Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Dumpster-Diving for Your Identity

michael posted more than 10 years ago | from the buy-a-shredder dept.

Privacy 344

The NYT magazine has a story titled Dumpster-Diving for Your Identity - the author interviews two convicted identity thieves talking about their methods and successes.

cancel ×

344 comments

Sorry! There are no comments related to the filter you selected.

sup (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770108)

The Official Final Fantasy 11 Fan Club Announces acquisition of SCO

The Official Final Fantasy 11 Fan Club Announces acquisition of SCO

By Tim Copperfield

New York, NY - #FFXI (The Official Final Fantasy 11 Fan Club) today announced acquisition of
The SCO Group [yahoo.com] for $26.9 million in stock and $40 million in FFXI game credits.

#FFXI today announced it has signed a definitive agreement to acquire the intellectual property and technology assets of
The SCO Group, a leading provider of Fear, Uncertainty and Doubt, based in Lindon, Utah. #FFXI's acquisition of SCO technology
will help #FFXI sign up more members worldwide. In addition to developing new solutions, #FFXI will use SCO engineering expertise
and technology to enhance the #FFXI member services.

"I'd love to see these #FFXI types slowly consumed by millions of
swarming microbes and converted into harmless and useful biochemicals." said an anonymous slashdot poster, blinded by the
#FFXI success in achieving first post on a popular geek news website, slashdot.org [slashdot.org] .

"This #FFXI shit is getting out of hand. Slashdot needs troll filters. Or better yet a crap flood mod that I can exclude
from my browsing. Seriously, a good troll is art, what you dumb fucks are doing is just plain stupid." said spacecowboy420.

macewan, on linuxquestions [linuxquestions.org] said
"Thanks for that link to the SCO quotes page. My guess is that they want to be bought out. Hrm, think they want #FFXI to buy them??"

After careful consideration and debate, #FFXI board of directors agreed to purchase
6,426,600 preferred shares and 113,102 common shares (the equivalent of 150,803 ADSs) of SCO,
for an aggregate consideration of approximately US$26.9 million and approximately $40 million for FFXI fans that were working
in Lindon, Utah offices of The SCO Group.

If all goes well, the final decision is to be expected shortly, followed by transfer of most SCO FFXI fans from their Lindon, UT
offices to the #FFXI Headquarters in New York.

About #FFXI

#FFXI (The Official Final Fantasy 11 Fan Club) is the first organization which

gathers FFXI fans from all over America and abroad for one common goal - being ANIME FAGGOTS.

Are you GAY [klerck.org] ?

Are you a INTO ANIMU [mugshots.org] ?

Are you a ALONE FOR LIFE [gay-sex-access.com] ?

If you answered "Yes" to any of the above questions, then #FFXI (The Official Final Fantasy 11 Fan Club) might be exactly what you've been looking for!

Join #FFXI (The Official Final Fantasy 11 Fan Club) today, and enjoy all the benefits of being a full-time #FFXI member.

#FFXI (The Official Final Fantasy 11 Fan Club) is the fastest-growing FFXI fan community with THOUSANDS of members
all over United States of America and Japan. You, too, can be a part of #FFXI if you join today!

Why not? It's quick and easy - only 3 simple steps!

First, you have to obtain a copy of FINAL FANTASY 11 [squaresoft.com] and play it.

Second, you need to join the official #FFXI irc channel #FFXI on EFNet, and ask them "how do I summoned chocobot?" in a tautological fashion (repetition).

Third, you need to succeed in posting a #FFXI "first post" on slashdot.org [slashdot.org] , a popular "news for gooks" website

Finally, talk to one of the ops or any of the other members in the channel to sign up today!

If you are having trouble locating #FFXI, the official The Official Final Fantasy 11 Fan Club irc channel, you might be on a wrong irc network. The correct network is EFNet,
and you can connect to irc.secsup.org or irc.isprime.com as one of the EFNet servers.

If you do not have an IRC client handy, you are free to use the free CGI IRC client by clicking here [efnet.info] .

About SCO

The SCO Group [SCOX [yahoo.com] ] helps millions of FFXI fans in more than 82 countries around the world grow their penises everyday. Headquartered in Lindon, Utah, SCO has a network of more than 11,000 animu resellers and 8,000 developers. SCO Global Services provides reliable animu support and services to prospective members and customers.

SCO and the associated SCO logo are trademarks or registered trademarks of The SCO Group, Inc. in the U.S. and other countries. UNIX and UnixWare are registered trademarks of The Open Group in the United States and other countries. All other brand or product names are or may be trademarks of their respective owners.

This news release contains forward-looking statements that involve risks, uncertainties and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. These statements are based on management's current expectations and are subject to uncertainty and changes in circumstances. Actual results may vary materially from the expectations contained herein. The forward-looking statements contained herein include statements about the consummation of the transaction with SCO and benefits of the pending transaction with SCO. Factors that could cause actual results to differ materially from those described herein include the inability to obtain regulatory approvals and the inability to successfully integrate the SCO business. #FFXI is under no obligation to (and expressly disclaims any such obligation to) update or alter its forward-looking statements, whether as a result of new information, future events or otherwise.

If you have mod points and would like to support #FFXI, please moderate this post up.


________________________________________________

_#_#__FFFf_FFFf__x___x__III_____________________

#####_F____F______X_x____I______________________

_#_#__Fff__Fff_____X_____I______________________

#####_F____F______x_X____I______________________

_#_#__F____F_____x___x__III_____________________

________________________________________________

____________Official_Final_Fantasy_11_Fan_Club__


Re:sup (-1)

Fecal Troll Matter (445929) | more than 10 years ago | (#7770184)

That's...

so gay.

you're a dumbass troll (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770262)

in your posts b4 you said someone was the fool for responding to a troll, but he got karma for it, something you've never seen LOL!

THERE'S REALLY ONLY ONE QUESTION, MR. GOATSE! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770305)

Are you GAY [klerck.org]?
Are you a INTO ANIMU [mugshots.org]?
Are you a ALONE FOR LIFE [gay-sex-access.com]?


Doesn't a "yes" answer to the second question pretty much guarantee a "yes" to the other two?

Oh, sure, there's CowboyNeal, who's into anime, but happens to have dozens of hot chicks hanging around his place, sucking his massive cock all day long, but he's the exception to the rule.

What?

He doesn't?

And they don't?

And it isn't?

And he's actually attracted to...?

Allow me to restate: "Doesn't a "yes" answer to the second question absolutely unequivocally guarantee a "yes" to the other two?

Re:THERE'S REALLY ONLY ONE QUESTION, MR. GOATSE! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7770405)

Agreed. Especially after going over the evidence: http://cmdrtaco.net/yada/cowboyneal's%20office.jpg

goat pr0n (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770115)

goat pr0n [oralse.cx]

Offtopic, karma-related question, (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770427)

+1 Funny brings no karma.
So if I get +5 post that is +7 Funny, -2 Overrated, I'm actually two points down on my Karma??

yup (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770458)



(there is no text here)

Re:yup (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7770547)

(there is no text here)

YOU FUCKING LIAR!

zajebiste. (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770457)

wyrazy uznania.

I tried, really! (3, Funny)

RobertB-DC (622190) | more than 10 years ago | (#7770125)

I tried to use Google News [google.com] to find a registration-free link. No luck. Will this do?

Dumpster-diving bears at greater risk [cjonline.com]

It's not about bears stealing your identity, though I pity the bear that applies for a Visa card with a FICO [myfico.com] as bad as mine! But it is an interesting tale:

Then there are the people: One older woman set out a batch of syrup-slathered pancakes for the bears, and some parents smeared peanut butter on their children's faces so they could photograph cubs licking it.

Where's Darwin [darwinawards.com] when you need him?

MOD ABUSE ALERT (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770302)

Parent isn't offtopic.

Bad moderators strike again.

Shredding doesn't offer much protection either... (5, Interesting)

shakamojo (518620) | more than 10 years ago | (#7770140)

Remind me to check my dumpster here at the office for a NYT login...

But seriously, we use a shredding company here at my office for our important papers. They're supposed to do all the shredding "on site" in their truck. Yesterday they were here to empty our shred bins, and they brought in a big trash bin to haul our stuff out to the truck. One of these bins was sitting in the hallway, and no one was around, so I took a peek inside. It was papers from an accounting firm down the street! I mean, we're supposed to be paying these guys to keep our info secure, but here they are waiting until their bin is full before they shred anything?! Needless to say, I had a long conversation with our facilities manager after this...

If you want something done right, better do it yourself! I'm now using a $30 shredder BEFORE I dump anything in our shred bins! Who knows where our important documents have been travelling to before they actually got shredded?!

This is why I burn all my important docs, credit card offers, old checks, etc... at home, who knows who is going through your trash? All they need is an account number, and a shredded document can be taped back together with enough motivation and time... (although with some people being easy marks, I guess the harder you can make it, the better!)

Re:Shredding doesn't offer much protection either. (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7770178)

TO BE EXTRA SAFE, I SHRED EVERYTHING AND THEN EAT IT. FEEL FREE TO TRY TO FIND ANYTHING USEFUL IN THE FINAL PRODUCT:

*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_
g_______________________________________________g_ _
o_/_____\_____________\____________/____\_______o_ _
a|_______|_____________\__________|______|______a_ _
t|_______`._____________|_________|_______:_____t_ _
s`________|_____________|________\|_______|_____s_ _
e_\_______|_/_______/__\\\___--___\\_______:____e_ _
x__\______\/____--~~__________~--__|_\_____|____x_ _
*___\______\_-~____________________~-_\____|____*_ _
g____\______\_________.--------.______\|___|____g_ _
o______\_____\______//_________(_(__>__\___|____o_ _
a_______\___.__C____)_________(_(____>__|__/____a_ _
t_______/\_|___C_____)/_AMEX_\_(_____>__|_/_____t_ _
s______/_/\|___C_____)NUMBER_|__(___>___/__\____s_ _
e_____|___(____C_____)\5410-_/__//__/_/_____\___e_ _
x_____|____\__|_____\\_________//_(__/_______|__x_ _
*____|_\____\____)___`----___--'_____________|__*_ _
g____|__\______________\_______/____________/_|_g_ _
o___|______________/____|_____|__\____________|_o_ _
a___|_____________|____/_______\__\___________|_a_ _
t___|__________/_/____|_________|__\___________|t_ _
s___|_________/_/______\__/\___/____|__________|s_ _
e__|_________/_/________|____|_______|_________|e_ _
x__|__________|_________|____|_______|_________|x_ _
*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_


Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Re:Shredding doesn't offer much protection either. (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770399)

Well, that wasn't a completely offtopic use of the goatse guy, for a change. It's the first time that stupid ascii image makes me crack a smile.

.

Re:Shredding doesn't offer much protection either. (1)

wo1verin3 (473094) | more than 10 years ago | (#7770533)

yeah, if you put your documents inside there I doubt any dumpster diver would be willing to touch it. :)

Sounds like terrorist activity to me! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770238)

So which organization was it that you donated all that money to?

Re:Shredding doesn't offer much protection either. (4, Insightful)

Jason1729 (561790) | more than 10 years ago | (#7770265)

Quick question...since personal shredders are only $30, why does your company use the shredding service at all? It would probably be cheaper to outfit every employee (or at least every department) with their own shredder than pay for 2 months of that service, when you empty your personal shredders, just use ordinary recycling for the shreds.

Jason
ProfQuotes [profquotes.com]

Re:Shredding doesn't offer much protection either. (5, Informative)

Brushfireb (635997) | more than 10 years ago | (#7770456)

While I cannot say for what reasons the poster above uses professional shredding services, I do know why such services still exist.

The difference between a $30 Office-Depot Shredder and a good commercial shredder is significant. The Cheapo shredder usually shredes only vertically, and does so usually so that there are about 20 cuts down one page. People sending 3-4 documents in at once will find that they have those 3-4 documents nearly intact, just cut into 20 vertical peices which are easy to put back together if someone is careful in extraction.

On the other hand, good commercial shredders litterall demolish the paper, turning it into sawdust like material that would be impossible (virtually) to reconstruct. Along these same lines, good document security companies use combination of methods, not just shredding to ensure security (read: chemical treatment, randomization, etc).

Brushfireb

Re:Shredding doesn't offer much protection either. (5, Informative)

the pickle (261584) | more than 10 years ago | (#7770502)

since personal shredders are only $30, why does your company use the shredding service at all? It would probably be cheaper to outfit every employee (or at least every department) with their own shredder than pay for 2 months of that service

Because $30 personal shredders suck ass. They're cheaply made, their motors burn up if you put more than 5 sheets at a time through them with any regularity, and they jam very easily.

Spend a hundred for each one and you might get something worth using.

Spend $1500 for a serious industrial crosscut confetti model and let 30 employees share it and your company is probably far better off than with either of the above options, or the shredding service.

Bonus points if the company then sells the shredded paper *directly* to a pulp mill ;)

p

Re:Shredding doesn't offer much protection either. (5, Insightful)

igrp (732252) | more than 10 years ago | (#7770511)

Well, in my experience it usually boils down to one, or a combination of, the following:

  • ignorance
  • incomptence
  • liability

That's one of the reasons the military and (some) government agencies have adopted standarized protocols to deal with this kind of stuff and generally are quick to reprimand those who violate policy.

Many security problems these days have to do with the fact that people for some reason refuse to apply common sense -- requiring people to wear ID tags at all times and conducting thorough background checks is not going to do any good if you just dispose of confidential documents into some backyard alley dumpster.

Re:Shredding doesn't offer much protection either. (4, Insightful)

timshea (257474) | more than 10 years ago | (#7770559)

The cost of having every employee or department having their own shredder isn't restricted to the initial $30/seat investment. There's also the time involved in shredding documents.

Probably not a good example, but:

I once had a job which involved faxing purchase orders to suppliers. When I first started, the process was:

  1. Print batch of purchase orders.
  2. Go to accounting department. (I didn't have a fax machine on my desk.)
  3. Fax each purchase order individually.
This process consumed 2 to 3 hours of each of my days.
COST: 2 to 3 hours employee time per day.
SAVINGS: $100 one-time cost of fax machine

Upper management greatly improved the situation when they donated a fax machine from their office for my desk...because it didn't meet their needs - it didn't automatically identify the sender in the page headers.
COST: 45 to 60 minutes employee time per day; plus additional 40 minutes of long-distance calling per day for the header page.
SAVINGS: $100 one-time cost of fax machine; 2 to 2-1/4 hours employee time per day.

Although it saved the daily trip to the accounting office, faxing now required a header page identifying where the fax was coming from. At least I could be mostly-productive while doing the mindless hours of fax work.

  1. Print batch of purchase orders.
  2. Fax each purchase order individually, with header page.

Eventually, we did end up with a fax modem which was connected directly to the mainframe which saved even more time.
COST: $300 for the fax modem; software written in-house in about an hour
SAVINGS: 2 to 3 hours of employee time per day

Queue batch of purchase orders.

Time is money - even if it is 15 minutes.

Re:Shredding doesn't offer much protection either. (3, Insightful)

migstradamus (472166) | more than 10 years ago | (#7770589)

Getting all your employees to do it is the main problem. There is no way you're going to get the consistency you need.

Another reason is liability. Having a company you can sue is nicer than having to cut your own throat by firing someone who screws up.

Re:Shredding doesn't offer much protection either. (4, Funny)

Radical Rad (138892) | more than 10 years ago | (#7770626)

Quick question...since personal shredders are only $30, why does your company use the shredding service at all?

$30 personal shredders won't handle many items such as old badges, bernoulli disks, floppies, backup tapes, CD's, last year's Xmas fruitcake, whistleblowers, etc.

Libya to give up WMD (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770608)

For all you fucktards that think the war in Iraq is a waste of time, what do you think prompted this [bbc.co.uk] ?

I think it was more than a little discussion with the Brits.

Never mind out tax forms going to India (-1, Offtopic)

plinius (714075) | more than 10 years ago | (#7770141)

I suggest every American write to their congressional representative (I did) and complain that outsourcing has resulted in our tax and medical records going overseas. There is ample proof to support this claim, so let's act now to combat is nasty example of globalization.

STUPlD MODS (+1 INFORMATIVE) (0)

Anonymous Coward | more than 10 years ago | (#7770558)

Why was this modded offtopic. Identity theft rings are operating overseas due to this kind of information whoring

avoid recycling bins for financial mail (5, Interesting)

js7a (579872) | more than 10 years ago | (#7770143)

''It was the first time I had ever been to the dump,'' Massey recalled, wrinkling his nose. ''I said, 'I'm not going to get dirty,' so I wandered over to a shed where the recycling was stored. I notice there's a big barrel for recycled paper that's full of discarded tax forms from an accounting firm.'' Each form had the person's name, date of birth, Social Security number -- all the information necessary for taking out a line of credit.

My local police department recently published a blurb asking residents to dispose of identity theft-related materials (e.g., financial statements, anything with a SSN, etc.) in the ordinary garbage, instead of the "mixed paper" recycling bins as we've been asked by the rest of the city government.

It seems that identity thieves are very happy about the shared, clean, and portable "mixed paper" recycling containers found throughout my (rather affluent) city, and they tend to pick them up, quickly sort through the cereal and microwave dinner boxes for the good stuff, and have the container back before anyone notices.

Presumably today's dumpster divers have the luxury of avoiding coffee grounds, so you can go a long way towards protecting yourself by dumping the financial correspondence in with the smelly stuff.

Re:avoid recycling bins for financial mail (5, Funny)

Anonymous Coward | more than 10 years ago | (#7770292)

It helps to also shit in your garbage can. That should drive most thieves away. I think it's best to layer your shit. You know, throw in some garbage, shit on top of it, then throw in another layer of garbage... and continue so on. But don't shit on the topmost layer, we want for the dumpster divers to reach in and find a surprise! (wink)

Re:avoid recycling bins for financial mail (3, Funny)

Anonymous Coward | more than 10 years ago | (#7770350)

This is the most useful household hint that can be gleaned from slashdot. May I recommend that a round of delicious Mexican cuisine preceed this glorious endeavour?

OK..... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7770147)

How, exactly does this apply to technology? Am I mistaken by assuming this is a "news for nerds" website? Oh well...

Re:OK..... (1, Insightful)

Anonymous Coward | more than 10 years ago | (#7770205)

[since I'm waiting for a build to complete, I'll bite..]

This is because back in the day (~1985) when people used to go 'trashing', they were usually buying various techno goodies (anyone remember the Prometheus modem with the clock?) for even more mischief. If the early hacking/phreaking geeks didn't invent trashing, they certainly brought it to a higher level...or lower depending on your perspective.

Not advocating btw, just relaying...

Well... (3, Funny)

EdgeShadow (665410) | more than 10 years ago | (#7770230)

Shredders are a form of technology, last time I checked. And, seeing as how this story comes straight from the "buy-a-shredder" department, it is directly related to shredders and is thus quite applicable to technology in general.

Go buy a shredder and port Linux to it today!

YHBT. YHL. HAND :-) [n/t] (0)

Anonymous Coward | more than 10 years ago | (#7770286)

C'mon that wasn't even a decent troll. Pathetic.

Re:Well... (0)

Anonymous Coward | more than 10 years ago | (#7770329)

ESR was more than happy to oblige.
http://slashdot.org/article.pl?sid=03/09/ 09/212920 7&mode=thread&tid=126&tid=156&tid=187&tid= 88

Re:Well... (5, Funny)

NanoGator (522640) | more than 10 years ago | (#7770368)

"Go buy a shredder and port Linux to it today!"

Linux is still a little behind Windows in the document destruction department.

Re:OK..... (2, Funny)

NanoGator (522640) | more than 10 years ago | (#7770468)

"How, exactly does this apply to technology? Am I mistaken by assuming this is a "news for nerds" website? Oh well..."

Hmmm... I can't find the word technology in the phrase "news for nerds, stuff that matters." I even tried CTRL + F. No luck. I'm having serious trouble finding the source of your complaint here. Help?

TV ads... (1, Interesting)

Anonymous Coward | more than 10 years ago | (#7770157)

those TV ads on ID theft are pretty damn funny though (the ones with voice-overs; grandma talking about 500hp pickup trucks with them naked ladies... mamacita). I have yet to be scammed, but I do now: that AIN'T funny. And those scumbags need to spent as much time in prison as rapists, pedophiles and murderers.

Re:TV ads... (0)

Anonymous Coward | more than 10 years ago | (#7770216)

LOL, those ads are ones that we actually stop fast-forwarding past and watch a couple of times when we see a new one. Yay TiVo!

Re:TV ads... (0)

Anonymous Coward | more than 10 years ago | (#7770295)

Yeah, but we need more of 'em ads. They are the best ads on the TV right now.

I'm not as worried... (3, Interesting)

irokitt (663593) | more than 10 years ago | (#7770161)

I produce very few pieces of paper that have sensitive information like this. I am more worried about the information on my computer, which is sensitive. Companies, on the other hand, do need to worry.

The solution is easy (5, Interesting)

Kirk Troll (729217) | more than 10 years ago | (#7770176)

If you're so worried about ID theft, then maybe you should keep a close eye on your credit card bills, credit scores, etc.. Buy a paper shredder. Shred all bank statements and whatnot before you throw them out. Internet-shminternet, dumpster diving is the fastest way to someone's finances. Get the carbons at the gas station, or stores where they still use the old carbon-thinger credit card machine.

I knew someone who got screwed big time by a gas station who would keep the carbons, and double bill her every time she filled up, the cash going straight into the owners pocket. She was a dope for letting it go on so long, as she never bothered scrutinizing her Visa bills. Turned out the station was owned by a Russian mobster. This was long before the world wide weeb.

Just don't toss your sensitive data into the dumpster where any bum can get your CC number.

Important add-on (5, Insightful)

karevoll (630350) | more than 10 years ago | (#7770244)

Im not saying Im agreeing with the parent post, but if you do, please remember that certain papers must be filed by you for a period of up to 10 years.. so you might want to do what most people in this situation does: buy a small file-safe... othervise you might end up having troubles with the IRS, and we dont want that, do we?

Re:The solution is easy (4, Interesting)

A Commentor (459578) | more than 10 years ago | (#7770364)

How does that protect you from the information theft that occurs with others that you have to deal with? If you have to see the doctor, and had it billed to insurance, most likely you're Social Security Number was seen by many people. Anyone of them could copy the number name and start opening accounts. I guess you could avoid the doctor offices too.

Having gone through this a few years back, it not as simple as you state. They didn't have any personal Credit Card numbers, just the SS # and they opened new accounts with that. Luckily one of the companies actually took time and flag the application for inconsistencies... Credit Report showed working at a computer company, yet the application said I cut hair... not many people make that kind of job change. The lady actually track me down, and I was able to clean it up relatively easy. If I had to wait for the next review of my credit report (which is recommended every year) with could be upto 12 months before this is detected, would make it much harder to clean up.

When a few companies was questioning me, as if I was involved in the scheme: "How did you find out about this if you weren't involved", it was quite satisfying to respond: "Mrs. X at company Y actually inspected the credit application and contacted me to verify that I didn't sign-up. She was the first to notify me and you can reach her at: xxx-xxxx. Don't blame me for your companies lack of verification."

Re:The solution is easy (2, Insightful)

waveclaw (43274) | more than 10 years ago | (#7770366)

Shred all bank statements and whatnot before you throw them out.

You throw these out!?!? Never, in my wildest imagination would I consider taking such critical records and disposing of them. I've got my account histories (at the touch of a lock) form three banks over 15 year - I've even got records fom companies that closed, long before the whole 'get it online' rush. This is why I request paper copies of those records: so I can keep them.

Certainly, someone can break into my house, ignore all the shiny, expensive and portable things and got straight for the heavy, ugly, locked boxes obviously full of useless paper that are being used as a table for dirty laundry and AOL CD's (same really). But I degress.

PARENT IS CUMGARGLING KARMA WHORING GAY FAGGOT (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770583)

But... (5, Funny)

The-Bus (138060) | more than 10 years ago | (#7770182)

What if all your bills are past due? Then it doesn't matter. It's like that old joke (or is it a scene from a movie?)...

"A thief stole my credit card and has been using it for the past couple of months."
"Oh my! Why haven't you reported it?"
"Because it still works out to be cheaper than me using it!"

Re:But... (0)

Anonymous Coward | more than 10 years ago | (#7770514)

I remember it as "A thief stole my wife's credit card and has been using it for the past couple of months."

Burn Them. (5, Funny)

vspazv (578657) | more than 10 years ago | (#7770190)

This is the reason i have a fireplace in addition to central heat and air. Well, that and the fact that i like making smores.

Re:Burn Them. (0)

Anonymous Coward | more than 10 years ago | (#7770275)

I prefer a shreader, but my shreader died (again). You reminded my I have a half grocery bag full of credit card offers. Ok, I had that much, it's getting smaller by the minute. Lots of fun too.

Re:Burn Them. (1)

RobertB-DC (622190) | more than 10 years ago | (#7770340)

This is the reason i have a fireplace in addition to central heat and air.

We used to shred constantly until we moved out to the country. Now, we're never short of kindling for the trash barrel! Too bad I didn't "remember" to update the address on all my domain name registrations, though. Heh.

Compost them, don't burn them! (5, Interesting)

wart (89140) | more than 10 years ago | (#7770379)

Fireplaces produce too much air pollution. The ecologically correct way to dispose of these sensitive documents is to first shred them. Then mix the paper shredding into your backyard compost bin or worm bin and let nature dispose of it cleanly.

I doubt that many id theives would want to rummage through your compost bin, if they even thought to look there in the first place.

For added security, add a couple of large dogs to your backyard. They will help deter personal property thieves in addition to compost-diving identity thieves!

Re:Compost them, don't burn them! (2, Funny)

irokitt (663593) | more than 10 years ago | (#7770649)

Right on. I have a doberman, and I don't even have to deal with the Jehovah's Witnesses!

The solution: (-1)

cmdr_shithead (527909) | more than 10 years ago | (#7770191)

the dictatorship of the proletariat.

a little while back (4, Insightful)

dandelion_wine (625330) | more than 10 years ago | (#7770225)

I've always taken a few moments to shred my bank machine receipts when I get them. Since sorting for recycling takes time anyway, I've always gone through it and shredded anything remotely useful, long before the notion of "identity theft" became mainstream.

Honestly, if people would just be a bit more paranoid, and not worry about being casual with risk as a fashion statement, these guys would have a lot less to go on.

That's with regard to personal papers. Businesses should know better, and should get their asses sued for failing to protect sensitive information that was entrusted to them by their clients.

Re:a little while back (3, Interesting)

Anonymous Coward | more than 10 years ago | (#7770356)

Diligence is well worth it. Before I met my wife, she had dramas with her card. The short story is a male several hundred miles away used her card and number to pay for his utility bill. It was a small enough amount that she didn't notice immediately, but came to notice almost a year's worth of payments to a company she had no dealings with.

The dumb bit? They were useless to deal with. Despite the fact a male had been paying his utility with her card (her name's Katie, it's not like that could be mistaken :P) each time she phoned them to try clearing things up they INSISTED on asking for her boyfriend or husband and she was single at the time.

The fourth call to them slipped up, and she got the name of the guy whose account it was paying. He was arrested soon after (and yes, her card was cancelled)

Despite her protestations, the utility co didn't immediately believe there could be an identity theft problem, but presumed it was a girlfriend/wife trying to meddle in her partner's affairs... despite the card belonging to her.

This happened in the early 1990s, I don't know of it would happen today, but it seemed to be institutionalized by the number of calls she made with the same result.

Re:a little while back (1)

dandelion_wine (625330) | more than 10 years ago | (#7770442)

I love futility mired in irony.

"But it's my card!"

"I'm sorry miss, but it's obviously not your card as this account belongs to a male; now can we speak to him?"

Recycling.... (2, Interesting)

Avihson (689950) | more than 10 years ago | (#7770508)

That is why I recycle all my personal papers into tinder for my wood stove.
Properly rolled and bound newpaper "logs" burn for a long time, and give up some nice heat.
I use the cheap single cut shredder to shred everything with personal info, this is good enough for starting the fire.
I cut the address from my old trade periodicals before I drop them off at the waiting room at my Doctor's office. Better computer magazines than Women's Day.

Now before all of you green geeks flame me, the county stopped collecting paper, ever since the price dropped. They had a scandal when it was exposed that they were dumping sorted recycle paper in the landfill with regular garbage.

As far as I know they still properly recycle glass, plastic and metals.

Punishment != Harm Caused (4, Insightful)

Lancer (32120) | more than 10 years ago | (#7770235)

By the time investigators broke the case, Massey and his partner in crime, a computer whiz named Kari Melton, had ruined hundreds of people's credit. A judge sentenced them to prison in 2000; Melton was released in 2001, Massey the next year.
Given the amount of turmoil, headache, as well as real monetary loss these crimes must have caused, it's amazing to me that they each spent less than two years locked up.

I'd argue that was nothing but a slap on the wrist, and not much of a deterrent to future fraudsters.

Re:Punishment != Harm Caused (2, Funny)

merikus (722704) | more than 10 years ago | (#7770397)

Well, you know, you have to keep all those pot users in lock up for five-to-ten. Imagine what *they* would do if they got out!

Re:Punishment != Harm Caused (2, Funny)

gblues (90260) | more than 10 years ago | (#7770634)

I'll tell you what they'd do: single-handedly revive the bread market that's starting to suffer because of people starting the Atkins diet.

Nathan

Re:Punishment != Harm Caused (1, Interesting)

Anonymous Coward | more than 10 years ago | (#7770623)

I'd argue that they were only partly to blame for ruining the credit histories of all those people. Some liability must be given to the credit card companies and credit history maintainers as well. The fact that a Name/SSN/address is enough to open a line of credit is seriously negligent.

It should be up to the financial services companies to either design a system that is hard to game or to absorb all of the ill effects of identify theft. That the consumer is forced to prove that they did not perform the actions of the identity thief is an outrage.

Cringely articles on identity theft (5, Informative)

UrgleHoth (50415) | more than 10 years ago | (#7770252)

Here is an interesting couple of articles on identity theft by Robert X. Cringely (or Mark Stephens [xent.com] , depending on your version of reality).

Ego, Super-ego, and ID Theft [pbs.org]
How to Steal $65 Billion [pbs.org]

google link (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7770253)

im lazy, so whats the google link?

Shredder sucks! (0, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770254)

Splinter rules!

How ironic (5, Funny)

Rosco P. Coltrane (209368) | more than 10 years ago | (#7770264)

The New-York "registration required" Times running an article on people fishing for other people's personal information, that's amusing ...

Same Story without the Registration (4, Informative)

FelixCat (594769) | more than 10 years ago | (#7770282)

The NY Times article is about a guy named Stephen Massey.
A little googling resulted in the same basic story without the registration:

refers to future article in NY Times [here-now.org]

and

Over a year ago on CBS News [cbsnews.com]

Dumpster Diving for MY identity? (2, Funny)

Metallic Matty (579124) | more than 10 years ago | (#7770298)

Why do I need to do that? I know who I am..

Well, who cares about them (1, Insightful)

Anonymous Coward | more than 10 years ago | (#7770300)

To be honest I'm not so curious to hear from these two. What worries me is what the identity theives who DON'T get caught are doing!!!

Anonymous FTP (5, Interesting)

Eberlin (570874) | more than 10 years ago | (#7770306)

One electronic version of "dumpster diving" would be looking through a company's website/anonymous FTP server. Sometimes, a few moronic folks decide to store otherwise-vital information in these "undisclosed" locations that anyone can get into over the web.

Somewhat popular among the consulting types, they upload client data to an FTP server, then fly off to the client's office, and download it from there...or maybe use it as a means to "share" data among themselves. Some forget to password-protect it, relying instead on security through obscurity.

How is this related to dumpster diving? Well, if you look hard enough, those servers are just like public-access trash bins fit for people to...um...recycle data.

If you're a consulting group, make sure you treat your client data with absolute confidentiality. If you're a business working with consultants, make sure they don't leak your info to the world.

same goes for Kazaa (2, Interesting)

Janek Kozicki (722688) | more than 10 years ago | (#7770613)

a journalist in my country (Poland) made an investigation about possible uses of Kazaa to find data of national importancy (I cannot find URL now, and the article is written in polish ;).

In just a few hours he found documents related to national security and bussiness. Mostly because careless employers of crucial national institutions carelessly install Kazaa just to download junk, and don't even know (or understand) that they share C:\My Documents\ directory. This is outrageous.

The journalist said that not all national-importancy institutes suffer this sick employers behaviour, but some of them do. Which is proven by simple Kazaa search.

