For at least some time now I've wanted to write a book about identity theft (and a series of events that happen after that, but that is best left for another post at a later date). In fact, I've made a start - set up a couple of characters and written a chapter or two. The hurdle I am facing is not so much what happens after our heroine has her identity stolen, but more so how this might happen in such a way as to be believable. The book will be set in NSW, and I have done some research about exactly how this particular character might have her identity re-created by her attackers. Of course it relies on the premise that these would-be attackers can get their hands on some information, and originally this was to be in the form of a filofax-style diary. The problem is that it felt to me to be a really clumsy tool. For starters, our heroine is a mid-twenties, fairly senior, professional type. Now I don't know about you, but I don't know too many people in that age-group who carry that style of diary, and even if they did they are highly unlikely to have written their drivers licence number (and, presumably, other important numbers) in it. So how can our heroine 'lose' this info?
Rewind to a course I did here in Canberra a few weeks ago. One of the guys attending the course with me got a phone call from a book shop during the class, saying that his order had come in. In the interest of making polite conversation, and because I'm always curious to know what other people (especially techie types) are reading, I asked him what the book was. He told me it was Kevin Mitnick's book "The Art of Deception". Kevin Mitnick, of course, is billed as one of the world's most notorious hackers. The term 'hacker' here is a bit of a misnomer by the common meaning of the word. Mitnick used computers only as the last port of call, preferring to get as much information by simply phoning his targets and asking them for it. Of course, me being the sort I am, I called up Amazon.com that night and placed an order for Mitnick's book (and it's sequel) immediately.
The books arrived last week, and I've been busy poring through them ever since. Although "The Art of Deception" is billed as a manual for corporations to avoid being the victim of a social engineering attack, it is just as easy to read the book as a Social Engineering How To Guide. In fact, I must confess to skipping over quite a few of the bulleted lists of "How to Avoid this Style of Attack..." for fear of nodding off.
Anyway, the point of the story is this - I have discovered how my poor heroine is going to get her information stolen - and it's going to be nothing so pat as losing a diary! No, she is going to have someone ring up and ask for it - Mitnick style!
Now to take an axe to the 3000 words I had down ...
"The Art of Deception: Controlling the Human Element of Security" by Mitnick, K.D. and Simon, W.L.
My copy published 2002 by Wiley Publishing, Indiana.
"The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers" by Mitnick, K.D. and Simon, W.L.
My copy published 2006 by Wiley Publishing, Indiana.
More information on Kevin Mitnick: