Identity Theft

[redpoint5]

I went online in 1995. The small scale of things then meant the risks were also smaller. In such simple times, I used a single username, and 2 password iterations so that I could remember it without writing stuff down. Unimportant stuff like forum logins had a more simple password, and important stuff like bank accounts had a more complex password. I've probably created a hundred accounts or more using that logic.

About a year ago, I was locally remotely (it's not an oxymoron) connected to a server and got disconnected. That almost never happens on an internal network. I got paranoid that someone else had used my credentials to remotely connect to it and boot me from my session. Then I attempted to log into my WiFi router, and the credentials had been changed. I unplugged it, and then reset to factory default. Changed credentials to something new. Removed the idiotic port forwarding for RDP to my server using the default 3389 port. Changed server password...

Yesterday I couldn't get into Netflix. Someone changed the credentials. It took 90 minutes for me to wrestle back control of my account. I dismissed the incident as probably forgetting to sign out of a device somewhere, and someone taking advantage of that fact.

Today I got a text message that Kahil started shopping for my Walmart order. Then a text that Ryan was picking out my order. Then a text that Darren was gathering my Walmart order.

Asked my wife if she ordered anything from Walmart and she said no. Looked at my current email account and saw no Walmart activity except the twin mattress I ordered a few days ago (1.5 year old can plank, pivot, and drop from the crib rails). Tried to log into my old email account, and the credentials didn't work. Filthy Russian hackers had gained control of it. I hadn't used that account since 2009. I wrestled back control of that email account, and called Walmart to cancel the orders.

The hackers deleted the Walmart emails on the legacy email platform to try to conceal them. The hackers changed both the password and email address of that old Walmart account, meaning I had no way to recover that account, so I canceled it. Somehow it had a valid credit card of mine on it, and my parents received nasal spray and dog treats today, addressed to my sister. At one point, 2 Walmart carriers were at my parents at the same time. Very funny kids. $220 of nonsense items sent to my parents by identity thieves.

My comment is that as technologically sophisticated as I am, it strikes me that less savvy folk stand even less chance than me at thwarting attacks.

My question is what are some best practices to harden technology and reduce attack footprint?

Seems the old logic of 1 username and 2 passwords depending on importance is not good enough. I've enabled 2FA (two factor authentication) on the important stuff now.

My sense is that AI will make people extremely vulnerable in the future, and the counter will be AI. My other scary thought is that I can only see a few possible outcomes:

1. high trust society
2. no trust society
3. no society

1 seems unlikely. 2 seems probable and unfortunate. 3 is the result of the failure of 1 and 2.

[jakobnev]

How do we know that this is really you? /s

[freebeard]

Ask me why I don't use credit cards or do business over Internet.

[Piotrsko]

I believe the initial problem is leaving current credit card data online. One can expect the commercial people to be lackadaisical about security. Can't get my data by scraping because it isn't there, I memorized my numbers and park bogus numbers in the two accounts I use. Yes it is a wee bit more time consuming to enter the number every time, but hey, I'm retired now, got lotsa time. For wallyworld, it's 10 minutes down the street, I can go there in person and purchase with unhackable cash. Instant delivery also. What is not to like. freebeard has the ultimate security, but pays a minor price for it.

[MetroMPG]

Quote:

Originally Posted by redpoint5

...Then a text that Darren was gathering my Walmart order.

They spelled my name wrong.

[freebeard]

Quote:

What is not to like. freebeard has the ultimate security, but pays a minor price for it.

I met one of the Internet greybeards once, don't recall his name. He was quoted as saying that the three legs underpinning Internet were anonymity, authentication and digital cash.

We got the first two, and if Bitcoin protocol had existed from the beginning we'd have had the third, but the CC companies got in first.

The problem with cards is that they expose the account with each transaction, where with Bitcoin only the transaction itself is exposed.

[redpoint5]

I'm wondering what will happen when AI can render a face based on Facebook photos? Things requiring facial recognition to unlock might be fooled by AI.

Voice recognition will probably be easily fooled by AI generated voice.

Looking through the logs of the compromised email account, a bot was attempting to log in every 10 minutes on average, for days (maybe even years). Then I saw the entry from a few days ago that said "password change successful" after a continuous stream of unsuccessful login attempts. That's when the hackers gained control of my account. Oh, and of course they used a proxy so the IP and country was constantly changing.

If many bots are all attacking at once, it can crowd out legitimate login attempts. DDoS.

Quote:

Originally Posted by freebeard

Ask me why I don't use credit cards or do business over Internet.

'Cause spending 10min of hassle to get the charges removed is harder than the constant hassle of not being able to purchase things where they are affordable, and delivered to your doorstep?

I'll be picking up the items from my parents and returning them, so the CC company won't even be out anything except for whatever it cost for the couriers. I wanted to buy WallyWorld cheap powdered dish detergent anyhow (hardly anyone carries powdered detergent anymore), so there's my excuse for the trip.

[freebeard]

I learned that I can watch Best Buy's website, and when the Raspberry Pi 5 is available next month I can go to their Customer Service dept., put down cash and they will deliver to my doorstep.

[Piotrsko]

So cash payment is the deciding factor of when you get a 5? Interesting.

[freebeard]

The constraint is availabiity.

For the 4 I ordered online and sent in a check. I have that option.