Feeds

Identity Thefts from the Rich and Famous

How can you be a trainee dish washer?

  • alert
  • submit to reddit

SANS - Survey on application security programs

A trainee dish washer has been arrested in New York after allegedly using the Internet to defraud millions from US celebrities and millionaires.

According to the New York Post, which broke the story, Abraham Abdallah allegedly used Internet access at a local library and copies of Forbes magazine to steal the identities of 200 celebrities so that he could run up bills in their names online.

The 32 year-old is suspected of stealing millions of dollars from celebrities including Steven Spielberg, George Soros, former presidential candidate Ross Perot and Oracle boss Larry Ellison.

During the six months of the fraud he allegedly set up an elaborate network of post office boxes, Web-enabled cell phones and online voice mail services so that he could fool banks and avoid detection. He also used couriers to pick up goods and throw police off the scent.

The fraud was reportedly only discovered when an email request to transfer $10 million from the bank account of the founder of CRM magnate Thomas Siebel raised eyebrows at his bank, Merrill Lynch.

This tip-off allowed investigators to trace the electronic trail of fraudulent activities, which was far wider than anyone first suspected, and eventually enabled them to set up a trap at a drop off point for goods, where Abdallah was arrested.

The New York Post quotes unnamed sources who said that after Abdallah's arrest, police recovered a dog-eared copy of Forbes' "Richest People in America" list on which home addresses, cell phone and Social Security numbers, account numbers and balances - and even mothers' maiden names, were neatly jotted down.

Police are also said to have recovered notebooks and ledgers, counterfeit corporate papers, and rubber stamps.

It is believed Abdallah used the Forbes' article to draw up a list of victims about whom he subsequently obtained confidential financial information, by writing to credit reference agencies on forged corporate letterheads, bearing the names of brokerage houses.

This confidential data was allegedly enough for him to impersonate celebrities and gain access to their credit cards and other accounts at brokerage houses and investment banks.

"He's the best I ever faced," Detective Michael Fabozzi of the NYPD's Computer Investigation and Technology Unit, told the New York Post

Abdallah is charged with criminal possession of forged devices, stolen property and criminal impersonation, in a case has been taken over by federal investigators. He denies the charges.

The case is one examples so far of identity theft, which as explained in an earlier article we published about the subject (by Kevin Mitnick), is set to become a much more serious problem.

Victims pay to ensure against risk

So far the response of those in charge of managing debt risk to identity theft has being to encourage consumers to buy products that allow people to monitor what is happening to their finances more immediately.

For example, credit reference agency Equifax has introduced products like Credit Watch and Credit Profile which are allow consumers to monitor their credit standing online.

Dave Mooney, a spokesman for Equifax, said through Credit Watch US consumers (though not those in the UK) would be able to get email notification when there are changes to their credit file, rather than hearing about problems from debt collection agencies trying to recover unpaid bills. It is also rolling out products that give consumers their credit scores.

Insurance firm PromiseMark estimates identity theft affects 700,000 people annually and costs $4bn, in response to which it has introduced what it bills as a Hacker and Identity Theft Protection Plan.

This service provides fraud resolution services to hacker and identity theft victims to assist in the recovery of credit and financial losses from their online and offline accounts.

Placing the onus on consumers to protect themselves from identity theft can only be part of the solution, and merchants need to take more responsibility about tackling the issue. After all it is financial institutions, and credit reference agencies, to are responsible for extending fraudulent lines of credit in the first place. Is it too much to ask that they invest to improve their systems? ®

External links

New York Post article
PromiseMark
Equifax

Related stories

Stomp the identity thieves
Hacking credit cards is preposterously easy

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.