Hacker (computer security)

18 Surprising Ways Your Identity Can Be Stolen

Most people have already been victims of the most basic forms of identity theft — having fraudulent charges on your credit card. Those even less lucky have been victimized in more aggressive ways, with criminals obtaining medical care, working, and flying in our names.

Unwinding that mess can take years and thousands of dollars. The effect is exacerbated by the fact that the crime doesn’t generally stop with the one person who stole your information. Credit card numbers, Social Security numbers, and other data gets packaged and sold on the underground Internet so that different people all over the world could be impersonating you at the same time.

“It’s a pain. It does cause a lot of stress,” said Lindsay Bartsh, of San Rafael, California, who said that straightening out a web of fraudulent medical bills, flights, job applications, and credit applications took every minute of her free time for a year.

How does it happen? Here’s a look at both the most common ways thieves steal our data, as well as some of the newest ploys to watch out for.

1. Mail Theft

Bartsh believes this time-honored tactic is how her personal information got out into the criminal underworld. An expected W-2 tax form never arrived. Assuming it was stolen, it would have given thieves a wealth of information, such as Social Security number and workplace.

2. Database Hacks

When a large corporation gets hacked, the effect can be widespread. When the U.S. government’s Office of Personnel Management was breached, some 22 million people had their personal information exposed. (I was one of the many who received a warning about this, because I had a writing contract with a government agency.)

3. Malicious Software

If you have a virus on your computer, you may suffer more than a slowdown or a system crash. Some malicious programs that spread as viruses record every keystroke you type, allowing thieves to find out your online banking username and password. These programs can infect your mobile phone as well as your computer.

4. Search Engine Poisoning

This is a sneaky way of tricking people into giving up their own personal data, or getting malicious software onto a person’s computer. The criminals create a fake website similar to a real one, or that could plausibly be a real one.

One tactic is for you to click through to the fake site and try to buy a product, entering your credit card or debit card number. Another way they try to get you is for you to unknowingly download information-stealing software onto your computer.

Where does the search engine part come in? These criminals manipulate Google and other search engines’ algorithms to get their phony sites ranked high in search listings, leading users to believe they must be legit. Fortunately, Google has made progress in preventing this in recent years, but it still happens.

5. Phishing

Phishing is a term that broadly means “fishing” for personal information through a variety of common social interactions — so-called “social engineering.” The most common phishing attack happens when you get an email that looks like it came from your bank or another legitimate company. It may come with an alarming subject line, such as “overdraft warning” or “your order has shipped.” When you click a link in the email, you may see a login screen identical to your normal login, which will trick you into entering your username and password. You could also be asked for more identifying details, such as Social Security number and account number.

Fortunately, banks have put some countermeasures into place to fight phishing. You can also protect yourself by not responding directly to incoming messages. If you get an email that looks like it’s from your bank, type your bank address into your browser instead of clicking the link, sign in, and check your account’s message center. Or just call your bank’s customer service number.

6. Phone Attacks

The Internal Revenue Service has been warning for several years that scammers are calling people claiming to be the…

Choosing the right cyberattack response is a complicated game

cyberattack
HACK REACT Responding to a cyberattack isn’t straightforward; a new game theory analysis reveals when a counterattack is and isn’t a good strategy.

Many Americans were outraged over Russia’s e-mail hacking during the 2016 presidential election and expected a vigorous response from the U.S. government. But new research that views cyberattacks from a game theory perspective suggests that the delayed response was a sound one.

While instinct suggests that such attacks deserve swift retaliation, viewing cyberwarfare through a mathematical lens can reveal situations where that knee-jerk response is useless. The new study, published online February 27 in Proceedings of the National Academy of Sciences, explores various cyberattack scenarios as games of strategy where rational choices are made by the attacker and the victim. This game theory analysis finds that how or even whether to respond to an attack depends on how much and what the players know about each other.

The take-home message of the study is sobering, says Jon Lindsay, a cybersecurity expert at the University of Toronto. “It’s not just about whodunit,” he says. “They’ve shown that you can invest a lot in identifying who carried out an attack but that’s not necessarily going to stop the attackers.”

The analysis makes explicit what many victims know, whether attacked by a schoolyard bully or foreign government: Vulnerability matters. Consider an attacker A, who strikes out at victim B. After the attack, the response depends largely on the vulnerability of the players. The victim can hurt a vulnerable attacker and gain from that strategy. Or, if the attacker is invulnerable, the victim can pay a cost for trying to fight back. In the schoolyard, for instance, telling a teacher about a bully might mean future torment with no relief, making it safest to do nothing.

In the realm of cyberattacks, vulnerability can be interpreted in several ways. The United States, for example, could have industrial secrets that make it…

The FCC Rescinds Rules That Protect You From Hackers

Last fall, we were pleased to report that the Federal Communications Commission (FCC) had passed new regulations that prevented Internet Service Providers (ISPs) from sharing the private data of consumers unless the consumer gave express consent to disclose search histories and location data. The regulations also included a provision for protecting consumers from hackers. That win for privacy didn’t last.

According to WIRED, the FCC has suspended the data security rule (the portion that required ISPs to protect customers’ data from hacking and security breaches) before it ever took effect. The reason? The commission is concerned that the Federal Trade Commission (FTC) may…