IDENTITY THEFT – ONE THE RISE? OR IN DECLINE?

Symantec, the internet security company and key provider of internet anti-virus software, released its annual Internet Security Threat Report volume XI this month. The Symantec report, similar to the Gartner report issued last week are in sharp contrast to studies issued by both the Federal Trade Commission and research sponsored by the credit card companies. While the FTC and credit card companies report declines in “identity theft”, both Gartner and Symantec describe a crime wave of unprecedented proportions growing rapidly and adapting to the weak preventative measures provided by government and business.

At KnightsBridge Castle we not surprised by the findings of growth in identity theft and frauds facilitated through the theft of personal information. However, we were surprised by the quantity of this activity originating in the USA. In recent years many analysts had assumed that the systems in which phishing scams, spam scams, internet initiated fraud, and the criminal resale of stolen and breached information had moved to safe havens offshore. The Symantec report indicates that up to one third of all this illegal activity still resides in the United States and therefore subject to the our law enforcement.

Here are some of the surprising findings of the Symantec report:

The Unites States was the top country of attack origin, accounting for 33% of worldwide attack activity.

86% of the credit card and debit cards advertised for sale on underground and illegal economy servers were issued by banks in the US

The government accounted for 25% of all identity theft related data breaches, more than any other sector.

51% of all underground economy servers were located in the USA.

46% of all known phishing web sites were located in the USA

The US has the largest proportion of spam zombies.


These findings are alarming, in that government regulatory agencies and law enforcement have within their reach the many of these illegal activities, yet they do little or nothing to shut them down. A phishing site in Moldavia or Beijing presents great challenges for American law enforcement, however a criminal server offering stolen banking information for sale located in Detroit is an entirely different matter. In our opinion its time for the Federal Trade Commission and US law enforcement to get focused on this crime wave and recognize that much of the threat lies in the USA and is therefore within the reach of the long arm of the law.

The full report is available on Symantec’s website at:

http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport