** Notes From the Identity Underground
Thieves steal thousands—even millions—
of personal profiles from the aether.
But how do they turn a whole database of names
Scaling up in the ID business—
a report on the state of the crime.
By Martha Baer
It’s a gray San Diego morning, and eight guys have their guns drawn. In a silent neighborhood of bougainvillea and cactuses, pick-up trucks and run-down bungalows, the men surround a stucco house set behind a patch of drying lawn. One guy has the rear staked out. One hangs back to the left. Several others approach the front door.
Aside from the bullet-proof vests they wear with the word POLICE emblazoned in yellow across the backs, there’s little that unifies this team of cops. All eight of them hale from different agencies, which you can tell from the array of badges they wear, some on their belts, some on their chests, some around their necks on a chain. The head of the multifarious task force is Special Agent Alfredo Baclagan—Fred—a police investigator for the state’s Department of Justice.
When the metal gate swings open, the guys pour inside. There’s some scuffling but nothing big. Matt Lowe, from the Carlsbad Police Department, sticks his head out each window, checking to see that no one has tossed anything in the bushes. The only drama is the hollering and flailing of the residence’s mom, a middle-aged Filipina with pumpkin-colored hair. Fred scolds her and then resorts to cuffs. She keeps shouting. When the young woman the team is looking for doesn’t emerge from the bedroom, Matt kicks in the door. She’s in there, in the bed, with her boyfriend. The cops scan the room, looking for receipts, mail, scraps of paper, anything that might have writing on it.
Fred emerges from the house to get more gear. He takes off his prick-proof gloves, which he wore for the raid and stretches on the latex version he uses for collecting evidence. The next time he appears, it’s clear that the young woman inside the house, whose name is Mary Rivera, will get busted. There is so much in there that’s incriminating, Fred says. Mail for “friends.” A mysterious paystub. Even a little kid’s Harry Potter diary.
Matt, who is the tallest on the team, with yellow-blond eyebrows and a ruddy face, is saddened about the little notebook. Usually upbeat (“I love my job every day,” he mused earlier), now he shakes his head. “It’s kinda touching you know,” he says. “It started out with a kid’s entries—‘I went to school today.... When I get home I’m going to play.’ And then you flip through....”
Further back in the Harry Potter diary are pages of numbers, neatly written out in columns, mostly 16 digits to a row. They are the credit card account numbers of identity theft victims.
Fred emerges once more from the house. He announces that they’ll have to confiscate the household’s hard drive. He says, “There are names all over that computer.”
* * *
If you’re a literate American in 2006, you know something about identity theft. Ten million individuals, according to the Federal Trade Commission’s recent estimates, are victims of the crime each year. That means if you’re over 18, your chances of being impersonated this year by a stranger are 1 in 20, and the most banal behaviors render you vulnerable: Write a check, use the Internet, eat in a restaurant, recycle your junk mail.
that the young woman will get busted.
There’s so much in there that’s
You’ve heard the drumbeat of news stories about databases full of personal information that have been compromised: Data aggregator ChoicePoint disclosed that 140,000 names had been breached; Bank of America admitted to one million; LexisNexis 30,000; Ameritrade 200,000; and the Department of Veterans Affairs up to 26.5 million. For every time your name appears on a list of individuals, whether it’s a database of Costco shoppers or the client list of your veterinarian, your vulnerability increases. Given the new criminal tactic called “phishing,” where trumped-up emails lead you to a seemingly familiar website and tell you to log on, you might just as easily type your password directly into a thief’s inventory today as sign on to Citibank or Ebay.
You’ve also heard the horror stories. According to the California Public Interest Research Group, victims spend approximately 175 hours repairing their credit after it’s been damaged by false charges and brand new accounts opened by ID thieves. And even though credit card companies excuse the average $4,800 per person in fraudulent charges, individuals still end up spending roughly $800 each cleaning up the wreckage. In the truly haunting accounts of ID theft—about 4 percent of total victims—perpetrators use the stolen names when confronted with law enforcement, freighting law-abiding individuals with criminal records in the face of a justice system not inclined to believe their claims of innocence.
And no matter how many prevention tips you read about in the paper and diligently apply, you’re still at risk. As Mark Rasch, computer-security consultant and former tech-crimes prosecutor, puts it rhetorically, “What can you do to prevent it? You can consider living in a shack in Montana and writing long missives to the Washington Post.”
There is a glaring gap, however, in what we truly know about this phenomenon. Namely, how do these thieves operate? Having pilfered a million names from a database, what the hell do these people do with them? All the social security numbers and mothers’ maiden names in the world do no one any good until they’re somehow transformed into cash. But the most specialized minds in law enforcement are still only partway into the process of figuring out how that’s done. After all, how many bank accounts can a single criminal hit up for real money before the accounts are shut down? And who has time to order 40 million iPods from Amazon?
“ID theft results in the literal creation of money out of nothing,” says Keith Burt, chief
©2006 Martha Baer All Rights Reserved