Analysis of digital evidence in identity theft investigations

Angelopoulou, Olga

January 2010

Identity Theft could be currently considered as a significant problem in the modern internet driven era. This type of computer crime can be achieved in a number of different ways; various statistical figures suggest it is on the increase. It intimidates individual privacy and self assurance, while efforts for increased security and protection measures appear inadequate to prevent it. A forensic analysis of the digital evidence should be able to provide precise findings after the investigation of Identity Theft incidents. At present, the investigation of Internet based Identity Theft is performed on an ad hoc and unstructured basis, in relation to the digital evidence. This research work aims to construct a formalised and structured approach to digital Identity Theft investigations that would improve the current computer forensic investigative practice. The research hypothesis is to create an analytical framework to facilitate the investigation of Internet Identity Theft cases and the processing of the related digital evidence. This research work makes two key contributions to the subject: a) proposing the approach of examining different computer crimes using a process specifically based on their nature and b) to differentiate the examination procedure between the victim’s and the fraudster’s side, depending on the ownership of the digital media. The background research on the existing investigation methods supports the need of moving towards an individual framework that supports Identity Theft investigations. The presented investigation framework is designed based on the structure of the existing computer forensic frameworks. It is a flexible, conceptual tool that will assist the investigator’s work and analyse incidents related to this type of crime. The research outcome has been presented in detail, with supporting relevant material for the investigator. The intention is to offer a coherent tool that could be used by computer forensics investigators. Therefore, the research outcome will not only be evaluated from a laboratory experiment, but also strengthened and improved based on an evaluation feedback by experts from law enforcement. While personal identities are increasingly being stored and shared on digital media, the threat of personal and private information that is used fraudulently cannot be eliminated. However, when such incidents are precisely examined, then the nature of the problem can be more clearly understood.

364.163

Towards a framework for securing a business against electronic identity theft

Bechan, Upasna

30 November 2008

The continuing financial losses incurred by individuals and companies due to identity information being phished are necessitating more innovative approaches to solving the problem of phishing attacks at the company level. Security standards are developed by respected experts in the profession and are widely accepted in the industry. The purpose of this study was to investigate whether a standard can be adapted to develop a framework that may guide companies in determining how to protect themselves against phishing attacks. A qualitative approach using design research as the methodology was used during the research. The data collection took place by means of a literature survey and semi-structured interviews. The artefact developed was a phishing-prevention framework based on the ISO/IEC 17799 standard, and the evaluation thereof took place through test cases. The findings communicated to the managerial audience was a set of recommendations as a further investment in their security protection against phishing attacks; the findings communicated to the technical audience was the successful adaptation of an existing security standard to produce a usable framework. Further research initiatives should extend the types of test cases that the phishing-prevention framework was evaluated against, and explore the use of tools for determining compliance with the framework. / Theoretical Computing / M. Sc. (Information Systems)

Phishing

Identity theft

Standards

Qualitative

Design science

ISO/IEC 17799

Interviews

Framework

Security

005.8

Phishing

Identity theft

Identity theft -- Prevention

Identity theft -- Prevention

Computer -- Access control

Producing Consumer “Identities”: Identity Theft and Insecurity in the Data Economy

