Expert Warns of On-line Identity Theft
By Ron Kaplan
New Jersey Jewish News
March 22, 2007
Since the World Trade Center and Pentagon attacks in 2001, Americans have had to endure tighter screening at airports, a color-coded national alert system, irradiated mail, the Patriot Act, and the Department of Homeland Security.
But according to security expert Bruce Schneier, all these measures, meant to protect the population at large, overlook dangers at a more personal, if less lethal, level.
Average people should be less worried about being attacked by terrorists, said Schneier, and more concerned about protecting their identities on-line.
"Crime, crime, crime," Schneier told NJ Jewish News in an e-mail interview while on a working vacation in London and Marrakech. "Terrorists are basically a nonissue. Crime, especially digital crime, is continuing to increase."
Schneier, founder of the Minneapolis-based BT Counterpane, will address these issues at a Sunday, March 25, discussion, Counterterrorism in America, at Temple Sharey Tefilo-Israel in South Orange as part of the synagogue's Conversations… series.
Identity theft is " the new crime of the Information Age," Schneier said, claiming that " everyone knows someone who has been a victim."
Anyone can be at risk, he said, as long as he or she has something the criminal wants. " Unfortunately, that's pretty much everyone. Wealthier people have money to steal. Poorer people have identities to steal."
Schneier's latest book, Beyond Fear, examines several levels of security from the small to the large: personal safety, crime, corporate security, and national security. His monthly newsletter, available at his Web site, Schneier.com, has more than 130,000 subscribers. He also writes a biweekly column for Wired.com.
Schneier, 44, warns his audiences not to be complacent about protecting themselves on-line (see sidebar). " Most studies show that a new computer, attached to the Internet without any special security, is successfully hacked within hours," he said.
While government officials and media pundits warn of impending crises on a regular basis, Schneier said, he finds the notion overblown.
On-line Safety Tips
Bruce Schneier offers the following recommendations for keeping your computer safe on-line:
- Passwords — You can't memorize adequately safe passwords any more, so don't bother. Create long random passwords and write them down. Store them in your wallet or in a program like Password Safe. Don't let Web browsers store passwords for you.
- Antivirus software — Use it. Download and install the updates every two weeks and whenever you read about a new virus. Also, use personal firewall software.
- E-mail — Delete spam without reading it. Don't open — and immediately delete — messages with file attachments unless you know what they contain. Don't use Outlook or Outlook Express. If you must use Microsoft Office, enable macro virus protection; in Office 2000, turn the security level to "high" and don't trust any sources unless you have to. If you're using Windows, turn off the "hide file extensions for known file types" option; it lets Trojan horses masquerade as other types of files.
- Web sites — SSL (secure layer socket) does not provide any assurance that the vendor is trustworthy or that its database of customer information is secure. Think before you do business with a Web site. Limit financial and personal data you send to Web sites. If you don't want to give out personal information, lie. Opt out of marketing notices. If the Web site gives you the option of not storing your information for later use, take it.
- Backups — Back up regularly, to disk, tape, or CD-ROM. Store at least one set of backups offsite (a safe deposit box is a good place) and at least one set on-site. Remember to destroy old backups; physically destroy CD-R disks.
- Turn off the computer — Shut down when you're not using your computer, especially if you have an "always on" Internet connection. If possible, don't use Microsoft Windows.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..