Meeting Jane and John Doe: Ficticious
People and Their "All Too Real" Exploits
Meeting Jane and John Doe:
Ficticious People and Their "All Too Real"
Exploits
by Noell Letourneau
Abstract
The use of ficticious people as a tool of deception
has occured since the dawn of man. A formal definition of the attack
method is "impersonations or false identities that are used to bypass
controls, manage perception, or create conditions amenable to attack"
[2]. Creation of a ficticious person is quite easy due to the abudance
of services that offer false identification cards, birth certificates,
green cards, etc. Also, many web-based sites include user profiles that
make it easy to create a ficticious identity. There are many incidents
that have occured in the past few years that involve the use of
ficticious people as an attack method. The events not only show the
clear connection between information systems and the attack, but also
showcase associations between this attack and other known threat/attack
profiles. Effects on the victims of this type of attack can be
devastating, particularly financially and/or psychologically. The
Internet has aided the development of this attack by making it easy to
create fictional identites using the profiles or services discussed
above. Fictional identities may also be used for good, although that is
often not the case. Finally, while the problem is continuing to
escalate, there are some major efforts underway to help prevent these
attacks from happening, particularly in the FBI.=20
[2]
The Introduction:
Imagine a puppet on a stage, dancing, moving,
talking, performing. It may seem almost lifelike, almost real, however
it is controlled by the puppeteer, the one who holds the strings and
manipulates the doll as he or she pleases. Fictional identities are very
similar, those who adopt these identities control them and manipulate
the characters to further their own goals or ideas. No matter how real
they seem, one always has to remember that there is someone else behind
them, pulling their strings. Using ficticious identities, people are
able to cause confusion, damage, and other related problems wherever
they go. The word ficticious means "Imaginary, something adopted or
assumed in order to deceive, an assumed character or part" [1]. The
negative connotations are clear from this definition, as ficticious
people aim to deceive others. Ficticious people can be defined as,
"impersonations or false identities that are used to bypass controls,
manage perception, or create conditions amenable to attack." Examples
of such people include spies, impersonators, network personae, fictional
callers, and many other false and misleading identities [2].
Ficticious identities as a method of deception
have been used for centuries. Spies, outlaws, people under persecution,
and many others have changed their identities and their lives to gain
information and destroy enemies, possibly even to survive. It is no
different today, currently every year scam artists create over 700,000
false identities in the United States [3]. When considering the history
of fictional identities, it's clear that not all cases involve malicious
deceit or intent. In fact, during World War II, many master forgers
provided false identity papers to Jewish families to escape the terrors
of the Holocaust. The ficticious people discussed in this paper are
not good samaritans though; their aim is deceit, their intentions are
anything but noble, and they act to further their own selfish interests.
Now the formal introduction has been made, and it's time to delve into
the world of the ficticious person and learn about those behind the
facade.=20
=20
The Birth of the Ficticious Person:
The creation of a ficticious identity may seem
complex but in actuality it's not.=20
On the internet there are a number of services that offer the creation
of fake identification, in the form of driver's licenses, birth
certificates, etc [4]. In addition, there are entire websites devoted to
the creation of a "new you" [5]. Many people make an illegitimate living
by selling such ficticious identities.=20
In North Carolina, one well-known forger travels through the countryside
in a nondescript van, churning out fake green cards. Technology has made
his process easier, cheaper, and faster: Today, an "identity package" -
green card, Social Security card, and driver's license - can cost as
little as $100. Buying the equipment to make such identification cards
is simple and relatively cheap. In effect, a forger needs little more
than a photo on a colored background, a high-quality printer, a $15
laminate pouch, and a few other items to make a fake ID using $29
templates from the Internet. The machines that print out today's new
generation of credit-card-style driver's licenses can be bought for a
few thousand dollars [6].
The complexity of creating a fictional identity can
also be much less invasive than described above. Fictional identities
can be created with user profiles on popular sites such as those that
provide email (Yahoo.com, Hotmail.com, MSN.com) or dating services.
These fictional identities can be used to exploit trusted relationships,
communicate to others, and gain information, all while concealing the
true person's identity. The motives for creating ficticious people can
vary. Ficiticious identities may be used to cover the real criminal's
tracks, endorse products or services, gain access to privledged
information or areas, gain entry into different countries, and
create/exploit peer (or trusted) relationships. Clearly the motives are
malicious in their intent. Often the ficticious person is employed to
create or increase conditions that are amenable for attack by the
perpetrator. Once again, the relationship can be described as puppet and
puppeteer. Unfortunately for the criminals though, their alter-egos
can't go to jail and so they must, if they are caught.
The Exploits:
There are several recent incidents that involve
the use of a ficticious persona by an attacker or attackers. Each event
presents a unique case to discuss and analyze. In order to understand
why the creation of ficticious people is such a useful tactic
(and why these attacks are able further or cause vulnerabilities which
make it easier for subsequent attacks), the connections between
information systems and the attacks must be considered. It is also
important to look at the attackers involved and their association with
known threat profiles. Several of the articles discussed below focus on
these associations.
November 11, 1999: A suspect accused of planting bombs and
extorting money from Lowe's Home Improvement stores was tracked to his
Greensboro, North Carolina home by his use of an Internet e-mail
account, according to an FBI affidavit. Investigators say George Rocha
slipped up when he accessed an e-mail account he had created with a
fictitious name with his home computer instead of using public computers
at libraries, his normal practice.=20
The FBI's Computer Crime Unit in Charlotte followed a trail of e-mail
messages that led to the Baltic country of Latvia, where a bank account
was opened and received the $250,000 Lowe's paid to stop the bombings.
An agent determined that the signature on the account was listed as
Bruce J. Phillips, a name the FBI soon found to be fictitious. The FBI
saw an e-mail the bank received from "Bruce Phillips" on Nov. 1 that
used the e-mail address "brucephillips99hotmail.com."=20
Knowing the name "Bruce Phillips" and the corresponding e-mail address
was a major break for the FBI. Using his home computer to access the
Hotmail account made the FBI's job even easier. Caller identification at
BellSouth identified a telephone number listed as belonging to George
Rocha and he was subsequently arrested [7].
March 11, 2002-Crystal Nordberg of Tulsa and
her fiance, Jonathan Williams, had planned on buying a high-end digital
camera for their honeymoon in Europe this May. In late December,
Nordberg saw a Mavica offered at Yahoo Auctions by a seemingly
trustworthy seller who went by the name McGooch2002. She cautiously bid
$700, far less than the $1,000 she would have paid for a Mavica in a
store.When she won, she quickly wired the money, thinking she had
clinched a bargain. Instead Nordberg had become the victim of an
elaborate scheme by the seller, whose trustworthiness, it turned out,
was based on a record of fictitious transactions. Nordberg was not
alone: she was 1 of 20 people who, in the same week, bought a total of
$20,000 worth of laptop computers, camcorders, cameras and hand-held
organizers from McGooch2002 that were never delivered.
