ID Thief Finds Holes in Bank Security
Most banks are surprisingly vulnerable to identity theft, according to a hired gun who makes his living by penetrating their security systems.
With over 100 successful heists to his credit, Jim Stickley is one of the most successful bank robbers of all time. But heâ€™s not after the cash. Heâ€™s after something more valuable â€” identity. Most bank robbers only get away with a few thousand dollars; Stickley gets away with information worth millions.
Stickleyâ€™s company, TraceSecurity, is hired by financial institutions to perform vulnerability audits on them, in which he attempts to steal names, addresses, Social Security numbers, credit card numbers, and passwords.
TraceSecurity has been getting a lot of calls lately as banks beef up their information privacy practices, motivated by the recent spate of high-profile identity thefts and an increasing number of information privacy and disclosure regulations.
â€œMost banks are surprisingly vulnerable to identity theft,â€ says Stickley, whose teams focus on social-engineering exploits. â€œThey spend millions on high-tech computer security defenses, but often fail to address the simplest, most critical aspect of information security: the human element.â€
Stickley and his team successfully complete their heists 90% of the time. The other 10% of the time, vigilant bank staffers thwart the heist. Itâ€™s not unusual for a single TraceSecurity social engineering team to rob three or four bank branches in a single day.
They start by impersonating someone of trust or authority, such as an air conditioning technician or a fire marshal. When they show up, in fake uniforms with fake badges, the receptionist often welcomes them with coffee.
Within minutes, they have free range of the bank as they crawl under desks, steal backup tapes, and install spyware on the computers. In the evening, TraceSecurity returns to â€œdumpster dive,â€ which often yields a surprising amount of sensitive customer account information in the trash.
Once the heist is completed, the TraceSecurity team returns the stolen information to the bankâ€™s executives who hired them, and provides recommendations on how to prevent actual criminals from perpetuating the same crime.
Â© National Security Institute, Inc.
â€“ This article is the property of the National Security Institute and my not be copied or redistributed in any fashion without an appropriate licensing agreement. For more information and FREE samples, visit http://nsi.org/SECURITYsense2.html.