CAIMR Releases First Annual Workshop Report

The Center for Applied Identity Management Research (CAIMR) released it’s first annual workshop report this month.  In the report, CAIMR determined that the United States has failed to stay ahead of the identity theft curve and the battle against identity crimes is currently being lost.  The report outlines an aggressive research agenda to identify and develop solutions to mitigate an expanding list of identity threats.

Launched in October 2008, CAIMR is a non-profit corporation comprised of thought leaders from government, corporate and academic organizations who share a common interest in the multi-faceted aspects and critical challenges of identity management. CAIMRs primary mission is to study identity issues impacting commerce, government, and national security, their social implications, and the processes, technologies and polices designed to deal with them. Most importantly, its applied research emphasis is focused on discovering real world solutions.  More info at http://caimr.indiana.edu.

Who’s the Twit?

Read an interesting article in Newsweek about ghostwriting of blogs and even Twitter posts (often called “tweets”).  In fact, the article mentions  recently launched UK company Twit4hire as example of a professional microblogging firm that can be hired to post as many as 20 tweets a day on your behalf.  As an investigator or researcher, remember not to assume that someones name on an article, blog post, or other online publication means that the content is actually written by them.  Trust but verify.

Facebook Resurrects the 419 Scam

Facebook has allowed advanced fee fraudsters to deliver more personalized and targeted scam letters to their intended victims.  These so-called “419″ scams (named after the section of the Nigerian penal code for Obtaining Property by false pretences) gained popularity through the use of letters and then email.  More about the scam on Wikipedia.  It seems absurd that anyone would fall for early versions of the scam – as letters were often poorly written and obviously fraudulent.  Over the years, scammers became more creative and diligent in enhancing their work product and the letters became much more legitimate-looking, although the content of the letters often belied the scam to anyone who took the time to think about it.  

But now with Facebook, thieves have found a whole new way to target victims, using the technology against itself.  Social networks that allow users to added trusted friends as connections have an inherent vulnerability.  If someone hijacks an account, they can effectively insert themselves into communications with a very high level of trust and authority – at least for a short time until the ruse is uncovered.  MSNBC recently posted an example here.  Facebook users beware, and report your account if it becomes compromised.

Facebook Skeletons

In a relatively short period, my wife has become addicted to Facebook.  She commented to me last night that she was devastated when one of her “friends” had scanned and posted and old picture from junior high school.  Of course, the nifty tagging feature allowed all of her “friends” to learn about the picture as soon as it was available.  [You can see a creative implementation of the feature in a NY Times photo of the recent presidential inauguration, where many of the attendees in the photo have been tagged.] 

Other than being mortified about others seeing such an out-of-style hairdo, the damage was relatively limited.  But, this got me thinking about Alan Pruitt’s recent comments regarding Online Identity Management. Fortunately, if you’re the one being tagged in a photo, Facebook gives you the option of removing the tag.  But even still, the photo remains online for everyone to see.  

Suddenly, that college trip to mardi gras is starting to seem like a bad idea.  Social media and Web 2.0 technologies are connecting people and information in ways that were never possible.  While this is a great innovation, it also brings with it a new set of responsibilities for managing – or at least being aware of – your online identity.

Sneakey

Read an article yesterday about a new technology developed at the University of California, San Diego that allows someone to take a photograph of a key, and using some relatively simple modeling software, recreate a working duplicate key. The researchers proved the effectiveness of the concept by photographing a set of keys from a distance (nearly 200 feet away) using a telephoto lens. They also tested the technology using lower resolution photos – like pictures from a cell phone. The researchers admit that the technology has been available for some time but think that several factors may be worth pointing out: the process is relatively simple for someone with programming knowledge and the cost of the required software and equipment is now inexpensive. Interesting vulnerability. You might want to check out the original press release or the project page.