Auction sites function primarily on a kind of
honor system, with "feedback"--comments by each participant in a
transaction about the other's behavior--playing a critical role.It is a
system that can be abused, and auction sites try to ferret out criminals
by using special software and other techniques to track suspicious
activity like shill bidding, in which sellers inflate prices through
accomplices who bid up items. But as episodes like Nordberg's experience
show, the criminals are trying just as hard to stay ahead, becoming more
technologically and financially sophisticated and moving beyond
garden-variety fraud like the misrepresentation and non-delivery of
goods. Defrauders now switch computers so their usage patterns cannot be
as easily detected and build flashy Web sites to give their businesses
the sheen of legitimacy. They steal credit card numbers to set up e-mail
accounts on Internet service providers like America Online and then use
them to set up fraudulent auctions. The defrauders may also create
fictional characters to give positive feedback about the seller.
Nordberg had been reassured to learn that 12 happy customers had given
McGooch feedback like "a true Santa Claus online" and "Grade
A-plus-plus-plus."But after the auction, Nordberg carefully reviewed the
feedback and realized that all of it was submitted by users who created
accounts around the same time and had reported no purchases other than
the ones from McGooch2002. In other words, the 12 users were probably
fictional creations of the person who created McGooch2002. McGooch2002
started his account six months in advance, built a clean reputation
though such non-existent auctions and then began a series of auctions of
high-end merchandise in the last week of December that all ended around
the same time [8].
May 18, 2001- Dennilfloss, Anandtech community
member, developed a relationship with Nowheremom, another of the site's
users, over the Internet and arranged to meet her in real life. He did
so and the two hit it off. Members were shocked, however, when
Dennilfloss announced the death of her and her daughter on the site in
January last year. He claimed they had been knocked down by a car in bad
weather. However, following some detective work by other members on the
site, it soon became apparent that the truth was a lot darker. The twist
is that Dennilfloss was in fact Nowheremom. In his confession, he said
the creation of a female alter-ego started as a joke because he wanted
to see what it would be like for a woman to post on the forums.
Nowheremom, real-fake name Lili Marlene, made her first appearance in
October 1999. But it all started getting out of hand when he started
getting approaches from other men on the forum, so he created a
relationship with Nowheremom and himself. Forum members were completely
taken in and the situation became more and more involved over the course
of the two-month romance. Dennilfloss said that when one member
mentioned marriage, it all got too much and so he decided to kill her
off. Denis cropped a picture of a soft porn star to use as Nowheremom's
picture on the site. The same picture was used on a memorial site set
up for Lili Marlene by forum members. Dennilfloss' apology found few
supporters and he was subsequently banned from posting on the site
again. It was quite an extraordinary piece of deception regardless- he
introduced consistent spelling and grammatical errors into Nowheremom's
postings to create the ultimate in fictional identities [9].
March 20, 2002- Detectives from the Sacramento
Valley Hi-Tech Crimes Task Force arrested a suspect who has eluded
officers for over two years. The investigation began approximately two
years ago when the Task Force received numerous complaints of
computer-related items fraudulently posed for auction on eBay, Yahoo,
and Amazon websites. Bryant Alan Adams had started a business called
Cybernetdeals where he would notify numerous bidders that they had won
the auction. Adams would then ship envelopes or power cords instead of
the actual item that was advertised. It is known that Adams has
defrauded at least ten victims in this scheme for approximately $10,000.
Adams also advertised computer items for sale on the Internet using the
business name Netliquidators. He used Netliquidators to defraud victims
of approximately $8,000. In 1999, the suspect took over the identity of
a business, Brill Electronics, of Oakland. Adams applied for a
fictitious business license identifying himself as the owner/proprietor
of the business at a Sacramento location using a fraudulent Social
Security number. Adams subsequently opened two bank accounts for Brill
Electronics and stole checks from the business and deposited them into
his new accounts. Adams would withdraw the money and write checks to
himself and others. Adams also charged numerous items on Brill
Electronics' credit cards. By the time the incident was discovered by
the business, Adams had stolen $43,000 from them.When Adams was arrested
he had three driver's licenses from two states using the names of Damien
X Adavenaixx, Damien Adelessandro, and Vernon Dwayn Boutta. All of
these licenses had different birth dates. The suspect also had used 25
different social security numbers, 12 birth dates, and three college
addresses. The vehicle he was driving at the time of his arrest was
rented on the Internet under a fictitious female's name [10].
Without the advent of the Internet and such widely
used services as online auctions and free email, the ability to use
ficticious people to deceive others would be greatly limitied. The
internet gives the criminals the advantage to create ficticious personae
easily and with little scrutiny. Clearly, there is a strong connection
between information systems and the use of ficticious people as an
attack method. The attack method lives as a sort of parasite off the
Internet and thetechnological advances made by it. As the Internet
becomes more and more developed and sophisticated, so does the attack.
As the Internet offers more and more services, attackers will find ways
to use ficticious personae to exploit them. The effects of this
parasitic relationship will be discussed further in the following
section. There are several threat profiles that may be associated with
ficticious people attacks. Fraudsters (people who defraud others [2])
are probably the major threat associated with this attack. Both of the
cases involving online auctions involve fraudsters. Another threat
associated with such attacks is deranged people, clearly a possibility
in the Dennilfloss case discussed above. Ficticious people may also be
involved with extortionists, as the Lowe's bomber case clearly
demonstrates. The attack may also go hand and hand with other types of
attacks. Traditional offline financial fraud and identity theft are
being integrated into the online auction world, as well. Fraudulent
sales were formerly dominated by hard-to-trace transactions involving
cash or money orders. Now investigators say that perpetrators are
increasingly using identity theft to set up bank accounts that allow
wire transfers or transactions involving third-party online payment
services like PayPal. Some criminals have turned to hijacking users'
accounts and their good feedback instead of building their own
identities [9]. The Lowe's bomber case also involves an extortion
attack, as well. Identity theft is the most common attack used in
conjunction with ficticious people, often the attackers will assume
someone else's identity to open accounts, start businesses, steal money,
etc. The ease with which one can obtain false documents such as driver's
licenses, birth certificates, etc. makes the creation of ficticious
people and the use of false identities extremely simple. It is perhaps
due to this inherent simplicity that this attack is relatively common in
the world.
The Effects:
The Internet has allowed the deception by
ficticious people to become increasingly simple but sophisticated. The
services the Internet offers allows ficticious people to be created by
basically anyone. For example, Hotmail is a free Internet mail service
used by many people, especially people who travel a lot. Anyone can
establish an account with Hotmail in minutes, using a fictitious name
and other fictitious information. While it is a legitimate service, it's
also used by some people for purposes that are not legitimate, clearly
[7]. Fraud has also been a problem since the first online auctions were
conducted in the mid-1990s and has expanded as auction sites like eBay
and Yahoo have become some of the most successful sites on the Internet
[8]. It is, therefore, clear that the internet has had a great effect on
the development of the ficticious person attack. There are also several
ways in which this attack has effected the Internet and its victims.
First, fictional identities may cause a great deal of emotional or
psychological damage. In the Dennilfloss case many people became friends
with the fictional "Nowheremom" and grieved when she died. Discovering
she wasn't even a real person was a huge blow to many and caused a lot
of pain. The use of this attack may cause signficant financial losses
for many of the victims as well, this is clearly illustrated in several
of the articles discussed above. Fictional people violate a victim's
sense of trust, which may also have lasting and potentially devastating
effects.
The Internet must come up with more and more
sophisticated methods for identity verification to combat the problem,
which may be difficult because there is only so much a computer system
can do to check identity. Services that make it easy for fictional
people to be created may also suffer as more and more controls are
added. Those who wish to have anonymity may not be able to because it
poses too big of a threat for such services and thus, such people may
take their business elsewhere. When compared to attacks in which
billions of dollars are stolen, computer systems fail or crash for days,
and communication lines are disabled, this attack may seem minor in its
effects, and in some cases it is. However, the complexity of this attack
and how the ramifications may effect each and every victim must be
considered. Deception is powerful and dangerous, and particularly hard
to deal with if one has become a victim of it.
Summary, Conclusions, Further Work:
The use of ficticious people as an attack
mechanism may be used to create system vulnerabilities, bypass controls,
alter or manage human perceptions, and make it easier for further or
subsequent attacks. Creating a ficticious persona is quite easy. User
profiles are typically a simple way to create and maintain a fictional
identity, while services offering false licenses, birth certificates or
other identifying documents are cheap and easy to find, especially on
the internet. There are many ways that criminals use ficticional
identities. Online auctions are currently a very popular place for
fraudsters to create profiles and collect money for merchandise that is
never delivered. Fictional identities may also be used by extortionists
and deranged people. The internet has allowed the creation of these
false identities to become even easier than before its widespread use.
The effects of fictional identities on the victims may range from
emotional or psychological trauma, to feelings of embarassment and
anger. These attacks may also necessitate the creation of additional
identity controls on the Internet, including popular auction sites and
email services.
There are several conclusions that can be made
from the research provided above. Ficticious people used as a method of
deception that can signficantly impact the victims involved. Most often
these false identities are used with malicious intent, however
occasionally they can be used for good. Undercover FBI agents may be
involved in the FBI "Innocent Images" program, which targets people who
use the Internet to sexually exploit children. Using false identities,
the agents go into chat rooms as young children to track and hopefully
identify potential pedofiles and pornographers [11]. The creation of
fictional identities will continue to be simple as long as few identity
controls are implemented on websites, particularly ones that involve the
exchange of money or valuable information. Sites that offer services for
the creation of false identities should be monitored or perhaps
eliminated from the web, as they are major contributors to the problem.
This is a fine line to walk however, because confidentiality and privacy
need to be respected as well. Regardless, ways to combat this problem
need to be implemented immediately as the attacks continue to rise each
year: Auction fraud is now the most prevalent computer-related crime,
according to the Internet Fraud Complaint Center, a joint program of the
FBI and the National White Collar Crime Center. In 2000 the center
referred 7,193 complaints of auction fraud involving a total loss of
$5.4 million for investigation. The rate of complaints is gradually
rising, and the assessment of losses has sharply increased as criminals
focus on high-tech, big-ticket items. The fraud complaint center says
that the median dollar loss per auction fraud was $225 in the first half
of 2001 but jumped to $489 in the second half of the year [8]. In 2003,
it is likely that the figure has increased substantially.
There are several specific ways that the problem is being dealt with
currently. Law enforcement agencies are keeping up with the increased
sophistication of identity fraud, particularly involving online
auctions. This can be particularly difficult now that fraud has entered
the automated stage. Over the last two months, eBay says, it has seen
the emergence of software "bots" that scan accounts and then try to gain
access to them by systematically guessing passwords. The goal is to
hijack a trusted seller's account and use it to make fraudulent
transactions [8]. The FBI has implemented a number of initiatives to
address the various identity fraud schemes, especially those being
utilized by terrorists to fund their terrorist activities. One involves
targeting fraud schemes being committed by loosely organized groups to
conduct criminal activity with a nexus to terrorist financing. The FBI
has identified a number of such groups made up of members of varying
ethnic backgrounds, which are engaged in widespread fraud activity.
Members of these groups may not themselves be terrorists, but proceeds
from their criminal fraud schemes have directly or indirectly been used
to fund terrorist activity and/or terrorist groups. Prior to 9/11, this
type of terrorist financing often avoided law enforcement scrutiny.
Another initiative has been the development of a multi-phase project
that seeks to identify potential terrorist related individuals through
Social Security Number misusage analysis. The Terrorist Financing
Operations Section of the FBI works with the Social Security
Administration's Office of the Inspector General for SSN verification.
Once the validity or non-validity of the number has been established,
investigators look for misuse of the SSNs by checking immigration
records, Department of Motor Vehicles records, and other military,
government and fee-based data sources. Incidents of suspect SSN misusage
are then separated according to type. Predicated investigative packages
are then forwarded to the appropriate investigative and prosecutive
entity for follow-up. The American Association for the Advancement of
Science gives a warning about controlling concealment of identity on the
Internet, however. They believe such regulations could prevent people
from seeking counseling, expressing political opinions or engaging in
financial transactions, and could impede the development of e-commerce
and the World Wide Web [13]. Clearly, the issue of ficticious identities
is a difficult and controversial one. The use of ficticious people has
been a fact of life for centuries, and it is likely that even with
controls the problem will still exist. As long as people exist, there
will be ficticious people. After all, deception is not a 21st century
invention, it has been around since the dawn of man.
Citations
[1] Dictionary.com, 2003. "Ficticious." http:/
/dictionary.reference.com/search?r=2&q=fictitious [This site
offers dictionary services. The definition for ficticious includes
entries from Webster's 1996 Revised Unabridged Dictionary, Wordnet
Dictionary, and American Heritage Dictionary 4th Edition.]
=20
[2] Cohen, Fred. All.net New Security Database www.all.net [This database includes all known
attack profiles, and discusses each in detail along with examples and
the complexities involved in each case.]
=20
[3] Wallich, Paul. Scientific American.com. July,
2002. "Who's Who: Can digital technology really prevent identity theft?"
http://www.sciam.com/article.cfm?articleID=00077B81-70EB-1D06-8E49809E
C588EEDF [This article discusses the ease with which someone can
make false identities and gives relatively current statistics on the
creation of false identities. It also discusses ways in which this
problem can be prevented.]
[4] Espionage Unlimited. 2003. "How you can get a
New Identity quickly, safely and easily!"
http://www.espionage-store.
com/id.html [This site is devoted to creating an entirely new
identity and new life. If offers services aimed at getting new ID
documentation, complete relocation, ownership of a corporation, college
degrees, etc.]
[5] EZ Info Store. "Learn How to Create A New
Identity in the US and Canada." http://www.ezdiscountst
ore.com/newyou.html [This site offers the sale of books aimed at the
creation of "a new you." The books claim to offer sevices relating to
new ID cards and other forms of identification, bank cards, and credit
cards.]
[6] Jonsson, Patrik. Christian Science Monitor.
August 29, 2001. "Teens Can Get Fake IDs in a Few Keystrokes on Web."
http://www.csmon
itor.com/2001/0829/p1s4-ussc.html [This article discusses the ease
with which fake IDs can be obtained on the Internet and how inexpensive
and easy it is for people to create entirely new identities for
themselves. It also mentions the sanctions imposed for those caught
carrying and using such false identification.]
[7] The Star News Article Archive. 1999. "E-mail
locates accused bomber." http://www.
shelbystar.com/news1999/_disc4/0000050c.htm [This article discusses
the capture of an accused bomber and extortionist, who (of relevance)
used a false identitiy on the hotmail service and to open an overseas
bank account.]
[9] McCarthy, Kieren. The Register. May 18, 2001.
"Murderer Confesses on Anandtech Forum." http://www.there
gister.co.uk/content/6/19045.html [This article discusses an
incident where a member of a discussion forum created a fictional
identity, began "dating" her, and then killed her off.]
=20
[10] Sacremento Valley Hi-Tech Task Force.
"Iinvestigations." http://www.sachite
chcops.org/investigations.htm [The investigations page of the
Sacremento Valley Hi-Tech Task Force discusses the types of cases they
investigate and details some of the case highlights in recent history.
Of relevance is the case of Bryant Alan Adams, who used fictional
identities for online auctions, to rent cars, and to create seemingly
legitimate businesses.]
[11] Frye, Cathy. Arkansas Democrat-Gazette.
January 8, 2001. "Web of Deception." http://ww
w.arkdemgaz.com/prev/childporn/A1Day2Main8.html [This article
discusses the FBI's "innocent images" program to stop pedofilia and
pornography on the Internet. It also discusses several cases that have
been investigated by the officers involved.]
[12] Pistole, John S. Congressional
Statement-Federal Bureau of Investigation. October 1, 2003. "Fraudulent
Identification Documents and the Implications for Homeland Security." http://ww
w.fbi.gov/congress/congress03/pistole100103.htm [This document
discusses the use of false identifying documents by terrorists and (of
relevance) the ways that the FBI and the federal government are starting
to crack down on the terrorist use of false identification. Several of
these preventative initiatives are discussed in detail in the
document.]
[13] Science Daily. July 1, 1999. "AAAS Urges
Caution In Regulating Anonymous Communication On The Internet."
http
://www.sciencedaily.com/releases/1999/07/990701065214.htm [This
article discusses the opinion of the American Association for the
Advancement of Science that anonymity is more beneficial than harmful
when it comes to communications on the Internet. It also discusses
several of the reasons AAAS gives to support this opinion.]
<HTML> <HEAD> <META=20
HTTP-EQUIV="Content-Type"=20
CONTENT="text/html;charset=iso-8859-1"> <TITLE>CJ625
Student=20
Paper</TITLE> </HEAD> <BODY BGCOLOR="#cccccc"=20
Onload="window.defaultStatus='The University of New Haven -
California Campus -=20
CJ625'"> <center> <FONT SIZE=+3
COLOR="#800040">Meeting=20
Jane and John Doe: Ficticious People and Their "All Too Real"=20
Exploits</FONT> </center> <hr>
<p
align=justify><CENTER><B><FONT=20
SIZE=+2>Meeting Jane and John Doe: Ficticious People and Their "All
Too Real"=20
Exploits</FONT></B></CENTER></P>
<p align=justify> The use of ficticious
people as a tool=20
of deception has occured since the dawn of man. A formal definition of
the=20
attack method is "impersonations or false identities that are used to
bypass=20
controls, manage perception, or create conditions amenable to attack"
[2].=20
Creation of a ficticious person is quite easy due to the abudance of
services=20
that offer false identification cards, birth certificates, green cards,
etc.=20
Also, many web-based sites include user profiles that make it easy to
create a=20
ficticious identity. There are many incidents that have occured in the
past few=20
years that involve the use of ficticious people as an attack method. The
events=20
not only show the clear connection between information systems and the
attack,=20
but also showcase associations between this attack and other known
threat/attack=20
profiles. Effects on the victims of this type of attack can be
devastating,=20
particularly financially and/or psychologically. The Internet has aided
the=20
development of this attack by making it easy to create fictional
identites using=20
the profiles or services discussed above. Fictional identities may also
be used=20
for good, although that is often not the case. Finally, while the
problem is=20
continuing to escalate, there are some major efforts underway to help
prevent=20
these attacks from happening, particularly in the FBI. =20
[2]
<hr>
<h2> The Introduction:</h2>
<p align="justify"> Imagine a puppet on a
stage,=20
dancing, moving, talking, performing. It may seem almost lifelike,
almost real,=20
however it is controlled by the puppeteer, the one who holds the strings
and=20
manipulates the doll as he or she pleases. Fictional identities are very
similar, those who adopt these identities control them and manipulate
the=20
characters to further their own goals or ideas. No matter how real they
seem,=20
one always has to remember that there is someone else behind them,
pulling their=20
strings. Using ficticious identities, people are able to cause
confusion,=20
damage, and other related problems wherever they go. The word ficticious
means=20
"Imaginary, something adopted or assumed in order to deceive, an assumed
character or part" [1]. The negative connotations are clear from this=20
definition, as ficticious people aim to deceive others. Ficticious
people can be=20
defined as, "impersonations or false identities that are used to bypass=20
controls, manage perception, or create conditions amenable to=20
attack." Examples of such people include spies,
impersonators,=20
network personae, fictional callers, and many other false and misleading
identities [2]. </p> <p
align="justify">Ficticious=20
identities as a method of deception have been used for centuries. Spies,
outlaws, people under persecution, and many others have changed their
identities=20
and their lives to gain information and destroy enemies, possibly even
to=20
survive. It is no different today, currently every year scam artists
create over=20
700,000 false identities in the United States [3]. When considering the
history=20
of fictional identities, it's clear that not all cases involve malicious
deceit=20
or intent. In fact, during World War II, many master forgers provided
false=20
identity papers to Jewish families to escape the terrors of the
Holocaust. =20
The ficticious people discussed in this paper are not good
samaritans=20
though; their aim is deceit, their intentions are anything but noble,
and they=20
act to further their own selfish interests. Now the formal introduction
has been=20
made, and it's time to delve into the world of the ficticious person and
learn=20
about those behind the facade.
<p align="justify">
<p align="justify">
<hr>
<h2> The Birth of the Ficticious Person:</h2>
<p align="justify"> The creation of a ficticious identity
may seem=20
complex but in actuality it's not.
On the internet there are a number of services that offer the
creation of fake identification, in the form of driver's licenses, birth
certificates, etc [4]. In addition, there are entire websites devoted to
the=20
creation of a "new you" [5]. Many people make an illegitimate living by
selling=20
such ficticious identities.
In North Carolina, one well-known forger travels through the
countryside in=20
a nondescript van, churning out fake green cards. Technology has made
his=20
process easier, cheaper, and faster: Today, an "identity package" -
green card,=20
Social Security card, and driver's license - can cost as little as $100.
Buying=20
the equipment to make such identification cards is simple and relatively
cheap.=20
In effect, a forger needs little more than a photo on a colored
background, a=20
high-quality printer, a $15 laminate pouch, and a few other items to
make a fake=20
ID using $29 templates from the Internet. The machines that print out
today's=20
new generation of credit-card-style driver's licenses can be bought for
a few=20
thousand dollars [6]. </p> <p align=justify> The
complexity of=20
creating a fictional identity can also be much less invasive than
described=20
above. Fictional identities can be created with user profiles on popular
sites=20
such as those that provide email (Yahoo.com, Hotmail.com, MSN.com) or
dating=20
services. These fictional identities can be used to exploit trusted=20
relationships, communicate to others, and gain information, all while
concealing=20
the true person's identity. The motives for creating ficticious people
can vary.=20
Ficiticious identities may be used to cover the real criminal's tracks,
endorse=20
products or services, gain access to privledged information or areas,
gain entry=20
into different countries, and create/exploit peer (or trusted)
relationships.=20
Clearly the motives are malicious in their intent. Often the ficticious
person=20
is employed to create or increase conditions that are amenable for
attack by the=20
perpetrator. Once again, the relationship can be described as puppet and
puppeteer. Unfortunately for the criminals though, their alter-egos
can't go to=20
jail and so they must, if they are caught. </p> <p=20
align="justify">
<p align="justify">
<hr>
<h2> The Exploits: </h2>
<p align="justify"> There are several recent incidents that
involve=20
the use of a ficticious persona by an attacker or attackers. Each event
presents=20
a unique case to discuss and analyze. In order to understand why the
creation of=20
ficticious people is such a useful tactic (and why these attacks are
able=20
further or cause vulnerabilities which make it easier for subsequent
attacks),=20
the connections between information systems and the attacks must be
considered.=20
It is also important to look at the attackers involved and their
association=20
with known threat profiles. Several of the articles discussed below
focus on=20
these associations.
<ul> <p align="justify">
<li> November 11, 1999: A suspect accused of planting bombs
and=20
extorting money from Lowe's Home Improvement stores was tracked to his=20
Greensboro, North Carolina home by his use of an Internet e-mail
account,=20
according to an FBI affidavit. Investigators say George Rocha slipped up
when he=20
accessed an e-mail account he had created with a fictitious name with
his home=20
computer instead of using public computers at libraries, his normal
practice.=20
The FBI's Computer Crime Unit in Charlotte followed a trail of
e-mail=20
messages that led to the Baltic country of Latvia, where a bank account
was=20
opened and received the $250,000 Lowe's paid to stop the bombings. An
agent=20
determined that the signature on the account was listed as Bruce J.
Phillips, a=20
name the FBI soon found to be fictitious. The FBI saw an e-mail the bank
received from "Bruce Phillips" on Nov. 1 that used the e-mail address=20
"brucephillips99hotmail.com." Knowing the name "Bruce Phillips" and
the=20
corresponding e-mail address was a major break for the FBI. Using his
home=20
computer to access the Hotmail account made the FBI's job even easier.
Caller=20
identification at BellSouth identified a telephone number listed as
belonging to=20
George Rocha and he was subsequently arrested [7].</li>
<p align="justify"><li>March 11, 2002-Crystal
Nordberg of Tulsa=20
and her fiance, Jonathan Williams, had planned on buying a high-end
digital=20
camera for their honeymoon in Europe this May. In late December,
Nordberg saw a=20
Mavica offered at Yahoo Auctions by a seemingly trustworthy seller who
went by=20
the name McGooch2002. She cautiously bid $700, far less than the $1,000
she=20
would have paid for a Mavica in a store.When she won, she quickly wired
the=20
money, thinking she had clinched a bargain. Instead Nordberg had become
the=20
victim of an elaborate scheme by the seller, whose trustworthiness, it
turned=20
out, was based on a record of fictitious transactions. Nordberg was not
alone:=20
she was 1 of 20 people who, in the same week, bought a total of $20,000
worth of=20
laptop computers, camcorders, cameras and hand-held organizers from
McGooch2002=20
that were never delivered.</p> <p align="justify">
Auction sites=20
function primarily on a kind of honor system, with "feedback"--comments
by each=20
participant in a transaction about the other's behavior--playing a
critical=20
role.It is a system that can be abused, and auction sites try to ferret
out=20
criminals by using special software and other techniques to track
suspicious=20
activity like shill bidding, in which sellers inflate prices through
accomplices=20
who bid up items. But as episodes like Nordberg's experience show, the
criminals=20
are trying just as hard to stay ahead, becoming more technologically and
financially sophisticated and moving beyond garden-variety fraud like
the=20
misrepresentation and non-delivery of goods. Defrauders now switch
computers so=20
their usage patterns cannot be as easily detected and build flashy Web
sites to=20
give their businesses the sheen of legitimacy. They steal credit card
numbers to=20
set up e-mail accounts on Internet service providers like America Online
and=20
then use them to set up fraudulent auctions. The defrauders may also
create=20
fictional characters to give positive feedback about the seller.
