As we embark on another year here at CSID, I am reminded of a simpler time when identity thieves only went after credit card information and social security numbers (SSN). We didn't think so then, but those were the good old days. Monitoring this information was enough to keep an identity secure. But that was then -- this is 2014.
I joke, but in all seriousness, we have entered a new era of identity management, one that requires us to manage the entirety of our identities and protect ourselves from fraud and misuse. Everything is up for grabs -- email addresses, passwords, IP addresses, social network log-in's, healthcare information. It all has value to identity thieves. This value is going to influence the way identity thieves operate.
In 2014, we expect to see an increase in identity thieves going after social networking channels and other accounts with valuable access, more sophisticated marketplaces for stolen data, and an increase in services offered via massive networks of malware-controlled computers.
Social and Mobile Attacks
Thieves are using social networks to up their game. They do this by using the wealth of personal information online to socially engineer a more believable phishing attempt, tricking you into giving them valuable identity information or gain control of your computer via malware. Cyber criminals are increasingly interested in credentials and accounts with special permissions, such as those with access to Google Play's Developer Console, so they can build and publish mobile apps with malware that then take control of the mobile device of everyone who downloads that app.
More Sophisticated Marketplaces for Stolen Data
So much data is being stolen -- there can be weeks in-between the data being stolen and sold because the market is so huge. These marketplaces for stolen credentials have become more commercial, with huge numbers of identity credentials divided and packaged by all types of demographic information. Digital currencies such as Bitcoin and Litecoin are fueling the growth of these markets, allowing transactions to occur quickly and efficiently while remaining anonymous.
These days, cyber criminals are interested in much more than just selling identity information. With more and more computers controlled by malware, the capabilities increase for what you can do with these compromised networks. There is a huge increase in malware-based services and I expect that to continue to expand in 2014. An example of this is the utilization of compromised devices to host child pornography and other illegal websites.
The good news is that authentication technology is advancing to enable more automatic identifiers to ensure you are who you say you are, such as geolocation awareness, biometric solutions such as finger print, retina print and voiceprint, and solutions that match the cadence with which you type in your PIN or password. Non-credit data monitoring from companies like ours are more sophisticated and monitor all aspects of our identities, beyond just credit information. Also, the publicity surrounding the Edward Snowden case has had the unexpected benefit of educating millions of people on Man In the Middle attacks and other cyber security trends. Awareness is the first step. We can't begin to lock down our identities if we don't care or understand the dangers of complacency and bad habits. I expect to see an increasing number of people monitoring the entirety of their online identities and a host of new solutions from trusted businesses helping people take control and breathe easier about the security of their online information. Needless to say, 2014 will be an interesting year for identity theft and the industry's efforts to protect against it.