Disgruntled Employees Outdo Terrorists

Two articles on the Brand Killer Robots blog drew my attention. Not because the data offered anything new, but that Stephen Ryan was able to create a bot to clearly show that insiders, employees, and former employees are the most likely to launch cyber attacks.

Raps BOT : Predicts Insider Cyber Terrorism Threat HIGH

Raps Bot : Sniper Attack Methods – Number 1 Cyber Terrorism Threat

UK & Ireland Databases


www.businesspro.ie  for litigation in Ireland

Corporate Filings

www.companieshouse.gov.uk  for companies registered in the UK.
www.cro.ie  for companies registered in Ireland
www.fsc.gov.im  for companies registered in the Isle of Man.
Corporate Filing Searches on the British Islands


www.equifax.co.uk.  for credit reports.
www.experian.co.uk.  for credit reports.
www.insolvency.gov.uk  for insolvency search.
www.hpi.co.uk  for vehicles and boats and other licensed transport subject to any financing contract. Use the section of the site entitled “HPI Check “.

Land Registry Data

www.landregistrybusiness.gov.uk  for land registered in England and Wales.
www.ros.gov.uk/public/services/index.html  for land registered in Scotland.

UK to Axe Identity Card Scheme

National identity card schemes usually end badly for somebody, usually the average citizen. These overpriced schemes usually assist death-by-government programmes or become one point of failure that usually fails through corruption and/or criminal action.

Identity cards scheme will be axed ‘within 100 days’

The National Identity Card scheme will be abolished within 100 days with all cards becoming invalid, Home Secretary Theresa May has said.

Copyright as an Asset – UK

A copyright may represent a substantial asset for a person or company. The UK does not have a formal copyright registration process as in the U.S.A. — in the UK, creating the work creates the copyright.

The British National Bibliography (BNB) is the single most comprehensive listing of UK titles. UK and Irish publishers are obliged by law to send a copy of all new publications, including serial titles, to the Legal Deposit Office of the British Library; hence, the BNB is a list of copyright registrations. The British National Bibliography, was originally a weekly catalog which which became a  reference for book selection, cataloging, and for retrieval.

A Free BNB Web service to be launched in January 2009 will make the BNB available through the British Library Integrated Catalogue web pages. At that time, the CD-ROM version of BNB will be withdrawn. The current consolidated catalogues available on the BL website certainly correspond to a large part to the BNB. The British Library Automated Information Service (BLAISE), allowed a BNB search back to 1950, but I do not know if those catalogue records were transferred to the current BL website’s Integrated Catalogue, but it appears that the the new Web service will include these records.

Faked-Death & Impersonation-of-the-Dead Fraud

We have all heard of the faked-death scams to defraud insurance companies, escape prosecution, or to start over. The latter always happens in the aftermath of mass-casualty events like train wrecks, fires, and terrorist attacks. But what about the reverse — pretending to be somebody who has died?

This is not uncommon simply because it is so difficult to uncover the truth of someone’s identity and it has been so throughout my thirty years of Canadian experience.

In Canada, registering deaths is a provincial responsibility. The national vital statistics death registration system run by Statistics Canada does not include the deceased’s name or date of birth. There are no public search facilities for determining if the identity that you are presented with is that of a dead person.

In the U.S.A., the Social Security Administration Death Master file includes 98% of deaths of persons who participated in the Social Security program. This is may be searched at several internet sites.

In the UK, Smee & Ford Limited created a database called Mortascreen, which was used to screen direct mail lists for deceased people. This data was augmented and is now used as the foundation for Halo, a database that covers 85% of the deaths occurring annually in the UK. It is updated monthly and includes historical data to make it useful for verifying a person’s identity.

According to the UK’s Fraud Prevention Service, CIFAS, since 2001, impersonation of the dead is Britain’s fastest growing identity theft crime. The latest research suggests the problem has been under-stated by 3.5 times and revised statistics now indicate that 70,000 families experienced the pain of discovering their loved one had been impersonated after their death, to open accounts such as credit cards and loans.

According to the Home Office figures on crime in England and Wales in Jan 2003, “Between April 2000 and March 2001, the passport agency detected 1,484 fraudulent applications of which 301 used the identities of the deceased.”

I suspect that Canada may have a problem with this type of identity theft, but there is no way of knowing the extent of the the problem.

Privacy versus Security

Current privacy regimens are just that — they try to keep information from being disclosed. Unfortunately, the people who brought about these regimens did not understand the difference between privacy and security of the transaction.

Securing the transaction is a three part process of Identification, Authentication and Authorisation. You cannot have authentication without identification and you can’t have authorisation without authentication. Privacy regimens make Identification difficult, and Authentication nearly impossible.

In the UK, they want to create one trusted system to provide the identification in a new national Identification Card. This sounds good, but it will not work. This approach creates one point of failure that does not provide any alternative and independent methods of authentication. Once an offender has compromised or tricked the system, it will no longer be trustworthy, yet no alternative will exist to protect the transaction. This is an Identity based system not an Authentication based system. In this system, once you establish your identity no authentication is required.

It seems to me that the privacy advocates are jockeying for a position as privacy guardians who will produce your identity and eliminate the “need” for authentication.  Am I the only one who sees the dangers of this?

As an Investigator, I try to find corroborating evidence and  fact check everything possible, especially the identity of the people involved. How will I  legally do that as this oppressive culture of privacy becomes entrenched? How will businesses conduct transactions when they are prevented from properly authenticating the identity of their customers?