Portrait of an Identity Thief

Ant writes to tell us that the New York Times has a closer look and an interview with an identity theft addict. From the article: "As far back as 2002, Mr. Sharma began picking the locks on consumer credit lines using a computer, the Internet and a deep understanding of online commerce, Internet security and simple human nature, obtained through years of trading insights with like-minded thieves in online forums. And he deployed the now-common rods and reels of data theft -- e-mail solicitations and phony Web sites -- that fleece the unwitting."

Congress ... maybe. Banks ... they don't care.

[khasim]

The banking industry as well as Congress and just about every commerce site out there is just drooling to get their hands on a REAL identity thief. The "example" they make of them should be grand! I can just see it....Nothing left but a smoking boot!

The banks don't care. Really, they don't.

They get paid no matter what.

The only people who suffer are the retailers who sold the stuff and who now get hit with a chargeback so they're out the money AND the product ...

And the guy who got his number stolen.

If the banks had to pay even 10% of the annual loss due to fraud, they'd be clamping down on EVERYTHING you did with your credit cards.

Congress will like it because it gives them something that they can claim they are doing something about. But, in the end, they'll do nothing.

It all comes down to WHO has to pay for these crimes. And the banks have made sure that it won't be them.

Not the Sharpest Tool...

[monoqlith]

[...] sitting in the empty meeting hall at the Mohawk Correctional Facility in Rome, N.Y., where he is serving a two- to four-year term."

Two to four years? Gosh, if he goes in front of the parole board after the two are up, what is he going to say to convince them he's reformed? Maybe this will work:

"I get scared that when I get out, I might have a problem and relapse because it would be so easy to take $300 and turn it into several thousand."

I hope those folks at Mohawk in N.Y. missed today's issue of the most *widely read newspaper in the world.* Seriously, he must have some sort of brain disorder.

Unravelling or being unwoven?

[draxbear]

On the whole, we seem to be slowly moving from a "govern thyself" to a "If no-ones watching, why not?" frame of mind.

I wonder if this is almost being encouraged by the powers that be as it fosters a feeling that it's ok for them to be watching because I no longer expect the others around me to be governing their own behavior...

Re:Nothing a bullet to the forehead wouldn't fix

[Wilf_Brim]

True, but check TFA. The email scam referred to was only one of his early efforts. His later (and more lucrative) scams involved buying numbers and doing direct financial transfers from those accounts. One of my accounts had something similar happen to it. It was only due to the fact that the individual responsible had used two smaller charges the previous day, and it happend to be the day that I was paying bills and saw the two fradulent charges during an online reconciliation that I discovered it and was able to cancel the transfer. I'm starting to think that the entire credit card system is broken. It is just far too easy to obtain stolen numbers, and far to easy to negotiate into goods or (as above) cash. That cards can still be used for wire transfers absolutely boggles my mind. Unfortunately, I don't know of any better system. Right now I use "disposable" numbers as often as I can when doing ecommerce. They minimize (but do not elminate) the risk, but they can't be used for recurring charges, and relatively few card issuers. I'm thinking that the penalities here are too light. This guy was involved in grand larceny, easily more than $200k. Why only a couple of years? Small time drug dealers (an offense with far less of a victim) get many times that penality. When the takings are so lucrative, the chances of being caught low, and the penalities light, its no wonder this is such a fast growing crime. Why perform an armed bank robccbery (average take, about $4,000 per the FBI) and get 20 years if you get caught when credit card fraud ($10k per theft) only will get you 2? And did you notice that some of his biggest takes were when he was under indictment and out on bail? WTF?

The solution is simple.

[khasim]

Even for wire-transfers with a credit card. Simply have the bank call the phone numbers they have on record for you and have you press a button sequence to authorize the purchase or wire-transfer.

The banks already have the systems to do automated calling.

The banks already have your phone numbers. And your mailing address.

Now the thief has to steal your credit card numbers ... and re-route the phone system.

Or steal the numbers and fake your ID and go to a bank branch and change the phone numbers.

All of that is possible for a thief to do ... but the more steps that it takes, the more likely it is that the thief will fail to complete it. And the easier it will be to track him. Although it can't get much easier than tracking this punk. He gave them his address to deliver his stolen purchases to.

But doing that would move the risk and costs to the banks. They prefer it the way it currently is because the banks aren't losing money on these fraud cases.

Re:Its remarkably easy to scam people

[Anonymous Coward]

"Of course that doesn't absolve them or this young man of personal responsibility."

Depends...how was the manifestation of his mental illness?

The legal definition of guilt / responsibility generally goes to the point of the individuals ability to understand what he was doing was wrong. Actually, this is the case for almost any law -- you have to understand what you are doing to be guilty of breaking the law...theoretically.

But does he know he's doing wrong? Does he feel he has any control over this behavior, i.e., may know its wrong but no mechanism to stop it. Does he feel that an external force is controlling this action and he is not associated with it?

I haven't read this, but I always find the personal responsibility aspect to be bullshit when it comes to dealing with mental illnesses. I've met quite a few folks in my line of work that have no clue as to their responsibility...at the same time, I also believe that some folks are so defective that it doesn't really matter if they understand what they are doing or not, they need to be pulled out of society for OUR good, regardless. This only goes to meaning that instead of punishing them, we remove them and never let them back for any reason.

Re:Its remarkably easy to scam people

[TubeSteak]

I know... what a joke... an 'alcohol addict'.
I know... what a joke... a 'heroin addict'.
I know... what a joke... a 'self mutilation addict'.

He obviosly gets the same kind of rush from identity theft that people get from shoplifting, gambling, drug use, etc.

Just about anything can be addictive.

Examples: Rich people shoplifting & depressed people cutting themselves. Obviously neither group is doing it for their health.

Re:Stupid Criminal?

[Anonymous Coward]

I used to work for a major online retailer and people consistently purchased items from us using stolen credit cards. Sometimes we would even be warned by UPS that the address was a known fraud address. At first we would try and report them so that they would get caught. Unfortunately, the police will do nothing unless the owner of the credit card decides to press charges. The owners of the credit cards however just issue a chargeback and don't lose anything so there is little incentive to do so. They would also have to file a complaint with the police department where the guy lived. At this point it is a Federal crime because it involves interstate theft. The Feds are also not much help. They will laugh at you unless the crime is worth several thousand dollars. In our case it was always a couple hundred. Eventually, we stopped even trying to do anything on the end of prosecution and turned to strict prevention and detection. I am guessing that someday the law will change but for now the police are too busy writing traffic tickets to deal with hard to prosecute internet crime.

Re:Stupid Criminal?

[NormalVisual]

That's exactly how the situation was related to a friend of mine by a wiser-than-average deputy sheriff some years ago. The crimes that get solved are usually the ones perpetrated by criminals that fail to plan ahead, or whose impulses exceed their capability for rational and careful thought.

Re:Stupid Criminal?

[mochan_s]

The guy is clearly dumb as a rock. Who the hell takes a stolen credit card, buys stuff with it, and then has the stuff delivered to his doorstep???!!? I don't know jack about stealing identities, but this guy's MO is just plain stoopid.

That is what he got caught and charged on.

But consider this scenario. Suppose he uses Paypal to send money through credit cards to a fake account linked to a bank account created using a fake driver's license and social security number. I don't think the banks actually have a way to check the validity of either of them.

Now, if he got your online banking info and a maybe copy of your check (not sure about this part, my bank just started not using full numbers just last month in online banking), you're screwed. It can be emptied and no chargebacks - nothing.

The main evil is those phishing e-mails. If you get enter your info in there, you're screwed big time.

I suppose it's easier to get credit cards by buying lists from hackers who have gotten into e-commerce sites but maybe more dangerous to use?

But, this is not even identity theft; the real evil starts when people start taking loans in your name. This happened at our local housing complex. The parents of students going to school would co-sign the lease agreements that required a SSN and address and all that. A clerk working there would copy the document and request whatever amount of financial aid she wanted and just cash it in. She got caught only because she was too stupid to cover her trail. I'm sure there are a lot of experts out there who do it perfectly and cover their trail perfectly.

BTW, as a disclaimer, this is just stuff I've noticed. I don't visit or know of those ID theft sites.

Re:Its remarkably easy to scam people

[Anonymous Coward]

First, I want to point out that it's very rare for someone to be in a situation where they have absolutely no concern for the consequences of their actions. Statistics say that here in the US, about 90% of the population describes themselves as spiritual. Most religions have some notion of an afterlife of pain or punishment, or karmic balance, or some such - i.e. consequences. And virtually anyplace you go in the world you'll find some sort of organized police force.

