DESCRIPTION
The first two books in the “Stealing” series presented the stories of numerous criminal hackers as they deftly attacked networks around the world for profit, revenge, or just because they could. In this third installment, the criminal hackers apply their trade to create new identities and ultimately new lives for themselves to avoid being apprehended by local, federal, and international law enforcement agencies. The book will detail criminal, bleeding edge techniques for stealing or creating social security numbers, passports, bank accounts, credit card accounts, driver’s licenses, birth certificates, and more. The book will also portray the actions of federal law enforcement agents as they conduct forensic investigations of the cyber crime scenes and attempt to penetrate the clandestine world of criminal hackers.
KEY
SELLING POINTS
- The first two books in the series were best-sellers and have established a cult following within the Hacker and Infosec communities.
- Identity theft is the fastest growing crime in the world, and financial loss from identity theft is expected to reach $2 trillion by the end of 2005.
- All of the authors on the book are world renowned, highly visible information security experts who present at all of the top security conferences including Black Hat, DefCon, and RSA and write for the most popular magazines and Web sites including Information Security Magazine, and SecurityFocus.com. All of these outlets will be used to promote the book.
MARKET
INFORMATION
According to 2 studies done in July, 2003 (by Gartner Research and Harris Interactive), approximately 7 million people became victims of identity theft in the prior 12 months. That equals 19,178 per day, 799 per hour, 13.3 per minute. The incidence of victimization increased 11-20% between 2001-2002 and 80% between 2002 -2003. Victims now spend an average of 600 hours recovering from this crime, often over a period of years. Three years ago the average was 175 hours of time*, representing an increase of about 2470%. Based on these studies, today the business community loses between $40,000 - $92,000 per name in fraudulent charges, based on reported fraud losses seen by surveyed victims. Overall Financial loss from identity theft is expected to reach $73.8 billion in the United States by the end of this year -- $221.2 billion worldwide, reports Aberdeen analysts in a study released this week. The current trajectory -- based on a 300 percent compound annual growth rate -- has the figures reaching $2 trillion by the end of 2005.
ABOUT
THE AUTHOR
Timothy Mullen (aka Thor) began his career in application development and network integration in 1984, and is now CIO and Chief Software architect for AnchorIS.Com, a developer of secure enterprise-based accounting solutions. Tim is also a columnist for Security Focus' Microsoft section, and a regular contributor of InFocus technical articles.
Ryan Russell (aka Blue Boar) has worked in the IT field for over 13 years, focusing on information security for the last seven. He was the lead author of Hack Proofing Your Network, Second Edition (Syngress, ISBN: 1-928994-70-9), contributing author and technical editor of Stealing The Network: How to Own The Box (Syngress, ISBN: 1-931836-87-6), and is a frequent technical editor for the Hack Proofing series of books from Syngress. Ryan was also a technical advisor on Snort 2.0 Intrusion Detection (Syngress, ISBN: 1-931836-74-4). Ryan founded the vuln-dev mailing list, and moderated it for three years under the alias "Blue Boar." He is a frequent lecturer at security conferences, and can often be found participating in security mailing lists and website discussions. Ryan is the QA Manager at BigFix, Inc.
Riley "Caezar" Eller has extensive experience in Internet embedded devices and protocol security. He invented automatic web vulnerability analysis and ASCII-armored stack overflow exploits, and contributed to several other inventions including a pattern language for describing network attacks. Mr. Eller's credits include the Black Hat Security Briefings and Training series, "Meet the Enemy" seminars, "Hack Proofing Your Network: Internet Tradecraft", and the "Caezar's Challenge" think tank. As creator of the Root Fu scoring system and as a founding member of the only team ever to win three consecutive DEFCON Capture the Flag contests, Caezar is the authority on security contest scoring.
