4 Feature October 12, 2005 + Over the Edge Identifying the Dont ignore the ATM’s prominent warnings to protect your pin. Identity thieves have been known to “shoulder surf” to steal customers’ bank card passwords. AMANDA-MARIE QUINTINO THE EYEOPENER (RYERSON UNIVERSITY) TORONTO, ON. (CUP) — More than a year ago, student Matt Richard- son received an e-mail requesting he update his bank records. He clicked on the attached link and gave his personal information over to what, in reality, was a fraudulent website. : Richardson's next credit card state- ment listed more than $5,000 in goods he never purchased. To list a few: web- cams, CD/DVD burners and cables from a Japanese computer equipment store, a couch from Germany and an X-Box from an Arizona eBay seller. Richardson, 18, is the victim of iden- tity theft — one of the fastest-growing fraud-related crimes in North Ametr- ica. By stealing a person's name, date of birth, address, credit card, Social Insur- ance Number and personal identifica- tion numbers, thieves can open credit card and bank accounts, redirect mail, rent vehicles, equipment or accommo- dation, and even secure employment, unbeknownst to the victim until it's too late. In 2004, the Federal Trade commis- sion received more than 635,000 con- sumer fraud and identity theft com- plaints — and naive students, such as Richardson, are often sitting ducks. “Students lead hectic lives,’ says Richard Owens, executive director for the Centre for Innovation Law and Policy. “Sometimes they just don't have time to be careful about privacy policies and money matters, which is exactly what makes them a prime target for identity theft ... [Thieves will] steal your future if you let them.’ Con artists use various techniques to get personal information, says Con- stable Mark Williams of the Toronto police crime prevention department at 52 division. Illegal scanners at retail stores can steal data from the magnetic strip on the back of the card. It can be as simple as watching a person enter their pin number into an ATM, or go- ing through someone's trash in hopes they've tossed valuable records, he says. “Banks arent going to ask you for infor- mation they already have.’ - Jon Thompson “Make sure that you shred all of your paperwork,’ advises Williams, who says thieves often rummage through trash for personal information. “Just be vigi- lant about who gets your information.’ The Office of the Privacy Commis- sioner of Canada suggests these key steps to protect yourself from identity theft. * Protect your computer from hackers by using a firewall, anti-virus software and other security programs. Malicious code (through viruses, worms and Trojan horses) is becoming a popular method for obtaining personal infor- mation. + Telephone offers that sound too good to be true usually are, Make sure you are never pressured into disclosing person- al information, agreeing to a contract or making a monetary commitment. + Be skeptical of emails that are sent to you from any institution or company that requests that you provide personal information online. And as far as e-mails such as the one New Software Translates Clicks into Words MATHURA THEVARAJAH THE MCGILL DAILY (MCGILL UNIVERSITY) MONTREAL, QC. (CUP) - Iden- tity theft, the act of stealing personal information and using it fraudulently to establish credit, run up debt, or take over financial accounts, is more com- mon than most people think, In most cases, it goes unnoticed until it is too late. A 2003 US Federal Trade Com- mission survey estimated that neatly ten million Americans were victims of some form of identity theft within the past year. This is three times the num- ber recorded in 2001. Doug Tygar, Professor of Computer Science and Information Management at the University of California, Berke- ley, explained that computer passwords are key to identity theft. “From home-banking to logging into webmail accounts, it's all using pass- words. The problem with passwords is that they are a horrible technology. There are lots of way to steal pass- words,’ he said, One of these ways he invented. him- self, a microphone with a built-in soft- ware program that can decipher what someone is typing by the sounds of the keys. To most people, the clicks of the keyboard all sound the same. Tygar disagrees. “If you take two different keys at two different positions and listen to them for a while they will actually sound different. They may sound the same to you because you never pay attention to the difference,’ he said. According to Tygar, the technology behind this unique and controversial invention is not complicated. Key- boards, he explained, contain metal plates that act like steel drums. De- pending on where the “drum’ is hit, a different sound will be produced. The sounds are recorded, and the software groups each letter, assigning it to a spe- cific sound. The software was originally designed for speech analysis, explained Tygar. “What we try to do is, like in speech, break the keyboard sounds into differ- ent groups, grouping sounds and keys together,’ he said. After the sounds are grouped, they are deciphered and the correspond- ing letters are produced. The analyzer works like a cryptograph, using a math- ematical program capable of encoding messages. “Suppose we have the three-letter word ‘thr’ encoded by the spelling ana- lyzer. This is probably the word ‘the: By refining our techniques, we can even- tually distinguish between an e’ and ‘tr’ key,’ said Tygar, adding that differenti- ating between the subtle sounds is one of the main hurdles in perfecting the invention. “Sometime we may make a mistake and group the e’ and ‘r’ together since they are right next to each other on the keyboard. Also ‘k’ can be grouped differently depending on the sound it makes when it is hit at different angles by the typist,” he said. The technology's flaws, however, are insignificant considering its 96 per cent accuracy rate. Tygar even insists that he could achieve 100 per cent accuracy if he continued to refine their techniques. But this was not the intention of his creation. “What we are trying to say is we need to use something better than pass- words, we need to think hard about the weak points of our security,’ he said. If reproduced by the wrong people, the technology could be a dangerous tool for retrieving passwords for online bank accounts, email addresses, Uni- versity transcripts, hospital records, and much more. Threat of Identity Theft PHOTO SUBMITTED Richardson received, delete them im- mediately. “Banks aren't going to ask you for in- formation they already have,’ says Sco- tiabank consultant Jon Thompson. Richardson's case is still being inves- tigated, and in the meantime, he works two part-time jobs while attending university full time to make up for his stolen education fund. “It’s a traumatizing experience and I want to do whatever I can to inform students about the possibilities so that’ it doesn't happen to them, too,’ Rich- ardson says, “It's not a simple one, two, three step procedure. It’s really hard to clear your name and your record.” If you ever suspect that your personal information may have been comprom- ised, contact the proper authorities, which may include the police, your bank, credit card issuer, and credit bur- eaus, as soon as possible. A spokesperson from the Canadian Security Intelligence Services, Canada's spy agency, refused to comment on whether the organization would be interested in purchasing Tygar’s tech- nology if it became available on the market. She did, however, acknowledge that this type of technology could be- come problematic. “I think you can imagine how big it could become. Companies would put it in without people knowing,’ she said. But Tygar is not about to hand over his invention to government agencies or companies. “We are not willing to give this soft- ware to companies, except for legitim- ate research investigations. However it is not hard to reproduce the results,’ he said.“ We are hoping to see lots of organizations adopt better methods for password authentication.’