Fraudulent Australian Census Takers

In Australia, criminals are posing as census takers and harvesting personal data for fraudulent purposes.

EDITED TO ADD (8/21): I didn't notice that this link is from 2001. Sorry about missing that, but it actually makes the story more interesting. This is the sort of identity-theft tactic that I would have expected to see this year, as criminals have gotten more and more sophisticated. It surprises me that they were doing this five years ago as well.

Posted on August 21, 2006 at 6:24 AM • 17 Comments

Comments

ColossusAugust 21, 2006 6:53 AM

"All collectors are required to wear official identification cards at all times while undertaking census duties. All collectors will be carrying a bright yellow satchel"

That should stop anyone from impersonating them... What does an official ID card look like?

Mike SchiraldiAugust 21, 2006 8:48 AM

Colossus: To prevent forgery, we can't reveal what the card looks like. :)

ColossusAugust 21, 2006 9:50 AM

I never thought of that Mike, nice idea. Good thing I also have my bright yellow satchel so everyone knows I'm genuine :)

bobAugust 21, 2006 11:36 AM

Authentic census takers will be identified by a bored look and by their "I work for the government and you have to obey my commands" attitude. Imposters will be cheerful and attentive and friendly.

David DonahueAugust 21, 2006 12:18 PM

Re: IGG:

Here is a smaller url for the same oversized link:
http://tinyurl.com/kkb5r

Good updated article of how they're struggling to properly authenticate thier cencus takers too.

Doesn't look like they have any "magic bullet" solutions to identifying actual cencus takers either.

confusedAugust 21, 2006 2:01 PM

"Colossus: To prevent forgery, we can't reveal what the card looks like. :)"

I hope this is sarcasm, because what good is identification if no knows what it looks like?

'Yes mam' I have ID, but I can't show it to you incase you might try and forge it. You will just have to take my word that I have ID and that it is real.'

Rob MayfieldAugust 21, 2006 5:29 PM

While the census form might give some interesting background information (like knowing if you earn enough to be a target), based on what we filled out I'd imagine someone looking to commit identity theft would be better off just raiding the letterbox ... a few accounts and statements go a lot further toward establishing identity here than knowing where your wifes father was born ...

koAugust 21, 2006 7:01 PM

Interesting, I don't remember this story from five years ago... This year I did my census online which gets around the problem of a fraudalent census collecter and instead, the problem becomes the potential of a fraudalent census website :)

surelyAugust 21, 2006 7:28 PM

Surely this can't be a new tactic? I would call for reexamination of the domesday book data ...

"Criminals" didn't get smart just in the last 5 years. People who won't do what they're told have been around forever, you shouldn't underestimate them. And I don't mean to portray them in a better light than they deserve, but assuming that their only intent is ever to undermine your personal world is as big a mistake as you can make in this life.

The world was not created with a bunch of anglo-saxon rulers at the pinnacle, that assumption is concreted into the law frameworks we use in most western countries. Since most of the world comes from outside that genre, most people don't see our systems as things they should automatically respect -- and haven't, habitually, forever.

So it should be no surprise when they 'think outside the box' and if you don't think outside that box often enough, you are at a disadvantage materially, and spiritually, and in a human sense.

Giving personal information to strangers is a risk, even if the strangers are government certified. I take that risk every ten years or so not under any illusion that 'my data is safe' but because I believe that this system of data collection is beneficial in maintaining systems that provide effectively for our welfare.

The incidence of white collar crime is known to be extremely high, and the natural point for criminals to attack is actually higher in the chain than at the collection point. These guys are the 'easy prey' for the law enforcement, as numerous stories indicate the more effective criminals do a very solid job of ensuring that they do not become exposed.

We should see reports like this one as indicitive of the rate of penetration higher in the system. It would be interesting to see statistical analyses which show the correlation, ie does 10% penetration and imposterisation at low levels indictate 5% at mid levels and 1% at higher levels? Or perhas it indicates 20% at mid and 10% at the top .. etc

Such figures would be particular to particular societies and societal segments, but I think they would generalyl be fairly stable, with observable indicators of societal disruption when they skew far beyond the established norms.

PhD thesis in criminology, anyone?

IGGAugust 21, 2006 8:14 PM

The real question on this census was that it was the first census in which the great Australian unwashed had the option of filling out a form electronically rather than the traditional book! How secure the Australian Bureau of Statistics servers were I don't know, but they had the capacity - filling in the form that evening when the load would have been greatest there was no hiccup at all (nice dynamic, JavaScript form design to cater for if-then questions!).

In securing the transaction it was registered with the standard 13 figure Census Form Number plus a (presumably random) 12 figure eCensus Number contained in a PIN mailer. You could apparently interrupt the form filling and come back to it later, entering the same key numbers again, although I didn't test that. The site responded with another 12 figure Receipt when the transaction was complete.

Talking to the man with the ID and the yellow bag handing out the forms, he had had about a 60% request for the on-line eCensus Number. What that translated to in actual responses I don't know. I hope ABS can tell us when the dust dies down.

The unfortunate thing was that the talking heads explaing the census over the radio and TV had no idea about the on-line part - I heard two of them say that if you interrupted the form you would have to start all over...

DylanAugust 21, 2006 9:09 PM

I did the census online. And I interrupted it too. No problems.

I think some people had problems because they didn't exit the webform properly. I can see that they might have lost some data doing that.

A lot of people around here just filled out the census form and left it on their doorstep for the collector to pick up. I don't think you would have had to dress up to get your hands on one.

Useful info that an indentity (or regular) thief could use from the census form:
Names and dates of birth of all inhabitants and visitors.
Country of origin and degree of familiarity with English.
Educational level
Income level
Work address
Work hours
Internet connectivity (and by extension presence of computer equipment)

DiegoAugust 21, 2006 10:01 PM

I also did mine online and it was relatively painless. The only problem I had was that (maybe without reading the whole page) I clicked the back button. Only then did I find out that it resets you and you have to wait 30 minutes before trying again. Aside from that small pain, it worked well.

RogerAugust 22, 2006 12:28 AM

Hmm, so this must be why that liver didn't go well with the Chianti....

There is a whole bunch of highly personal information on those forms. If you can't immediately see a way to abuse it, at least remember "Do not underestimate the power of the dark side!"[1].

Interestingly, most of the reports of bogus census collectors come from Canberra, the national capital. It would be interesting to know which suburbs were involved as several of them are populated largely by government officials. One section of the census includes moderately detailed questions about place of work.

___
1. Rule No 1 of the "Rules for Secure Coding" in "Innocent Code"

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..