Brensinger, Jordan

January 2022

Financial institutions and other organizations increasingly rely on personal data to make decisions consequential for individual wellbeing and access to opportunity. They use that data to monitor and effect transactions, manage customer accounts, track categorical statuses and eligibility, and allocate resources like credit, housing, and insurance. Yet none of this would be possible without first linking data to particular people. How do organizations identify individual consumers, and with what consequence? In this dissertation, I investigate consumer identification by studying what happens when it breaks down. Drawing on a multi-site qualitative study of financial identity theft—including 1) 45 interviews with victims; 2) 48 interviews with professionals who work on identity theft cases; and 3) observations at industry events, a nonprofit call center, and the fraud department of a large credit union—I show how unique consumer “identities” emerge from the complex and often fraught interplay of technology, expert judgment, and consumer subjectivity. By juxtaposing organizational techniques—from time-honored document inspection to cutting-edge behavioral biometrics—with consumer disputes, my research contributes to our understanding of the social construction of “accurate” personal data while revealing new ways that cultural biases inform data governance and reinforce racial, economic, and gender inequalities. My account of consumer identification highlights two phenomena about which scholars know relatively little. First, the rising importance of personal information, coupled with its limited regulation, exposes individuals to risk—a phenomenon I refer to as data vulnerability. I show how data vulnerability generates economic insecurity by shaking individuals’ trust in other people, organizations, or systems. The ways that data vulnerability produces mistrust, however, reflect and reproduce social inequalities. Low-income people and people of color experienced identity theft as a violation of interpersonal trust and reported severing relationships and channels of informal assistance to protect themselves. In contrast, upper-income individuals and whites blamed organizations and demanded their protection. Second, individuals perform substantial labor—data work—to manage their personal information, including securing and repairing it when problems arise. My dissertation documents the kinds of work people perform and the relational networks in which that work unfolds. I then demonstrate how this work hinges on inequitably distributed knowledge, expertise, and material resources. Thus, while data work burdens everyone, it disproportionately threatens the resources and dignity of low-income and minority Americans. Through tracing efforts to resolve identity theft, my dissertation reveals the dynamics of consumer identification linked to countless resources and opportunities. Far from natural, the unique “identities” on which markets depend require substantial work from a wide network of stakeholders. But that work unfolds in unequal power-laden relationships and imposes substantial costs on many individuals, particularly the most disadvantaged. At a time when organizations worldwide depend on personal data, my dissertation shows how efforts to link that data to people shape the prospects for human dignity, equality, and flourishing in the digital age.

Sociology

Identity theft

Minorities

Poor

Dignity

Effective identities for trusted interactions in converged telecommunication systems

Balasubramaniyan, Vijay A.

08 July 2011

Telecommunication systems have evolved significantly and the recent convergence of telephony allows users to communicate through landlines, mobile phones and Voice over IP (VoIP) phones. Unfortunately this convergence has resulted in easy manipulation of caller identity, resulting in both VoIP spam and Caller ID spoofing. In this dissertation, we introduce the notion of effective identity which is a combination of mechanisms to (1) establish identity of the caller that is harder to manipulate, and (2) provide additional information about the caller. We first use effective identities to address the VoIP spam problem by proposing CallRank, a novel mechanism built around call duration and social network linkages to differentiate between a legitimate user and a spammer. To ensure that this mechanism is privacy preserving, we create a token framework that allows a user to prove the existence of a social network path between him and the user he is trying to initiate contact with, without actually revealing the path. We then look at the broader issue of determining identity across the entire telecommunication landscape to address Caller ID spoofing. Towards this, we develop PinDr0p, a technique to determine the provenance of a call - the source and the path taken by a call. In the absence of any verifiable metadata, provenance offers a means of uniquely identifying a call source. Finally, we use anomalies in timbre to develop London Calling, a mechanism to identify geography of a caller. Together, the contributions made in this dissertation create effective identities that can help address the new threats in a converged telecommunication infrastructure.

Call provenance

Spam over internet telephony

Telecommunication security

Telecommunication

Identity theft

Online identity theft

Geographies of identity theft in the u.s.: understanding spatial and demographic patterns, 2002-2006

Lane, Gina W.

