Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

In Depth

Technology

CYBER CRIME

Identity crisis in cyberspace

June 7, 2007

Way back in the early '90s when the internet was in its infancy, identity was rarely an issue. First, early web users were a friendly group of a few thousand technologists who mostly knew each other, and second, nobody was doing business there. That changed as the web grew more popular and went mainstream, making anonymity a selling point � the opinionated could vent freely without fear of personal repercussion, and timid suburbanites could buy pornography without risking awkward encounters with neighbours at the local adult video store.

Today's internet is no longer just the playground of a geek in-group or a platform for the opinionated, but a genuine worldwide web. It's fundamental to commerce, to news, to many aspects of daily life in the industrialized world.

And it's often very important indeed that we know who the people on the other side of the keyboard actually are.

At the relatively low-risk end of the anonymity spectrum, there are the nuisances — spammers who clog up the comments sections of blogs and inboxes with ads for prescription medicines, replica watches and, of course, pornography. The problem grew so quickly that it threatened to overwhelm some people entirely until tools became available to manage the flood of spam.

Software as a gatekeeper

One tool that has emerged to deal with the problem is OpenID. It's an open source (meaning the code can be used and modified freely by anyone) identification system developed by Six Apart, the company responsible for the widely used blogging software Movable Type.

"The big issue here was accountability," said Anil Dash, vice-president and chief evangelist (a technology evangelist is someone who promotes technology) for Six Apart. "You could leave spam links, because there was no authentication at all needed to leave comments."

With OpenID software, participating websites can require visitors to be registered with OpenID and to sign in before a comment can be left. The advantage to the user is that a single consistent login can be used across different social networks or platforms. OpenID has already been put to use by AOL, and Bill Gates has been talking about adopting it for Microsoft sites.

The downside to OpenID is that it's not designed to verify who's really on the other side of the keyboard. It simply assigns them an online identity that remains consistent and can't be used by anyone else.

"It's not implying trust or anything beyond an identity," Dash said. "Users might be using a synonym, so you don't necessarily know their real name, but at least you know it's not software or a robot leaving the spam comments."

As a result, the system isn't useful for sensitive commercial or business applications, for which a higher level of security and a specific personal ID are required.

Financial problems

One common crime involving the use of false identities is online auction fraud, which Detective Constable Mark Fenton of the Vancouver Police Computer Crime Unit said is his department's most frequently received complaint. "The bad guys get a hold of an eBay ID, set up a bank account with another fake ID, and start selling things they don't have."

These criminals typically use public internet terminals in libraries or airports to conduct their transactions without being tracked down.

Ron Jackson, a security researcher with Atlanta security services provider SecureWorks, discovered and, with the FBI, monitored a server that was being used by criminals to store stolen personal information. He said that of 5,200 sets of stolen personal information, about 30 per cent or 1,800 had unique eBay IDs associated with them, which were themselves being sold online to other cyber crooks.

So how can you or the auction company know the person selling you that espresso machine or autographed hockey card is who he says he is?

The days when a simple password and ID were sufficient to identify a user are long gone, relics of an age before Trojan horse software — software that installs malicious programs on computers — could log keystrokes and report them back to gangs of identity thieves. But Ron O'Brien, senior security analyst at information technology security firm Sophos, said auction companies are responding to the threat.

"EBay has recently implemented significant improvements in their security, including banning the sale of some virtual tools [from online games such as Warcraft] because they're so frequently stolen," he said.

He also pointed to new ID verification software that some institutions are putting in place. It requires users to click on a picture after typing their password, a move designed to outwit key logging software. However, malware has already been created to circumvent this measure, as well, he said.

Some financial institutions now provide customers with handheld devices that generate a constantly changing PIN, but even those can be defeated. "They're trying to protect the gateway from the fraudsters being able to get in, but [the criminals] can just put a Trojan horse on that computer. Then they wait for you to type up that little number that comes up, and after that they can take over your browser just as if they were you," said Joe Stewart, senior researcher at SecureWorks.

Cutting-edge biometrics

One company working to defeat the cybercrooks with innovative identification solutions is Seattle-based Cogneto. It is developing biometric systems that identify users through far more subtle methods than passwords.

"We look at how [users] are moving their hands, how they interact with their computer, and we look at behavioural characteristics," explained Patrick Audley, chief technology officer of Cogneto. "Are you doing something you would normally do, from a computer you've used before, a network we've seen you at before, in a city we've seen you in?"

Cogneto's systems even work to stymie the crooks who hijack transactions after the user is logged in — one version of the system continually analyses and reassesses risk during the course of the online operation.

Sophos's O'Brien said that he expects to see many more biometrics-based identification systems in the future, as part of the ongoing arms race between the crooks and the security firms.