Nordberg had=20
been reassured to learn that 12 happy customers had given McGooch
feedback like=20
"a true Santa Claus online" and "Grade A-plus-plus-plus."But after the
auction,=20
Nordberg carefully reviewed the feedback and realized that all of it was
submitted by users who created accounts around the same time and had
reported no=20
purchases other than the ones from McGooch2002. In other words, the 12
users=20
were probably fictional creations of the person who created McGooch2002.
McGooch2002 started his account six months in advance, built a clean
reputation=20
though such non-existent auctions and then began a series of auctions of
high-end merchandise in the last week of December that all ended around
the same=20
time [8]. </li>
<p align="justify"><li>May 18, 2001- Dennilfloss,
Anandtech=20
community member, developed a relationship with Nowheremom, another of
the=20
site's users, over the Internet and arranged to meet her in real life.
He did so=20
and the two hit it off. Members were shocked, however, when Dennilfloss=20
announced the death of her and her daughter on the site in January last
year. He=20
claimed they had been knocked down by a car in bad weather. However,
following=20
some detective work by other members on the site, it soon became
apparent that=20
the truth was a lot darker. The twist is that Dennilfloss was in fact=20
Nowheremom. In his confession, he said the creation of a female
alter-ego=20
started as a joke because he wanted to see what it would be like for a
woman to=20
post on the forums. Nowheremom, real-fake name Lili Marlene, made her
first=20
appearance in October 1999. But it all started getting out
of hand=20
when he started getting approaches from other men on the forum, so he
created a=20
relationship with Nowheremom and himself. Forum members were completely
taken in=20
and the situation became more and more involved over the course of the
two-month=20
romance. Dennilfloss said that when one member mentioned marriage, it
all got=20
too much and so he decided to kill her off. Denis cropped a picture of a
soft=20
porn star to use as Nowheremom's picture on the site. The same
picture was=20
used on a memorial site set up for Lili Marlene by forum members.
Dennilfloss'=20
apology found few supporters and he was subsequently banned from
posting=20
on the site again. It was quite an extraordinary piece of deception
regardless-=20
he introduced consistent spelling and grammatical errors into
Nowheremom's=20
postings to create the ultimate in fictional identities [9].
</li>
<p align="justify"><li> March 20, 2002- Detectives
from the=20
Sacramento Valley Hi-Tech Crimes Task Force arrested a suspect who has
eluded=20
officers for over two years. The investigation began approximately two
years ago=20
when the Task Force received numerous complaints of computer-related
items=20
fraudulently posed for auction on eBay, Yahoo, and Amazon
websites. Bryant=20
Alan Adams had started a business called Cybernetdeals where he would
notify=20
numerous bidders that they had won the auction. Adams would then
ship=20
envelopes or power cords instead of the actual item that was
advertised. =20
It is known that Adams has defrauded at least ten victims in this scheme
for=20
approximately $10,000. Adams also advertised computer items for
sale on=20
the Internet using the business name Netliquidators. He used=20
Netliquidators to defraud victims of approximately $8,000. In 1999, the
suspect=20
took over the identity of a business, Brill Electronics, of
Oakland. Adams=20
applied for a fictitious business license identifying himself as the=20
owner/proprietor of the business at a Sacramento location using a
fraudulent=20
Social Security number. Adams subsequently opened two bank
accounts for=20
Brill Electronics and stole checks from the business and deposited them
into his=20
new accounts. Adams would withdraw the money and write checks to
himself=20
and others. Adams also charged numerous items on Brill
Electronics' credit=20
cards. By the time the incident was discovered by the business,
Adams had=20
stolen $43,000 from them.When Adams was arrested he had three driver's
licenses=20
from two states using the names of Damien X Adavenaixx, Damien
Adelessandro, and=20
Vernon Dwayn Boutta. All of these licenses had different birth=20
dates. The suspect also had used 25 different social security
numbers, 12=20
birth dates, and three college addresses. The vehicle he was
driving at=20
the time of his arrest was rented on the Internet under a fictitious
female's=20
name [10].</li>
<p align="justify">Without the advent of the Internet and
such widely=20
used services as online auctions and free email, the ability to use
ficticious=20
people to deceive others would be greatly limitied. The internet gives
the=20
criminals the advantage to create ficticious personae easily and with
little=20
scrutiny. Clearly, there is a strong connection between
information=20
systems and the use of ficticious people as an attack method. The attack
method=20
lives as a sort of parasite off the Internet and thetechnological
advances made=20
by it. As the Internet becomes more and more developed and
sophisticated, so=20
does the attack. As the Internet offers more and more services,
attackers will=20
find ways to use ficticious personae to exploit them. The effects of
this=20
parasitic relationship will be discussed further in the following
section. There=20
are several threat profiles that may be associated with ficticious
people=20
attacks. Fraudsters (people who defraud others [2]) are probably the
major=20
threat associated with this attack. Both of the cases involving online
auctions=20
involve fraudsters. Another threat associated with such attacks is
deranged=20
people, clearly a possibility in the Dennilfloss case discussed above.=20
Ficticious people may also be involved with extortionists, as the Lowe's
bomber=20
case clearly demonstrates. The attack may also go hand and hand with
other types=20
of attacks. Traditional offline financial fraud and identity theft are
being=20
integrated into the online auction world, as well. Fraudulent sales were
formerly dominated by hard-to-trace transactions involving cash or money
orders.=20
Now investigators say that perpetrators are increasingly using identity
theft to=20
set up bank accounts that allow wire transfers or transactions involving
third-party online payment services like PayPal. Some criminals have
turned to=20
hijacking users' accounts and their good feedback instead of building
their own=20
identities [9]. The Lowe's bomber case also involves an extortion
attack, as=20
well. Identity theft is the most common attack used in conjunction with=20
ficticious people, often the attackers will assume someone else's
identity to=20
open accounts, start businesses, steal money, etc. The ease with which
one can=20
obtain false documents such as driver's licenses, birth certificates,
etc. makes=20
the creation of ficticious people and the use of false identities
extremely=20
simple. It is perhaps due to this inherent simplicity that this attack
is=20
relatively common in the world. </p>
<p align="justify">
<p align="justify">
<hr>
<h2> The Effects: </h2>
<p align="justify">The Internet has allowed the
deception by=20
ficticious people to become increasingly simple but sophisticated. The
services=20
the Internet offers allows ficticious people to be created by basically
anyone.=20
For example, Hotmail is a free Internet mail service used by many
people,=20
especially people who travel a lot. Anyone can establish an account with
Hotmail=20
in minutes, using a fictitious name and other fictitious information.
