the Dead

Dead people, I've learned, make great identity theft victims.

Around November 2007 or so I did some investigative work with a colleague of mine at a place here in Chicago that is essentially a chop-shop for cadavers. Without naming the place, I can tell you that if you ever donate your body to science, and you happen to live in this area... this is where you'll be going.

Anyway, the body parts all over the place wasn't the problem... the information theft was. Apparently someone had broken in and taken some records, digitally of course, from a database that housed everything from your social security number, to your next of kin, your medical history (obviously relevant), your drivers license number, home address... you get the picture. The point is that this database was inside a home-grown application, on MS-Access, and pretty much open to the world. Forensics on this box were going to be nearly impossible given the Windows version, and extremely open nature of the box...

So after determining there was nearly nothing we could do to determine the attacker (of thief) we nuked the box, and built a new one which had some security controls, a firewall, etc... but that got me thinking.

Dead people really would make the best identity theft victims, assuming you can get past the "hey, you're listed as dead according to your credit agency report" part. Given that things are a little chaotic in the credit industry... I wonder how much of this is going around? Furthermore, with the amount of chaos inside the organization (not-for-profit) one can only wonder how many more of these there are around the country and what information they're bleeding (no pun untended)...

1 comment:

anonymouse said...

ACORN has been doing it for years. It was quite effectively employed this past election to appoint BHOOBL.

Google+