Who Stole Your Identity?

Manhattan District Attorney Cyrus Vance Jr. says today’s cybercriminal is yesterday’s chain-snatching street hustler.

Manhattan’s DA wants city-dwellers to watch out for digital pickpockets.

Photo illustration by Lisa Larson-Walker. Photos by Thinkstock.

Manhattan District Attorney Cyrus Vance Jr. appeared on Charlie Rose this week to talk about the priorities he has set for his team since taking office at the beginning of 2010. Vance discussed his handling of the Dominique Strauss-Kahn case, which ended in all charges being dropped; his decision to create a “conviction integrity unit” that would reinvestigate old cases; and his office’s record of going after youth gangs, which he said had led to a drop in Manhattan’s homicide rate.

One intriguing figure Vance shared was that a third of all of the felony cases his office investigates are related to cybercrime and identity theft. “It’s a tsunami,” Vance said. “It has changed our practice significantly.” (A spokeswoman for the DA told me in an email Friday that the latest numbers indicate the proportion of felonies that fall under the cybercrime umbrella is more like 3 in 10.)

In a recent New York Times Magazine profile, Vance said that Manhattan sees between 200 and 300 cybercrime complaints per month and that when Vance replaced Robert Morgenthau as DA five years ago, he made identity theft a priority because it was one of the few kinds of crime that was actually on the rise.

So who is committing all these cybercrimes? On Charlie Rose, Vance argued that it was the same people who, in a previous era, would have been “selling drugs or snatching chains on 42nd Street.” “They’ve gone off the street and into identity theft because it’s safer, cheaper, and more remunerative,” he said. (Vance added that these thieves then sell their goods to “a very intelligent group of criminal players” based mainly in Eastern Europe.) Examples of cybercriminals who have been convicted in recent years include a pair of employees from Pret A Manger who stole credit card numbers from customers; a professional identity thief who collected credit card information by recruiting servers at popular Manhattan steakhouses; and a group of thieves who stole personal information by simply pickpocketing people.

That American cybercriminals are converted street hustlers who have learned how to use computers and hooked up with Eastern European hackers is not a trivial or self-evident point—and suggests that the traditional dichotomy of “white collar” vs. “blue collar” crime is not particularly useful when talking about identity theft and online fraud.

Research on cybercriminals is still in its infancy, but what’s out there suggests they’re a varied group. Marcus K. Rogers, director of the Cyber Forensics & Security Program at Purdue University, laid out a taxonomy of offenders in 2010, featuring seven distinct but overlapping types:

—“script kiddies” who are motivated by “immaturity, ego boosting, and thrill seeking.” Rogers says they tend to be “individuals with limited technical knowledge and abilities who run precompiled software to create mischief, without truly understanding what the software is accomplishing ‘under the hood.’ ”

—“cyber-punks” who “have a clear disrespect for authority and its symbols and a disregard for societal norms.” According to Rogers, “they are driven by the need for recognition or notoriety from their peers and society,” and are “characterized by an underdeveloped sense of morality.”

—“hacktivists” who, in Rogers’ estimation, might just be “petty criminals” trying to “justify their destructive behavior, including defacing websites, by labeling [it] civil disobedience and ascribing political and moral correctness to it.”

—“thieves,” who are “primarily motivated by money and greed” and are “attracted to credit card numbers and bank accounts that can be used for immediate personal gain.”

—“virus writers,” who tend to be drawn to “the mental challenge and the academic exercise involved in the creation of the viruses.”

—“professionals,” who are often ex-intelligence operatives “involved in sophisticated swindles or corporate espionage.”

—“cyber-terrorists,” who are essentially warriors, often members of “the military or paramilitary of a nation state and are viewed as soldiers or freedom fighters in the new cyberspace battlefield.”

What the individuals who fall into these categories would have been doing before the advent of the internet—what kinds of crimes they might have been committing, whether they would have turned to crime at all—is difficult to know. But Vance’s comments on Charlie Rose suggest he is inclined to view cybercriminals not as members of a unique group, but rather as a modern update on a type of wrongdoer who has always existed in one form or another.    

You can watch the first 20 minutes of the Charlie Rose interview at Businessweek, or catch it Friday at 10 p.m. on Bloomberg TV.