Phonebusters info

Phonebusters.com

1-800-495-8501

(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)

Still, SecureWorks's Stewart said that technology will never be the whole answer to the problem, and that prevention and law enforcement must go hand in hand. "A fundamental problem with computers is that there is really no way you can ever tie a computer transaction with the person at the keyboard. You can try to use biometrics and authenticate the person before they can do a transaction, but that stuff can be recorded and replayed. There are all kinds of subtle ways that somebody can get a Trojan horse on your computer, and for all intents and purposes, they can become you.

"There's no end solution that you can deploy technically that would stop it entirely," he said. "You have to also counter these efforts with law enforcement actually going out and putting [criminals] behind bars."

Go to the Top

Menu

Main page

Technology

Green machines
Disk drive: Companies struggle with surge in demand for storage
Open season: Will court decision spur Linux adoption?
Analogue TV
Video games: Holiday season
Video games: Going pro
Guitar Hero
Parents' guide to cheap software
Working online
Laptop computers for students
Technology offers charities new ways to attract donations
The invisible middleman of the game industry
Data mining
Two against one
The days of the single-core desktop chip are numbered
Home offices
Cyber crime: Identity crisis in cyberspace
Yellow Pages - paper or web?
Robotics features
iPhone FAQ
Business follows youth to new online world
A question of authority
Our increasing reliance on Wikipedia changes the pursuit of knowledge
Photo printers
Rare earths
Widgets and gadgets
Surround Sound
Microsoft's Shadowrun game
Dell's move to embrace retail
The Facebook generation: Changing the meaning of privacy
Digital cameras
Are cellphones and the internet rewiring our brains?
Intel's new chips
Apple faces security threat with iPhone
Industrial revolution
Web developers set to stake claim on computer desktop with new tools
Digital photography
Traditional film is still in the picture
HD Video
Affordable new cameras take high-definition mainstream
GPS: Where are we?
Quantum computing
What it is, how it works and the promise it holds
Playing the digital-video game
Microsoft's forthcoming Xbox 360 Elite console points to entertainment push
Online crime
Botnets: The end of the web as we know it?
Is Canada losing fight against online thieves?
Malware evolution
Money now the driving force behind internet threats: experts
Adopting Ubuntu
Linux switch can be painless, free
Sci-fi projections
Systems create images on glass, in thin air
Power play
Young people shaping cellphone landscape
Digital cameras
Cellphone number portability
Barriers to change
Desktop to internet
Future of online software unclear: experts
Complaining about complaints systems
Canadian schools
Multimedia meets multi-literacy age
Console showdown
Comparing Wii, PS3 and Xbox 360 networks
Social connections
Online networking: What's your niche?
Virtual family dinners
Crackdown
Xbox 360 console game
Vista and digital rights
Child safety
Perils and progress in fight against online child abuse
Biometric ID
Moving to a Mac
Supply & demand
Why Canada misses out on big gadget launches
Windows Vista
Computers designed for digital lifestyle
Windows Vista
What's in the new consumer versions
Cutting the cord
Powering up without wires
GPS and privacy
Digital deluge
RFID
Consumer Electronics Show
Working online
Web Boom 2.0 (Part II)
GPS surveillance
Hits and misses: Best and worst consumer technologies of 2006
Mars Rovers
Voice over IP
Web Boom 2.0
Technology gift pitfalls to avoid
Classroom Ethics
Rise of the cybercheat
Private Eyes
Are videophones turning us into Big Brother?
Windows Vista
Cyber Security
Video games: Canadian connections to the console war
Satellite radio
Portable media
Video games
Plasma and LCD
Video screens get bigger, better, cheaper
Video games:
New hardware heats up console battle
High-tech kitchens
Microsoft-Novell deal
Lumalive textiles
Music to go
Alternate reality
Women and gadgets
High-tech realtors
The itv promise
Student laptops
Family ties
End of Windows 98
Bumptop
Browser wars
Exploding laptop
The pirate bay
Stupid mac tricks
Keeping the net neutral
PS3 and WII at E3
Sex on the net
Calendars, online and on paper
Google, ipod and more
Viral video
Unlocking the USB key
Free your ipod
In search of
Xbox
Sony and the rootkit
Internet summit
Electronic surveillance
[an error occurred while processing this directive] [an error occurred while processing this directive]
Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

World »

302 Found

Found

The document has moved here.

more »

Canada »

302 Found

Found

The document has moved here.

more »

Politics »

302 Found

Found

The document has moved here.

more »

Health »

302 Found

Found

The document has moved here.

more »

Arts & Entertainment»

302 Found

Found

The document has moved here.

more »

Technology & Science »

302 Found

Found

The document has moved here.

more »

Money »

302 Found

Found

The document has moved here.

more »

Consumer Life »

302 Found

Found

The document has moved here.

more »

Sports »

[an error occurred while processing this directive] 302 Found

Found

The document has moved here.

more »

Diversions »

[an error occurred while processing this directive]
more »