Here’s an identity thief who made 6 MILLION DOLLARS at the expense of other people.
Did he use your credit card?
What’s worse to think about is whether or not he sold your name to be used by the criminal underworld.
In this 1 hour interview, a former identity thief exposes the secrets he used to use.
He stole people’s identities through hacking, phishing, and real-world scheming, and lived a very good life doing so.
So why is he sharing this information with me?
He says that hacking and identity theft is “too easy” and he needs “more of a challenge”, and fixing identity theft is much more challenging than creating problems for people.
In short, he’s joined “the good side”.
Regardless of how you feel about his perspective, he is going to tell you how and why he stole the identity of countless thousands of people, how you can protect yourself, and as importantly, why he’s changing his tune.
Download the MP3 Here
So welcome to IdentityTheftSecrets.com and I am here actually interviewing today a gentleman who will remain anonymous, however, has been in the identity theft arena for quite awhile and is trying to turn over a new leaf. He is somebody who contacted me through Identity Theft Secrets and basically said; I am really trying to get out of the industry of stealing other people’s information but what I would like to do is to be able to inform people of what actually is going on in the industry and how people’s information is being stolen and used.
So, I’m not going to announce your name here but if you say hello and actually if you wouldn’t mind; tell us a little bit about your background, what got you into the underground scene of identity theft, and what’s really the driving force behind getting you out of it?
Former Identity Thief: Well, my whole driving scene of identity theft? It actually started; I say about twelve or thirteen years ago. Started off basically as wanting to play around, hacking things at first, like web page defacement and then once I started to see the money that could made off like the databases, and the credit card information that could have been obtained and sold; I pretty much have been doing that for, I say about twelve years now.
IdentityTheftSecrets: Twelve years?
Former Identity Thief: Yes, twelve years.
IdentityTheftSecrets: So, you’ve been basically buying and selling other people’s I mean, I guess I don’t know what side of it you are on, but you’ve been basically buying and selling other people’s information for twelve years?
Former Identity Thief: Well, pretty much mainly on the selling side of it all…
IdentityTheftSecrets: On the selling side?
Former Identity Thief: I was one of the people that would go in and hack the databases and offer it to other people online to sell.
IdentityTheftSecrets: Okay. So, you would go in, let’s say some bank or something…
Former Identity Thief: I usually would do online stores. Banks are a little secure. The shopping carts were one of the biggest and easiest one to take advantage of.
IdentityTheftSecrets: Why is that? Why is it that they are so easy to hack into?
Former Identity Thief: Well, the online stores most people just download a PHP shopping cart script and don’t bother; anything security wise. They figure I can just install it and go. That is all I need to run my own online business.
IdentityTheftSecrets: We are talking about bank security or somebody who is running a store for…
Former Identity Thief: It’s usually the stores because what they end up doing is; once you sniff their traffic, you get the actual merchant account numbers, making it a lot easier to access the bank systems because you already have the logins and passwords to that.
IdentityTheftSecrets: I mean honestly, what made you think that that was okay to do?
Former Identity Thief: Oh no, there was nothing that made me think it was okay. I was looking at it monetary-wise. That was pretty much what it was. I can go in and take a database and get about fifty to one hundred thousand per database for one hour worth of work.
IdentityTheftSecrets: So okay, let me get this straight. You go and you hack in to somebody’s database, you grab; what’s an average number of people’s information that you can grab from that database?
Former Identity Thief: Depending on the popularity of the website. The lowest that I ever came across by had at least 500 to 600 people’s information in it.
IdentityTheftSecrets: What’s the biggest you ever had?
Former Identity Thief: The biggest one I ever had, I say had about 300 or 400 thousand cards in it.
IdentityTheftSecrets: So you go and you hack into somebody’s online store and you grab, let’s say; I mean if you are grabbing 200 or 300 thousand peoples information, you’ve got to be going, hey pay day, right? But, you hack in and you grab, let say, a thousand people’s information. Credit card, names, address, sometimes social security number, I would imagine?
Former Identity Thief: Yes, e-mail, passwords.
IdentityTheftSecrets: You grab all of this information on somebody, and then, what is the process? Like you’ve got, let say, a thousand people’s information; what do you do next with that information after you hacked in?
Former Identity Thief: Well, you can go to one of those various places on the internet to sell it off one by one. But, that kind of gets time-consuming and it is a lot more work. Or, you can go to the bigger names who also sell the information online and you sell it to them at a discount and let them worry about all the work.
IdentityTheftSecrets: Okay so, there is like a resale network, right? Okay, you go and hack in, get all this information and you sell it to somebody who already has a bunch of people who buy from them?
Former Identity Thief: Yes.
IdentityTheftSecrets: Okay, what would be per name; you are selling them; okay, so there is two level of this, you are selling it at a discount or you are selling it just at full price? What would be a discounted price for people’s information?
Former Identity Thief: Usually you can sell a database of one thousand people for about 400 or 500 dollars.
IdentityTheftSecrets: Okay, so fifty cents a name?
Former Identity Thief: Yes.
IdentityTheftSecrets: And that would be like the wholesale cost of buying somebody’s name from you?
Former Identity Thief: Yes. Now, if it was a bigger deal one like bigger databases; it was like 20,000 people, I sell it for like five thousand. Just because you have to sort through them all; sometimes there are duplicates in there.
IdentityTheftSecrets: So, you actually are selling people’s name in bulk?
Former Identity Thief: Yes.
IdentityTheftSecrets: Wow. Alright; so then that person that you sold the names to, they turn around and sell them at retail or maybe they sell them to another reseller but what would be like the retail price for someone’s information? Let say I’ve got their name, their address, their social security number and some credit card information; what would be the cost? What would be; if I wanted to buy somebody’s information, what would be the cost to me for that?
Former Identity Thief: Usually about five to ten dollars per person.
IdentityTheftSecrets: Unreal. So I work in a bank let say, and I can get a hold of these kind of people; I can sell names for let say, for two or three dollars a pop and they can turn around and resell them for five or ten dollars a piece?
Former Identity Thief: Yes.
IdentityTheftSecrets: What’s the highest you’ve ever seen a name go for?
Former Identity Thief: I’ve seen some that come with mother’s maiden name and everything; pin numbers on the accounts, go up to twenty dollars a piece.
