Information security is just like the sewage system: you don’t notice anything until it goes wrong. The hackers that I have spoken to say that it is not if an organisation is hacked, but when. Hackers can force their way into an organisation’s IT infrastructure on the Internet in three of the four security tests.
When information is leaked, it is not only companies who face damage, but citizens as well. The phenomenon of identity fraud has major consequences that often last for years. The victims that I spoke to initially believe that the problems would be solved very quickly as they themselves had not done anything wrong. Still, some victims had to pay the debts and for things of people that they did not even know while others lost their jobs. About fifty people come into contact with the police or with the legal system every day because of identity fraud. With only a copy of your passport, people can do all sorts of things under your name as so many organisations accept copies on the internet as proof of your identity. How can you then prove that you did not close a contract or purchase agreement if all traces lead to you?
While you should not allow others to copy your ID, many companies require copies and most people simply do not know that this is illegal. If you wish to become a member of something or want to rent a machine, many companies still make a copy of your ID. And you do not hear the consumer complaining. It is only when they have problems that they see the consequences that a simple copy can bring. One example is Linda, whose details were used by an unknown person. She had to pay for telephone contracts that she never purchased. All in all, she was 11,000 Euro in debt which was not of her making. She suffered psychological problems because she was constantly dealing with bailiffs.
Another person who I spoke to, Boudewijn, was arrested for drugs. He thought that it was a mistake, but it turned out that someone had rented premises using his passport and had planted marijuana. It took Boudewijn more than two years to prove his innocence and he was treated as a criminal all that time. He was even turned away from doing voluntary work because he had a police record, even long after it was clear that his was a case of identity fraud.
When I give lectures, I am always surprised about many participants' naivety. Many think that they are not an interesting ‘target’, while we know that hackers are not choosy. The good thing is the reactions after the lecture – people admit en masse that they do many things badly. And then they put these things right. They make up better passwords, they remove digital copies from their computers, they remove their date of birth from facebook, they do not click away updates of little used programmes because they then understand that without these updates their computers are as leaky as a sieve. And they no longer say that I may know everything there is to know about them because they have nothing to hide. This is what made me start on research for ‘Komt een vrouw bij de hacker’ in the first place, but now I know that even ‘good’ citizens have enough to hide if they do not want to become victims.