Jay Beale is a security specialist focused on host lockdown and security audits. He is the Lead Developer of the Bastille project, which creates a hardening script for Linux, HP-UX, and Mac OS X, a member of the Honeynet Project, and the Linux technical lead in the Center for Internet Security. A frequent conference speaker and trainer, Jay speaks and trains at the Black Hat Briefings and LinuxWorld conferences, among others. Jay is a columnist with Information Security Magazine, and is Series Editor of Jay Beale’s Open Source Security Series, from Syngress Publishing.
FX of Phenoelit has spent the better part of the last few years becoming familiar with the security issues faced by the foundation of the Internet, including protocol based attacks and exploitation of Cisco routers. He has presented the results of his work at several conferences including DEFCON, Black Hat Briefings, and the Chaos Communication Congress.
Chris Hurley is a Principal Information Security Engineer working in Washington DC on vulnerability assessments, penetration testing, forensics, and incident response on both wired and wireless networks. He is the organizer of the WorldWide WarDrive and has been the subject of several interviews and stories regarding the WWWD. Chris is a primary organizer of DefCon and the DefCon WarDriving Contest.
Johnny Long has spoken on network security and Google hacking at several computer security conferences around the world including SANS, Defcon, and the Black Hat Briefings. During his recent career with Computer Sciences Corporation (CSC), a leading global IT services company, he has performed active network and physical security assessments for hundreds of government and commercial clients. His website, currently the Internet's largest repository of Google hacking techniques, can be found at http://johnny.ihackstuff.com.
Dr. Eric Cole is currently chief technology officer (CTO) and chief scientist at The Sytex Group, Inc. (TSGI), specializing in advanced technology research. Eric is a highly sought-after network security consultant and speaker. Eric has consulted for international banks and Fortune 500 companies. He also has advised Venture Capitalist Firms on what start-ups should be funded. He has in-depth knowledge of network security and has come up with creative ways to secure his clients’ assets. He is the author of several books, including Hackers Beware: Defending Your Network from the Wiley Hacker and Hiding in Plain Sight. Eric holds several patents and has written numerous magazine and journal articles. Eric worked for the CIA for more than seven years and has created several successful network security practices. Eric is a member of the Honeynet Project and the CVE Editorial board; both are invited positions. Eric presents at a variety of conferences, including SANS, where he helped create several of the courses. Eric has appeared in interviews on CBS News, “60 Minutes,” and CNN.
Tom Parker is a computer security analyst who, along side his work for some of the world’s largest organizations, providing integral security services is widely known for his vulnerability research on a wide range of platforms and commercial products. His more recent work includes the development of an embedded operating system, media management system and cryptographic code for use on digital video band (DVB) routers, deployed on the networks of hundreds of large organizations around the globe. In 1999, Mr. Parker helped form Global InterSec LLC, playing a leading role in developing key relationships between GIS and the public and private sector security companies.
Brian Hatch is a UNIX/Linux security consultant, administrator, and expert hacker with Onsight, Inc. He has taught various courses at Northwestern University and is the co-maintainer of Stunnel, a widely used secure SSL wrapper. He is the lead author of the first edition of Hacking Exposed Linux.
TECHNOLOGY
BACKGROUND
Identity theft is the deliberate assumption of another person's identity, usually to gain access to their credit or frame them for some crime. Less commonly, it is to enable illegal immigration, terrorism, espionage, or changing identity permanently. It may also be a means of blackmail, especially if medical privacy or political privacy has been breached, and revealing the activities undertaken by the thief under the name of the victim would have serious consequences like loss of job or marriage.
Identity theft is usually the result of serious breaches of privacy. Except for the simplest credit cases, it is usually not possible without breakdowns in:
• customer privacy, in which case the consequences may be limited to fraud on one corporation, typically the one that leaked the data in the first place, e.g. account numbers.
• consumer privacy, more serious, where credit card numbers or other generally-useful identity is stolen and used much more widely.
• medical privacy enabling one to alter biometrics stored on the victim, and thus very effectively impersonate them even through secure points.
• client confidentiality and political privacy, making it easy to effectively impersonate someone, by using confidential information that an ordinary impersonator would not have access to. |
