FEATURED IN TECHNOLOGY AND COMMUNICATIONS
As law enforcement officers throughout the nation, we all have heard the statistics: Identity theft is the fastest growing crime in the United States. There were 3,100 victims of identity-theft each day in the United States in 2004. Arizona, Nevada and California (in order) had the highest rates per capita in the country. The Federal Trade Commission (FTC) reported over $547 million in loss with over 635,000 complaints of identity-theft in 2004.
But what is identity theft? Why the trend? Why are so many narcotic offenders now financing their habits with crimes of identity-theft? More importantly, what can we do to stop it?
Identity Theft, Defined
Identity-theft occurs when any person willfully obtains the personal identifying information of another and uses it for any illegal purpose. Usually the crook does so in order to obtain money or goods and services, such as narcotic offenders looking to perpetuate their drug abuse. Personal identifying information includes name, address, telephone number, date of birth, driver s license number, social security number, place of employment, employment ID number, mother s maiden name, bank account or credit-card information.
Corporations can also be victims of identity theft any time any of their information is used fraudulently and without permission. In today s technological world, personal identifying information also includes unique electronic data, which includes passwords, log-ons and telecommunication identifying information or device information such as router or modem Internet protocol (IP) addresses.
Why It s Taking Off
In the old days (less than 20 years ago), if a narcotic user needed money to pay for dope, they might burglarize a home or business, or maybe turn to armed robbery. There are many drawbacks to these crimes. First, crooks have to deal with the victim. Is someone home? Will they fight back? Could they identify you? Next, are there any witnesses around who could identify you? Does the victim use any video surveillance cameras? In addition, police respond to these in progress types of crimes and do everything in their power to catch the suspect. Police officers enjoy the chase and pursue these crooks with a passion.
Laws punish those caught and sentence them to long prison terms. Other laws add time for gun use, and three-strikes laws send repeat offenders up for life. If a crook successfully commits a burglary, then they must get rid of the stolen property and turn it into money. If they re lucky, maybe their dealer will take property in exchange for narcotics; otherwise, they must pawn the property or try and sell it themselves.
In short, burglaries and robberies are high-risk activities that normally result in small gains.
In contrast, identity theft offers many advantages. Crooks using computers never have to leave the security of their home and have no contact with the victim. They don t have to use a weapon, and if they do get caught, the sentences for such crimes currently remain considerably lighter than burglary, armed robbery, etc. Last but certainly not least, law enforcement is undermanned and overwhelmed by the number of identity-theft cases reported each day. It s a high-profit, low-risk crime.
Identity thieves have many techniques to obtain personal information from others. They can hack into a computer system, although this is actually somewhat rare. Many of the more common techniques have been around for many years, such as mail theft. Thieves steal mail out of mail containers, fishing it out. They use sticky mousetraps wrapped with a string to snag your mail right out. They break into apartment mailboxes where they can pick and choose from hundreds of items of mail. They look in communities where houses have mailboxes located out front. You know the type you put up a flag when you have out-going mail that says steal me to every crook out there. If they get your credit-card payment, they get two for the price of one. They not only get your credit-card account information, but also the check you re making a payment with.
Crooks also check these types of mailboxes before most people return home, but after the mail delivery. If they take your incoming mail, they get your credit-card bills that hopefully contain courtesy checks. They are a great take! Just fill in the blanks and forge the signature. It then takes a couple of months before the credit-card holder even learns of the loss.
Identity thieves also dumpster dive to get your information, which is why shredders have become a hot sell to the public lately. They also go after the larger score and go through business trash. Many states have laws now that require businesses to shred or properly dispose of all customer information to protect the consumer. However, this does not always happen, so a thief can end up with a large number of victims information in just one stop.
Another method, which can reveal a large amount of information, involves the bad employee. Whether it s a waiter or waitress skimming your credit card or a customer-service representative who takes home printouts of the customer s personal information, bad employees can steal huge amounts of personal information with ease. I ve seen customer-service reps from cellular-phone companies, loan-processing agents from real-estate loan companies, hotel clerks, information-technology directors and even company comptrollers take advantage of their positions. All of them also had a problem with drugs.
The computer generation has brought about check-creation software, which allows not only honest citizens but identity thieves as well to create their own checks. Crooks with a stolen check can create as many checks as they need. They can put the routing number and account number of the victim on the bottom, and insert anyone s name on the top.
The Web features chat rooms that cater to identity thieves. Crooks use them to share victim information. They can also discuss techniques and businesses that are easy to order from over the Internet businesses that don t validate the cardholder s delivery address or other pertinent information, for instance. Crooks can also obtain templates for driver s licenses from all 50 states on the Internet and use them to create fraudulent driver s licenses using popular applications such as Adobe Photoshop.