IdentityTheftSecrets: So there are a lot of people making a lot of money just reselling names?
Former Identity Thief: Yes.
IdentityTheftSecrets: And then on the other end, the people who buy these names; I mean what kinds of things, and you know we have covered this before, but from somebody who is actually working in the industry; if you get a hold of somebody’s name and you want to actually go and rip them off, use their information for identity theft; what kind of things do you do with that information?
Former Identity Thief: Well, first you start off by maxing out their credit cards and then with all that information; social security number and date of birth and the mother’s maiden name and everything; you’ll open new lines of credit and add other addresses to the person’s credit profile so that way when they open up a line of credit, the credit cards are shipped to what they use as the drop address. And they can pretty much take someone bankrupt; fifty or one hundred thousand dollars in the hole in a matter of a week.
IdentityTheftSecrets: I apply for credit in your name. I put up a new address, a drop address, we will go into what that is, but I put up a drop address as your new address, right? If I have stolen your information and then I can get up to, with a good credit or somebody with at least moderately acceptable credit; I can get fifty to hundred thousand dollars worth of credit in your name?
Former Identity Thief: Yes. Sometimes even more depending on the credit score. Some vendor would actually sell the information rank on credit score.
IdentityTheftSecrets: So you go, you hack into somebody’s information; you sell that to, let just call this guy Joe. Okay Joe, is somebody who resells other people’s information to the people that are actually going to use it. So, you sell the information to Joe; Joe sells it for ten bucks to somebody, who goes out and finds out well, Joe goes out and finds out hey this person has a credit score of 750 and can get approved for basically anything so I sell their name, as Joe let say I am Joe; I sell that information to the end person who buys that for twenty bucks and then they go and get one hundred thousand dollars worth of credit in my name?
Former Identity Thief: Correct. They can also open utility bills in your name, bank accounts in your name, get state issued IDs in your name, everything.
IdentityTheftSecrets: Well let me ask you this direct question, have you ever used somebody’s information?
Former Identity Thief: Yes.
IdentityTheftSecrets: Yes. And how many times do you think you have done that?
Former Identity Thief: Over one hundred.
IdentityTheftSecrets: Have you thought about; I mean this is what is so puzzling to me, the people; it is really hard for me to get in the mind of somebody who would do this to somebody else. I mean, how do you justify that, like in your mind?
Former Identity Thief: The justification when it comes down to it, sad to say, is in the long wrong run, the creditors, the way we look at it, the creditors are the ones that take the hit. They are the ones who actually loose the money, is not an actual individual who loses the cash. It is the mind set of everyone in the business.
IdentityTheftSecrets: Right, but what about the guy who is pulled over at three o’clock in the morning who’s information has been used for some sort of criminal type thing, let say, somebody uses my information and goes and gets a driver’s license in my name and they are pulled over and they have a DUI. And that goes on my record because they are using my driver’s license with their name and I spend the night in jail because of it.
Former Identity Thief: Yes, not many think of it from that point of view.
IdentityTheftSecrets: From working inside the industry, what is the worst story you’ve heard about someone losing their information?
Former Identity Thief: Well, recently I say there was an online Casino scam that was running where one of the moderators took the person roughly about six hundred thousand in a matter of about two days right from their accounts and IRA.
IdentityTheftSecrets: Can you say a little bit about how that happened?
Former Identity Thief: What they usually do; it turns out to be almost like a phishing scam. They set up a fake casino and phished out their letters to everybody and once they sign up and start gambling; what they would do is they just would repeatedly charge the card and debit the bank accounts until it was flat out denied. And, in some cases the people would actually fax over copies of their driver’s license, utility bills, credit cards; front and back, for them to just use at their will, because they didn’t know any better.
IdentityTheftSecrets: Because they thought they were going to win inside these casinos?
Former Identity Thief: Yes, they figure oh I won this and they sent out a letter saying you have $10,000.00 that you have won and now you have to send me all this as proof that you are this person and then we will give you the money. Lo and behold, they have just turned in their whole life to somebody, including all their money, and didn’t even know about it.
IdentityTheftSecrets: The people are just okay. Obviously, in that situation they know the individual that they are robbing?
Former Identity Thief: Yes.
IdentityTheftSecrets: Right and they are actually, because they have seen pictures of them, they have gotten all of their information faxed to them. What do you think is going on the mind of that person?
Former Identity Thief: Oh, they are just thinking about how much money they are going to make because once you send them all of your documentation; there is pretty much nothing that the person who has sent the information can do after that because they knowingly and willing gave them that information. So, on the legal stand point, the way the law works is the banks are not responsible for the money because they handed over their information. So the person that ran the scam is thinking, wow! I just got rich in two days.
IdentityTheftSecrets: I just made half a million dollars directly out of somebody else’s account and the bank is not going to reimburse this person. I just ruined somebody.
Former Identity Thief: Yeah, that is pretty much how they think about it. They are more on the greed instead of how it would affect somebody else.
IdentityTheftSecrets: And obviously there are these forums, right? There is like Carder’s market and I don’t think they like me very much over there…
Former Identity Thief: There is CardersMarket, Mazafaka, I say about twenty up and running at a given time.
IdentityTheftSecrets: There are twenty active forums up and running right now?
Former Identity Thief: Yes, that are actually not scammers and rippers trying to rip off other people in the business.
IdentityTheftSecrets: Alright, so there are forums up right now and they are trying to rip off each other?
Former Identity Thief: Well, there are some forums that are trying to rip off verified members of other forums. They invite them to come in and what they would do is; they offer to sell a product to the newcomers and they will take the newcomer’s money and not give them any product at all.
IdentityTheftSecrets: And who runs these boards; I mean, who sets up CardersMarket? Or who sets up the markets or sites like Mazafaka? I guess these other sitters that are out there? ScandinavianCarding was out there for a while. Who sets these things up?
Former Identity Thief: Various people from all over the world. Each forum pretty much bases itself with numbers from the areas that pretty much I’ll say, involves business with like; Mazafaka is pretty much a Russian base community with the Russian speakers. They do have an English side to it but their main focus is European. Where Scandinavian(Carding’s) focus was more Swedish and Carder’s market is more English based. It is all; various people go all the way back I say, they all branch out since ShadowCrew went down back in 2004 I think it was.