NYT random login (2, Informative)

Anonymous Coward | more than 10 years ago | (#7770317)

>>Remind me to check my dumpster here at the office for a NYT login...

Use this to randomly generate a login for you
http://www.majcher.com/nytview.html

Just do what my parents do... (2, Interesting)

Stu Catz (728228) | more than 10 years ago | (#7770327)

...burn it in the barbeque, or in a fireplace if you have one.

Re:Just do what my parents do... (1)

JW Troll (607432) | more than 10 years ago | (#7770515)

..or you could just put it through my cat a couple times. That seems to take care of the most sensitive bits.

Full Article Text without Karma Whore (5, Informative)

Anonymous Coward | more than 10 years ago | (#7770339)

Dumpster-Diving for Your Identity
By STEPHEN MIHM

Published: December 21, 2003

tephen Massey was only a few minutes late, yet he apologized profusely as he strode into the lobby of a crowded restaurant in downtown Eugene, Ore. ''I'm very punctual about my time,'' he said, clasping my hand in a firm shake. With his freshly combed hair, crisp white shirt and trimmed mustache, he looked like an off-duty cop or fireman -- a ''pillar of the community,'' as he later described himself, a wolfish smile playing across his lips. Far from it: Massey, 39, directed one of the most extensive and notorious identity-theft rings prosecuted so far by federal authorities. By the time investigators broke the case, Massey and his partner in crime, a computer whiz named Kari Melton, had ruined hundreds of people's credit. A judge sentenced them to prison in 2000; Melton was released in 2001, Massey the next year.

Advertisement

The Federal Trade Commission estimates that identity theft costs nearly $53 billion annually. Some seven million people were victimized in 2002. Yet little is known about how the perpetrators actually operate. It's a popular perception that most identity theft happens on the Internet, but over the course of dinner, Massey quickly made clear that low-tech methods of getting people's personal information are far more effective. ''Every day was exciting,'' he recalled between mouthfuls of potato skins. ''We went to Vegas, Atlantic City. We made a business of it. It was like James Bond . . . 'Mission: Impossible.'''

In late October, Massey disappeared, violating the terms of his supervised release and prompting a national warrant for his arrest. It had become clear to me in five months of interviews that not everything he said was to be trusted, although much of it was verified by the detectives and prosecutors who had already investigated his crimes and by Kari Melton. As for Massey's current whereabouts, Steve Williams, a detective in the Eugene Police Department, who worked on the first case against Massey and is once again on his trail, said: ''My gut feeling is that he is in the Seattle area'' -- where he has family -- ''back to his old tricks, doing drugs, identity theft and counterfeit checks.''

If Massey has indeed resumed operations, it's a sure thing that he's not working alone. His identity-theft crimes depended on the work of a carefully built ring, one that employed hordes of petty thieves and drug addicts. If he sticks to his old techniques, his crimes will originate in Dumpsters and garbage cans, where information can be culled from discarded personnel files and other trash. It's not the most glamorous crime, but that doesn't make it any less devastating to its victims.

Discovering the Dump

Massey's life began to unravel in his late 20's, soon after he started experimenting with the highly addictive stimulant methamphetamine. Before that, Massey achieved some semblance of success, managing an awning-maintenance company, marrying and, with his wife, having two daughters. Then he and his wife divorced in 1992. Soon after, he remarried, and divorced a year later. His business began to decline. Sometime in the mid-90's, his teenage girlfriend offered him some meth. ''So here I am with no place to live, on the rebound and with a habit,'' Massey recounted. ''Who wants to look for a job again?'' Massey began hanging out with a much younger crowd of meth addicts, called ''tweakers,'' and forging checks to feed his drug use. It was during this time that he began to wonder if he could hijack people's identities for profit. He stumbled onto the answer soon after, when the meth-heads invited him to go ''Dumpster diving'' for junk. Massey and the teenagers piled into his Ford Explorer and drove to the outskirts of Eugene.

''It was the first time I had ever been to the dump,'' Massey recalled, wrinkling his nose. ''I said, 'I'm not going to get dirty,' so I wandered over to a shed where the recycling was stored. I notice there's a big barrel for recycled paper that's full of discarded tax forms from an accounting firm.'' Each form had the person's name, date of birth, Social Security number -- all the information necessary for taking out a line of credit.

''The wheels started turning in my head,'' Massey said, smiling. ''The guys profiled here were pulling in $800,000 a year. So I told the tweakers to get all this stuff in the truck. Now! I said, 'This is worth five million right here.'''

Growing the Business

For the aspiring identity thief, a Dumpster can be a gold mine -- full of documents discarded by hospitals, accounting firms and law firms. And if that doesn't work, there are other readily tappable sources. ''Theft from mail is also a very common mechanism for getting this stuff,'' explained Jonathan J. Rusch, the special counsel for fraud prevention in the Department of Justice. ''Even one handful of mail can yield lots of valuable information to an identity thief.'' Rusch recalled a recent case in Southern California in which an identity thief robbed postal drop boxes while driving a bogus mail truck. Total losses: $1.7 million.

Some identity thieves do go straight to the Internet, hacking into databases or using ''phisher sites'' -- phony Web pages that mimic real banking and e-commerce sites in order to entice victims to hand over sensitive information. But those cases remain the exception, not the rule. For the most part, obtaining dates of birth and Social Security numbers still begins off line, and often in the trash.

The digital dimension usually comes into play later. After harvesting information from a Dumpster, Massey would visit a credit clearinghouse online and apply for credit in the person's name. Massey would enter the person's existing address, and when asked whether the victim had moved in the past two years, Massey would type in a new address, a temporary mailbox rented for the occasion.

''It would ask me if I wanted an additional cardholder on the account,'' he said, walking me through his scam. ''Absolutely -- I would!'' he said, mimicking typing on a keyboard. He would put his name down. Both cards would come in the mail, one in the victim's name and one in his. This second card, made out to S. Massey, enabled him to use his own identification when making purchases -- while the first initial also offered some measure of anonymity. He could now use the victim's credit as he saw fit.

Massey met Melton, 34, shortly after his first visit to the dump. She owned a company that issued travel permits for oversize trucks; like Massey, she had started taking meth and drifted into petty crime. Melton was already creating bogus checks on her computer -- all she needed was a quick over-the-shoulder glance at someone's account number as he paid for groceries and she could generate some fast cash. But she, too, had been looking for a way to parlay identity appropriation into bigger profits.

One day she visited a friend's house; Massey happened to be there, typing away. ''He has this laptop on the table,'' Melton recounted over the phone. ''Most of the people in the underground were computer illiterate, but he knew about computers, so we had something to talk about.'' They quickly became friends and found they had something in common besides computers and meth use. ''We both enjoyed having money and both enjoyed not having to hustle for it,'' Massey said.

The schemes developed by Massey and Melton did not initially have a name. Existing federal legislation addressed only the fraudulent creation, use and transfer of identification documents, not the theft and criminal use of the underlying personal information, particularly Social Security numbers and dates of birth. That changed on Oct. 30, 1998, with the enactment of the federal Identity Theft and Assumption Deterrence Act. The new law gave prosecutors better tools to prosecute everything from check forgery to the misuse of someone's credit card to the kind of scams perpetrated by Massey and Melton. The law, like similar legislation passed by several states around the same time, gave a common label -- ''identity theft'' -- to a constellation of crimes previously prosecuted under different names.

But the class of crimes committed by Massey and Melton are far more devastating than garden-variety identity theft. If someone steals a credit-card number and racks up charges, the card is canceled, and the victim walks away chastened but unscathed. But if the identity thief borrows the victim's Social Security number and obtains credit in the victim's name without his knowledge, that's another matter altogether. In many cases, these victims don't realize someone has preyed on their credit until the thief has bled them dry. According to a Federal Trade Commission report released in September, it takes 26 percent of victims between one and five months to realize the imposture; another 12 percent do not learn for at least six months, if not longer. By that time, the damage to a person's credit can be complete.

Worse, even if the victim or the credit-card companies figure out that an identity thief has taken out an illegal card or loan, and cancel the fraudulent account, the identity thief is rarely apprehended. ''The banks never come after you -- they just stop the card,'' Melton explained. ''No federal investigators. You just throw away the card and know not to do that bank again.''

Part of the problem is jurisdiction. Jonathan Rusch of the Department of Justice sketched out a typical course of events: ''I live in Washington, D.C. Let's say I find out that someone has opened credit accounts in my name with companies in South Dakota. I can go to the Washington Police, but the credit-card company is in another state. Many departments are reluctant to take police reports because they don't think they can investigate these cases themselves.''

The feds, on the other hand, have the resources, but few cases are large enough to warrant an investigation. Those that do face serious obstacles. Sean Hoar, the assistant United States attorney who prosecuted Massey and Melton, gave me an example: ''We follow the money by following the Internet-protocol addresses.'' But he explained that identity thieves are well aware of this problem and cover their tracks, juggling modems, computers and software. And Internet service providers have no obligation to retain the kinds of records that might form a paper trail of a thief's activities.

How bad, then, is the problem? Avivah Litan is pessimistic. An analyst with Gartner Inc., a research company that advises financial institutions on security issues, Litan speculated that fewer than 1 in 700 acts of identity theft end with the conviction of the offender. It may be worse: ''People in the industry whom I've talked to have said it's more on the level of one out of a thousand.'' Identity theft, she lamented, ''is a very lucrative, low-risk crime.''

Refining the Scheme

One in 700. One in 1,000. Figures like these go a long way toward explaining how a pair of identity thieves like Massey and Melton operated with impunity for so long. Their yearlong buying binge came to an end only after an accomplice was picked up. In other words, the police got lucky.

Until their capture, the duo practiced increasingly refined versions of Massey's original scheme. They ordered secondary credit cards made out to S. Massey or K. Melton. In time, they purchased equipment for making fake driver's licenses, allowing them to fully assume another person's identity. They shared resources, though each cultivated a separate set of victims. Melton explained: ''We did the same crime at the same time in the same room -- but we didn't do it together. We had different accounts. He had his, and I had mine.'' Working side by side, they repeatedly scavenged information on an individual and then went online and did a credit check. ''It costs, like, $12 to $30,'' Melton explained. This was a negligible expense; it was paid for, after all, using other people's credit cards. And it ensured that the victim was someone with assets.

''I would know what I'm dealing with before I'd invest time in the person's Social Security number,'' she went on to say. Part of that decision depended on whether the prospective victim owned a home. A typical homeowner can get an instant credit line of $5,000 to $25,000. Melton told me: ''If you have the credit to get a home loan, you have the credit I need.''

If the victim passed this test, Melton or Massey would begin applying for credit cards using one of the many online credit-card sites that give automated responses to requests for credit. One site, which is now defunct, ''let people apply online and get an instant answer within 30 seconds,'' Melton explained. ''I would have $1,000 available to me instantly'' -- along with the promise of a credit card.

Massey or Melton would then have the card sent to a temporary mail drop. To answer queries from the credit-card company, they provided the number of a prepaid cellphone. ''There was a time when I had 15 cellphones plugged in all the time,'' Massey claimed. ''I had notes saying what phone was for what.'' Each time a phone rang, Massey or Melton would check the note, pull the matching credit report and answer in the appropriate tone of voice. Investigators estimate that they opened more than 400 fraudulent lines of credit during their spree.

Once they had their system set up, Melton rarely paid for things in person. Part of the reason had to do with race. In Eugene, a black woman stands out. ''I couldn't hide if I wanted to hide.''

Massey, on the other hand, enjoyed playing the part of an impostor and talking his way out of tight situations. ''That's one thing they teach you in the Fire Department: 'Never panic.''' Melton put it this way: ''Steve is a con man, a great con man. He's the kind of guy who can sell you anything.'' But, she cautioned, ''he's kind of a liar.''

Indeed, any conversation with Massey yields a blend of fact and fiction. At different times, he told me that he had worked as a firefighter, earned a bachelor's degree in business management and been elected a city councilman. In reality, he signed up to volunteer as a firefighter but was dismissed within months, attended community college and never earned a degree and as for being a city councilman -- well, never mind. In court records, a psychologist described Massey as suffering from ''narcissistic tendencies.'' It's almost as if Massey's desire to be important could be satisfied only by stealing other people's identities. He wanted to be someone, desperately. And indeed he did -- by becoming someone else. ''I was an actor,'' Massey told me. ''I could put on a new hat every day. Who do I want to be today? The feeling after you've just hooked them, is just, like, bam!'' He smacked his fist into the palm of his hand. ''Take that, Bank of America!''

All the Young Tweakers

Like many identity-theft rings in the United States, Massey and Melton's enterprise employed scores of petty criminals addicted to methamphetamine. ''It's a very typical combination,'' Hoar, the federal prosecutor, explained. ''The meth user tends to be more prone to this type of behavior than other drug users.'' To a person on meth, tasks that might otherwise seem boring -- like sorting thousands of tax forms or reconstructing shredded patient records -- are said to become oddly enthralling. Meth could turn slackers into hyperefficient paper pushers. ''Drug addicts who used to kick in doors and steal electronic devices now kick in doors and steal identity information,'' Hoar said. ''They do it because identity information is more transferable and lucrative than stolen electronics.''

Word spread among the tweakers that Massey and Melton would swap meth, cellphones and other goodies for people's Social Security numbers and dates of birth. ''We made a business of it,'' Massey said. ''The tweakers came to work at 8 o'clock every morning. I gave them bonuses. I treated them like employees.''

The ''employees'' collecting identification information fell into several categories: ''bucklers,'' who broke into cars; ''criddlers,'' who stole, from, say, mailboxes; and Dumpster divers, who rooted through garbage from hospitals, accounting firms, banks, law firms and other organizations known to be careless with personal information. Massey also employed a select few to transcribe documents onto neatly labeled 3-by-5 index cards.

Both Massey and Melton brought business expertise to their enterprise: Massey had managed a handful of employees at the awning-maintenance company. Melton had started her travel-permits company. They were adept at managing a ring of subordinates. ''I felt like this big, old king banana,'' Massey boasted at one point. ''I was like the Pied Piper and the music man to these kids on meth.'' Melton was much more cautious, but, as she recounted, ''Steve would bring any ragamuffin into the hotel room to watch what we were doing.''

Getting Deep Inside

Steps have been taken to protect consumers from identity theft, but too often they fall short. The Financial Services Modernization Act of 1999 required that financial-service and insurance companies safeguard information, but the law does not apply to hospitals or universities, for example. Yet even if every business in the country never threw away a single scrap of paper, thieves would still be able to steal Social Security numbers using inside contacts. Some gangs of identity thieves have relied on cleaning crews and temps with easy access to sensitive information.

More dangerous still is what Joanna Crane calls the insider threat -- when an actual employee does the dirty work. Crane, who manages the Federal Trade Commission's identity-theft program, recently noticed this trend while updating a database of cases: ''A growing number of consumers complained that information had been compromised due to theft of company records.'' Last year, a case made the front pages: the theft of more than 30,000 credit histories from Teledata Communications Inc., an intermediary between businesses and credit-reporting agencies.

According to prosecutors, a short-term employee named Philip Cummings funneled credit histories to Linus Baptiste, a front man for a gang of identity thieves, many of them operating in New York City. Baptiste sold each report for up to $60 and split the proceeds with Cummings. When Cummings left the company in 2000, he took with him copies of the proprietary software and the necessary passwords, and he and Baptiste downloaded reports from afar. The extent of the fraud remains unknown, if only because many of the identity thieves who used the data remain at large.

Insider identity theft is especially common in Delaware, home to a number of financial-service companies. Beth Moskow-Schnoll, an assistant United States attorney based there, says that thieves who approach employees have very specific requests. ''Here's what I want,'' she said to me, pretending that she was talking to someone on the inside. ''I only want cards with a credit limit of $5,000 or more.'' Other thieves approach employees of banks and credit-card companies requesting that they pull information on people living in wealthy neighborhoods.

Insider cases have surfaced throughout the country: a human-resources employee in Illinois who harvested the identities of up to 80 co-workers, an office manager at an H&R Block office who stole information from his customers and a medical assistant who pilfered information from patient files at a hospital.

While the actual thieves are to blame, the companies safeguarding these records should share responsibility, experts say. ''There is no 'standard of care' to which these companies are held,'' said Litan, the Gartner Inc. security analyst. ''If someone in the organization steals credit reports, the company is not responsible. The bottom line is that the banks and financial institutions are not held liable.'' Melton, for her part, doesn't think there's much to be done. ''All you need is some idiot, some young kid working at a hospital or bank who's not happy with his job, who's not making enough money. He'll sell you Social Security numbers.''

