Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Friday February 24 2017, @10:54PM   Printer-friendly
from the short-answer:-people-are-dumb dept.

Frank Abagnale is world-famous for pretending to be other people. The former teenage con man, whose exploits 50 years ago became a Leonardo DiCaprio film called Catch Me If You Can, has built a lifelong career as a security consultant and advisor to the FBI and other law enforcement agencies. So it's perhaps ironic that four and a half years ago, his identity was stolen—along with those of 3.6 million other South Carolina taxpayers.

"When that occurred," Abagnale recounted to Ars, "I was at the FBI office in Phoenix. I got a call from [a reporter at] the local TV news station, who knew that my identity was stolen, and they wanted a comment. And I said, 'Before I make a comment, what did the State Tax Revenue Office say?' Well, they said they did nothing wrong. I said that would be absolutely literally impossible. All breaches happen because people make them happen, not because hackers do it. Every breach occurs because someone in that company did something they weren't supposed to do, or somebody in that company failed to do something they were supposed to do." As it turned out (as a Secret Service investigation determined), a government employee had taken home a laptop that shouldn't have left the office and connected it—unprotected—to the Internet.

Government breaches of personal information have become all too common, as demonstrated by the impact of the hacking of the Office of Management and Budget's personnel records two years ago. But another sort of organization is now in the crosshairs of criminals seeking identity data to sell to fraudsters: doctors' offices. Abagnale was in Orlando this week to speak to health IT professionals at the 2017 HIMSS Conference about the rising threat of identity theft through hacking medical records—a threat made possible largely because of the sometimes haphazard adoption of electronic medical records systems by health care providers

Abagnale warned that the value of a medical record to identity thieves far surpasses that of just a name, date of birth, and social security number. That's because it provides an even bigger window into an individual's life. Abagnale says the responses of organizations (including the state government of South Carolina and the OPM) to theft of sensitive personal information is far from adequate—and because there's no way to effectively change the data, it can be held for years by criminals and still be valuable.

[...] Abagnale said that there's been a surge in the past few years in medical identity theft. "It's as simple as, I'm in Orlando and I break my leg, I have no insurance, and I go to the hospital and say I'm you," he explained. "I give them your information, they treat me, they bill your insurance agency, and then your insurance company eventually notifies you because there was a deductible. And you say, 'wait a minute, I was never in Orlando, I never broke my leg.' But it's not that simple—trying to get that fixed, and trying to get it off your medical records, and then having collection agencies hounding you for that money is just unbelievable."

Such a scenario is just the beginning of what's possible with the theft of medical data today. "Like every form of identity theft, if I can become you," said Abagnale, "what I can do as you is only limited by my imagination."

Source: ArsTechnica


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by charon on Friday February 24 2017, @11:57PM

    by charon (5660) on Friday February 24 2017, @11:57PM (#471369) Journal
    It takes a thief to catch a thief. It seems he has excellent advice on security, especially in his own sphere of social engineering.
  • (Score: 0) by Anonymous Coward on Friday February 24 2017, @11:57PM

    by Anonymous Coward on Friday February 24 2017, @11:57PM (#471370)

    All breaches happen because people make them happen, not because hackers do it.

    I think there should be SOME sort of nod to culpability on the hacker side, those poor, innocent sods.

    • (Score: 0) by Anonymous Coward on Saturday February 25 2017, @12:57AM

      by Anonymous Coward on Saturday February 25 2017, @12:57AM (#471385)

      I detect the same smell as you.

      [quote]someone... did something they weren't supposed to do[/quote]

      Yep, all they had to do was not fuck up once and the dumb underlings couldn't even manage that. Now which one of you young ladies has the coke?

    • (Score: 5, Insightful) by MostCynical on Saturday February 25 2017, @01:47AM

      by MostCynical (2589) on Saturday February 25 2017, @01:47AM (#471398) Journal

      Bad passwords, bad password policies, unencrypted databases, unsecured websites, dodgy certificate use, phishing..
      All these are "failures" of people, rather than Leet Haxors breaking in.

      --
      "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
      • (Score: 2, Insightful) by anubi on Saturday February 25 2017, @04:05AM

        by anubi (2828) on Saturday February 25 2017, @04:05AM (#471419) Journal

        Oh, so true... its MYSELF I trust least of all.

        In a world where obedience to authority is required, all that needs to be done is to fool someone into thinking one has authority, along with the ability to punish.

        We have all been conditioned since birth to be obedient, accept punishment for disobedience, and not question. We are ripe to be bamboozled by those who know how to game the system.

        --
        "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
        • (Score: 1) by oregonjohn on Saturday February 25 2017, @07:45PM

          by oregonjohn (6105) Subscriber Badge on Saturday February 25 2017, @07:45PM (#471578)

          Thanks for the concise statement regarding obedience. Fooling people into thinking i have the authority ... when I was a purchasing agent that was the biggest part of my job ... you have to get past the front desk, sometimes past the first sales person. I became good at it, never for nefarious reasons though.

        • (Score: 2) by shipofgold on Saturday February 25 2017, @10:45PM

          by shipofgold (4696) on Saturday February 25 2017, @10:45PM (#471650)

          Obedience is one half of the population. There are also the Greedy types, the Altruistic types and the Helpful types....come up with a good sob story and you can always find a way to get someone to do something they shouldn't.

          Unfortunately, there is no cure for the common CON. There will always be people willing to buy the Brooklyn Bridge, invest in a Nigerian Prince, or be a do gooder helping someone "who is about to get fired".

          I don't see human nature changing anytime soon and the best we can hope for is to limit the damage.

  • (Score: 1, Informative) by Anonymous Coward on Saturday February 25 2017, @08:16PM

    by Anonymous Coward on Saturday February 25 2017, @08:16PM (#471591)

    what did the State Tax Revenue Office say?' Well, they said they did nothing wrong. I said that would be absolutely literally impossible.

    The term "Identity Theft" is a nice scam for convincing the world and dog that it's more of your problem because your "identity got stolen", rather the Bank or other organization's problem because they screwed up and/or got conned into thinking someone/something else was you.