IdentityTheftSecrets: So the government came in and I mean; I think people listening to this call doesn’t even know about ShadowCrew. ShadowCrew was a form where everybody did business, right?
Former Identity Thief: Yes, it was one of the two main back bones at the time. There was a ShadowCrew that handled, I say 90% of the US business and then there was CarderPlanet that handled about 90% of the Russian based business.
IdentityTheftSecrets: I mean when you say “business” you are talking about the business of ripping other people off?
Former Identity Thief: Yes. When the law enforcement took over those forums the ones who eluded captured that were high up in the ranks, split apart, and started their own; I guess you can call it sub-forums at the time, and have built from there.
IdentityTheftSecrets: And today you say there are about twenty of these forums that are actively running with members?
Former Identity Thief: Yes.
IdentityTheftSecrets: And how many of these would you classify as good places to do “business”?
Former Identity Thief: I would say right now only about three of them.
IdentityTheftSecrets: Where are they set up?
Former Identity Thief: Well, Carder’sMarket is based out of Iran now. Then you have DarkMarket that is based out of the Ukraine. And then you have Maza (faka) and verified.ru which are both based out of Russian territories.
IdentityTheftSecrets: Where do most of these people live? Most of these people that are ripping other people off.
Former Identity Thief: They are all over the world. Some are in the United States. Most of them are European. The little low end bottom-feeders are Nigeria, South Africa. Those people really, I don’t know. The media really likes to make them look more of a threat than what they really are.
IdentityTheftSecrets: The Nigerian fraud people?
Former Identity Thief:Yes. They are actually like low end when it comes to the whole big picture.
IdentityTheftSecrets: Okay, so can you give us a brief, what is the difference between someone who is low end and someone who is high end as far as someone who is taking other people’s information and using it?
Former Identity Thief: Well, a great example who be. I’m sure you have seen the Dateline “To Catch an Identify Thief.” The whole IRC they are using people’s credit cards, everything like that. What they don’t tell you are that those same people that is using those cards; those cards are actually thrown away by the people who know what they are doing. When someone steals a person’s identity, they will use it and take what they want and they will throw it off to the Nigerians and the people in those channels to distract law enforcement from themselves. So, their targets when they see all the activity in fraud they’ll think oh is the Nigerians doing this and that, but they don’t see the big $2,000 or $4,000 hits by the people who actually used it for what they wanted before they threw it away.
IdentityTheftSecrets: Okay. So, let’s try and put together this picture. You go and you hack xyzshop.com and you hack in there or you get the information some other way because I know that there are a ton of ways to do it. Your way of choice happens to be to hack in somebody’s website that has poor security. So, you go to xyzshop.com, you get a thousand people’s information, you sell that to a guy for five bucks a name or a dollar a name or fifty cent a name, he turns around and sells that for ten dollars a name or twenty dollars a name to someone who uses it and hits that person for ten thousand, fifteen thousand or twenty thousand dollars and then that person resells it to somebody who is operating, like a Nigerian type fraud?
Former Identity Thief: Well, they don’t even resell it. They just give it away to them and they will just post it free for anyone. It is like a bunch of hungry piranhas on IRC for the best analogy. With the person that after they use it they will post it on one of the IRC chat rooms where all of the Nigerians and everyone hang out at and as soon as they see that information posted in that room, within minutes they will kill off the rest of that card in places all over the world.
IdentityTheftSecrets: So this card just gets publicly posted. I’m done with it because I have spent $10,000.00 on it. I know it has a $12,000.00 credit limit and I really don’t want anything for $2,000.00 so it is much easier for me to go and buy somebody else’s info. So I really don’t care about this card; here you go.
Former Identity Thief: Yeah, and then the people who fight for the $2,000.00 limit; law enforcement would see twenty other transactions coming from ther, so the focus is on them trying to use it and it pretty much eludes the main person in the first place. Is just a way for them to cover their tracks.
IdentityTheftSecrets: So who would you say is the most likely person to become a victim of identity theft? If there was a group of people who, because all of these statistics come out all the time and say well seniors are the most targeted; well teens are the most targeted. Well, you know kids who haven’t established any credit are the most targeted. People in their twenties are the most targeted. You know, I’ve seen statistics on everything. Based on your experience working inside of the industry, who would you say is most likely to become a victim of identity theft?
Former Identity Thief: Anybody who pretty much uses their information on the Internet for anything whatsoever. I mean there is no specific category. If they are on the computer and they don’t know about their own personal security and they don’t run anti virus or firewall or anything like that; they are just as much chances as a 70 year old becoming a victim as a 19 year old. They don’t care age, race, color, anything; they just want your information.
IdentityTheftSecrets: What about; I mean, I don’t know. Have you ever tried to hack into a big company, like a health insurance company, or a bank, or a mortgage company, or a school?
Former Identity Thief: I have never personally done it but I have known it to be done. The VA hospital in Pennsylvania lost a whole bunch of records when they were hacked. There are schools where students would make fake IDs and have all of the people; like they would make IDs for all of the students to go get drunk but at the same time they would have all the personal information on that person. Name, date of birth, everything; so they would have them themselves, they claimed it was to make the IDs but then they will resell it later.
IdentityTheftSecrets: So some college kid is 19 years old and says, I’m going to get a fake ID, this guy is going to make one for me and it is a really good fake because what the guy is doing is taking the information that he used to make that fake and reselling it?
Former Identity Thief: Yes, on top of the money he is getting paid for making the ID.
IdentityTheftSecrets: He makes 100 bucks for the fake and then turns around and sells the info for twenty or thirty bucks a pop?
Former Identity Thief: Yes. The higher the quality of his fake, the more people that come to him, the more product he has to sell online, the more credibility he will have later on to do other business.
IdentityTheftSecrets: So there is a whole like trust network?
Former Identity Thief: Yes. A lot of the forums and the higher up identity thieves are all based on trust. You just can’t be some new guy coming in and saying, hey look I want to do business. They would pretty much look at you and say all right you are law enforcement, you are a reporter; we don’t want you, even if you are 100% serious in starting in the business. That is why a lot of the forums now require what its called guarantee. They have to have at least two people to vouch for them and then they have to pay a fee just to even be able to view the forums nowadays.
IdentityTheftSecrets: So someone can get in if they know a couple of people in the industry who are already ranked well and they are willing to pay. What kind of fees do they have to pay to join these forums?
Former Identity Thief: It is usually only around fifty to one hundred dollars, which is not much considering what they…
IdentityTheftSecrets: When you are ripping somebody else off, right?
Former Identity Thief: Yeah
IdentityTheftSecrets: When you know how to get somebody else’s information, 100 bucks is nothing.
Former Identity Thief: Exactly and that is the way they advertise it on the forums. So, if you are here to do business you can buy a credit card with whatever name you want on it, with the ID to back it up and the information. So, you can just take it to the store for 200 hundred dollars and spend thousands and you can’t pay 100 dollars to get on here, then there is no need for you to be on here; you are not serious.
IdentityTheftSecrets: If you had to speculate, why would they host; I mean this is a dumb question, for people who don’t know it is not a dumb question at all; why is this, lets say Carder’sMarket, why would they host out of Iran?
Former Identity Thief: They do that pretty much for law enforcement has no control over anything they do at all. They can’t force them to shut down the website, they can’t take them offline, and it is pretty much out of everyone’s reach.
IdentityTheftSecrets: We didn’t have much success getting them to shut down their nuclear weapons program. So, I can’t imagine we can get them to shut down a website?
Former Identity Thief: Yeah, slim chance there.
IdentityTheftSecrets: Yeah. So, everyone is equal opportunity to become a victim?
Former Identity Thief: Yes.
IdentityTheftSecrets: Because any bank, any mortgage company, or any insurance company can be hacked?
Former Identity Thief: Correct.
IdentityTheftSecrets: By the right person, right?
Former Identity Thief: Well, a lot of the times it is even done from inside. I know of certain banks where they don’t even bother shredding their documents and so they just throw them away in a dumpster with a little lock that can be picked in no time at all and all of these mortgage applications, loan applications are free for the taking right out of the garbage.
IdentityTheftSecrets: And that kind of information can either be used or resold?
Former Identity Thief: Yes.
IdentityTheftSecrets: So if I am a real-world identity thief, like you are you using virtual methods or have in the past, I mean we are going to talk about you getting out of this, but if I am a real well identity thief; I am not stealing people’s information, you know by hacking in, what is my process?
Former Identity Thief: Oh there are so many things you can do. You can go to the post office and have their mail put on hold and pick it up your self. You can have a change of address put over the internet with a gift card that you can buy and use any name on it and then the mail will be redirected to wherever you want it to be redirected to.
IdentityTheftSecrets: Explain that a little further. I can go get a gift card, explain how that works.
Former Identity Thief: You can go out and buy a gift card. All that the US Postal requires for you to do a change of address on the computer is register your new address and show a credit card as verification. So, if you get a prepaid credit card somewhere, you can put any name you want on it. So, when you apply for that on the US Postal website the name matches the address that you want to forward to so they just go ahead and put the change of address for your mail is being sent to wherever that person decided to put it in at.
IdentityTheftSecrets: Well, I have known that you can do that with the United States Postal Service. I mean, if you are willing to go in the place you can just actually write one out, you don’t ever need verification.
Former Identity Thief: Yes correct, if you just want to write one out, but most people don’t like doing that nowadays because you can’t see if you have your fingerprints on the document, or they either have your signature or your handwriting for analysis later.
IdentityTheftSecrets: So instead I can go get a gift card and I can just change your address and get your mail for a few days and try to get information from your mail?
Former Identity Thief: Yes.
IdentityTheftSecrets: So, what other kinds of way if I am a real well identity thief and I am stealing information like real instead of virtually, how else would I steal people’s information?
Former Identity Thief: A lot of people go through other people’s garbage. Better know as dumpster diving for those who don’t like to shred their documents. They just get stuff in the mail and don’t even think about it, they throw it away. People throw their pay stubs away; they just crumble them up and throw them in the trash and don’t pay any attention to it whatsoever thinking that the garbage is just going to come and get it. Bank institutions; some of them, I have to say most of the big name banks will actually shred their documents, but at the same time, some of them have them in a holding bin that is locked until the shredders come and get them and someone can just break the lock and steal I mean, bags full of people’s identities. I mean, it is nothing but their identity, their bank account, social security number, everything we’d need to get, mortgage; it is all there for the taking. Other people, like working in the administrator’s offices at schools and hospitals, and have the information like that. A lot of people, who throw their computers away, just because they format their hard drive, does not mean that the information is gone. A good person with computers can recover everything off of there unless it is properly cleaned.
IdentityTheftSecrets: What is the best way of having it properly cleaned?
Former Identity Thief: I would use something along the line Active Disc Wipe and Run like a GutMin wipe on it where no information can be recovered. It may take you a few hours but the money and hassles that would save you in the long run is well worth it.
IdentityTheftSecrets: So kind of getting into that topic then; if you could give people advise on what they need to do to protect their information, I mean just kind of open ended here; what would your advise be?
Former Identity Thief: They would need to shred their documents. Don’t think that anything is something that doesn’t really matter. Any information at all that can put you to something else gives them the ability of getting more information on you. Protect your computer. Use firewall, up-to-date anti-virus, there is a nice little plug-in that they have out now that is called key scripter which crypt your key strokes in the internet browser in case a key logger is on your computer it still gives random codes and it won’t actual be able to get any of your information at all. I use Kapersky internet security suite and ZoneLabs security suite. Anything that you can actually protect anything you do on the computer is a big step forward. Make sure you use stuff to verify that the emails that you get are actually from the banks itself because 90% of the time a lot of people will respond to the email and the bank is not going to ask you for your personal information, they already have it all.
IdentityTheftSecrets: So, how would you be able to tell what is a real email and what is not a real email? Some of those phishing emails are so good now.
Former Identity Thief: Oh yeah, they also have programs out there that verify the actual email header. Most Internet companies and web mail you can’t actually see the header but if you have the option to use the header and make sure that it actually comes from there. Microsoft actually, I have to give them credit on this and I really hate them, but in Windowd Vista and I think Internet Explore 7 offer a really nice anti phishing tool bar built into the browser now that tends to work very nice.
