As new security technologies shield us from cybercrime, a slew of adversarial technologies match them, step for step. The latest such advance is the rise of digital doppelgängers—virtual entities that mimic real user behaviors authentic enough to fool advanced anti-fraud algorithms.
In February, Kaspersky Lab's fraud-detection teams busted a darknet marketplace called Genesis that was selling digital identities starting from US $5 and going up to US $200. The price depended on the value of the purchased profile—for example, a digital mask that included a full user profile with bank login information would cost more than just a browser fingerprint.
The masks purchased at Genesis could be used through a browser and proxy connection to mimic a real user's activity. Coupled with stolen (legitimate) user accounts, the attacker was then free to make new, trusted transactions in the user's name—including with credit cards.
Well, so much for biometric security. Next?
(Score: 5, Interesting) by Hyperturtle on Friday May 17 2019, @02:42PM (3 children)
The entire article mentioned "biometric" once; it's at the end, where the author concludes that to improve security, "Additional biometric authentication should be considered as well."
That is entirely contradictory to the "Well, so much for biometric security. Next?"
Did the editor read the article? I didn't--I just searched for "biometric" because I was alarmed that someone figured out how to easily hack that, too.
But no one did. The editorial comment has nothing to do with the content of the article except to contradict it.
I recognize that the fine art of commenting on articles without having read them is one reason we all come here--but my expectation is that at least the summary we're replying to at least got the facts straight so that we might not need to read the article ourselves!
(Score: 2) by HiThere on Friday May 17 2019, @03:44PM (1 child)
It was contradictory to the article's recommendation, but not to the implications. If they're already selling "masks" to simulate fingerprints, then any other biometric id, down to the genetic code, would also be at similar risk. This was actually predicted before the current biometric craze started, but many people don't seem to grasp the point.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Friday May 17 2019, @04:02PM
They're not talking about actual biometric fingerprints. They're talking about software "fingerprints" like what browser/OS you use and what extensions are installed.
(Score: 0) by Anonymous Coward on Friday May 17 2019, @06:17PM
I agree that more biometrics should be implemented.
If something go wrong you'll just have to change body, or graft another hand on your hand.