As if hacker losses from identity theft weren’t bad enough, federal and local law enforcement continues to evade constitutional search and seizure limits by hiring crooks to steal the personal records of innocent citizens.
During the early to mid-2000s, many federal agencies, including the Departments of Justice, Homeland Security, the FBI, the United States Marshal’s Service, and Immigration and Customs Enforcement, as well as the The country’s police have started using so-called “data brokers”. ” to collect personal information such as telephone records to facilitate investigations.
This allowed them to bypass pesky subpoenas and search warrants that were considered too tedious and time-consuming.
One of the ways data brokers steal personal data is through a ploy called “pretence.” Known in the hacker community as “social engineering”, the pretense often involves brokers contacting phone companies, credit agencies, healthcare providers and other repositories of personal data. and impersonate the person whose records they are looking for.
They often offer compromised credentials, such as social security numbers, as “proof” of identity in order to trick their targets into divulging even more private information.
Many data brokers have admitted to using such tactics, as well as breaking into online accounts “hacker style” to steal private information. No matter how you try to embellish it or explain it, “faking it” is nothing more than lying, and if that’s not a crime, it should be. In my book, that’s just plain wrong.
Prices for personal information vary from thief to thief (oh, sorry, “data broker”), but social security information, college class schedules, employment records, medical records, school discipline records, social media histories, and cell phone records can all be obtained. for a price.
If customers are willing to pay a premium, “monitoring agents” can purchase the real-time, real-time location of a personal cell phone.
Some law enforcement agencies have actually started buying and operating cell towers called “Stingrays” to trace and seize phone calls and text messages. So far, courts have been reluctant to call these tactics “unconstitutional.”
However, such tactics are not lost on the criminal element and can backfire horribly. Criminals also have money to spend obtaining information from data brokers and the technical know-how to use it.
In one case, a Los Angeles police officer was murdered by drug dealers who hired data brokers to provide the officer’s personal pager information.
Different pricing tiers also exist. A price for regular members of the “mainstream”, a price for gangsters, and a “price” for law enforcement, who usually get their stolen information for free from brokers willing to be “cooperative”.
U.S. Representative Ed Whitfield, who chaired the House Oversight and Investigations Subcommittee on Energy and Commerce, first looked into this situation in 2006.
At the time, eleven current and former owners of data brokerage firms were subpoenaed and refused to testify, prompting Whitfield to say, “Their silence shows the American people that this industry needs to be shut down.
Regarding the theft of information by brokers, Whitfield also said: “[the data brokers] impersonate and use everything they have to convince the person with the information to share it with them, and it’s shocking how successful they are.
Whitfield said its efforts to protect consumer records were not over.
“These hearings do not mark the end of this investigation, and I look forward to continuing our work to expose these shady activities. Identity theft is one of the fastest growing crimes in the country, and the American people should know that Congress is doing everything it can to protect consumers’ private records,” he said.
Hearings collapsed, with no resolution or conclusions; no one has been fired, thrown in jail or lost their job, although a report has been published titled “Internet Data Brokers: Who Has Access to Your Private Records?”
It’s a good read, if you care to research it. No serious investigation into the same topic has been conducted since, and while Facebook got yelled at over the Cambridge Analytica scandal, the results were much the same.
Dave Moore, CISSP, has been repairing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches community training workshops on Internet safety. He can be reached at 405-919-9901 or internetsafetygroup.org