Log in ....Tribune

Dot.ComLatest in ITFree DownloadsOn hardware

Monday, April 2, 2001
Lead Article

by Roopinder Singh

IT didn’t take much for a waiter, who had dropped out of school, to steal the electronic identities of some of the top celebrities in the USA. As Log in… Tribune reported last week, investigators believe that the New York-based cyber thief Abraham Abdallah, 32, a pudgy, convicted swindler and high-school dropout, poured millions into overseas bank accounts and bought luxury houses with money stolen from some of America’s richest and the most famous people. One of the investigators reportedly said that this was the most sophisticated crime he had ever seen!

Computers do empower. In doing so, they also make criminals more powerful than they would be otherwise. And, of course, this causes concern among people here, too. Log in …Tribune has received a number of queries from people who are surfing the Net regarding security issues. Here’s a list of the kind of things that computer-empowered criminals can do and what you can do to protect yourself from being dot conned.


Stealing an identity

An identity (ID) theft might not seem much in India, but abroad it is a major issue. In the USA every person is issued a social security number. This number ties together all kinds of financial and other data about an individual and it is more often than not stored on computers—credit card information, bank transaction details, driving licence information, residential information and phone information. This is the one piece of information that provides someone the means of unravelling your life. Other nations have similar procedures, too.

According to New York Post, the newspaper that broke the story, Abdallah allegedly breached the bank, brokerage and credit-card accounts of such movers and shakers as Steven Spielberg, Martha Stewart, George Lucas, Sumner Redstone, Oprah Winfrey, Ross Perot, George Soros, Warren Buffett, Ted Turner, Ronald Perelman, Carl Icahn, Larry Ellison, Michael Bloomberg, David Geffen, Barry Diller and Michael Eisner.

Abdallah’s elaborate scam went undetected as he first duped companies—including Equifax, TRW and Experian—into providing detailed credit reports on his rich victims.

He then used the confidential data to clone their identities and gain access to their credit cards and accounts at such prestigious brokerage houses and investment banks as Goldman Sachs, Bear Stearns, Merrill Lynch and Fidelity Investments, the paper quoted officials.

Be sceptical

Of course, Abdallah is not the only one. There have been many others, including Vladimir Levin, who, in one of the first online theft cases to be prosecuted, was sentenced to three years in prison for removing $3.7 million from various Citibank accounts in 1995. It didn’t take sophisticated tools either; Levin accomplished this with a personal computer and a dial-up connection to the Internet.

We do not have any equivalent of the social security number in India, though some experts feel that the PAN number issued by the Income Tax Department might soon become as common in India as social security numbers in the West.

With the increasing use of the Internet, the global village has indeed shrunk to a degree that can at times be frightening. Anyone can now place credit card orders on the Net from India and more and more people are getting credit cards.

Actually, according to most computer experts, all that you have to do is maintain the degree of scepticism that you do in the real world while you cruise the cyber world.

E-mail scams

As such e-mails are harmless, unless you opt for a scheme they propose. Just as you would not take every mail that comes in your home letterbox seriously, you should be selective about your e-mails. Your e-mail box is in fact often the receptacle of a lot of unsolicited mail, because it doesn’t cost anyone anything to send thousands of e-mails to various addresses. Junk mail is just that, mail that should be junked.

Many of the business opportunity offers that come pouring into e-mail boxes are scams. Be careful about anything that is short on details but long on promises. The American government consumer watchdog, FTC, has identified the 12 scams that are most likely to arrive in consumers’ e-mail boxes. They include:

  • Business opportunities that make it sound easy to start a business that will bring lots of income without much work or cash outlay.

  • Bulk email solicitations offer to sell you lists of email addresses, by the millions, to which you can send your own bulk solicitations.

  • Chain letters that ask you to send a small amount of money ($5 to $20) to each of four or five names on a list, replace one of the names on the list with your own, and then forward the revised message via bulk email.

  • Work-at-home schemes like envelope-stuffing solicitations promise steady income for minimal labour.

  • Health and diet scams, including pills that let you lose weight without exercising or changing your diet, herbal formulas that liquefy your fat cells so that they are absorbed by your body, and cures for impotence and hair loss, are among the scams flooding email boxes.

