LifeLock Blog

Law enforcement officials have known for years that stolen identities are bought, sold and traded in highly secretive online chat rooms and forums. In fact, last year, the FBI revealed that Dark Market, a forum that catered to international identity theft entrepreneurs, was launched by them as part of a two-year sting operation.

Now, however, identity thieves are becoming shockingly brazen in e-marketing their stolen wares. A YouTube video that has recently been pulled is an example of this trend. In it, the poster is shown rifling through his wares: manila folders he claims contain his victims’ names, addresses, genders, Social Security numbers, mothers’ names, driver’s license numbers, birth dates, employment information, credit reports, net worth and details of real estate holdings and financial accounts.

Armed with that much information, there is virtually no limit to the damage that could be inflicted on the identity theft victims.

The seller offers this information for as little as $25 for a single data set, or $100 for five. The seller gave no indication in the video of how he obtained the information, or the extent of his inventory. However, in an email exchange with an investigate reporter, he offered to sell 100 of the identity sets, and directed the reporter to deposit payment into a PayPal account.

LifeLock provides their nearly 1.5 million members with eRecon™, a service that scours thousands of websites for the enrollees’ personal or financial information. If LifeLock members’ data are detected, they are immediately notified and LifeLock’s Certified Identity Theft Risk Management Specialists assist them in resolution or recovery as needed.

Only LifeLock offers eRecon™. To learn more about this exclusive service visit LifeLock.com. Enroll using the LifeLock promotion code DEFENSE for the lowest available price.

Investigators say Audrey Loraine Neal, 42, stole money from the elderly patients she cared for as a home health-care worker, used her children’s names to open new credit and bank accounts and used the money for pot dealing and high-living (no pun intended).

Neal no longer works at Home Support Services, her previous employer, and now collects welfare instead.

The hammer dropped when Bank of America workers became suspicious as Neal and her 17-year-old son made two to withdraw $18,000 from an account in the teenager’s name. Tracing the money backwards, they discovered the money was transferred into the account from the account of an elderly Los Angeles woman.

San Bernadino Sheriff’s investigators searched Neal’s home last Wednesday and discovered several of her victims’ credit reports and several fraudulent identification cards. They also found marijuana split into small packages, ready for sale. Though the son was carrying the pot, officials believe his mother was forcing him to sell it for her.

Officials are now using the contraband credit reports and identification in attempts to contact Neal’s many victims.

Neal’s mother was a beneficiary of the long-running scheme, receiving money from checks deposited into her grandchildren’s accounts. The accounts became overdrawn as Neal deposited bad checks that later bounced, leaving the children with ruined credit.

Neal has been charged with commercial burglary, grand theft, elder abuse, possession of stolen property, fraudulent use of an access card and furnishing marijuana to a minor for sale. She is being held on $550,000 bail.

A Colorado man has been arrested and indicted by a state grand jury for stealing the identities of nearly two-dozen individuals and using their personal information to pass more than $24,000 in forged checks in 10 Colorado counties.

In addition to stealing the identities of real people, Timothy Kuskowski is accused of committing what’s known as “synthetic identity theft,” which involves using some of a real person’s identifying information, and combining it with other entirely fabricated information. In other cases, synthetic identity theft may be committed with only fabricated identifying information.

Kuskowski passed “a plethora” of forged and fraudulent checks between December 2007 and June 2008. Delta Colorado police officers also found many forged checks and multiple ID cards when they arrested Kuskowski last June.

Additional evidence against the accused includes store-surveillance videos, fingerprints and forensic examination of identifying documents and checks.

Among the many checks allegedly passed by the defendant are several fraudulent payroll checks, some made out to the identity theft victims and others made out to fictional names.

Kuskowski, 45, has been charged with the following felonies:

• One count of theft in the amount of $20,000 or more
• 13 counts of identity theft
• 10 counts of forgery
• One count of criminal impersonation

There’s nothing in the 18-page indictment regarding how Kuskowski might have obtained the personal information of the many identity theft victims.

Culpepper, Virginia is a Washington, D.C. bedroom community, and a quiet little town with fewer than 10,000 residents. More than three-quarters of those townspeople are now at an elevated risk of identity theft because of a data breach.

A vendor who was hired to reformat Culpeper’s electronic property tax file inadvertently posted the names, addresses and Social Security numbers of 7,845 taxpayers on a compromised website. The information was discovered March 27, and removed March 30, according to town manager Jeff Muzzy.

The town notified its citizens of the data breach via a letter dated April 3. In it, Muzzy stated they don’t know of any fraudulent activity related to the exposure of taxpayers’ identifying information, but said the site where it was posted also contained other compromised confidential information. No details were given as to what other information was exposed.

The letter also offered affected citizens tips on how to protect their personal information, but made no mention of any plans to provide credit monitoring as is customary after a data breach.

The Government/Military sector was responsible for 110 of the 656 reported data breaches in 2008, according to the Identity Theft Resource Center.

April Fools day is over, and the Conficker is out of the headlines, but that doesn’t mean it’s gone.

Conficker is still reaching out to 500 more websites every day, and the infected computers are still talking to each other through peer-to-peer protocol (p2p, just like file-sharing application LimeWire), but so far they don’t seem to be chatting about much more than the weather.

The real damage will come when the Conficker worm receives its next command, but nobody knows for sure yet what that will be. Expectations are that Conficker is a mashup of sophisticated malware, bent on massive identity theft.

There is, however, a chance that Conficker’s mission is more sinister. France’s Navy’s computer network was infected in January, resulting in the grounding of aircraft at several bases. As well, the U.K. Ministry of Defense was hit especially hard, with administrative desktops and Royal Navy submarines infected. Another 800 computers in hospitals in Sheffield also reported infection.

The Conficker Working Group (CWG) estimates—broadly—that somewhere between 3 million and 15 million computers are infected, but only 6% of them are in North America. Vietnam, Brazil, the Philippines, Indonesia and Algeria have been hardest hit.

The CWG, a task force comprising 27 tech companies including Microsoft, McAffee, Facebook, Kasperky and Symantec, warns that 30% of computers running on the Microsoft operating system aren’t protected with the latest Conficker protection patches; those are the computers most at risk of infection.