15 May 2009

Criminal justice researchers and crime geographers have long recognized the importance of understanding where crimes happen as well as to whom and by whom. Although past research often focused on violent crimes, calls for research into non-lethal white-collar crimes emerged in the 1970s. Today, identity theft is among the fastest growing white-collar crimes in the United States, although official recognition of it as a criminal act is a relatively recent development. Remaining largely unmet, the need for white-collar crime research has greatly intensified considering the escalating identity theft problem. Furthermore, many studies conclude that identity theft will continue to rise due to increasing technology-driven offenses via the Internet and widespread use of digital consumer databases. Utilizing theoretical framework established in crime geography, GIS mapping and spatial statistics are employed to produce a spatial analysis of identity theft in the U.S. from 2002-2006. Distinct regional variations, such as high rates in the western and southwestern states, and low rates in New England and the central plains states, are identified for identity theft as reported by the FTC. Significant spatial patterns of identity theft victims alongside social demographic variables are also revealed in order to better understand the regional patterns that may indicate underlying social indicators contributing to identity theft. Potential social variables, such as race/ethnicity and urban-rural populations, are shown to have similar patterns that may be directly associated with U.S. identity theft victims. To date, no in-depth geographic studies exist on the geographic patterns of identity theft, although numerous existing studies attempt basic spatial pattern recognition and propose the need for better spatial interpretation. This thesis is the first empirical study on the geographies of identity theft. It fills in a void in the literature by revealing significant geographical patterns of identity theft in the digital age, attempts at understanding the social factors driving the patterns, and examines some of the social implications of identity theft.

identity theft

crime geography

crime mapping

demographic mapping

spatial statistics

Essays on the role of institutions with persistent asymmetric information and imperfect commitment

Mishra, Shreemoy, 1977-

25 September 2012

This dissertation is a collection of three essays that study the market for consumer information. The first chapter studies the role of information intermediaries and their impact on consumer privacy. The second chapter presents an analysis of signaling in credit and insurance markets through default and repayment decisions. The third chapter studies some special topics such the manipulation of credit histories by fake borrowing or deletion of records. It also identifies a learning mechanism through which uninformed consumers can endogenously learn the link between credit market behavior and insurance market outcomes. / text

Privacy, Right of

Identity theft

Consumer protection--Law and legislation

Credit ratings

Essays on the role of institutions with persistent asymmetric information and imperfect commitment

Mishra, Shreemoy,

January 1900

Thesis (Ph. D.)--University of Texas at Austin, 2008. / Vita. Includes bibliographical references.

Computer crime and identity theft

Hunter, Harry A.

January 2010

Thesis (M.S.C.I.T.)--Regis University, Denver, Colo., 2010. / Title from PDF title page (viewed on Jul. 14, 2010). Includes bibliographical references.

Recommendations for a comprehensive identity theft victimization survey framework and information technology prevention strategies /

Berg, Sara E.

January 2006

Thesis (M.S.)--Rochester Institute of Technology, 2006. / Typescript. Includes bibliographical references (leaves 64-71).

L'usurpation d'identité numérique sur Internet : Etude comparée des solutions françaises, mexicaines et nord-américaines / Digital Identity Theft on the Internet : comparative research between the of Mexico , France and the US law / Usurpación de identidad digital : un estudio comparativo de soluciones francesas, mexicanas y norteamericanas