The Trail of Fraud

By the time Kari Melton and Stephen Massey entered federal prison in 2000, they had created a convoluted trail of fraud that proved almost impossible to reconstruct. ''It was insane,'' Detective Williams said as he unpacked boxes of evidence from the case in a windowless room in the Eugene Police Department. Williams guessed that the true extent of their crimes may never be known. Part of the reason had to do with the thieves' peripatetic lifestyle. Wide awake, wired and constantly collecting new identities, they wandered from Eugene to Portland to Las Vegas and back again in a roaming tour of fraud and imposture, paying for everything -- plane tickets, car rentals, hotel rooms, restaurant meals -- with the credit of others.

Over the course of the year, they racked up a remarkable record of debt thanks to other people's credit. By Melton's reckoning, the amount is higher than what prosecutors estimated. ''The claim that we stole hundreds of thousands isn't true,'' she told me. ''It was more like something over a million.''

Massey and Melton burned through credit as fast as they acquired it, satisfying every whim and desire. Williams showed me receipts from some of their purchases. ''Highly overpriced food,'' he muttered, handing me a receipt. It was from Omaha Steaks and listed an order for a filet mignon, a stuffed sole with scallops and crabmeat, jumbo shrimp, a smoked-salmon roll, a Black Forest cheesecake and a dessert described as a ''chocolate ecstasy cake.'' Total bill: $387.45.

But that purchase pales next to purchases of jewelry, perfume and other luxury goods. Buying them often became an end in itself. As Melton recounted, they would challenge each other: ''O.K., Steve, it's 2 o'clock. Let's see who can have a Rolex watch delivered here by tomorrow morning.'' And on it went: trips to Vegas to gamble, gorge and hole up in a hotel room, pushing the credit envelope.

Massey and Melton enjoyed spending time in Vegas, and not just because they could gamble on someone else's dime. Usually, $1,000 cash advances raise red flags, but in Vegas that amount didn't invite suspicion. While the casinos helped Massey and Melton extract cash from credit, the duo also began experimenting with ways to wring more out of every line of credit. The key to keeping credit cards in play for longer periods of time, according to Massey, was to shift credit from one account to another in a complicated pyramid scheme. ''You can pay your credit card with another credit card,'' Massey said and laughed. ''I've always loved that. When we would get another batch of credit cards that came with checks, we would pay the ones that were overdue.'' Or, Melton added: ''If I got a credit card with good credit, and it lasts more than a month, I'll pay the bill. Then, after a few months, I can upgrade the credit. A couple months later, I'll use it.''

Over time, their working methods began to diverge. While Massey continued to cull identities from the conventional sources -- garbage, recycling, stolen mail -- Melton experimented with more esoteric means of harvesting information: for example, she used a ''sniffer program,'' one that allows a hacker to eavesdrop on someone else's keystrokes. She also began to impose ever greater security on her operations, downloading encryption programs from M.I.T. to protect her accounts.

Melton grew more careful as Massey got sloppy. ''After I surpassed Steve, he started learning from me,'' Melton claimed. ''I didn't like his organizational style, the women he had in the room. He was into prostitutes, but not even good-looking ones! They were just sitting there watching us do felonies.''

Massey's downfall came, much as Melton feared, at the hands of one of his subordinates. Massey and a few hangers-on were staying at the Hilton in Eugene. Four tweakers burglarized a car in the hotel parking lot. When a security guard approached, one of them ran up to Massey's room -- inadvertently leading the police to their ringleader. And once he and the tweakers landed in jail, it was only a matter of time before they found Melton. After a week of interrogation, Williams had enough information to track Massey's partner down to a nearby motel.

Back in Business?

Massey went to prison for 41 months, Melton for 15. Once they got out, each was assigned to the same probation officer. But there the similarities end. Melton has had some success in starting a new life, but Massey's problems began soon after he was released. The police picked him up earlier this year with equipment for forging checks in his Ford Explorer. The charges were eventually dropped; Massey went into a halfway house, only to be kicked out for violating regulations. Unfortunately, Massey's request to be on supervised release near his parents in Washington State went unheeded, and he ended up back in Eugene, near his old haunts.

''The circle of friends is still there,'' he said before he disappeared. ''I'm approached -- I kid you not -- maybe three or four times a week by people wanting to do identity theft.'' He said then that he turned them down. ''There's a lot of pressure,'' he lamented. ''There's not a day that I don't think, Man, three days and I could make a living.'' By October, the pressure proved too much for Massey. He was implicated in a forged-check scheme, and detectives suspected that he was taking meth again. The U.S. District Court in Oregon ordered Massey to wear a monitoring bracelet. But shortly before being fitted for it, he disappeared. Massey's federal probation officer, Mark Walker, realized he was on the run when he made an unannounced house visit on Oct. 30 and a neighbor reported that Massey had left days earlier.

Melton, for her part, will soon earn a degree at her local community college as a computer-networking specialist and says she hopes to get a bachelor's degree eventually. She has thought about starting her own business, parlaying her computer skills and her former life into a more legitimate profession. If she goes that route, she might consider work as a security consultant. The incidence of identity theft is skyrocketing: the number of complaints received by the F.T.C. has nearly doubled every year over the past three years.

Worse, the identity thieves are becoming more and more technologically savvy. Sean Hoar sees a new era of identity theft dawning, one that is far more sophisticated and difficult to prosecute. ''You will still have street-level criminals in the Internet age,'' he said, including Massey in this group. ''But you will also have more disciplined and sophisticated individuals who utilize the Internet.'' In one well-publicized case, an identity thief based in Chicago set up a fake Web site and sent e-mail messages to users of Microsoft's MSN Internet service, asking them to visit the page and update their account information -- including, of course, their credit-card numbers.

At the end of the last dinner I shared with Massey, the conversation turned to these more sophisticated scams. His eyes lighted up. ''The scams are getting more unique,'' he said as he polished off a slice of cheesecake. ''I hate to say it's cool, but you have to sit back and admire these scams. It's just amazing.'' He paused for a moment, lost in reverie. ''Right when you think all the scams have been used up . . . there's another one.''

Stephen Mihm is the Newcomen postdoctoral fellow at Harvard Business School.

TROLL ALERT (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7770526)

In the parent:

Getting Deep Inside CmdrTaco is a process that takes lots of lube and plenty of anal spelunking

MOD PARENT DOWN! REPRODUCED W/O PERMISSION (0)

Anonymous Coward | more than 10 years ago | (#7770624)

This blatant theft of services is *exactly* how most people imagine Open Source users to be. I'm appalled to see Slashdot assisting in perpetuating this stereotype. We shouldn't steal content from other sites without their expressed written permission.

Re: Shredder is no protection (1)

FractusMan (711004) | more than 10 years ago | (#7770369)

"A little tape, and a lotta patience goes a long way, get the picture?"

.seeth. .seeth. (1)

Elwood P Dowd (16933) | more than 10 years ago | (#7770374)

"I was an actor," Massey told me. "I could put on a new hat every day. Who do I want to be today? The feeling after you've just hooked them, is just, like, bam!" He smacked his fist into the palm of his hand. "Take that, Bank of America!"

Of course, by which he means, "Take that, people who have spent their lives helping other people and getting paid for it! All that money you saved is mine now!"

Not only is a two year sentence too short, it'd be fine with me if this guy were beaten to death.

Re:.seeth. .seeth. (1)

dandelion_wine (625330) | more than 10 years ago | (#7770477)

I hear this all the time. Every act of theft or vandalism is an act against "The Man".

Nice political-identity theft.

Re:.seeth. .seeth. (1)

EvilTwinSkippy (112490) | more than 10 years ago | (#7770535)

Better to have the state tag them with something indelible and obvious. Not only would they never be put in a position of trust again, people would be able to read the content of their character from across the room.

Re:.seeth. .seeth. (1)

Elwood P Dowd (16933) | more than 10 years ago | (#7770611)

Somehow "poor impulse control" wouldn't seem strong enough. How about:

DESERVES TO DIE

I don't know if he was kidding... (2, Interesting)

HungWeiLo (250320) | more than 10 years ago | (#7770377)

a fiancee of my cousin (who is in the Air Force), says that US military top secret documents, which are destined for destruction, have to be escorted by 2 armed guards, and thrown into an oven which bakes the quadruple-shredded-and-reshredded dust of the formerly top-secret document at 1600 F for 1 hour.

