Exercise 2.4 Online Identity and your state of presence

Dick Hardt asks, "Where are our digital driving licences?" A timely question in view of the 33% rise in cybercrime in the US reported in the Age recently. Cyber crooks are also riding the social networking wave.

Hardt also asks "who is liable?" when personal information resides with identity providers giving users no control over who has access to their information. Hardt's user-centric models make more sense because they replicate the real world where individuals have a choice when to release personal information and to whom. In Hardt's model, as in the offline world, users make trust-based agreements with an authority not to disclose their personal details without permission or they take responsibility for their own data.

Sophisticated internet fraud schemes are flourishing:


Phishing

"The criminally fraudulant process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication." http://en.wikipedia.org/wiki/Phishing


Here's an example of an eBay phishing email from http://www.privacyrights.org/index.htm The web link included in the message sends the user to a fake eBay site where "personal information is captured from the unsuspecting individual."


Subject: eBay Account Verification
Date: Fri, 20 Jun 2003 07:38:39 -0700
From: "eBay"
Reply-To: accounts@ebay.com
To:

Dear eBay member,

As part of our continuing commitment to protect your account and to reduce the instance of fraud on our website, we are undertaking a period review of our member accounts. You are requested to visit our site by following the link given below http://arribba.cgi3.ebay.com/aw-cgi/ebayISAPI.dll?UpdateInformationConfirm&bpuser=1

Please fill in the required information.

This is required for us to continue to offer you a safe and risk free environment to send and receive money online, and maintain the eBay Experience.

Thank you

Accounts Management As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions.
Copyright © 1995-2003 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
Use of this Web site constitutes acceptance of the eBay User Agreement and Privacy Policy .

Pharming (farming and phishing)

Pharming is similar to phishing and "allows a fraudster to redirect a Web site's traffic to another (usually counterfeit) Web site" (Piper, 2007) but while phishers must rely on their victims to "take the bait" pharmers are able to re-direct visitors to a bogus Web site even if they type the right Web address into their Web browser.

Here are a couple of examples of pharming:

http://www.theregister.co.uk/2005/04/25/hushmail_dns_attack/

http://www.theregister.co.uk/2005/01/17/panix_domain_hijack/

Privacy invasion

The right to privacy is a fundamental human right usually protected by law but the internet is challenging our concept of privacy invasion and what can be legally enforced. Privacy invasion is usually said to occur when an individual's personal information is accesssed without their permission or when they are unable to conduct their personal affairs relatively free from unwanted intrusions.

Google Map's street view is considered an invasion of privacy by some but here is a more recent invasion:

Identity theft

Wikipedia has a great definition of identity theft because it differentiates between theft and fraud:

"Identity theft is a term used to refer to fraud that involves someone pretending to be someone else in order to steal money or get other benefits. The term is relatively new and is actually a misnomer, since it is not inherently possible to steal an identity, only to use it. The person whose identity is used can suffer various consequences when he or she is held responsible for the perpetrator's actions. In many countries specific laws make it a crime to use another person's identity for personal gain."

Dimitri Glianos was the victim of identity theft after a phishing scam:

"In Brisbane, Dimitri Glianos was having trouble, his credit card was running up bills for things he hadn't bought.

DIMITRI GLIANOS: The bank called me to say that they believed that there were a number of transactions which were atypical for, for me and they just wanted to check if they were mine. I was able to verify that they weren't. We decided then that we would close that account, that card and reissue a new one so that we'd make that particular card inoperable.
ANDREW FOWLER: The next day, the mobile phone went dead.
(Excerpt of footage from reconstruction)
DIMITRI GLIANOS: Yes look I've just come home and I've found that my mobile phone which I've been using all day has suddenly got limited service on it.
(End of Excerpt)
ANDREW FOWLER: He rang Telstra, they told him he'd switched carriers - it was news to him.
DIMITRI GLIANOS: I rang Telstra and was unable to convince the person at the other end of the line from Telstra, that I hadn't transported my number to another carrier or ported my number to another carrier. He kept saying that I had to because the only way they could do that was if they had my identity and I kept saying that this didn't happen."

It got worse. Read (or watch) more at: http://www.abc.net.au/4corners/content/2009/s2658405.htm

Reference

Piper, P. (2007, October 1). Phish pharming: a newer, more profitable aquaculture. Searcher, p. 40.