THE MALICIOUS WORM COULD BE REBORN FOR THE NEXT PHASE IN THE IDENTITY CRISIS EXPLOITED BY THE ID CROOKS
Probably no surprise to most technology experts, but certainly in tune with the predicament business and government have gotten us into based on the handling of our sensitive data. And, by the way, made worse by the apathy of the American public that identity theft probably won’t happen to them. You’ll notice I use the word “probably” now because there is an undercurrent of concern recently, as evidenced by consumers rushing to sign up for paid ID theft prevention they could do themselves for free. Last Friday my post was about how individuals have lost control over their names and private information, which quoted from an article on data loss prevention. One comment in the Friday post makes the case for my opening sentence, above. A database security company V.P., supposedly someone on top of the identity dilemma, said in effect that data collectors have just realized the problem, and they are still looking for your private information they hold to determine how to protect it. Pathetic! That said, what can we expect the bad guys to do in the future? Stephanie Hoffman, in her article in the above link, thinks we have to worry about a resurgence of the Storm Worm, a malicious program that spreads throughout computer systems with ease and complete secrecy. With personal information databases their target—where there is a treasure trove of our credit card and Social Security numbers available—the new attacks will be on smaller, “second-tier” businesses in 2008, according to security experts. And it’s a good bet that junk mail companies, particularly those with catalogs, will be the new bull’s-eye, considering their gold mine of credit card numbers tied to names, addresses and telephone numbers. When you add to that the private information they’ve added to the customer’s record consisting of their income and date of birth, no doubt the only reason these companies have avoided numerous breaches already is because the crooks have been concentrating on the larger quarry. The Storm Worm was released through e-mails in April of 2007, and was associated with a European storm to entice recipients to open the message. Using the same ploy with junk mail catalogers could open the door to millions of U.S. households’ personal data, and create thousands of ID theft victims. It could happen because, from my experience as a former data broker, junk mailers don’t have any higher security levels than recently breached companies like TJX (TJ Maxx, Marshalls), or GE Money’s loss of a tape affecting 650,000 J.C. Penny customers. The Hoffman piece also indicated that these companies collecting personal data would start reducing the amount that they take in. I can unequivocally state that the junk mail industry will not take this path, and for one major reason. They survive from the collection and sale of your names and private information—a $4 billion annual list business—and if anything, will only increase this activity. You might be able to live with it if you received a piece of the action, and, of course, had control over your sensitive data.