Stanford Hack Exposes 10,000
Jon Lewis
jlewis at lewis.org
Thu May 26 15:45:29 UTC 2005
On Thu, 26 May 2005 Michael.Dillon at radianz.com wrote:
>
> > > Around about whenever the US Federal Government gets the hint and
> > > passes a bill which makes it illegal to use social security numbers
> > > for any purpose other than the administration of social security.
>
> Wrong answer. Federal laws do not stop people from doing stupid
> things and they do not stop people from doing illegal things.
>
> What we need is a Hollywood blockbuster in which some highschool
> hackers wreak havoc by aquiring SSNs from gradesheets and using
Or for some private university to be bankrupted by a class action suit
brought by the students who had their identities stolen when the student
records db was compromised.
How hard is it for a university to generate their own student "serial
numbers" as students register?
Personally, I'd like to see much harsher penalties for identity theft
though (and I'm including simple credit card fraud / use of stolen credit
card info in "identity theft"). This is happening so much, and is so
often just brushed under the rug by the big credit card companies (banks),
that kids do it with impunity, knowing that odds are they won't be looked
for, much less caught.
Last time one of my cards was "stolen" (from an online merchant I assume),
I managed to social engineer the IP from which it was used from one of the
online establishments where they used my card. It was a Linux box on DSL
in California. Did anybody care? Not that I'm aware of. I filed
complaints with the appropriate government agencies, and AFAIK, nothing
happened.
Put a few credit card frauders up in front of a firing squad, and see if
things change. But that would require actually picking them up first,
which LE doesn't seem to be motivated or have the time to do.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the NANOG
mailing list