Review: "ID Fraud: They Stole my Life"
By davew on Feb 02, 2007
On Wednesday night, BBC1 broadcast an interesting documentary about "ID theft" (when it comes to "Identity fraud" as a concept, I'm with Ross Anderson).
As the title suggests, it was rather sensationalist in parts, particularly in the running commentary - however, it did feature some excellent sections where officers from Surrey Police, the Metropolitan Police and the City of London police shared their wisdom and allowed the film crew to accompany them on a couple of searches and arrests - with faces obscured where necessary. The piece on cash machine skimmers and PIN-pad cameras was particularly interesting.
The commentary was misleading on a particular point in these sections, though - there isn't an "identity unit" in these police forces, it's the cheque and credit card fraud unit who were doing their stuff.
While the dustbin-diving efforts in Surrey were covered well - and it even surprised me to see how many receipts still contain a full card number rather than the more common row of asterisks with last three or four digits - I was a little disappointed not to see more details on the measures people can employ to prevent such issues. The shredder which was briefly shown churning out shreds wasn't even a cross-cut model, and for folk who don't want to splash out on such a device, putting your sensitive papers in a suitable metal bin / brazier and setting fire to them is unsurprisingly effective.
However, the section where the ethical hackers went wardriving was very disappointing. Having an open wireless access point allows people to steal your bandwidth, not your identity - at least, if you're sensible regarding the way your computers are set up. While they said that "the best way to protect your identity is to keep your anti-virus software updated" (and doing this may have some merit, admittedly) there was no mention of:
- hardening your system
- keeping your OS patches up to date
- keeping your application versions up to date
- using a firewall
- running your tools as a relatively-unprivileged user
- not using IE - and, in fact, avoiding Microsoft products in general
- turning your computer off, or otherwise disconnecting it from a network, when you're not using it
I'd expect this programme to be repeated on BBC3 or BBC4 at some point in the near future, so if you missed it first time round (as many of my UK-resident security geek pals did), it's worth a watch - just don't get hot under the collar about the advice from non-police sources...