Low-hanging fruit for identity thieves

April 11th, 2006

For months, the police were chasing a man who was hawking illegal goods on the Internet: 13-digit identity numbers and other personal data that people in this highly wired country must submit to join most members-only Web sites.

When last week they finally arrested the man, identified only by his last name, Song, they found that he was leading a 12-person ring that was selling compact disks that contained personal data for as many as 7.7 million people – names, identity numbers, home and e- mail addresses, phone numbers and Web site log-ons.

The scale of the alleged crime convinced the government that it could no longer delay a planned overhaul of the country’s online identification systems – even though many Web site operators say they fear that the methods being tested are too cumbersome and will stifle Internet growth in South Korea.

“It’s a reality we are facing,” said Ahn Sun, a police investigator. “Your personal data, and mine, are very likely out there circulating.”

Song sold his CDs mainly to telemarketers, but data brokers like him – who are legion in this country, according to the police – are an enormous cause of concern to privacy advocates in South Korea, where 75 percent of the population has access to a broadband connection.

Most South Korean Web sites require members to register by presenting a name and matching 13-digit “resident registration number.”

The number, issued by the government to every South Korean at birth, is the closest thing the country has to a human bar code. For four decades, it has been a dominant form of identification, used when people buy a house, open a bank account or apply for a library card. The first six digits are the holder’s year, month and date of birth. The numbers also reveal sex and place of birth.

An online identification system based on real names and resident numbers is easy to use. The information helps fight the spread of libelous Web postings, a growing social problem here. And for Web site operators, it helps keep out minors and tailor services according to a customer’s sex and age group.

The system, however, has a big problem: It is relatively easy to steal real names and their matching numbers.

The police say that some people with access to the databases of businesses that store customer information have been collecting them and selling them to data brokers. Web sites with poor firewalls are vulnerable to hackers who can extract the personal data. Indeed, it is possible to find names and matching ID numbers just by using Google.

A study by the Ministry of Information and Communication last year found that personal data of 620,000 members from 1,950 Web sites were floating around the Net. Last year, 9,830 victims of resident number theft filed reports with the government-run Korea Information Security Agency.

“It has become too easy to get random resident numbers,” said Kim Young Hong at Citizens’ Action Network, which campaigns for greater online privacy. “The resident number no longer serves as a proper way of identification.”

In February, South Koreans were awakened to the problem when NCSoft, the largest online game company in the country, said 200,000 names and resident numbers that had been used to log on to its popular Lineage fantasy game were taken from data that had been stolen. South Koreans rushed to check the Web site and others to see whether they had accounts they had never signed up for.

In the Lineage game, players accumulate virtual munitions called “items.” The game is so popular here that the items are often bought and sold for real money – and some maintain that Chinese gamers were entering the South Korean Web site using stolen identities to make money.

“The government is introducing alternative systems that have a stronger identification power, protect privacy and help prevent the illegal use of IDs even if they are leaked,” said Park Tae Hee, of the Ministry of Information and Communication. “Web site operators don’t seem eager to embrace them, but the government will push them hard.”

The ministry is testing five new ways to identify Web surfers on its home page and five other sites. Under the new system, users must submit either a digital identity certificate or a new 13-digit “cyber resident number” that they can get from government-designated certifying agencies, instead of the traditional resident number.

After the trial runs and feedback, the government said it planned to require Web sites to adopt one of the methods by the beginning of next year. Meanwhile, it is asking Web portals to start using the new methods voluntarily, but few seem eager.

To get a digital signature certificate, an applicant must fill out a form, pay a fee and wait as long as three days. To get the new resident number, an applicant must supply the agency with more personal and sensitive data, like a bank account or credit card number and the matching password, in addition to the traditional resident number. Unlike the traditional number, the new number can be changed by its holder.

“We completely agree that we need a new system,” said Kim Sung Ho of Kinternet, a lobby for portals, game sites and other Internet-based companies. “But the new procedures are not convenient for users. Such cumbersome systems may hurt the growth of the Internet industry.

[…]

http://www.iht.com/articles/2006/04/10/business/idtheft.php#

AND THERE YOU HAVE IT.

This is EXACTLY what is going to happen to you if you enter the NIR, exactly as was predicted in that anonmous email, that lying scumbag running dog Andy Burnham said was ‘ridiculous’.

Only the stupidest of the stupid will willingly enter into this system. Only a venal government of criminals would forcibly introduce such a system into a country that is mercifully free of unique identifying numbers for their citizens.

Note that “The resident number no longer serves as a proper way of identification.” meaning that once your number leaks, it becomes anyone’s property it will be abused widely, cannot be trusted, and the excersise of setting the system up in the first place is a total waste of time and money.

Now they are trying to shackle the genie that is out of the bottle, by making people enter into another system, which they have to pay for, to try and fix the problem caused by the unique number issued to each Korean.

In Britain, there is no problem to fix because no one is issued with a unique number. As soon as this ceases to be the case, we open up a pandora’s box of problems that the taxpayer will have to pay to fix, with ever more intrusive systems. And thieves will have your low hanging fruit, your fucking balls, at their beck and call.

This is ‘Why You Should’nt Register at the NIR, part 5’ btw.

Leave a Reply

You must be logged in to post a comment.