IdentityTheftSecrets: Right, we did a video on that actually about exactly that on Identity Secrets. This site has been reported as a suspected phishing site, would you like to continue to this website?
Former Identity Thief: Yeah. I mean there are still ways around that for the good identity thieves but most of them don’t work their way around with that. I have given ideas to banks that they can use that are 100% surefire way to stop phishing. None of them have really implemented it, the only company that I have seen it implement it so far has been Paypal.
IdentityTheftSecrets: What did they do? I mean, what is the 100% surefire way to stop phishing?
Former Identity Thief: I suggested that they use RSA keys. I’m not sure if you are aware what those are or not, but it is like a key chain and it is a token that is tied to the account. The key chain that they send you is a little digital key chain and has a revolving password for every thirty second a new password is sent to that device that is generated by the token that is tied to the account. So that way, even if a person was phished, by the time they are done sending the form and they hit send to email it back, their password has already changed.
IdentityTheftSecrets: I can imagine that kind of thing can be very expensive for a bank to implement?
Former Identity Thief: No, not really. If they would charge their customer a one time fee of $5.00, it would cost the bank around; I say out of pocket with the fee maybe about two to three million to implement but they are also losing nine billion a year. So, but they just look at why spend ten million dollars now just in case we loose nine billion over the year.
IdentityTheftSecrets: The banks you are talking about, how do you know these statistics that the banks are losing nine billion a year?
Former Identity Thief: Oh, if you Google search and everything and you bring up the statistics on the loss of Identity Theft and I have actually talked with bank investigators from a few banks and got information from them when I was offering them this idea that they could use and they’re like, well, the banks can’t justify spending this much money now for something that might happen in a year.
IdentityTheftSecrets: So they rather have cure than prevention?
Former Identity Thief: Yeah.
IdentityTheftSecrets: The advice that you are offering here is basically shred your stuff, make sure you are completely secure in the Internet; I think you mentioned about six different products that the average person should have in order to protect their information, what other kind of things do you recommend they do?
Former Identity Thief: Well right now they have a telescam that is going on too were these identity thief are using automated systems to call and contact the people and saying, hey your bank information needs updating please call this 800 number. I would call your bank and verify first. Pretty much, if you shred everything, you keep yourself secure, if you try to make yourself aware of all the latest things that are going on and educate yourself on the new tricks that they are using; you should pretty much be safe.
IdentityTheftSecrets: Couldn’t I though; I mean, if I am you and I am trying to hack into one of these companies or somebody with some really good hacking skills decides to hack well, I can even go up and look at the companies that have been hacked; I’m actually going to do that while we are on the phone here, but if I am really good at hacking in to somebody’s information; how do I as the end consumer prevent you, the hacker, from going and hacking the companies that I have trusted my information with?
Former Identity Thief: Well, one of the things that I suggest for online purchases is go to like a Simon mall or other malls like that, they give you the gift card. You have to spend the two dollar fee but you can buy the gift card for the amount you want to spend online; take that gift card home and use that. They get the gift card number, the money is already deducted from it and you take no loss whatsoever, except the little two dollars that you paid to be able to use the credit card. That way they don’t have your information, your credit card; they just have bogus information, so to speak.
IdentityTheftSecrets: Right, but let say I went into; I mean, I am looking at the list here that is on the Privacy Rights Clearing House website and as I am looking at this; Tufts University. Let say I attended Tufts University in Boston, Massachusetts; they lost 106,000 records from hacking on April 11, 2005. Here is another one for Ralph Lauren; now, I may not have shopped at Ralph Lauren’s website online, but I may have shopped at their store, there physical store with my credit card right, and my information is now stored with them. Here is the California Department of Health Services…
Former Identity Thief: TJ Maxx was a really big one there as well which was recently done.
IdentityTheftSecrets: Right, so if I am shopping with these companies; we are not talking about internet now, we are talking about I walk in, I hand my credit card to somebody, my information is stored in their database and their database is hacked; how do I prevent my information, I mean, how do I protect myself from that kind of a thing? Because, I am going to go out and do real world purchasing, right? And, I am going to go to college and at college I am going to have to give my information out and I am going to have health insurance; my health insurance company needs my information. Here is one from the Colorado Health Department, they needed my information or whatever; 1600 families lost their information to hacking. All of these other companies that house my information, you can hack in to any of these people, right? If you are a good enough hacker, you can hack into any of these people?
Former Identity Thief: Yeah, and the sad thing is that there is really no preventative measures right now that can actually be put into work effectively with those.
IdentityTheftSecrets: So, even if I do everything that you just, and I am obviously leading with something here, but even if I do everything that you just recommended to me; there is no guarantee that my information is going to be safe?
Former Identity Thief: No, the only thing that you can possibly do would be like lock your credit; where you can do it through the credit bureaus where you can actually lock your credit where no new lines of credit can be applied for, but that still takes the chance that your credit cards can be used. I will never use a debit card in the stores. That is the biggest mistake that a lot of people do. Everybody thinks that it is more convenient because it comes out of your bank account, but when you use that debit card in the stores, there is a higher chance of them being able to clear out your bank account, take your life savings, then if you would have just used your credit card and have that maxed out.
IdentityTheftSecrets: Why is the reason for that?
Former Identity Thief: The credit card is actually not linked to your bank account at all; where the debit card gives them direct access to your bank account.
IdentityTheftSecrets: Okay. So, either use a bank account with a small balance in it or use a credit card?
Former Identity Thief: Yes and even at that; I would set up a complete separate bank account aside because if you have a checking account and a savings account, even though the debit card is only tied to your checking account; once they have that they can go online with your account number and apply to have your savings account added to your debit card later, and then clean out your savings account the same way.
IdentityTheftSecrets: Okay. So then even if I lock my credit, I don’t use the bank account and whatever; then let go back to the situation before that I mentioned; someone is using my driver license and gets a DUI in my name, how does locking my credit help with that issue?
Former Identity Thief: It doesn’t at all. The sad is that there is no actual true way at all whatsoever to pretty much put a stop to it right now; that is the biggest thing. The only thing that would possibly come in that would be stuff in the future that you have to hope that the government would decide to implement, but their whole thing is what will it cost? And, that is their biggest worry, what will it cost them to implement such measures?
