from Moore's Lore by Dana Blankenhorn
June 28, 2005
Identity Theft Turning Point?

credit cards.jpgThe recent theft of 40 million card numbers at CardSystem Solutions is a turning point in the identity theft wars.

Previous thefts involved third parties, insiders or numbers left in bins, things that are easily fixed.

The CardSystems case stands out, first, because it happened at an actual processor and second, because it involved the use of a computer worm.

My wife works at a payment processor in Atlanta (most processors, for some reason, including CardSystems, are based here) that has (knock on wood) not been hit (yet).

SAINT SEIYA ATENA.jpg But there is a very frightening trend in this industry that you should be aware of. (No, that's not her picture (thanks for asking), just an anime called Saint Seiya Atena our daughter may recognize. She does have long hair, but we're obscuring her identity this time for security reasons.)

Processing, once the province of obscure mainframes with proprietary operating systems running on X.25 networks unconnected to the "real" world, is moving into the computing mainstream. This means whole databases are being exposed to the public Internet, and that the underlying processing technology is becoming understandable by more-and-more thieves.

When the LOML (Love Of My Life) first began her job she worked in a version of assembly language. She actually wore out an octal calculator. Later, she moved to a more highly-advanced language, Cobol. Her next move will be to learn the same language you may use at home. (Nope, not gonna tell you. In this item I'm not even mentioning her employer's name.)

It's the presumed next step by crooks that is really frightening, a massive credit theft that uses no meat space at all. Numbers and PINs could be stolen, and used, entirely within cyberspace, and even detecting the crime will be difficult, probably happening only after victims receive their statements. And the criminals may never have to leave Russia (or wherever, but there are known cyber-criminal gangs in Russia) to do it.

Since my saintly wife (hence the use of the picture above) took her present job, over 20 years ago, I have watched the security at her place of business slowly improve. I have seen fences go up, guards check each ID, and shredders become a fixation. While she does bring a PC home with her, nothing on it would likely be of benefit to a thief and all her sessions with real systems are carefully logged so they can be checked.

But as the exposure of our processing networks to the public net continues to increase, and as crooks become more familiar with actual processing software, the risk continues to rise, and it's only a matter of time before someone gets hit very, very hard indeed.