Other Internet-related tactics include phishing scams. In a phishing scam, crooks send e-mails to hundreds of thousands of individuals that are supposedly from eBay, Bank of America, etc. The e-mails look very official with company logos, security warnings and a link to an official-looking site. In reality, all the info is a hoax, but if one or two people believe it and provide their name and account number, thieves have exactly what they need.
Once a thief has a victim s information, they can order products (televisions, computers, cell phones) over the Internet without ever leaving home. They can have the products delivered to their next-door neighbor, empty houses or apartments, and pick up the merchandise after the delivery, not even signing for it. Once they have the merchandise, they can trade it for narcotics or just sell it on eBay or similar auction or classifieds sites and have the cash within just a few days. By using Hotmail or Yahoo accounts free e-mail accounts that allow you to make up all your information to conduct the transactions, they never have to reveal their true name through the entire process.
Police Tactics & Tools
This crime presents many challenges to law enforcement. There are consumer-privacy rights to consider. Sometimes you must deal with an industry s reluctance to cooperate. Typically, victims don t learn of the crime right away, and it takes even longer for an investigator to get the report, so evidence may be lost. Law enforcement is truly overwhelmed by the number of identity-theft cases coming in. There are also jurisdiction issues. Say the victim lives in Chicago but the suspect is in Nevada who takes the report, and who actually investigates the crime?
As an investigator, you first must hash out the jurisdictional issues. Even if it s obvious the suspect is in a different part of the country, you must ensure the agency located where the suspect committed the crime is aware of it and will investigate it. I spend a lot of time on the phone with investigators from agencies throughout the United States ensuring an identity-theft case is being investigated appropriately. Sometimes I act as a coordinator between other local and federal agencies, credit-card companies and financial institutions, ensuring that everyone shares their information.
The most important aspect of conducting an identity-theft investigation is communication and cooperation. We must communicate with other agencies and ensure the victim s rights are met. If the victim lives in your jurisdiction, take a report and advise the victim to file a report with the FTC. Many agencies use pamphlets that provide the victim with all the information needed along with a list of places they should contact, such as credit-card companies, credit-reporting bureaus, financial institutions, the FTC, and the Internet Crime Com-plaint Center (IC3).
The FTC does not investigate identity-theft cases, but it does maintain a national database of victims for law enforcement. It also tracks identity-theft trends, funds identity-theft studies and provides assistance to the victims.
The IC3, a joint venture between the FBI and the National White Collar Crime Center (NW3C), is a national clearinghouse that accepts complaints and refers them to the appropriate jurisdictions. When visiting its Web site, victims can file a complaint regarding any type of Internet fraud, and the IC3 then refers the complaint to the appropriate jurisdiction(s) where the victim and/or suspect reside.
In an identity-theft case, as with all financial crimes, we must track the money and determine where it went. All agencies should ensure their investigators are appropriately trained to handle such cases and track the paper and/or electronic trails (e.g., e-mail addresses, IP addresses, user names, etc.). In California, we have high-tech crime training classes offered by various task forces, such as the Computer and Technology Crime High-Tech Response Team (CATCH), regional computer forensics laboratories, the California Department of Justice, The Search Group and federal agencies such as the NW3C. In addition, the High Technology Crime Investigation Association has nationwide chapters and offers an annual training conference and local monthly trainings. Many community colleges and private companies offer appropriate classes as well, such as New Horizons Computer Learning Centers.
Another tool: proactive identity-theft teams that target known identity thieves who are on probation or parole and have valid 4th Amendment waivers. Such teams conduct probation-compliance visits to ensure these folks are abiding by their terms of probation or parole. Our statistics show that approximately 50 percent of them are arrested on new charges and or violations (a majority also possess narcotics at the time of the arrest). We attempt to stop re-offenders before they victimize more innocent people.
Call to Arms
There is no easy solution to this high-tech crime, but with communication and cooperation, the appropriate training and a tenacious attitude, law enforcement can definitely turn the identity-theft trend around.
Federal Trade Commission—www.consumer.gov/idtheft
Internet Crime Complaint Center (IC3)—www.ic3.gov
National White Collar Crime Center (NW3C)—www.nw3c.org
Computer and Technology Crime High-Tech Response Team (CATCH)—www.catchteam.org
California Department of Justice—http://ag.ca.gov/idtheft/index.htm
The Search Group—www.search.org
High Technology Crime Investigation Association—www.htcia.org
Randy Lawrence is a supervising investigator for the San Diego County District Attorney s Office. For the past 3.5 years, he has been assigned to CATCH. He is also trained as a computer forensics examiner. Prior to this assignment, he worked in Family Protection for five years, specializing in the investigation of Internet crimes against children.