IdentityTheftSecrets: And, not only that; but the banking industry on the other side doesn’t want to do that anyway. Even if they wanted to implement it they’ve got somebody actively fighting against it on the other side.
Former Identity Thief: Yes.
IdentityTheftSecrets: Let’s kind of go back to some of the other questions here. If there is one thing, we talked through a bunch of these, what is the number one thing, I guess, out of everything we just talked about; if there was just one thing that I could do to protect my information, what will that be?
Former Identity Thief: I would have to say educating yourself on everything is. I would read up on as much as possible to learn everything and practice as much computer security as you can.
IdentityTheftSecrets: I mean, a lot of people, you know, they push these power buttons on their computer and that is about the extent of their knowledge of how to use their computer, other than, hey I love eBay and I love to shop on eBay.
Former Identity Thief: Yeah and that is what makes it so hard, and those are the people that are mainly targeted because they don’t know any better. They don’t bother with firewall or anti virus because they don’t know what it is. They don’t see how it can benefit them. Why should they pay forty dollars for a piece of software when they feel that they don’t go anywhere to get a virus, but at the same time, viruses are pretty much hidden everywhere nowadays. You can go to eBay where there is a new PNG virus that is going around where as soon as you load the web page it can infect your system and you wouldn’t even know that you were infected.
IdentityTheftSecrets: What is a PNG for those who don’t know?
Former Identity Thief: PNG is an image file. They would show, like when you would open up a eBay auction and it has a picture of, let say, a printer that you are going to buy; that printer (picture) can actually have the malicious code in it itself and execute itself on your machine.
IdentityTheftSecrets: Just based on viewing a web page, I could have a virus installed on my computer from a graphic?
Former Identity Thief: Yes.
IdentityTheftSecrets: And, what kind of things could that virus do? I mean, we all have heard a lot about virus.
Former Identity Thief: It can turn your computer into a drone. It can; they can use your computer to commit the crimes that they want to commit and when the investigation comes back it looks like it was your computer that did it. They can log all your information that you type, all your personal emails and once they start getting your personal emails and everything; that is where the social engineering aspect of it all comes into play. Where the identity thieves will talk to your friends, and other people, and co-workers and get more information on you so when they steal your credit they can answer any kind of questions that they might need to know later on to become you.
IdentityTheftSecrets: Run me through a hypothetical on how that would work.
Former Identity Thief: Okay. Let say you were sending an email to, say you have a brother, and I intercept your email and see what you were talking about. So, I decide to contact your brother saying that I am a friend of your and we were supposed to go to a football or baseball game or something, and I lost your phone number and I just needed it real quick because by the time you check your email it would be too late. Most likely a lot of the time they just give up the information freely and once they have your phone number they can do a reverse look up online and have your address. Now they have your name, your address, and your telephone number. With that they can start working through utility bills. There are a lot of utility bills online, accounts and everything, they will link it to your address and then next thing you know they will have your social security number. After they have your social security number they will go to a place like, Intellius or Integrascan and do a complete credit background on you, and next thing you know, your information has been sold and somebody else is you.
IdentityTheftSecrets: So, is really that simple?
Former Identity Thief: Yeah.
IdentityTheftSecrets: Someone can really just have your name and they can work it backwards from there and if they really want to get your info, they can do it; pretty simply?
Former Identity Thief: Yeah, they can. It might take them a few days or a week or two to get it done but if they want it bad enough they can do it.
IdentityTheftSecrets: What would the cost be of doing that overall? If all I started with was the hypothetical you just ran; if all I had was your name…
Former Identity Thief: Well, if you are actually an identity thief, it wouldn’t cost you anything except your time. When they go to Intellius, they don’t pay the fees but what they would do is; they take one of the stolen credit cards they have laying around or sit on one of the websites where it’s posted for free and then use that to run the report. And then everything else is pretty much; you can find on Google, I mean Google is a great search agent, but they just include way too much information for some people.
IdentityTheftSecrets: That is one of the things that we have always advice people on Identity Secrets too. Go do a vanity search for yourself. Go type in your name or where you work or go type in your name and the name of your kids, or go type in you name; go type in your phone number.
Former Identity Thief: One other thing, the Department of Agriculture, I think it was listed on security focus, mistakenly had all the applications and everything indexed by Google because they did not set up the Robots.txt to where everyone, I think in was in Iowa or one of those somewhere, I am not sure at the moment which one it was, but all their applications with names, addresses, social security number were right there publicly browser able just through a Google search.
IdentityTheftSecrets: And how long were they up there for?
Former Identity Thief: Honestly, they don’t know. It could have been up there for a year. They weren’t even aware that they were being index. Someone mistakenly trip over and found it.
IdentityTheftSecrets: And then before it they took the Department of Agriculture, and they said, “Oops, sorry.”
Former Identity Thief: Yeah, we didn’t know we made that mistake. Computer security rating is like a C- when graded through what the actual guidelines are today for computer security. Some of them are complete failure; I think that the Department of Justice had like an F or a D for this year.
IdentityTheftSecrets: And can you go on and look those things up as an identity thief?
Former Identity Thief: Yes, you can look them up everywhere. A lot of the websites have what are called RSS fees, where the news fees and they just get the information constantly. For the hacker there are websites out there that focus in advisories and that is how most of the hackers even find companies that are still vulnerable. Now, a place like CERT which is an advisory; they issue the advisory and threats now the hacker sees the threats and it may be something that he never thought of and he has a new virus out there until the companies upgrade and fix the hole. Within those two weeks he can still profit nice bit of information in those two weeks.
IdentityTheftSecrets: So, these security advisories that are coming out; a smart identity thief would get on their list and they will get the notification and act quickly on that notification and go expose a hundred new companies or something to this and then?
Former Identity Thief: Yes and they hope to exploit the hole before it is patched. They don’t sleep two days at a time; they just sit there and watch for a time to just come in.
IdentityTheftSecrets: So, they are not actively thinking; hey, what can I do to hack somebody, they are just waiting for security advisory to come in and then they use that security advisory to create further damage?
Former Identity Thief: Yeah. They are like wow. Yeah, if I use this one right here that will give me their database access. I haven’t been thinking about using this method and then that is the method that they decide to run with.
IdentityTheftSecrets: You been offering; obviously, you know a lot about this industry. I mean, I appreciate you taking the time to talk about this today and really, honestly, the only reason why I am even talking to you is because you told me, “I am ready to kind of make some changes about what I am doing and trying to help people.” And so, you have been involved in this industry of ripping other people off and taking their information and using it for identity theft for twelve years now; so, dating back to 1995?
Former Identity Thief: Yes.
IdentityTheftSecrets: What is it that is getting you out of this arena and actually trying to do positive things; going and talking to banks about ways they can protect their customer’s information, what is getting you out of that side of it and trying to help people from the other side?
Former Identity Thief: Well, the main thing that got me into it was the challenge, but now that is not challenging, I figure it be more of a challenge to try to prevent everything from happening. I am more of a person who wants to be challenged about what I am doing then just sitting around and on the other side is like wow, this could be my wife’s information stolen, this could be my mother’s information stolen. Do I really want to put them through everything that comes with it; it is pretty much where I started going with it. I end up developing like a conscience.
IdentityTheftSecrets: Man, was there something I mean; on Identity Theft Secrets, I mean, here is the thing; I’m the hopeful, I’m hopeful you know, because I think that without hope you just give up everything, but I am hopeful that at some point in the future we can get a hold of some of these people that are like, you know I mean, the serious rip off artists and that they would have some sort of conversion, you know I am not talking about religious conversion, but just some sort of conversion that go; I can’t believe that just happened to X person and to have them see what that does, because that is what I see all the time. I mean, I see what it does to identity theft victims, right? I mean, if then knew some of the things that they cause; I would think, I mean, I’m just hopeful that like most of those people would convert, you know? Jim Rohn says that there are seven to ten really nasty people in the world and they move around a lot, right? You and I both know that there are more than just seven to ten but that we would just hope that those people could be converted. So, I mean, were there something for you that made that switch? Was it instant or was it over a period of time?
Former Identity Thief: It was more or less over a period of time. I just started like; we have on the forums where everyone would be posting their comments, the news articles and everything; we tried to keep an eye to see what was being said about us and everything and just blow it off, but then it is when I sit there and go through them I see is not just the creditors are taking a hit on the money so it is actually causing problems for this person and that person, and this is happening and that is happening; so after a time, wow. I got into thinking wow, the credit companies are charging you 23% on every dollar you spend so, they are not the only ones that are getting hurt anymore.
IdentityTheftSecrets: Initially you were trying to rip off the credit card companies?
Former Identity Thief: Yes, I looked at it as; they are ripping me off 23% on every dollar I spend, it is my turn to take back from them.
IdentityTheftSecrets: And, would you say that is the thought process of most people in the Identity Theft arena?
Former Identity Thief: Yes, I would say that is about how 90% of them think. The other 10% are like, hey this is quick and easy money.
IdentityTheftSecrets: Who cares who it hurts?
Former Identity Thief: Yeah.
IdentityTheftSecrets: So, there wasn’t one thing that made you go; man I just got to get out of this?
Former Identity Thief: No.
IdentityTheftSecrets: Just more of a gradual process realizing that is actually hurting individual people instead of hurting banks?
Former Identity Thief: Yeah. Is like wow is not really, I mean it does still hurt the banks and people down back somewhat, but there is damage irreversible that is done. So, it is just; I just couldn’t live with the fact that it was like alright, I am the one that is causing this person to be this miserable over something that it wasn’t targeted at them as an individual as it was more so at the company.
IdentityTheftSecrets: How much money do you think you have personally made from identity theft; from the things that you have done?
Former Identity Thief: In a year I have made close to three quarters of a million, at a given year.
IdentityTheftSecrets: And you have been involved for twelve years so, let just say half a million a year so; you have been probably six million dollars for the last twelve years from other people’s information?
Former Identity Thief: I would say more or less around three because you have to pay out money to make money. Experimental – like; you have to buy equipment to make your product better for use in other places so, all in all, I would say about three million profit.
IdentityTheftSecrets: So, you have deposited three million dollars in the bank and obviously you have family. I mean, you mentioned anyway that you have a wife; how does your family feel about what you do? Do they know?
Former Identity Thief: No. They think I am just a computer consultant that goes to work from nine to five every day.
IdentityTheftSecrets: Even your wife?
Former Identity Thief: Yeah, I didn’t trust anybody enough to let them know what I was doing, because if you tell one person next thing you know law enforcement would be knocking on your door sooner or later.
IdentityTheftSecrets: So, you are trying to switch now to the other side?
Former Identity Thief: Correct.
IdentityTheftSecrets: And so, you started this website idtsolutions.org?
Former Identity Thief: Yes.
IdentityTheftSecrets: And your goal there is to really help people figure out I mean, some of what we are doing with identity theft secrets, really help people to see what the issues are, what they need to be aware of and some possible solutions to help with the problem?
Former Identity Thief: Correct.
IdentityTheftSecrets: Is there anything you want people to know about that website?
Former Identity Thief: Well, on top of that; it is not like your basic just educating yourself on things that have been done on the past. I plan on taking like my status on the underground and using it on a positive way to actually inform people of things that are going to be happening in the future that they can look out for, that haven’t gone main stream yet to where it would be on the news of this happening or that happening. Kind of giving them preventive measures themselves, so they won’t have to worry about, oh yeah, I heard about that but that happened to me six months ago.
IdentityTheftSecrets: One question I wanted to ask you before too; does your wife know now what you do?
Former Identity Thief: Yes, she knows now.
IdentityTheftSecrets: I imagine that was a fun discussion?
Former Identity Thief: Well, she really; she really didn’t know how to take it. It was more or less like I can’t believe you did this but what are you going to do if this happens or that happens.
IdentityTheftSecrets: So then, now your plan is to try and use your status that you built up there to try and turn some things around for people?
Former Identity Thief: Yes, help them prevent it from happening to themselves.
IdentityTheftSecrets: Where do you see all of this going? I mean just too kind of wrap up here; how do you see people putting an end to identity theft?