Solis Arredondo, Cynthia

22 January 2018

L'identité numérique des personnes est devenue une des plus importantes valeurs immatérielles dans la vie quotidienne, la réputation personnelle, académique, le profil et le déroulement de la carrière professionnelle, mais encore plus que ça, la liberté d'être sur la toile sans avoir peur de l'usurpation de notre identité est l'inspiration de ce travail de thèse. Dans le monde numérique les frontières n'existent plus, les interactions avec les personnes de tout le monde sont de plus en plus courantes, le commerce électronique, les réseaux sociaux, les démarches administratives en ligne, l’échange d’information entre pays et gouvernements, et aussi les rapports romantiques dans les applications mobiles, c’est aussi la raison d’être une étude de droit comparé entre le droit mexicain, français et américain. Dans la première partie nous développons les éléments de l’identité numérique, les données personnelles comprises dans l’ensemble de ce concept qui est à la fois mal compris et en conséquence mal protégé mais aussi très importante dans le développement de l’économie numérique. La deuxième partie, comprend les interprétations de l’identité numérique dans le domaine du droit pénal du droit administratif et du droit civil et commercial. Il y a notamment des différences entre l’interprétation qui fait le droit pénal de l’identité en tant que bien juridique protégé ; en comparaison avec les interprétations du droit administratif qui protège l’identité numérique en tant que donnée personnelle, la mise en œuvre de la reconnaissance internationale du droit à la protection des données à caractère personnel et devient la régulation qui définit les règles de leur traitement, ainsi qui impose les sanctions au traitement illicite et de l’autre côté le droit civil qui d’une part reconnait le droit de la personnalité et le droit à l’image. La troisième partie est dédiée à l’étude de l’identité numérique comme source d’évolution du droit, ainsi qu’aux atteintes à l’ensemble des éléments qui font partie de cette identité. Le droit est toujours derrière l’innovation et malgré tout, à côté de l’évolution de l’humanité, des inventions, de la technologie et du développement, il existe l’évolution des actes illicites et de moyens de commission des délits dans l’endroit numérique. Même si le phénomène de l’usurpation d’identité n’est pas nouveau, il a surmonté dans le monde dans les cinq dernières années grâce aux nouvelles technologies qui permettent de créer, modifier, altérer, falsifier, reproduire et diffuser les données personnelles, photos et identifiants de façon très rapide et au niveau mondial, ce qui permet de vendre dans le marché noir plein de données personnelles pour après faire différents types d’utilisation illicite, notamment l’usurpation d’identité. Ainsi comme la nouvelle technologie sert à la sophistication des activités illicites, il existe un travail des entreprises de sécurité informatique pour lutter de façon technique contre les atteintes aux systèmes d’information, aux réseaux et à l’information, en particulier les atteintes aux données personnelles, donc, à la fin de cette partie on fait une étude des outils numériques crées à cet effet. / The digital identity has become one of the most important immaterial values in everyday life, the personal and academic reputation, the professional profile, but even more than that, the freedom to be on the web without to be afraid of the usurpation of our identity is the inspiration of this thesis work. In the digital world, borders no longer exist, interactions with people around the world are becoming more common, e-commerce, social networks, online procedures, information exchange between countries and governments, and also personal relationships in mobile applications, this is also the reason for being a comparative law study between Mexican, French and American law. In the first part, we develop the elements of digital identity, the personal data included in the whole of this concept which is both misunderstood and therefore poorly protected but also very important in the development of the digital economy. The second part, understands the interpretations of digital identity in the field of criminal law administrative law and civil and commercial law. In particular, there are differences between the interpretation of the criminal law of identity as protected legal property; in comparison with interpretations of the administrative law that protects the digital identity as personal data, the implementation of international recognition of the right to the protection of personal data and becomes the regulation that defines the rules of their treatment, thus imposing sanctions on the unlawful treatment and on the other side the civil right which a party recognizes the right of the personality and the right to the personal image. The third part is dedicated to the study of digital identity as a source of evolution of the law, as well as to the attacks on all the elements that are part of this identity. Law is always behind innovation and yet, alongside the evolution of humanity, inventions, technology and development, there is the evolution of illicit acts and means of committing crimes in the world digital environment. Even though the phenomenon of identity theft is not new, it has overcome in the world in the last five years thanks to new technologies that allow to create, modify, alter, falsify, reproduce and disseminate personal data, photos and identifiers in a very fast and global way, which allows to sell in the deep web full of personal data for later to make different types of illegal use, including identity theft. As the new technology is used for the sophistication of illicit activities, there is a work of computer security companies to fight technically against attacks on information systems, networks and information, especially data breaches of personal data, so at the end of this part we do a study of digital tools created for this purpose.

Données Personnelles

Cybercriminalité

Usurpation d'Identité

Personal Data

Cybercrime

Identity Theft