While it=20
is a legitimate service, it's also used by some people for purposes that
are not=20
legitimate, clearly [7]. Fraud has also been a problem since the first
online=20
auctions were conducted in the mid-1990s and has expanded as auction
sites like=20
eBay and Yahoo have become some of the most successful sites on the
Internet=20
[8]. It is, therefore, clear that the internet has had a great effect on
the=20
development of the ficticious person attack. There are also several ways
in=20
which this attack has effected the Internet and its victims. First,
fictional=20
identities may cause a great deal of emotional or psychological damage.
In the=20
Dennilfloss case many people became friends with the fictional
"Nowheremom" and=20
grieved when she died. Discovering she wasn't even a real person was a
huge blow=20
to many and caused a lot of pain. The use of this attack may cause
signficant=20
financial losses for many of the victims as well, this is clearly
illustrated in=20
several of the articles discussed above. Fictional people violate a
victim's=20
sense of trust, which may also have lasting and potentially devastating
effects.=20
</p> <p align="justify">The Internet must come up with
more and=20
more sophisticated methods for identity verification to combat the
problem,=20
which may be difficult because there is only so much a computer system
can do to=20
check identity. Services that make it easy for fictional people to be
created=20
may also suffer as more and more controls are added. Those who wish to
have=20
anonymity may not be able to because it poses too big of a threat for
such=20
services and thus, such people may take their business elsewhere. When
compared=20
to attacks in which billions of dollars are stolen, computer systems
fail or=20
crash for days, and communication lines are disabled, this attack may
seem minor=20
in its effects, and in some cases it is. However, the complexity of this
attack=20
and how the ramifications may effect each and every victim must be
considered.=20
Deception is powerful and dangerous, and particularly hard to deal with
if one=20
has become a victim of it. </p>
<p align="justify">
<p align="justify">
<hr>
<h2> Summary, Conclusions, Further Work: </h2>
<p align="justify"> The use of ficticious people as an
attack=20
mechanism may be used to create system vulnerabilities, bypass controls,
alter=20
or manage human perceptions, and make it easier for further or
subsequent=20
attacks. Creating a ficticious persona is quite easy. User profiles are=20
typically a simple way to create and maintain a fictional identity,
while=20
services offering false licenses, birth certificates or other
identifying=20
documents are cheap and easy to find, especially on the internet.
There=20
are many ways that criminals use ficticional identities. Online auctions
are=20
currently a very popular place for fraudsters to create profiles and
collect=20
money for merchandise that is never delivered. Fictional identities may
also be=20
used by extortionists and deranged people. The internet has allowed the
creation=20
of these false identities to become even easier than before its
widespread use.=20
The effects of fictional identities on the victims may range from
emotional or=20
psychological trauma, to feelings of embarassment and anger. These
attacks may=20
also necessitate the creation of additional identity controls on the
Internet,=20
including popular auction sites and email services. </p> <p=20
align="justify"> There are several conclusions that can be made
from the=20
research provided above. Ficticious people used as a method of deception
that=20
can signficantly impact the victims involved. Most often these false
identities=20
are used with malicious intent, however occasionally they can be used
for good.=20
Undercover FBI agents may be involved in the FBI "Innocent Images"
program,=20
which targets people who use the Internet to sexually exploit children.
Using=20
false identities, the agents go into chat rooms as young children to
track and=20
hopefully identify potential pedofiles and pornographers [11]. The
creation of=20
fictional identities will continue to be simple as long as few identity
controls=20
are implemented on websites, particularly ones that involve the exchange
of=20
money or valuable information. Sites that offer services for the
creation of=20
false identities should be monitored or perhaps eliminated from the web,
as they=20
are major contributors to the problem. This is a fine line to walk
however,=20
because confidentiality and privacy need to be respected as well.
Regardless,=20
ways to combat this problem need to be implemented immediately as the
attacks=20
continue to rise each year: Auction fraud is now the most prevalent=20
computer-related crime, according to the Internet Fraud Complaint
Center, a=20
joint program of the FBI and the National White Collar Crime Center. In
2000 the=20
center referred 7,193 complaints of auction fraud involving a total loss
of $5.4=20
million for investigation. The rate of complaints is gradually rising,
and the=20
assessment of losses has sharply increased as criminals focus on
high-tech,=20
big-ticket items. The fraud complaint center says that the median dollar
loss=20
per auction fraud was $225 in the first half of 2001 but jumped to $489
in the=20
second half of the year [8]. In 2003, it is likely that the figure has
increased=20
substantially. </p> <p align="justify">
There are several specific ways that the problem is being dealt
with=20
currently. Law enforcement agencies are keeping up with the increased=20
sophistication of identity fraud, particularly involving online
auctions. This=20
can be particularly difficult now that fraud has entered the automated
stage.=20
Over the last two months, eBay says, it has seen the emergence of
software=20
"bots" that scan accounts and then try to gain access to them by
systematically=20
guessing passwords. The goal is to hijack a trusted seller's account and
use it=20
to make fraudulent transactions [8]. The FBI has implemented a number of
initiatives to address the various identity fraud schemes, especially
those=20
being utilized by terrorists to fund their terrorist activities. One
involves=20
targeting fraud schemes being committed by loosely organized groups to
conduct=20
criminal activity with a nexus to terrorist financing. The FBI has
identified a=20
number of such groups made up of members of varying ethnic backgrounds,
which=20
are engaged in widespread fraud activity. Members of these groups may
not=20
themselves be terrorists, but proceeds from their criminal fraud schemes
have=20
directly or indirectly been used to fund terrorist activity and/or
terrorist=20
groups. Prior to 9/11, this type of terrorist financing often avoided
law=20
enforcement scrutiny. Another initiative has been the development of a=20
multi-phase project that seeks to identify potential terrorist related=20
individuals through Social Security Number misusage analysis. The
Terrorist=20
Financing Operations Section of the FBI works with the Social Security=20
Administration's Office of the Inspector General for SSN verification.
Once the=20
validity or non-validity of the number has been established,
investigators look=20
for misuse of the SSNs by checking immigration records, Department of
Motor=20
Vehicles records, and other military, government and fee-based data
sources.=20
Incidents of suspect SSN misusage are then separated according to type.=20
Predicated investigative packages are then forwarded to the appropriate=20
investigative and prosecutive entity for follow-up. The American
Association for=20
the Advancement of Science gives a warning about controlling concealment
of=20
identity on the Internet, however. They believe such regulations could
prevent=20
people from seeking counseling, expressing political opinions or
engaging in=20
financial transactions, and could impede the development of e-commerce
and the=20
World Wide Web [13]. Clearly, the issue of ficticious identities is a
difficult=20
and controversial one. The use of ficticious people has been a fact of
life for=20
centuries, and it is likely that even with controls the problem will
still=20
exist. As long as people exist, there will be ficticious people. After
all,=20
deception is not a 21st century invention, it has been around since the
dawn of=20
man.
