Blog article
See all stories »

Object reference not set to an instance of an object.

Comments: (2)

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney 11 November, 2009, 02:42Be the first to give this comment the thumbs up 0 likes

Robert, I don't think it's useful to label thieves, even grand larcenists, as "terrorists".  And comparing this guy to pedophiles and serial killers is disproportionate, and frankly insulting to the victims of these immeasurably more serious crimes.

Having said that, I commend you for highlighting the criticality of inside jobs in the identity crime wave.  The lesson has to be that audits and policy-based responses are of very limited use, because insiders can so easily evade them. 

Why don't we put proper security around online identifiers?  Why do we resist so energetically investing in decent preventative online security?  Imagine running a bank where the main mechanisms to protect the cash was personnel processes and audits.  Duh! We all know that insiders cannot resist multi-million dollar temptations ("it's good to trust; it's better not to"), so we put all manner of proper physical controls around cash. 

We must do the same with identity data. 

As you say Robert, the fun begins when the identity thief obtains a target’s name and address, SSN, birth date and account information.  They get away with ID fraud because it's insanely easy to replay identity data to create new accounts.  You're right that the rules around address matching should certainly be tighter, but the stark underlying problem would still remain: identity data should not be replayable

Asymmetric cryptography, digital signatures and secure chip devices for protecting personal identifiers offer the best way to imbue original identity data with a pedigree. These are standardised building blocks, now almost ubiquitous in the personal computing and e-commerce technology stacks. Digitally signed data cannot be replayed; it's useless to theives.  Banks, merchants and governments should use this technology.  And then, on the Internet, you really could tell if I was a dog!

Stephen Wilson, Lockstep.

Keith Appleyard
Keith Appleyard - available for hire - Bromley 11 November, 2009, 13:10Be the first to give this comment the thumbs up 0 likes

What is particularly disturbing in this case is the length of time, from 1st November 2001 to 30th April, 2009, that the crimes were allegedly underway - almost 8 years – as he is described as a 27 year old now, it means he started out when he was 19 years – so what access rights did he enjoy under what level of supervision?