Worse Than Identity Theft?
As the New York Times reported in Security Breach at LexisNexis Now Appears Larger by Heather Timmons on April 13, 2005, the penetration of LexisNexis on the heels of the penetrations of ChoicePoint and Bank of America has raised concerns about identity theft.
There is an equally serious but less obvious concern: The vulnerabilities in the data brokering industry's computers that allow identity theft for profit are also exploitable to allow identity creation. While identity theft extracts data from the data brokers' electronic vaults to steal or loot financial accounts of existing persons, identity creation allows the malicious insertion of fictitious data into those vaults. Effectively, identity creation creates a virtual person, one who appears to exist but does not. The virtual person's background is what is contained in the electronic record -- nothing more.
But who would want to do this, and why?
The answer is the intelligence services of foreign governments. The practice of creating false documents and materials to support a fictitious identity is called backstopping. It is an important part of developing the cover for a clandestine intelligence agent. "Cover" refers to the entire outward appearance of the clandestine agent to observers. Cover conceals the true nature of the agent's clandestine work and presents the outward appearance of an unremarkable, even boring and uninteresting person.
On April 13, 2005, the Seattle Post-Intelligencer ran an article entitled Illegal Workers Raise Security Concerns, by Lara Jakes Jordan, a writer for the Associated Press Writer. The story noted how illegal aliens using false identification were able to get jobs requiring higher levels of security checks. This is one crude example of how created identities can be used by unauthorized persons to gain access to sensitive areas and material.
A foreign intelligence service planning a long-term collection operation in the United States is going to be much more careful than the subjects in Ms. Jordan's story.
Creating suitably backstopped cover stories and legends for clandestine agents has been made even easier and less risky with the increasing reliance on data brokers and their products for background checks. Now, instead of action agents personally going to banks, schools, and other public institutions to plant false information to backstop a cover, a computer operator with Internet access and operating from the safety of a cooperating country may simply be able to sit at a terminal and insert the data that, when analyzed, comes together as a plausible, cohesive, continuous background for a job applicant. Think of it as identity theft in reverse.
This possibility should alarm our government as much as the personal financial losses resulting from identity theft. The potential consequences to our national security from fictional identity creation are no less grave than the financial losses associated with identity theft.
There is an equally serious but less obvious concern: The vulnerabilities in the data brokering industry's computers that allow identity theft for profit are also exploitable to allow identity creation. While identity theft extracts data from the data brokers' electronic vaults to steal or loot financial accounts of existing persons, identity creation allows the malicious insertion of fictitious data into those vaults. Effectively, identity creation creates a virtual person, one who appears to exist but does not. The virtual person's background is what is contained in the electronic record -- nothing more.
But who would want to do this, and why?
The answer is the intelligence services of foreign governments. The practice of creating false documents and materials to support a fictitious identity is called backstopping. It is an important part of developing the cover for a clandestine intelligence agent. "Cover" refers to the entire outward appearance of the clandestine agent to observers. Cover conceals the true nature of the agent's clandestine work and presents the outward appearance of an unremarkable, even boring and uninteresting person.
On April 13, 2005, the Seattle Post-Intelligencer ran an article entitled Illegal Workers Raise Security Concerns, by Lara Jakes Jordan, a writer for the Associated Press Writer. The story noted how illegal aliens using false identification were able to get jobs requiring higher levels of security checks. This is one crude example of how created identities can be used by unauthorized persons to gain access to sensitive areas and material.
A foreign intelligence service planning a long-term collection operation in the United States is going to be much more careful than the subjects in Ms. Jordan's story.
Creating suitably backstopped cover stories and legends for clandestine agents has been made even easier and less risky with the increasing reliance on data brokers and their products for background checks. Now, instead of action agents personally going to banks, schools, and other public institutions to plant false information to backstop a cover, a computer operator with Internet access and operating from the safety of a cooperating country may simply be able to sit at a terminal and insert the data that, when analyzed, comes together as a plausible, cohesive, continuous background for a job applicant. Think of it as identity theft in reverse.
This possibility should alarm our government as much as the personal financial losses resulting from identity theft. The potential consequences to our national security from fictional identity creation are no less grave than the financial losses associated with identity theft.
posted by Bill McCrory | 12:01 AM
0 Comments:
Post a Comment
<< Home