Online Identity Theft

Only available on StudyMode
  • Download(s) : 26
  • Published : January 8, 2013
Open Document
Text Preview
Identity theft in an online world
A.M.Marshall BSc CEng FRSA MBCS CITP
Centre for Internet Computing
University of Hull
Scarborough Campus
Filey Road
Scarborough YO43 3DX, UK
(a.marshall@hull.ac.uk)
and
Eur.Ing. B.C.Tompsett BSc MSc CEng MBCS CITP,
Dept. of Computer Science,
University of Hull
Cottingham Road
Hull HU6 7RX, UK
(b.c.tompsett@dcs.hull.ac.uk)
June 9, 2004
Abstract
With the aid of an example case of identity-theft used to perpetrate an apparent benefits fraud & consideration of other undesirable online activities, the authors examine the motives and methods of Internet-based identity theft. Consideration is given to how such cases may be detected, investigated and prevented in the future.

The problem of trust relationships and validation of identity tokens is discussed and recommendations for the prevention of identity theft are given.
Keywords:
Internet, crime, trust, identity, identity theft, fraud,
trustworthiness, impersonation

Acknowledgements
The authors are grateful to Mike Andrews, of the Digital Evidence Recovery and Internet Crime (DERIC) Unit of North Yorkshire County Council, and Karen Watson, an undergraduate of the Centre for Internet Computing, for their assistance with background for this paper.

Thanks also go to John Rayner and Mike Brayshaw for their invaluable proof-reading.

1

1

Introduction

Services available on the Internet offer many opportunities for the acquisition of personal data, and some provide significant quantities of personal information for even casual users to see. Although much of this information is quite innocuous, aggregation of data from several sources can allow criminals to build up a large enough corpus that they can successfully impersonate another individual. Frequently such identity-theft is used to obtain financial benefit through credit-card fraud, but other types of fraudulent activity are possible.

2

Context

Theft of identity is a concept which has been in existence for many years but, for the purposes of this exercise, we define it as “The acquisition of sufficient data for one individual to successfully impersonate another” . This does not, per se, constitute a theft, but certainly defines the concept in such a way that most instances of what is commonly described as identity theft are encompassed. In this document, we propose to examine a range of identity types existing in an online environment, the relationships between them, and the mechanisms of identity-acquisition available.

3

Identity tokens

Conventionally, an identity theft exercise requires the acquisition or fabrication of sufficient information to be able to establish that the individual presenting that information as credentials is, beyond reasonable doubt, the subject of that information, and hence that the information verifies that the presenter is the owner of the claimed identity.

The quantity and quality of information required to establish ownership of an identity, and hence gain access to an identity verification token, vary greatly and affect the acceptability of the token. Consider two common tokens - an e-mail address and a passport.

In order to register for an e-mail address, an applicant may have to provide no information other than the name they wish to be known by, a preferred username and a password. To obtain a passport, a considerable amount of personal data, ranging from date of birth to a photograph are required. In the case of the passport, most claims about information must be corroborated through the production of official forms (e.g. birth certificate) or verification by a trustworthy third party (e.g. having a GP, lawyer, academic or other trusted person, attest that the photograph is a true likeness).

As a weak token, an e-mail address should have little use other than for the sending and receiving of e-mail which, although it may be financially rewarding (consider the spam problem), should have no particularly strong legal standing....
tracking img