  • Effortless income, the trendy get-rich-quick schemes offer unlimited profits, exchanging money on world currency markets; newsletters describing a variety of easy-money opportunities; the perfect sales letter; and the secret to making $4,000 in one day.

  • Free valuable goods are offered by some e-mail messages—for example, computers, other electronic items, and long-distance phone cards are offered for free.

  • Investment schemes that promise outrageously high rates of return with no risk. One version seeks investors to help form an offshore bank. Others are vague about the nature of the investment, stressing the rates of return. Many are Ponzi schemes, named after the man who allegedly originated the scam, in which early investors are paid off with money contributed by later investors.

  • Credit repair scams offer to erase accurate negative information from your credit file so you can qualify for a credit card, auto loan, home mortgage, or a job.

If you work in a networking environment, make sure that you keep your password secure by not sharing it with anyone. Remember, a secret between two people is not a secret any longer. Do log out or put your computer in "standby" mode when you leave your table, this way you not only use less computer recourses and prevent overheating, the information in your computer is also secure as it can only be accessed by using your password. In fact, most home computers also come with operating systems that allow for multi-user profiles. The way the privacy of various users on the same machine is maintained, their data remains safe.

Legal situation

India has become the 12th nation in the world to pass a comprehensive cyber law, the Information Technology Act 2000 (see the accompanying interview with Dewang Mehta). The law has provisions for stringent punishments for cyber criminals and it gives the police extensive powers of search and seizure.

However, a basic issue still remains Law enforcers who handle normal crime are not capable of handling cyber crime, because of their lack of education and computer exposure. Thus officer level intervention is called for.

On paper, a lot has been done. The Central Bureau of Investigation has set up a special cyber crime research and development unit to collect and collate information about the cyber law violations from all over the country. Various states have started preparing the police forces to combat cyber crimes, but it is an uphill battle, with most policemen, like most others, lacking the proper exposure. This has lead to piquant situations in which the police has taken hasty action and charged cyber café owners for crimes that they are not really responsible for. At the same time, by providing the legal cyber framework, India has taken a major step forward.

Just as you can’t seriously expect a policeman to protect you from criminals all the time in the real world, in cyber world, too, you have to take care of yourself.

Do remember, it is the basic precautions that keep your house secure. The same is the case with your computer. It is so very easy to be carried away with the hype. Criminals will always remain criminals and they will find ways to use whatever technology they can find. Abdallah had a long arrest record, including 11 arrests by the New York City police and another 14 by US federal agents, primarily for credit card and bank fraud. He was no ordinary computer nerd.

Play safe with credit cards

THE Indian consumers, like those elsewhere, are wary of making credit card transactions over the Net.

There is always a sense of disquiet that follows news items that reported that a hacker posted 55,000 credit card numbers on the Web after stealing them from CreditCards.com in a failed extortion attempt in December last year. The hacker sent thousands of e-mails on December 11, 2000, directing people to the stolen numbers. Also in December, a hacker broke into Egghead.com’s database, possibly exposing up to 3.7 million credit card numbers.

This does not mean that you have to be too scared. Credit card fraud is something that you have to live with, whether online or in real life.

Use your credit card only on a site that is secure and sends encrypted information. Online credit card or e-commerce-enabled sites are hosted on "secure servers" which take sensitive information, such as your credit card number, and encrypt it. This turns it into a secret code that is extremely difficult for anyone else to decipher. This encryption ensures that your information remains confidential and is only transmitted to the intended recipient.

How do you know that a site is secure? Simply look for the locked padlock! This lock-like icon on both Internet Explorer and Netscape Navigator is an indication that the site is secure. This icon is at the bottom of the browser window. An open padlock, of course, denotes an insecure site, or an insecure portion of the site, like the introductory or catalogue pages.

Con artists have gone high-tech, using the Internet to defraud consumers in a variety of clever ways. According to the Federal Trade Commission, the USA’s chief consumer protection agency, one of the most common scams is to allow Net surfers "free" access to adult images online, just for sharing their credit card number to prove they are over 18.

The catch is that consumers say that fraudulent promoters have used their credit card numbers to run up charges on their cards.

Just as in real life, you should share credit card information only when buying from a company you trust and dispute unauthorised charges on your credit card bill by complaining to the bank that issued the card.

You have to make sure that the site has posted information about its return policies, etc., and use your common sense, just as you would in real life.