Tackling identity theft
By Renay San Miguel
(CNN) -- A fourth man has been arrested as part of the largest identity theft case in U.S. history. Federal officials say Emanuel S. Ezediaro is charged with buying and selling credit reports of tens of thousands of people. If convicted of wire fraud and conspiracy, he could get up to 35 years in prison and more than $1 million in fines.
One of his alleged co-conspirators, Philip Cummings, will be arraigned on Wednesday.
This column, which was written when the case was made public, explains how the fraud was carried out and what consumers can do to protect themselves.
It's all we've been hearing from computer security specialists since September 11: Be on the lookout for threats from outside your network. Hackers and terrorists engaging in the dark arts of cyberspace could do a lot of harm.
Yet one of the big techno-scare stories of the week involves a threat that came from within. It was an inside job that set off what federal officials are calling the largest identity theft case in U.S. history.
U.S. Attorneys say Philip Cummings, a 33-year-old former customer service representative at a Long Island, New York, tech company, helped orchestrate a fraud scheme that has claimed more than 30,000 victims, costing them $2.7 million -- so far.
The feds say Cummings' company provided software and hardware that allowed banks and lending companies to get commercial credit information from three national agencies that keep track of consumer credit -- Equifax, TransUnion and Experian.
Cummings is charged with using his position at his company's help desk to get access codes that other companies use to check consumer credit. Officials say he then sold to criminals credit reports that include Social Security numbers, credit card numbers and other vital personal information. Those criminals then used the information to defraud victim across the country, according to police.
"You don't just have to protect yourself against a faceless hacker in a basement," said Chad Herrington, a computer security specialist with Entercept Security Technologies of San Jose, California.
"We often forget to think that insider know where the data is, have access and know what to do with it," Herrington said. "They can damage you a lot more. But the insider threat doesn't make the news. Companies try to keep this kind of thing quiet."
Chris Rouland, director of the X-Force research and development division of Internet Security Systems, which is headquartered in Atlanta, Georgia, said any company that strengthened firewalls for outside threats but ignored insiders is "a hard candy shell with a soft chewy center." Companies must do a better job of keeping track of their own employees, Rouland told "Howired."
Both Rouland and Herrington say more background checks need to be done of technology workers who handle this kind of personal data. Rouland added that companies must also use technology to monitor that data while it is inside their systems and restrict access to key resources.
"It's also about controlling temporary workers and consultants," Herrington told "Hotwired." "Let's say they only worked at a company for a week, but the account they used to give them access wasn't deleted for up to a year later. They can still get access and do what they want."
There may not be much you, the consumer, can do about "insider" identity theft cases. But you can check your credit history once or twice a year, according to Christina Karpowitz, a spokeswoman for Experian. "Especially before making a major purchase. You want to review your credit report at least 90 days before that."
Here's a low-tech way to protect your identity: don't just throw away any mail that may have your Social Security number, credit card numbers or any other personal information. Shred them.
Thieves are threatening to make Dumpster diving an Olympic sport, and any pre-approved credit card offers you get in the mail can be the equivalent of a gold medal for the unscrupulous.
Shredders are getting cheaper, and it would be a small price to pay for hanging on to your identity.