|
 |
 |
| Victims of cyber hacking in Iowa brace for ID theft |
|
| www.desmoinesregister.com |
|
2/24/2010 -
An unsettling image has tormented state Sen. William Dotzler Jr. ever since he learned a hacker, possibly from China, broke into a state database containing his personal information.
"I am very concerned, especially knowing they have my name and birth date and Social Security number," he said. "It is very easy to fill out a credit card application. I imagine there is going to be some guy in China sitting in front of a brand-new plasma TV set, saying, 'Thank you, Mr. Dotzler.' "
Dotzler, a Waterloo Democrat, is a board member of the nonprofit Black Hawk County Gaming Association, a partner of the Isle Casino in Waterloo. He is among 80,000 people whose information in the licensing database of the Iowa Racing and Gaming Commission was compromised last month.
The Federal Bureau of Investigation and the Iowa Division of Criminal Investigation have confirmed to The Des Moines Register they are seeking details of the Jan. 26 incident. State officials suspect the hacking originated in China, although they aren't sure because cyber bandits often disguise their tracks.
"It is being looked at ... by our Cyber Crime Task Force," said FBI spokeswoman Sandy Breault in Omaha. The FBI is at the forefront of a national effort to investigate and prosecute soaring incidences of cyber crimes often linked to China, Russia and other countries.
The Iowa Racing and Gaming Commission's licensing database was hacked while the state-owned Iowa Communications Network performed routine Internet maintenance. As routers were being replaced, circuits were inadvertently routed around a fire wall. The database was subsequently compromised because security software patches hadn't been properly installed by a private contractor, state officials said.
The database includes names, addresses, dates of birth and Social Security numbers of current and former employees of Iowa's casino and racetrack industry, such as card dealers, cocktail servers, slot machine technicians and horse trainers, including some who haven't worked in the industry for a decade.
The attempt to break into the commission's database was not a surprise. Every day, the state defends against attacks on its computer networks, officials said.
State systems reject up to 225,000 malicious attacks out of 2.2 million visits to the state's Web sites every day. E-mail filters reject up to 98 percent of 9 million e-mails because of malicious software. Fire walls block up to 900,000 unauthorized access attempts.
Computer hackers seek to make easy money, relying upon peoples' mistakes, said Doug Jacobson, director of Iowa State University's Information Assurance Center. That's probably the case with the commission's database, he said.
"My guess is that whoever got this information was not a rocket scientist. They got lucky," Jacobson said. "Somebody was walking by the door when the door happened to be unlocked."
State Sen. Randy Feenstra, a Hull Republican, said he's concerned because he's seen the impact of identity theft.
As Sioux County treasurer, he saw cases where undocumented immigrants had stolen identities of law-abiding people, he said.
So far, none of the 80,000 people on the gaming commission's database has reported identity theft, but the commission's staff has fielded many questions from those involved, said administrator Jack Ketterer.
The hacked database was on a secure internal server on a private network that wouldn't normally be publicly accessible, said Robert Bailey, a spokesman for the Iowa Department of Administrative Services. Since the incident, the commission's computer systems have been strengthened, Bailey said.
People whose information was compromised have every reason to worry, said Mari Frank, a lawyer from Laguna Nigel, Calif. "The sky is the limit as to what could happen."
Even if the hacker doesn't open new credit accounts, names and personal data could be sold on the black market. Criminals can also use such information to obtain government benefits and medical care, she said.
"I have talked with people who don't even have health insurance who found out that somebody got new boobs in their name," Frank said.
Frank knows firsthand about identity theft. She had $50,000 of credit stolen in her name in 1996 after a legal secretary with a different law office obtained her personal information. Her second book about identity theft will be published in May.
Gary Lucas of Indianola, a horse breeder and former chairman of the Prairie Meadows board, said he had a sinking feeling when he learned a database with his information had been breached.
"My first reaction was, 'What in the world is this going to amount to?'" Lucas said. He contacted his credit card companies.
"What is troubling about this is that they could start stealing identities for a few people, and then kind of sit back and wait awhile and start again when you are not suspecting," Lucas said.
Lucas' concerns are valid, said Paul Stephens, director of policy and advocacy for the San Diego-based Privacy Rights Clearinghouse, which tracks the intersection of technology and privacy.
"In many situations the hacker will retain the information and not use it immediately because they know that individuals are sort of on high alert right after an incident occurs," Stephens said.
Chinese state media reported earlier this month that police in central China shut down a hacker organization that recruited thousands of members online and provided them with cyber attack lessons and malicious software, according to the Associated Press.
The crackdown came amid growing concern that China is a center for Internet crime and industrial espionage.
No Iowa business or organization is too small to be targeted, said Dave Nelson, president of the Des Moines Chapter of the Information Systems Security Association.
"It used to be that most of the people who did this were lone wolves, or small groups of two or three. Now it is much more organized," said Nelson, who is also president of Integrity Technology Systems Inc., Des Moines. "It is getting much more sophisticated and harder to keep up with."
|
|
|
|