Being on the other side of the atlantic I was quite surprised to hear that in american politics it is practically impossible to be an atheist, as you will be viewed as someone without "moral guideline". Not beliving in divine creatures myself, the most important reasons for me not doing things that will hurt or damage other people is (1) I can sympathise with the victim and realise I don't want to be in the that situation. (2) I couldn't stand the reactions of my family and friends if they found out about my actions. Even though these thoughts are part of most religions, I think they are more universal than that.

What it essentially comes down to is a question of belief. The question of whether people are inherently good or evil has been debated forever, with no conclusive answer to it in sight.

A reason for this could of course be that people are very different, my belief is that some people are actually inherently good, while some people need the threat of consequences for staying "good", most law-abiding people are probably in a gray area in between.

Re:Its remarkably easy to scam people

[Flyboy Connor]

Its remarkably easy to scam people

Unfortunately, this is all too true.

Just this morning, I read two stories on the second page of my (Dutch) newspaper.

The first described a woman who was director of a collective that was supposed to arrange fake marriages for immigrants who wanted to get Dutch citizenship. She asked for 20,000 euros for each arrangement. Of course, once she had the money, she didn't bother contacting the potential immigrant again. She made at least 80 million euros this way. She was fined the "huge sum" of 3.3 million euros. A nice profit, I would say.

The second described some crooks who phoned US dentists and offered them investments in stocks of fine wines. They got at least 100 million euros this way. After collecting the money, they ran to South America. The wines, of course, did not exist. They are currently being prosecuted - in their absence. No doubt they will get big prison sentences - which they will have to serve if they ever set foot in the US or in Europe again. Not that they have any reason to return.

What struck from these stories is how incredibly easy it is to get a shitload of money when you have no scruples. You don't need special skills. Just a phone and a bit of creativity in establishing your "good name" is sufficient. I mean, these US dentists sent all their pension money to The Netherlands because they got a phone call. Of course, these are the same people that believe that Nigerians are willing to share several millions of US dollars with them just for lending them a bank account number.

Many (otherwise quite smart) people are obnoxiously stupid when confronted with a crook that promises them gold mountains. In my case, the main reason that I do not exploit that is that I am quite happy with my current sappy salary, and I just have too much (misplaced?) empathy with my fellow men. But this stupidity makes me quite mad anyway.

ID theft.

[frn123]

I'm from EU. I don't understand how this identity theft works.
Can somebody explain what's this all about?

I could post my email address, real name, phone #,bank account # and national id # here,
why should i be worried if i do?

Re:come again?

[DahGhostfacedFiddlah]

Atheism isn't a belief in no god, it's a disbelief in god. We don't evangelize any more than a Christian goes about telling everyone that there is no Zeus, no Klingons, no Boogieman. You don't have to evangelize your disbeliefs.

So any charity that does not espouse a belief in god is an atheist (lit. "no god") charity. They don't need to label themselves as such - they are simply atheist by definition until they pick a God and stick with it.

Re:Its remarkably easy to scam people

[DamnStupidElf]

Questions like "are we essentially amoral or moral" aren't really answerable just because they don't match up well with the real situation. Morality is the "best practices" we've figured out over time: how to live and cooperate with other people with a minimum of frustration and fighting. A kid might figure out some of that stuff on his own ("damn, I punch just one girl and now nobody wants to talk to me..."), just like he might figure out a hammer is for hitting things with... but without teaching, he's not going to master it any more than he'd master driving a car out into traffic if he found one sitting in the garage one day.

If morals are just best practices, doesn't that imply amorality as the initial state? I think that's basically true: Humans will do whatever triggers their pleasure center, whether it be physical, emotional, or social interaction. Once humans develop the ability to reason and plan, they will plan to do things that result in pleasure. Morality just happens to be what has evolved as a compromise between hedonism and idealism. Just about everything in that range has been the basis for different human societies, and many societies with vastly different morals than typical Western ones have survived as long or longer than a lot of Western societies. Humans have also readily adapted to major changes in morality within, usually, a single generation or two. Just look at rock and roll, the decline of marriage (especially worldwide, not just the US), gay marriage, the death penalty, and a host of other issues that are completely changing the general idea of morality that people had for hundreds of years.