Re:I don't know if he was kidding... (3, Interesting)

EvilTwinSkippy (112490) | more than 10 years ago | (#7770472)

You can't shred a classified document. It has to be "declassified" and then you can destroy it. My mom used to do it as a summer job for the Navy. Basically you stamp it "declassified" with a rubber stamp first. (Of course after the proper parties sacrificing the appropriate number and quality of chickens.)

Re:I don't know if he was kidding... (1, Informative)

Anonymous Coward | more than 10 years ago | (#7770501)

That sounds extreme for TS documents. When I was handling them they went into burn bags that got thrown (by the lucky volunteer) into the massive shredder. The cool part was "feeding" the shredder a 2x4 every day or so to keep it sharpened. Milk Bones for Machines.

I assume the "burn bag" moniker was a throwback to the older days, as there was no "burn" step after the shredding.

So folks, if you simply shred, it's good enough for government work!

Re:I don't know if he was kidding... (1, Informative)

Anonymous Coward | more than 10 years ago | (#7770594)

Depends on the location and the epoc. In the early 90s we cross shredded in Huachuca, fine enough that you could take the residue home for garden mulch. However, we burned in Honduras and other remote airfields. Big mesh barrel, would hold 100gal if it was solid. Had rocks in it and we turned it on a spit as the fire burned. The rocks acted like a ball-mill and pulverized the ashes. Was a damn pity, since we burned a lot of film. Back in Ft Huachuca, we shredded the film, and then we were able to turn it in for silver recovery. Bought plenty of beer with the proceeds for the department.

Anon 96Hotel

A good neighbour always burns late at night. (1)

openmtl (586918) | more than 10 years ago | (#7770392)

I'm a good neighbour. Late at night I grab this months paper records and a bottle of white spirit and some beer and matches and go have a burn in the yard. That way I can see the cinders and so don't burn the shed down plus no-one else is doing gardening at midnight !

Hums, FIRE do do do do do, FIRE da da da...(Santana ?)

Let's hear some more tactics ... (-1)

Anonymous Coward | more than 10 years ago | (#7770394)

Here's how I dispose of sensitive documents:

(1) Run ALL papers through a personal shredder (sensitive and non-sensitive ... makes it harder to reconstruct)
(2) Divide the shredded paper into 'thirds': each third goes into a separate plastic bag
(3) Each plastic bag is disposed of in a different location (eg. home, mall, office, gym, bus stop)

Some may say I'm a step away from using a tin-foil hat ... I'd counter that my chances of being id-robbed are virtually zero.

Not news (2, Informative)

cpopin (671433) | more than 10 years ago | (#7770415)

This is not a new technique and doesn't seem worthy of a Slashdot story. Low tech identity theft is nothing new or hard to do.

Get a locking mailbox too. (5, Informative)

gtrubetskoy (734033) | more than 10 years ago | (#7770460)


If your mailbox is on the curbside like mine, seriously consider getting a secure lockable one where the mailman can only drop mail off, but a key is required to retreive it. I just received mine from oregontrailbox [oregontrailbox.com] . I did some research, there are a few places that sell those under different names, but the ones I liked are actually the same box that seems to be manufactured by pinnacle [lockingmailbox.com] (or pinnacle is yet another reseller of the same box made by a unknown third party....)

In any event, I will be installing my Heavy Duty Standard tomorrow...

--
OpenHosting [openhosting.com] Virtual Servers for the geeks.

Re:Get a locking mailbox too. (1)

igrp (732252) | more than 10 years ago | (#7770620)

Mailboxes like the one you purchased are pretty much standard in Europe.

The downside is that you can't just leave your outgoing snail-mail in your mailbox, put up the flag and have the mailman pick your stuff up (thereby saving you a trip to the post office). Well, I'm not even sure if this is customary elsewhere but it seems to work pretty well around here.

Of course, you also have to take into account that those little mailbox locks hardly provide any security or even deterence.

Heck, people have armored mailboxes these days [philly.com] ...

Good Ideas on what to protect. (1)

CresentCityRon (2570) | more than 10 years ago | (#7770465)

I found the article useful since it provided ideas on HOW people gain access to your info. Made me think I have to do more.

One thing that was disappointing is that its not always a slip on an individual's part. A hospital could be sloppy with records and you've got a big target on your head. (...or wallet.)

Ron

PS: I do like those Citibank identity theft ads. They're funny. Too bad they didn't tell you more about how to protect yourself except to buy something.

Re:Good Ideas on what to protect. (2, Flamebait)

EvilTwinSkippy (112490) | more than 10 years ago | (#7770518)

All the more reason to stop blaming the victim. I love how authorities seem to think that handing out assinine advice is better than actually prosecuting these cretans.

If jail space is the issue, stop locking up drug offenders and/or bring back corporal punishment. A nice "IDENTITY THIEF" brand on the forehead would be a good start. Perhaps reversed so they can read it for themselves in the mirror every day. My other thought is a tattoo on the fingers, one ring for each guilty conviction. Heck, I'd even chip in for some local for the schmucks, because they are going to have hell getting the time of day from anyone in the street.

A friend used to do "self identity theft". (1, Interesting)

Anonymous Coward | more than 10 years ago | (#7770470)

He had good credit and always got offers. He'd have bums sign the forms for beer money and have them sent to different places. Once enough cards came he would suck all the money out on cash advances, then clear up his credit, he knew how to do get it cleared quickly. It didn't take long before he got offers again and would start the cycle again.

Abolish the SSN! (4, Interesting)

jcr (53032) | more than 10 years ago | (#7770474)

I have had way too many people asking for my SSN in the last few years. It started with my dentist's secretary demanding it, and when I declined to provide it, she insisted that they needed it for my dental records.

I told her, "You're not offering me a job, and I'm not opening an iterest-bearing account with you. You don't need my SSN, and you're not getting it."

About a month ago, a freaking cell phone provider asked me for an SSN just to get an account with them? WTF?

-jcr

Three Stacks of Paper: (1, Insightful)

Anonymous Coward | more than 10 years ago | (#7770516)

accounts receivable
accounts payable
accounts incinerable

What I wonder when I read these (4, Interesting)

soft_guy (534437) | more than 10 years ago | (#7770531)

When I read about guys like this - they are always idiots. Basically he got caught because he was hanging around a bunch of crazy drug addicts.

I keep wondering if for every guy like this they catch, there must be like 3 guys who are really careful and "normal people" (i.e. professionally minded, don't take drugs or hang around prostitutes, etc.) who do these type of crimes to build up some large amount of money, then move someplace and live off the interest. Those would be the guys that would be real hard to catch.

I wonder if those kind of criminals exist and in what numbers?

Dumpster diving old home directories (4, Informative)

mikewas (119762) | more than 10 years ago | (#7770563)

I just had to run in to work to create a report. I needed some data in a former employee's directory, so logged on as root & changed permissions so I could read anything in his directory tree.

He had all sorts of personal data in his home direcrtory: passport & visa applications, paycheck stubs for several years, copies of expense accounts including scans of credit card statements, info about his retirement from the company we used to be a part of, ...

Once I realized what it was I rm'ed it, but what would posses a supposedly rational person to not only save this data to a networked machine at work but to leave it there after leaving the company?

Solution: Max Your Credit (-1, Interesting)

G4from128k (686170) | more than 10 years ago | (#7770609)

Since ID thieves make the most loot by opening new accounts in your name, one solution is to max your credit rating by opening as many credit cards as possible. This high level of open, available credit will make you look like a bad risk to the card company that the ID thief applies to. If the ID thief gets an "application denied" for your name then they will move onto the next victim. And if you ever do need to get credit (e.g., to refinance a mortgage, you talk to your mortgage broker/loan officer about cancelling a bunch of cards and then reapply after the loan is approved). It's not perfect (e.g., it might be too tempting to spend all that credit), but it is one more tactic for controlling access to credit in your name.

SLASHDOT PERSONALS??? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7770641)

I tried it, and I already have a date with a 18/f/ny, who is bi.
Man I'm cool. She told me to make sure my bowels are loose.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>