Of late there have been regular reports about some business or institution being electronically invaded. As sophisticated as we have been told they are, computer defense systems aren’t able to prevent hackers from capturing personal data. People with advanced computing skills seem to be able to collect pretty much what they want when they want it.
I wonder why the hackers bother hacking. The amount of information about us out there is astounding; no hacking required. Very little is private these days.
Recently our family needed to make an adjustment to the title on our home. It took a little guidance from an attorney, a 30-minute visit to the San Diego County Administration building and a $20 fee.
Three days after we filed our request, two “companies” attempted a bit of a scam. We received two offers to send us a certified copy of the revised document. One scam artist wanted $79. The fee noted in the other letter was $89.
Some 10 days later, the county sent us a certified copy of our changed document. No additional charge. Our title is, apparently, a public record. By paying attention, anyone could see it who wanted to.
This fall there will be a 65th birthday celebration at our house. Last week a couple of well-dressed visitors stopped over to tell us about their supplemental insurance products. We have no business relationship with the firms these fellows said they represent.
Once again, no hacking required. Birthdates must be part of the public record, too.
I’ve been recently working with the Veterans Administration on some personal issues via the Internet. The first step was to prove to the computer program governing the site that I am who I say I am.
Once I had done that, up popped up a screen providing me with an opportunity to create a relatively simple password. Offering that proof, however, was, I thought, more complicated. I needed to provide what I assumed is pretty obscure information about myself.
I was asked by the computer to answer four personal questions. The message said all of the information I was asked for is available in public records. It was certainly obscure, non-sensitive stuff, but the fact that it is obviously readily available somewhere is the intriguing part of this. Of even greater interest is that the information seems to have been compiled and is now quickly ready for mining.
Similarly, several years ago we were going to fly to Minnesota. I had forgotten my wallet and had no government-issued identification that would allow me to board.
A TSA team used the same technique to confirm I was who I said I was by asking questions that were only easily known by me, but varied enough that it is likely only I would know all the answers. The agents were convinced of my identity and I received the document to board the flight and the return flight a week later.
I was asked things like the name of my first pet, the name of the street I lived on in Lakewood, Calif., which of the four listed cities listed I had lived in (none, as it turned out) and the mascot of my last high school.
Between the TSA and the VA there were eight different questions. They were so random and covered such expanses of time, I thought the odds of anyone but me knowing each answer would be astronomically high. Apparently, that is not so. The VA computer and the TSA team both accepted me as me.
I answered each question correctly. I had to answer quickly. There was a time limit. It is almost beyond comprehension that in just 10 or so minutes a TSA agent could be sure the name of a pet that lived in our house 60 years ago is what I said it is.
The entire process was very quick. A few minutes with TSA and the questions were developed and confirmed. It took about the same amount of time for the VA. It was almost as if the data were in some government database in my name. Prompt the keyboard and out came the questions.
Hackers should just hack that system. That would save identity thieves lots of time.