Companies hire ‘thieves’ to test security

This version of Wbna10281825 - Breaking News | NBC News Clone was adapted by NBC News Clone to help readers digest key facts more efficiently.

The Federal Trade Commission reports that nine-to-ten million Americans will be victimized by identity theft annually. But there is help for companies that want to test the effectiveness of their own safeguards against ID theft. NBC's Tom Costello reports.

SHARE THIS —
By Tom Costello

Jim Stickley is a paid thief. The tools of his trade are the tools of a con man: fake uniforms, fake IDs, a pile of fake fire inspector badges bought on the Internet. He also has the gadgets of a computer hacker.

“People are gullible,” Stickley says. “People will do pretty much anything under the right circumstances."

But Stickley is no criminal. He's part owner of Trace Security and is hired by companies to test how well their employees guard supposedly secure computer databases that hold millions of customer identities.

For many companies, servers represent their entire infrastructure. They hold account information, financial data, Web hosting — the crown jewels for many companies.

That data can be so sensitive, GMFS Mortgage in Baton Rouge, La., hired Stickley's company to test its employees. They passed.

“We've got to be proactive,” says Terrell Brown Jr. of GMFS Mortgage. “This is people's financial information that we're dealing with. So we have to stay ahead of the people who are going to try to get this information.”

On one day, Stickley and a partner posed as fire inspectors to test the staff at a chain of West Coast banks. After smooth-talking their way in, they had plenty of time to attach wireless transmitters to computers and snap photos of customer files.

“They never doubted us for a second,” Stickley says.

Recommended

Middle East ConflictArrests, hostage talks and a gag order: Gaza leak scandal sends shock waves across Israel

No one in the bank ever questioned their fire inspector credentials. They were escorted around the server room but had free access everywhere else. Stickley says he’d give that bank a grade of seven, out of 10.

“They did great on the server room,” he says. “They failed on protecting the documents in the file room.”

Stickley found open files, open teller computers and open data.

“Confidential information,” Stickley says, “Social Security numbers, credit card numbers, names, addresses, all the stuff you don't want people to have.”

In a week, the bank and its employees will get a full report on the breach — and how they can prevent a real thief from getting in, by which time Stickley will be running the test somewhere else.

Tom Costello

Stay informed with daily digest and insights from NBC News Clone. We repackage top headlines for our global readers.

×
AdBlock Detected!
Please disable it to support our content.

Related Articles

Donald Trump Presidency Updates - Politics and Government | NBC News Clone | Inflation Rates 2025 Analysis - Business and Economy | NBC News Clone | Latest Vaccine Developments - Health and Medicine | NBC News Clone | Ukraine Russia Conflict Updates - World News | NBC News Clone | Openai Chatgpt News - Technology and Innovation | NBC News Clone | 2024 Paris Games Highlights - Sports and Recreation | NBC News Clone | Extreme Weather Events - Weather and Climate | NBC News Clone | Hollywood Updates - Entertainment and Celebrity | NBC News Clone | Government Transparency - Investigations and Analysis | NBC News Clone | Community Stories - Local News and Communities | NBC News Clone