<p align="justify">
<p align="justify">
<hr>
<h2> Citations </h2>
<p align="justify"> [1] Dictionary.com, 2003. "Ficticious."
<a=20
href=http://dictionary.reference.com/search?r=2&q=fictitious>
;http://dictionary.reference.com/search?r=2&q=fictitious</a>
;=20
[This site offers dictionary services. The definition for ficticious
includes=20
entries from Webster's 1996 Revised Unabridged Dictionary, Wordnet
Dictionary,=20
and American Heritage Dictionary 4th Edition.]</p> <p=20
align="justify">[2] Cohen, Fred. All.net New Security Database
<a=20
href=www.all.net> www.all.net=20
</a> [This database includes all known attack
profiles, and=20
discusses each in detail along with examples and the complexities
involved in=20
each case.]</p>
<p align="justify">[3] Wallich, Paul. Scientific
American.com. July,=20
2002. "Who's Who: Can digital technology really prevent identity theft?"
<a=20
href=http://www.sciam.com/article.cfm?articleID=00077B81-70EB-1D06-8E
49809EC588EEDF >http://www.sciam.com/article.cfm?articleID=00077B
81-70EB-1D06-8E49809EC588EEDF</a>=20
[This article discusses the ease with which someone can make false
identities=20
and gives relatively current statistics on the creation of false=20
identities. It also discusses ways in which this problem can be=20
prevented.]</p> <p align="justify"> [4] Espionage
Unlimited.=20
2003. "How you can get a New Identity quickly, safely and
easily!" <a=20
href=http://www.espionage-store.com/id.html>http://www.espionage-sto
re.com/id.html</a>=20
[This site is devoted to creating an entirely new identity and new life.
If=20
offers services aimed at getting new ID documentation, complete
relocation,=20
ownership of a corporation, college degrees, etc.]</p> <p=20
align="justify"> [5] EZ Info Store. "Learn How to Create A New
Identity in=20
the US and Canada." <a=20
href=http://www.ezdiscountstore.com/newyou.html>http://www.ezdiscoun
tstore.com/newyou.html</a>=20
[This site offers the sale of books aimed at the creation of "a
new you."=20
The books claim to offer sevices relating to new ID cards and other
forms of=20
identification, bank cards, and credit cards.]</p> <p=20
align=justify> [6] Jonsson, Patrik. Christian Science Monitor.
August 29,=20
2001. "Teens Can Get Fake IDs in a Few Keystrokes on Web." <a=20
href=http://www.csmonitor.com/2001/0829/p1s4-ussc.html>http://www.cs
monitor.com/2001/0829/p1s4-ussc.html</a>=20
[This article discusses the ease with which fake IDs can be obtained on
the=20
Internet and how inexpensive and easy it is for people to create
entirely new=20
identities for themselves. It also mentions the sanctions imposed for
those=20
caught carrying and using such false identification.]</p> <p
align="justify"> [7] The Star News Article Archive. 1999. "E-mail
locates=20
accused bomber." <a=20
href=http://www.shelbystar.com/news1999/_disc4/0000050c.htm>http://w
ww.shelbystar.com/news1999/_disc4/0000050c.htm</a>=20
[This article discusses the capture of an accused bomber and
extortionist, who=20
(of relevance) used a false identitiy on the hotmail service and to open
an=20
overseas bank account.]</p> <p align="justify">
[8] Lee, Jennifer. The Orlando Sentinel. March 11,2002.
"Web's Bloom=20
a Garden for Sophisticated Scammers." <a=20
href=http://www.orlandosentinel.com/news/nationworld/chi-020311crime,0,
3389506.story?coll=orl-home-headlines>http://www.orlandosentinel.com
/news/nationworld/chi-020311crime,0,3389506.story?coll=orl-home-headlin
es</a>=20
[This article discusses the current trend of using ficticious identities
on=20
internet auctions to set up accounts with high reliability ratings and
sell=20
items that never get delivered. It also discusses the story of one
couple who=20
lost 700 dollars through this scam.]</p> <p
align="justify"> [9]=20
McCarthy, Kieren. The Register. May 18, 2001. "Murderer Confesses on
Anandtech=20
Forum." <a=20
href=http://www.theregister.co.uk/content/6/19045.html>http://www.th
eregister.co.uk/content/6/19045.html</a>=20
[This article discusses an incident where a member of a discussion forum
created=20
a fictional identity, began "dating" her, and then killed her
off.] =20
</p>
<p align="justify"> [10] Sacremento Valley Hi-Tech Task
Force.=20
"Iinvestigations." <a=20
href=http://www.sachitechcops.org/investigations.htm>http://www.sach
itechcops.org/investigations.htm</a>=20
[The investigations page of the Sacremento Valley Hi-Tech Task Force
discusses=20
the types of cases they investigate and details some of the case
highlights in=20
recent history. Of relevance is the case of Bryant Alan Adams, who used=20
fictional identities for online auctions, to rent cars, and to create
seemingly=20
legitimate businesses.]</p> <p align="justify">[11]
Frye, Cathy.=20
Arkansas Democrat-Gazette. January 8, 2001. "Web of Deception." <a=20
href=http://www.arkdemgaz.com/prev/childporn/A1Day2Main8.html>http:/
/www.arkdemgaz.com/prev/childporn/A1Day2Main8.html</a>=20
[This article discusses the FBI's "innocent images" program to stop
pedofilia=20
and pornography on the Internet. It also discusses several cases that
have been=20
investigated by the officers involved.]</p> <p=20
align="justify">[12] Pistole, John S. Congressional
Statement-Federal Bureau=20
of Investigation. October 1, 2003. "Fraudulent Identification Documents
and the=20
Implications for Homeland Security." <a=20
href=http://www.fbi.gov/congress/congress03/pistole100103.htm>http:/
/www.fbi.gov/congress/congress03/pistole100103.htm</a>=20
[This document discusses the use of false identifying documents by
terrorists=20
and (of relevance) the ways that the FBI and the federal government are
starting=20
to crack down on the terrorist use of false identification.
Several of=20
these preventative initiatives are discussed in detail in the=20
document.]</p> <p align="justify">[13] Science Daily.
July 1,=20
1999. "AAAS Urges Caution In Regulating Anonymous Communication On The=20
Internet." <a=20
href=http://www.sciencedaily.com/releases/1999/07/990701065214.htm>h
ttp://www.sciencedaily.com/releases/1999/07/990701065214.htm</a>=20
[This article discusses the opinion of the American Association for the=20
Advancement of Science that anonymity is more beneficial than harmful
when it=20
comes to communications on the Internet. It also discusses several of
the=20
reasons AAAS gives to support this opinion.]</p>