Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- D5.1: A survey on legislation on ID theft in the EU and….
- D5.2: ID Fraud Workshop.
- D5.2b: ID-related Crime: Towards a Common Ground for Interdisciplinary Research.
- D5.2c: Identity related crime in the world of films.
- D5.3: A Multidisciplinary Article on Identity-related Crime.
- D5.4: Anonymity in electronic government: a case-study analysis of governments? identity knowledge.
- D6.1: Forensic Implications of Identity Management Systems.
- D6.5/D6.6: Second thematic Workshop forensic implications.
- D6.7b: Workshop on Forensic Profiling.
- D6.7c: Forensic Profiling.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
Mapping the three categorisations
The relationship between attacks on identification systems, types of identity-related crime, and legal provisions is complex. This becomes immediately apparent when trying to map the conceptual, technical, and legal categorisations on each other. A many-dimensional structure is required to adequately represent the complex relationships, which is not possible on two-dimensional paper. We will confine ourselves to illustrating the interrelations in a far-from-exhaustive table, mapping the attacks on identification to types of identity-related crime and legal provisions. For the latter category, it should be realised that actual punishability depends on the national context and the actual specifics of the case. Further note that the modus operandi mentioned does not necessarily fulfil all the requirements of the crime category; often, it concerns the preparation of identity ‘theft’ by collecting data, not necessarily leading to identity ‘theft’ itself, which, in our definition, involves the use of such data.
Type of attack | Example of modus operandi | Type of identity-related crime | Legal provisions | Comment |
T1 | Social engineering | - (preparation of identity ‘theft’) | preparation of fraud; privacy infringement; imposture; identity theft (US) | Using a plausible case and role context, authentication data is taken from members in organisations |
T1 | Phishing | - (preparation of identity ‘theft’) | preparation of fraud; intellectual-property infringement; preparation of identity theft (US) | Use of fake email messages, sms, etc., to make users enter identification data on faked websites |
T1 | Generation of an alibi for an identical twin | unlawful identity exchange | obstructing a criminal investigation; perjury; criminal identity theft (US) |
|
T1 | Destroying a passport | identity deletion | damage to official documents |
|
T2 | Dumpster diving | - (preparation of identity ‘theft’) | - | Usually not unlawful as such |
T3 | Generation of credit-card information for non-existing credit cards | unlawful identity creation | preparation of fraud | Online-payment was possible, though no corresponding bank account existed, before the current additional validation number was introduced and used |
T3 | Generation of faked serial numbers of ID documents | unlawful identity creation | preparation of forgery | This is used for example to prove one’s age in the context of Internet transactions |
T3 | Usurpation of office, false assumption of authority | unlawful identity creation | imposture; fraud; identity theft (US) |
|
T4 | Viruses installing a key logger | - (preparation of identity ‘theft’) | data interference; hacking; illegal interception of communications | Logged authentication data are used to perform identity theft |
T4 | Readout of authentication data | - (preparation of identity ‘theft’) | fraud; imposture; identity theft (US) |
|
T5 | Pharming | - (preparation of identity ‘theft’) | hacking; data interference; preparation of fraud; intellectual-property infringement; preparation of identity theft (US) | Altering domain-name information to attract victims to fake websites. |
T6 | installing a root kit | - (preparation of identity ‘theft’) | hacking; data interference; preparation of fraud; preparation of identity theft (US) | Root kits can be used to report certain kinds of data to their master. |
T7 | Installing a hardware key-logger | - (preparation of identity ‘theft’) | trespassing; hacking; illegal interception |
|
T8 | Stealing a USB stick | - (preparation of identity ‘theft’) | theft |
|
T9 | Using someone’s home WiFi network to send hate speech under that person’s name | identity ‘theft’ | hate speech; illegal access; imposture; slander; criminal identity theft (US) |
|
T10 | Spoofing DNS system to redirect to phishing site | - (preparation of identity ‘theft’) | hacking; data interference |
|
T11 | Spoofing of biometric sensor without co-operation of the original identity bearer | identity ‘theft’ | fraud; forgery; imposture; identity theft (US) |
|
T11 | Man-in-the-middle attack | identity ‘theft’ or preparation thereof | imposture; data interference; illegal interception; hacking |
|
T12 | Denial-of-service attack on bank’s website | identity obstruction | computer sabotage |
|
T13 | Wrong death notice in a public paper | unlawful identity deletion | slander |
|
T13 | Manipulation of reference data in identity management systems | - (preparation of identity ‘theft’) | forgery; preparation of fraud; data interference |
|
T14 | Installing key logger at webshop to intercept credit-card numbers | - (preparation of identity ‘theft’) | hacking; data interference; illegal interception; preparation of fraud |
|
T15 | Passing along of authentication data by members of organisations to outsiders | unlawful identity delegation | aiding and abetting fraud; identity theft (US) |
|
T16 | Use of personal data of dead persons | unlawful identity restoration; identity ‘theft’ | fraud |
|
Table 1: Types of attack and corresponding concepts and legal provisions
It is equally relevant to draft similar tables that map the concepts to attacks and legal provisions, and that map legal provisions to the concepts and attacks, but that exceeds the scope of this article.
The relevance of this exercise is that it shows the multi-facetedness of identity-related crime, which is a key insight in the fight against this form of crime. The table shows that many attacks exist in stage 1 (see beginning of section 5), the preparatory stage in which identity data are collected or created, which can subsequently be used in a stage 2 attack on an identification system in order to attain some unlawful goal. In combating identity-related crime, focusing on stage 1 activities is therefore equally important as, if not more important than, focusing on the unlawful use of identities. This brings us to the final question of our article: how can the three categorisations help in devising strategies for combating identity-related crime?
10 / 12 |