11:28 PM
Connect Directly

Who Was That Masked Man?

MSU professor gives ID theft advice to those impacted by 'gateway' crime.

Whoever stole Judith Collins' identity in 1999 picked the wrong target. A professor at the School of Criminal Justice at Michigan State University (MSU; Lansing, Mich.) with research interests in white-collar crime and industrial/organizational psychology, Collins quickly became curious as to the nature of the criminal. "Identity theft is very attractive to even borderline-delinquent behaviors, because it's such a low-risk crime," Collins says.

Yet identity theft is a high-impact offense and a "gateway" crime that leads to other offenses, ranging from credit card fraud to drug trafficking. "I can name 50 different types of crimes that are committed using stolen identities," Collins continues. "Identity theft is honestly the most unique type of crime, ever, in the history of the United States."

Collins subsequently founded organizations chartered to research, prevent and combat identity theft. The Identity Theft University-Business Partnership at MSU works with industries to secure their customers' and employees' personal information. And, the Identity Theft Crime and Research Lab conducts training of law enforcement officers, including the FBI. Also, MSU researchers study the criminal networks used by identity theft rings, along with actual cases and victims.

In addition, Collins recently provided private consulting services to Citibank on its identity theft victim assistance service. "They have a beautiful toolkit that they send out to every victim, and I did an assessment of that entire toolkit," she explains. Collins also evaluated how Citibank's customer service agents interacted with identity theft victims. "Citibank is a good role model for other banks," she says.

When asked about the new Identity Theft Penalty Enhancement Act, Collins points out that more steps are required to put a significant dent in the problem. First, the number of jurisdictions involved with identity theft increases the complexity of prosecuting someone. "We do need some federal legislation with respect to resolving the jurisdictional complications," Collins says.

Furthermore, local law enforcement personnel lack the staffing, facilities and budgets to catch, prosecute and convict identity thieves. It's a costly crime to prosecute, especially considering widespread budget cuts, shortfalls in state revenues and new executive priorities. "We need to reallocate some of the resources that were given to the FBI with the establishment of Homeland Security," Collins asserts.

Police departments have felt the brunt of this shift in funding. "They don't have money for the equipment to investigate identity theft," says Collins. "The criminals have better equipment than law enforcement does."


Law Adds 2-Year Sentence for ID Thieves

The Identity Theft Penalty Enhancement Act spells out the sentencing requirements for criminals who commit certain felonies using stolen identities. For the crime of "aggravated identity theft," the act mandates hard time without parole for a term of two years. This "penalty enhancement" must run consecutively, not concurrently, to any other sentence. A wide range of felony offenses triggers the automatic two-year penalty enhancement, including:

- Stealing public money or stealing from an employee benefit plan.

- Embezzlement by a bank officer.

- Using false documents to obtain or misrepresent citizenship, or to gain a passport.

- Using false documents to acquire a firearm.

- Obtaining customer information by false pretenses.

- Ignoring a deportation order with a counterfeit ID, or other immigration-related offenses.

- Federal benefits fraud, such as falsely claiming Social Security payments.

For identity theft related to acts of terrorism, the penalty has now been enhanced by the addition of five years imprisonment. The Identity Theft Penalty Enhancement Act was sponsored by Representative John Carter

(R-Texas) (see Executive Q&A, page 21).

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.