Former Identity Thief: They have to honestly start getting on their senators and governors, because one thing that you would notice is the United States is where all the other countries target because the government and the banks really just don’t care. In other countries it’s just so much harder to get the information because of such more strict penalties and everything. Hopefully, people will voice enough concern to where they would actually start implementing things that are out there that can be used and put into effect and just, I guess, make them not just look at the money aspect of what is going to cost them now to what is going to save them later.
IdentityTheftSecrets: The number one thing, I think out of all of it, I mean when I look at it; the number one thing we can do is make our social security numbers less valuable.
Former Identity Thief: Yeah.
IdentityTheftSecrets: Because, I mean, you agree with me that social security number is like gold, right?
Former Identity Thief: Yeah. Once you have someone’s social security number that is their entire life and that is the other thing that makes it so easy in the United States; is that social security number for the hackers. Once they have that, they can pretty much do anything that they want with it. If they can come up with a new system, other than the social security number, that would be great. But I think they have relied on it for so many years that kind of come up with a new system; they just look at it as too much money out of their pocket.
IdentityTheftSecrets: So, the Federal Trade Commission has reports that ten million people are victims every year. So, there is about what, two hundred and fifty million people in the United States who are in buying age, right?
Former Identity Thief: Yes, about that.
IdentityTheftSecrets: And, the Federal Trade Commission receives reports that ten million people are becoming victims of some sort of identity theft, identity fraud? That is not a big enough…
Former Identity Thief: Yeah and the sad is that those are the only ones that are reported. There are plenty more that go on unreported, that most people don’t even realize that they are victims until it is too late.
IdentityTheftSecrets: So, if ten million people reporting, and who knows how many others not reporting is not enough to cause the government to make changes; where do you see all of this going?
Former Identity Thief: Very bad; that is why I opened the website and I look for other websites that are the same, because I mean, if we don’t educate the people and we don’t try to help them take their steps; who else is going to do it? Is about how I look everything on it; you can’t really rely on someone else to do something for you when you are not willing to do the steps yourself. So, it is just going to be, pretty much I am looking at it, is not going to get any better, it is going to get worse. I mean, if people would actually would take time and listen what people are saying about identity theft and listen to the message thatwe are trying to get across on; you have to be more secure, you have to be more cautious on what you do, then I can see the numbers going down dramatically, but the thing is, they have to be educated first before they know what not to do.
IdentityTheftSecrets: Simply by individuals educating themselves?
Former Identity Thief: Yes, unless the government is willing to set up and put something out there. I mean, the Federal Trade Commission talks about a few things on how to do this and how to do that, but how often do you see identity theft seminars at a local amphitheater or something or at a local conference on how to prevent things that could happen to you. How much identity theft awareness you see advertised on TV; you don’t really see it, they make jokes about it, like CitiBank and make it look like is funny but no one actually shows the real threat to everybody to make them want to set up and take the initiative to save their stuff.
IdentityTheftSecrets: But it seems like there are a lot of education programs out there, but at the end; like I mean, I watched “”To Catch an Identity Thief” and…
Former Identity Thief: I watched that as well but the sad thing about that was they didn’t target what the threats were. They targeted what the threats may have been a year ago, but they didn’t; they don’t cover what is now stuff. The stuff they put out there I mean, that was about a year ago; they have already done and moved on from most of what they were doing on there. That is like lost and dead and gone by now.
IdentityTheftSecrets: And the conclusion out of that to is; they say, you know, “”To Catch an Identity Thief,” that’s the title of the thing, right? As you know from watching it, no one is arrested out of that two hour special that they did. They flew all the way to Benin. No one spends anytime in jail out of the issue.
Former Identity Thief: Yeah, and that was mainly because they never actually really found the identity thief himself. They found the re-shippers, the person responsible for the re-shippers. Now, there are a lot of countries now that are stepping up and extraditing to the United States for them to stand trial. Back in 2004 the person who ran CarderPlanet, who was know as Scrip, he was set to stand trial in the US; as well as, Operation Rolling Stone there was someone by the name of Rayjack shipped to the US from Canada to stand trial. I mean, a lot more of the countries are making it more like a world wide law, but there is still some countries that just don’t care. It’s not happening to their citizens, why should they care?
IdentityTheftSecrets: Well, ultimately if I; let say I am in the Iranian government, I’m not too much of a fan of the United States government and people that live in my country set up a server and that server rips off Americans and pours money into Iran.
Former Identity Thief: Yeah, so they are all for it.
IdentityTheftSecrets: They have no reason not to let it run.
Former Identity Thief: Yeah. This is bringing revenue to them.
IdentityTheftSecrets: Alright, what I would like to do is stay in touch with you and obviously people who are listening to this call can ask questions using the comments right here on Identity Theft Secrets; do you have any closing thoughts for this call, we will have you back with Identity Theft Secrets, obviously I would like to know more specifically about certain kinds of schemes and that sort of thing. And if we can work together to share the info and get this out definitely would be, because I know a lot about the industry that I don’t know from an insider’s perspective and so it would be very good to have you back. Would you be willing to come back and do a call with Identity Theft Secrets?
Former Identity Thief: Yeah, sure.
Former Identity Thief: Go ahead.
IdentityTheftSecrets: No I was just going to say, just kind of closing out if you had any thoughts or anything you wanted to say kind of closing out here?
Former Identity Thief: The only thing I can really say to everyone is to make sure that would practice good security, I mean, there are a lot of free programs out there; I mean, there are ones that are offered all over the place. Like I mentioned before, [ZoneAlarm] offers a free personal firewall. The best thing you can do is; I mean, write to government officials, talk to your banks, press for them to actually look to what it is doing to their customers, instead of what is going to do to their pockets because in the long run, their customers keep getting hurt and they are going to leave anyway and the banks are going to loose even more money. So, just keep yourselves educated and try to stay on top of everything. Don’t trust anybody that you don’t know for the most part. That is like one of the golden rules in everything and from being inside of the business myself that I have learned. They will say anything or do anything to make you give them your information.
IdentityTheftSecrets: Well, thank you very much. Your website again is idtsolutions.org. We will have you back on identitytheftsecrets.com, thank you for taking a few minutes with us today.
Former Identity Thief: Alright, thank you.