Return to Transcripts main page

CNN Newsnight Aaron Brown

Identity Theft: A Growing Problem

Aired April 12, 2005 - 22:00   ET

THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.

THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.


AARON BROWN, HOST: Good evening, again, everyone. Today the big online database company Lexis-Nexis admitted that personal information on about 310,000 people was stolen last month when hackers broke in. That's 10 times more than the company first said. Funny how it always works that way, isn't it?
Financial data, perhaps your financial data: addresses, Social Security numbers. In other words, who we are. Because we've become nine digit numbers starting with an area code, where income brackets and credit scores were bits and bytes, some of which we're perfectly happy to volunteer because it makes life incredibly convenient. Sometimes.

Tonight, the dark side, beginning with CNN's Deborah Feyerick.

(BEGIN VIDEO CLIP)

DEBORAH FEYERICK, CNN CORRESPONDENT: You may never have heard about Choicepoint, may not know about Lexis-Nexis, but chances are they know about you. Not just your name, but where you live, what you buy, your driver's license and Social Security number. In short, they know just about everything.

MARK RASCH, SOLUTIONARY INC.: Every place you've ever lived, every address, everything you've ever owned in terms of real estate, every time you've been sued -- all that information is collected.

FEYERICK: Databases are huge businesses. Buying and selling your personal details to virtually anyone who wants to make sure your credit's good, like stores, credit rating agencies, even potential employers.

And companies buy and sell your information not just in the United States but around the world, making identity theft a global problem.

How serious of a problem is this?

UNIDENTIFIED MALE: It's a very serious problem. And it's growing every year. You know, the greater technology becomes, the more advanced technology becomes, the greater the risk, of course. The greater the criminal element becomes.

FEYERICK: Kevin Barrows cracked his first big computer hacking case as an FBI agent. He says, if you think this doesn't apply to you, think again. Because if you've ever had a job, owned a home, rented a car, gone to college, used a credit card or paid a bill, you're in a database. And once you're in, there's no way out. And it can be virtually impossible to stop others who want to know about you and hide behind your identity.

KEVIN BARROWS, RENAISSANCE ASSOCIATES: It's not just financial loss that you have to be concerned with with identity theft. It's terrorism. It's the ability to get into this country by using someone else's identification. It's the ability to commit crimes under someone else's name. And there are hundreds of thousands of stories of people who have been victimized in this way.

FEYERICK: Last year the Federal Trade Commission received over 635,000 complaints of consumer fraud and identity theft. And the thing about identity, once it's gone, it's up to you to get it back.

RASCH: It's really, really difficult for people to be able to prove to banks and insurance companies and other entities that, whoever it was who charged these accounts or created these false identities, wasn't you. And getting your own identity back is very, very difficult to do.

FEYERICK: Lexis-Nexis says it's sending out letters to everyone affected. But except in California, there are no laws forcing companies to tell you if someone's accessed your identity. A subject so popular, we found "Wired News" reporter Kim Zetter at a yearly news conference on it.

KIM ZETTER, WIRED NEWS: There should be, perhaps, laws, that say that companies should be required to encrypt data, which would make it more a little more difficult if someone did get into a system to interpret what the data says. There definitely are things that legislators could do, but currently there isn't anything like that.

FEYERICK: In February, data broker Choicepoint says it sold 145,000 personal profiles to identity thieves by mistake. The irony? It appears choicepoint never did a background check on the bogus company that bought its files.

Congress is now looking into that, fearful this is just the beginning.

Deborah Feyerick, CNN, New York.

(END VIDEOTAPE)

BROWN: Which is the point: add to Choicepoint and Lexis-Nexis, add a company, public institutions, a virtual who's who of companies out there who have lost your data. Microsoft today released patches for a number of software applications.

Some of the security flaws, if not dealt with, could allow an attacker to take control of someone else's computer. Back in January, T-Mobile revealed a breach of 400 customer records, but also, somehow, information used by the Secret Service as well. Bank of America recently admitted to misplacing computer backup tapes containing the records of more than a million people. Cal-Berkeley got hit last summer: hackers gained access to 1.25 million records from a researcher's computer. And, late last month, someone stole 185,000 billing records from a medical practice in San Jose, California. And those are just a few that we've heard about.

When your identity is stolen from a third party, be it Choicepoint or Lexis-Nexis or T-Mobile, it is impossible to see it comes. But third parties aren't the only weak link in the system. Often, in fact far more often than you might imagine, identity thieves get the information they need straight from you. It comes down from this. The bad guys are constantly creating new schemes to trick us all, and many people never see the scams, no matter how obvious some seem. Here's CNN's Gerri Willis.

(BEGIN VIDEOTAPE)

GERRI WILLIS, CNN CORRESPONDENT: You're smart, you're a wary consumer. There's no way that you will be scammed by identity thieves like nearly 9.5 million Americans were in the past year alone. Don't be so sure. The bad news is that scammers are finding new ways to fool you every day. The most popular scam: online auctions. According to the FBI's White Collar Crime Center, fraudulent auctions account for 71.2 percent of the close to 280,000 complaints filed last year. The average loss per person was $200. Consumers pay their money, but the goods are either not what they were promised or never delivered at all. Another top scam used to reel in victims, phishing.

JAMES VAN DYKE, JAVELIN STRATEGY AND RESEARCH: Phishing, which is spelled with a p-h, is where somebody sends you an e-mail and this somebody is a criminal who claims to be your trusted provider, that bank or credit union, maybe it's the internet site that hosts auctions or payment services. And they say that if you log on, then you'll avoid some security problem. Because there's been a problem with your account.

WILLIS: Experts say phishing scams are getting harder to detect by the day. Phishers use authentic-looking corporate logos and legitimate-sounding letters, all aimed at getting passcodes, pin numbers or personal I.D's.

W.C. Fields once said, you can't cheat an honest man. It's as true now as it was then. Two top scams rely on a victim's greed and their willingness to bend the law. The so-called Nigerian 419 letter is an e-mail asking for your help in getting a Nigerian government official's funds out of that country. In return for depositing his money in your account, you're promised thousands of dollars. Of course, just the opposite is true. According to the Better Business Bureau, victims lose $3,000 on average and some have even been killed.

Like the Nigerian scam, the postal forwarding scam requires that victims be both trusting and desperate for money. The scammers say they're looking for someone to accept merchandise from an offshore company, then reship it overseas. In reality, you've become a fence, moving stolen goods.

Finally, a scheme that's been around a long time. You get an e- mail which says, congratulations, you've just won a fabulous prize, only hitch is that you have to visit a website and provide your debit card number and PIN to cover shipping and handling costs. As you might expect, the only one to get a prize are the bad guys. They get your identity.

Gerri Willis, CNN, New York.

(END VIDEOTAPE)

BROWN: Now, in truth, I know that none of you would ever fall for anything as obvious as the Nigerian scam, would you? But those others, those others do look pretty slick.

So this is both a story of who and how. To give you some idea of the who we're batting it around this afternoon in our afternoon meeting, and one of our staffers said pretty casualty, I got three this afternoon. As for the how, Omar Wasow joins us now to talk about that. All right, we're going to walk through some of this stuff. But because I -- as I was pointed out in the meeting today, the geekiest person on the staff. How do they get your e-mail?

OMAR WASOW, TECHNOLOGY ANALYST: Getting e-mail is remarkably easy. There are a variety of ways. One is, they scour the web for any e-mail addresses on web pages and others...

BROWN: Why are they on web pages?

WASOW: You might say -- you know, people post to blogs and they have their email address there or on family sites they have their email addresses.

BROWN: And they have like a computer that does this, software that does this?

WASOW: Same kind of software that scans the internet for Google or Yahoo!, that just captures every page and sort of organizes that information will pull out e-mail addresses. Virus writers are now working with con artists to make sure when a virus goes out and scours your inbox to spam other people, it is also sending those email addresses to the con artist. So, it's a lot of different techniques.

BROWN: So, this is true -- the other day I got this -- I got a thing from Wells Fargo bank. It said that they were having some problem or another. And all I to do -- and I was there. Until I realized, I don't have an account at Wells Fargo bank.

WASOW: Minor detail.

BROWN: Right. And so -- but I was there with them. So we -- one of the guys on the staff got a bunch of these today. We put one up to try and see what we could see, in a sense. So, Chris, put it up here. So this came from eBay for whatever reason -- I guess because people send money to eBay. EBay gets hit a lot on this kind of stuff. Is there like, no -- can you look at this and know it's phony?

WASOW: You can't. I mean, there are a couple of ways -- often -- there are some techniques you can use, but off the top they've gone to great lengths. For example, you look at the -- where it's from, it says from ebay.com. You look at the logos, the eBay logo is exactly right, powered by IBM.

BROWN: I think that's a nice touch.

WASOW: Yes, they go to great lengths to duplicate. And even some of the links on the page go to legitimate ebay places. But this one, "Please click here to update your billing records," that's the red flag. Nobody who does ecommerce legitimately -- banking, online transactions -- is going to send you an email that says update your personal financial information.

BROWN: But, so -- but you fall for it.

WASOW: You do.

BROWN: Where does it go?

WASOW: So, typically what they have is a site that looks like the legitimate site, Wells Fargo, Bank of America, eBay. The information is then captured and sent to an illegitimate site. There's a web server somewhere, probably abroad, that's taking that information. Once they've got your user I.D., your password, your Social Security number. They go so far to add your mother's maiden name.

BROWN: I think that's also a very nice touch.

WASOW: And it even asks for your bank routing number. Once you've given that kind of information away...

BROWN: They own you.

WASOW: They own you. They've got a piece to your bank.

BROWN: Can you, relatively easily -- not me, but could you or other smart people in this stuff -- figure out where it actually comes from?

WASOW: People can track them. So whether -- everyone from Microsoft to the Federal Trade Commission to anti-crime units do look at the -- what's called the I.P. address, the actually sort of -- almost like the address on the internet.

BROWN: And there are some guys in the Ukraine who are doing this. Is it impossible essentially to prosecute them?

WASOW: Is it very hard to prosecute them. The sites go up and down, on average for just a few days. It is very hard to trace them. In this case, the best defense is a good offense. You want to do thing like have anti-spam software installed on you computer, so it doesn't even get into your inbox.

BROWN: It never gets there at all?

WASOW: Yes. I think I have all this stuff. I have stuff on my computer, honestly I don't know why it's there. The guy says you have to run the spy this and the ad that. I don't know what this is, to be honest. Have you ever gotten nailed? Have you?

WASOW: I've never been nailed by an online scam.

BROWN: You've never falling for anything.

WASOW: Never fallen for anything online. I once got conned...

BROWN: So, that's true that you work for the Nigeria --

WASOW: Yes. One of my favorite stories about this was, there was the I love you virus a few years ago. There was a guy very senior in security who fell for it. When you get an e-mail from a friend that says, I love you, you can't help but open it. They play on our weaknesses. That's the art of it.

BROWN: Just quickly, will it get -- will technology make it so that this gets -- actually gets better or will it get worse?

WASOW: Technology is making this get better. There's a sort of an arms race right now between the con artist and the virus writers. What you're seeing that it's getting harder and harder for those spam messages to get through. It's harder for the phishing messages to go through. It will never get to zero. But you're seeing that the antivirus software and anti-spam software is getting better. Companies like Yahoo! and Microsoft are creating systems to make it harder for spokes to bulk spam. And, I think over time will become less an issue.

BROWN: Nice to see you. Feel free to leave any trinket or gadget that you're working with these days.

WASLOW: Will do.

WASLOW: Thank you for coming up tonight.

Coming up another scam. This one as simple as stealing from a baby. First, a quarter past the hour or thereabouts, let's look at some of the other stories that made news today. Erica Hill joins us from Atlanta.

ERICA HILL, CNN CORRESPONDENT: Hi, Aaron. An FDA advisory panel has voted to recommend continuing a ban on silicone breast implants. This comes after two days of testimony. The panel voted 5-4 to continue the ban on implants made bay company called Innamed. Silicone breast implants were pulled off the market over health concerns. The panel says more data is need on how long they'll last. One manufacturer argues that implants are more safer and more durable.

The nationwide hunt for an exconvict suspected of killing two people and assaulting a teen in South Carolina has ended in Georgia. 37-year-old Stephen Stanko was arrested without incident at an Augusta shopping mall after four days on the run. Stanko has served time in the past for kidnapping and aggravated assault.

In the Michael Jackson trial today, the stepfather of Jackson's accuser testified his family was both harassed and offered bribes, including a free house and college education to make a video defending the singer. The stepfather also says his stepson appeared to have brainwashed after his last visit to Jackson's Neverland ranch.

Beer giant Anheuser-Busch is threatening to boycott rice grown in Missouri if the state allows genetically grown crops to be grown. Engineer rice is engineered to produce human proteins that can be used in making drugs. Anheuser-Busch, the largest buyer of rice, is concerned that cross pollination could contaminate other crops.

The world's largest retailer is giving a boost to wildlife preservation. Wal-Mart says it will be an amount equal to its stores, parking lots and distribution centers will use over the next 10 years and then donate that land to the National Fish and Wildwife Foundation. The arrangement will cost Wal-Mart $35 million.

This is the latest from "HEADLINE NEWS" at this hour. Aaron, back to you.

BROWN: Thank you, Erica.

More to come from us tonight on who is trying to make your identity their own. We'll start off pretty small.

(BEGIN VIDEO CLIP)

JOHN BROOKE, FATHER OF ID THEFT VICTIM: Went out to get the mail one day. Opened up the mail from a medical clinic, and realized that Andrew was being billed for an office visit for $94. Apparently he had driven himself across town, walked in to see the doctor for a work-related back injury. And then prescribed narcotic pain reliever that can sell for $30 apiece on the street.

(END VIDEO CLIP)

BROWN: Andrew is a baby. Laura is not.

(BEGIN VIDEO CLIP)

UNIDENTIFIED FEMALE: I had said that the boss is a jerk. He had been acting a bit arrogant and pompous with me all week.

(END VIDEO CLIP)

BROWN: She used e-mail to say it. Her boss found out. And how he found out could be the story where you work, too.

Also tonight a man who knows perhaps better than anyone else what the internet can do and what bad guys can use it to do. We'll talk with Scott Mcneely of Sun Microsystems because analog or digital, this is NEWSNIGHT.

(COMMERCIAL BREAK) BROWN: Identity theft is nothing if not Democratic. Anyone is a potential victim. You are, I am, your friends are, so are your neighbors. Dead people can be victims. So can newborns.

(BEGIN VIDEOTAPE)

BROWN (voice-over): At just 21 days old, Andrew Brooke was causing his parents a few more problems than your average infant.

JOHN BROOKE, ANDREW'S FATHER: I went out to get the mail one day and opened up the mail from a medical clinic. And realized that Andrew was being billed for an office visit for $94. Apparently he'd driven himself across town, walked in to see the doctor for a work- related back injury, and then prescribed a narcotic pain reliever that can sell for up to $30 a piece up the street.

BROWN: Since Andrew was barely drooling, let along walking and working, his parents suspected something was up.

BROOKE: The first thing we did is call the medical clinic and say, where did you get this information? What's going on? And they told us it had been provided by the person who had walked in.

BROWN: Andrew's full name appeared only on two pieces of paper -- his birth certificate and his medical records, and neither had left the Seattle area hospital where he was born. But the hospital told the family it found no evidence of a security breach, and police, the family says, were of little help.

BROOKE: It took two months to actually get them to even file the police report. And that was only after weekly phone calls from me, just badgering them until they finally filed one.

BROWN: No one has been arrested for stealing Andrew Brooks' identity, just as no one is usually arrested in such matters.

BROOKE: It's the fastest growing crime in this country. It's the most expensive crime to this country, costing between $46 and $53 billion a year -- that's billion with a "b" -- depending on whose study you look at. And what I find really amazing is fewer than one in 700 cases are even investigated.

BROWN: Compared to Andrew, Rebecca Bartelheimer was all grown up when at 3 years old her ID was stolen. Her mother learned this when she tried to open a savings account and found that her daughter's Social Security number was already in use.

MICHELE BARTELHEIMER, REBECCA'S MOTHER: I felt very violated, because you know, I thought I was doing everything to protect her. And never even thought that I had to protect her from identity theft. You think of car seats. You think of helmets. You think of coats on a cold day. You never think of someone coming and stealing your child's identity.

BROWN: She has no idea how this happened, but says she spent 1,000 hours trying to undo the damage caused to her 3-year-old's credit rating.

BARTELHEIMER: And I just cry tears, because every day, all day I'd wake up and spend all day. If I wasn't taking care of my kids, I had to be on the phone, or on the Internet researching this and trying to track it down, and sitting on hold on the phone waiting for someone to talk to me. It was horrible. It was a nightmare.

BROWN: When you consider all the things that can happen to your child, identity theft may not seem like much. But as a parent, it does change you. It changed Andrew's dad, a lot.

BROOKE: You don't relax anymore. You're worried about everything. What information am I giving out? Who is going to use that information? How will it be used?

(END VIDEOTAPE)

BROWN: Mostly, of course, the victims are not babies, and mostly the solution is not so simple as proving that your 3-week-old doesn't really have a job. What happens when you get hit is virtually never- ending. You never really know where it's going to hit you next. Fight, fight again, fight not with the thief, of course, but with your bank or your credit bureau. The fight with the people who have heard every sob story in the world and have no reason to believe yours. So most often, they don't. Here's CNN's Allan Chernoff.

(BEGIN VIDEOTAPE)

ALLAN CHERNOFF, CNN CORRESPONDENT (voice-over): Maureen won't share her last name, won't even permit us to tell you what state she lives in. Why? Because she's been a victim of identity theft.

MAUREEN, IDENTITY THEFT VICTIM: I'm afraid that it's still out there. Somebody's selling my Social Security number.

CHERNOFF (on camera): It all started Christmas Eve five years ago. Maureen was doing some last-minute shopping at a store that had been located here. In the rush to get home, she left her pocketbook in the shopping cart. By the time she realized it the next day, it was too late. The pocketbook, including all of her IDs and Social Security card, was gone, never to be recovered.

(voice-over): Maureen canceled her credit cards. Then, more than two years later, she got a phone call.

MAUREEN: I had an overdue balance on your Wal-Mart card. I never had a Wal-Mart card.

CHERNOFF: Two more calls followed.

MAUREEN: Your Midnight Velvet card and your Newport News card. And these are credit cards that I never had. I never even -- I never even received their catalogues.

CHERNOFF: And, Maureen says, none of the retailers had ever sent a bill. When she explained, though, they were quick to help. MAUREEN: They were terrific. And they completed the investigation, I would say, within 60, maybe 90 days.

CHERNOFF: The bills were cleaned up, but Maureen, mother of four, had already suffered damage to her credit. She and her husband found out when a bank rejected their mortgage refinance application.

MAUREEN: I realized that I had to clean up my credit myself. Even though I wasn't responsible for what had gone on.

CHERNOFF: The unpaid bills had led the three credit bureaus -- Equifax, Experian and TransUnion -- to slash Maureen's credit score.

COLLEEN MARTIN, TRANSUNION: If the identity thief has applied for credit, gotten that credit and has begun to charge in her name and not pay off bills, then that could start to deteriorate the score and the credit report.

CHERNOFF: Maureen's good credit had gone bad. Then her situation got worse. Capital One called, demanding payment for a $1,200 credit card bill. This time, Maureen says, the bank rejected her explanation.

MAUREEN: Their attorneys started calling me. And they basically said, you know, pay up. We don't believe your story. They would send me letters that, you know, pay half of the bill and we'll be satisfied with that. And I said, no.

CHERNOFF: Maureen wrote letters, sent the police report of her ID theft. Even so, Capital One sued Maureen. She appeared in court representing herself, and only then did the bank's lawyers finally back down.

MAUREEN: They just basically said, OK, well, we're just going to drop it. And that was the end of it. They never gave me an apology, nothing. I never heard from them again.

CHERNOFF: In a statement to CNN, Capital One said Maureen, quote, "appears to have been the victim of fraud, and we apologize to her for any inconvenience she's suffered. Capital One is committed to protecting our cardholders from those who commit fraud."

Capital One declined CNN's request for an on-camera interview.

If you fall victim to ID theft, consumer advocates say, follow Maureen's example. Contact the police and get a copy of their report. Notify your credit card issuers, and contact the credit bureaus. They can put a fraud alert on your record to watch for any case of ID theft for up to seven years. That's what Maureen has done, even though she once again has good credit, because she fears her nightmare is not over yet.

Allan Chernoff, CNN.

(END VIDEOTAPE) BROWN: Ahead on NEWSNIGHT tonight, think about all the stuff you write in private e-mails you send from work. Everything from the fun you had on Saturday night to the less-than-choice comments about your boss. Now, imagine your boss reading it. He or she probably is, and can, and we'll show you how, after the break. From New York, this is NEWSNIGHT.

(COMMERCIAL BREAK)

BROWN: We may be living in 2005, but there are shades of 1984. Your employer may allow you to send personal e-mails because your employer is a pretty swell person. But it turns out he's swell and perhaps a bit nosy, too. So your employer is actually reading every e-mail you send to everyone. Well, not actually sitting there and reading every one, nothing would get done. The job's been outsourced to a computer. Here's technology correspondent, Daniel Sieberg.

(BEGIN VIDEOTAPE)

LAURA: I had written an e-mail to a co-worker complaining about my boss, complaining about his behavior. And within a week of that e- mail I was fired.

DANIEL SIEBERG, CNN TECHNOLOGY CORRESPONDENT (voice-over): This woman asked that we only identify her as Laura. She's afraid of what this impulsive e-mail would do to future employment prospects.

LAURA: I had said that the boss was a jerk. He had been acting a bit arrogant and pompous with me all week.

SIEBERG: An official with her former employer says Laura was let go for a number of personnel reasons. And that derogatory comments in her e-mail were a factor. This officials also says, the company informs all employees that they're e-mail is monitored.

(on camera): Did you know that your e-mail was being monitored?

LAURA: No, I had no idea.

SIEBERG (voice-over): What -- how did you feel when you found out?

LAURA: I felt a bit violated, frankly, because I felt that we were allowed through the company's own policy, we were allowed to have so much personal e-mail per day.

SIEBERG: Laura isn't alone. Only 50 percent of respondents in a survey from EPolicy Institute say their organizations train on e-mail policies. The same survey finds that nearly 80 percent of companies have e-mail policies, and that one in four has fired employees for violations.

NANCY FLYNN, EPOLICY INSTITUTE: Most employees tend to think my e-mail is my business. My employer has no right to read my e-mail messages, particularly if it's a message to a friend or a family member. But in reality, here in the U.S. the federal government gives employers the right to monitor all employee e-mail, instant messaging and Internet activity.

SIEBERG: Thousands of e-mails messages fly in and out of companies all day long. While it's impossible for the boss to literally look over your shoulder, businesses are turning to technology, computers that can read every word of every e-mail, and raise red flags.

PAUL JUDGE, CTO, CIPHERTRUST: We've taken the approach of having machines and algorithms, that can go out and understand what's the vocabulary of normal legitimate business e-mail, and then what are the anomalies to that. And what's the vocabulary used in jokes or used in chain letters.

SIEBERG: Ciphertrust helps companies sort through the flood of e-mail, running every message through a series of filters looking for key words. Some of them are so offensive, we can't show them to you. The company can then decide whether to respond or let it go.

JUDGE: I see many that set up a rule that say notify human resource or notify the legal department. Or an organization may set up a rule that says just block that message. Do not let it go out of network.

SIEBERG: And while it may not get out, it could well come back. Most employees don't realize that e-mail is forever.

FLYNN: What everybody needs to be aware of, is that e-mail and instant messaging create written records. It's not the same as standing around the water cooler gossiping about somebody. You gossip about somebody via e-mail, there's a written record of it, and it could come back to haunt you and your employer.

LAURA: They still fear for their jobs a bit.

SIEBERG: For Laura the experience left her angry and frustrated. Right now, at least, she doesn't have to worry about her e-mail. She's currently self-employed.

Daniel Sieberg, CNN, Phoenixville, Pennsylvania.

(END VIDEOTAPE)

BROWN: You can make a pretty good case that our next guest tonight has done more to make computers and computing an integral part of our lives than just about anyone. Microsoft may put a computer on every desktop, and IBM may have once had a lock on huge mainframes. But Sun Microsystems has arguably done the most to tie it all together. Large and small, hardware and software.

Scott McNealy is the CEO of Sun Micro. I'm pleased to have him with us.

Is this whole notion that we have any privacy any more quaint and done?

SCOTT MCNEALY, CEO SUN MICROSYSTEMS: Well, I'm pretty famous for a statement I made a while back at a keynote once, "That you have no privacy. Get over it." And that was taken a little bit out of context. The point is you don't want absolute privacy or absolute anonymity. One is you want your doctor to have your medical records. You want your banker to have your financial records. And you want different organizations to maintain and hold and safeguard the important information in your life. Another statement I'll make is that absolute anonymity breeds irresponsibility. So you want audit trails and other things. But privacy is a complicated topic, as we're all seeing here.

BROWN; I agree. I want my doctor to have my medical records, but I want to decide if my doctor has my medical records.

MCNEALY: That's right.

BROWN: That's where this -- I mean, there is a social cost to just the uncertainty of knowing who knows what about you?

MCNEALY: And we've lived with that forever. And I always use the example of your medical records are shipped around -- through the U.S. mail system on 8 1/2 by 11 sheets of paper, unencrypted in English, folded up and put in an envelope -- a paper thin envelope, sealed with spit, put in a tin box, with a tin door, no lock, given to the U.S. government for a few days, who then keeps it. And then hopefully puts it in a tin box, with a tin door, no lock, on a publicly available street some time later.

All of these identity theft issues can be done online or can be done in the physical world. So, we've been living with this issue forever.

BROWN: I'll grant you that they can be done physically as well as online, but they can't be done as simply it seems to me or in the kind of volume or as stealthly, if that's a word.

MCNEALY: Yes, there's no question the Internet provides an interesting level of anonymity, although somebody can drive up to my mailbox -- In fact, somebody has, driven up to my mailbox, actually stolen my mail. She wanted to meet me when I was single, and it didn't work. But you know, you can still do that anonymously, because who can watch every mailbox on the planet? And stuff does get stolen at airport out of mailbags, that sort of thing. But you're right, anonymity, they don't know who you are or where you are on the Internet, unless we get solid authentication mechanisms. And we have the technology today. I've got a Java card here. There are 8 million or 9 million Java cards out there used that create multi-factor authentication, that is what you know a password, as well as what you have, the actual Java card. And then maybe even a biometric, who you are, a retinal scan, a voice printer, whatever. And if we authenticate not only ourselves, but the Web sites that we're talking to, we can eliminate a lot of this scamming, spoofing, counterfeiting, that sort of thing.

BROWN: Here's just a last question and maybe a thought. You know a gazillion times as much about this stuff as I know. And the fact is, I was saying this earlier, I have stuff on my computer that my computer guy, because these guys you got to have a computer guy, says just run this stuff every week because there's spy this and ad that. And I don't even know what that stuff is, but I just know that people are snooping on me or computers are snooping on me.

MCNEALY: Well, so there's a concept of should you become your own personal administrator and keep all of that state local? My view is, if it's really important to you, you shouldn't handle it. If money's important to you, give to it the bank. If your medical records are important, give it to your doctor. If your financial records are important, give it to your bank or whatever. And if your voice mail's really important, don't put it on your home answering machine, give it to your service provider. That's what we do in the cell phone world, but we have authentication, we have audit trails and we can track very, very quickly anybody who gets out of line.

BROWN: Good to meet you.

MCNEALY: Thank you.

BROWN: Thank you buddy. Thank you. Still to come tonight, helping victims of identity theft fight to get their identity back, because not fighting, as it turns out, is not an option. You'll meet some people who have been on both ends of this. We take a break, first around the world.

It is a small world these days, this is NEWSNIGHT.

(COMMERCIAL BREAK)

BROWN: Identity theft comes with this cruel twist, as we've shown you tonight, once your good name or even your bad name is stolen, for that matter, is stolen, it is up for you to reclaim it. And restoring your credit can take years, years of phone calls and credit checks, years of doubts, denials and suspicion, years of endless red tape. Most are just glad to get it over with. A few take it on as a cause.

Here's CNN's Frank Buckley.

(END VIDEOTAPE)

FRANK BUCKLEY, CNN CORRESPONDENT (voice-over): They work out of their home in San Diego, Jay and Linda Foley spend their days and nights in front of computer screens and on the phone.

UNIDENTIFIED FEMALE: Identity Theft Resource Center.

BUCKLEY: With a handful of paid staffers and some 75 volunteers, they help victims of identity theft reclaim their identities.

UNIDENTIFIED FEMALE: And so look out for other lines of credit that shouldn't be opened. That's what you're looking for when you monitor your credit.

BUCKLEY: They know what identity theft victims are going through. They've been there. LINDA FOLEY, IDENTITY THEFT VICTIM: When you need someone who's empathetic who says, yes, I know how you feel. And the first thing you want to say is, you don't have a clue, lady, how I feel. You want to make a bet? Yes, I do. I've been living identity theft for seven years now.

BUCKLEY: She found out she was a victim when a credit company called to ask about her new address.

L. FOLEY: And I said I haven't moved. And they said, yes, you did. And I said, no, I have moved.

BUCKLEY: It turned out the thief was this woman -- Berry Nestle (ph), her boss.

L. FOLEY: I filled out my tax form. She used those to get credit cards and a cell phone. The very same cell phone I was calling her on on a daily basis. Little did I know I was going to end up getting the bill.

BUCKLEY: Along with the phone were the credit cards. All these bills were due in your name?

L. FOLEY: Yes.

BUCKLEY: Nestle was eventually convicted and sent to prison.

L. FOLEY: I was one of the lucky ones. I caught my impostor. She got some jail time out of it. She'll be out in a couple years. What about all the thousands and thousands of victims who never get it resolved that way?

BUCKLEY: Foley and her husband Jay resolved to help those victims through the nonprofit Identity Theft Resource Center. They say they get 700 requests for help every week.

L. FOLEY: And we get these -- for 2 1/2 years I've been battling this. I don't know what else to do other than to just give up. And let them take all the money, let them have everything, and then they can't hurt me anymore. We write back, that's not an option. There's nothing a thief can do that eventually cannot be undone or we can find a way through using the system to get to the point where you can continue your life.

BUCKLEY: The Foley's have testified in state legislatures, and in Congress, trying to raise awareness and get tougher laws passed.

L. FOLEY: I now have your Social Security number. I now have access to your credit and to your lives.

BUCKLEY: They've received numerous awards. They get by on grants and donations.

(on camera): Why didn't you just leave this to some government agency or some credit card company to deal with?

L. FOLEY: Because no one else will do the job.

UNIDENTIFIED MALE: Good morning. Identity Theft Resource Center.

BUCKLEY: A job that's become a mission.

UNIDENTIFIED MALE: We want to help you, we want to help you get through it. And it can be overcome.

BUCKLEY: Overcome with the help of these fellow survivors of identity theft.

Frank Buckley, CNN, San Diego.

(END VIDEOTAPE)

BROWN: And on the program, we'll go phishing. We'll show you just how easy it is to create an e-mail to scam somebody out of their idenity. The only safe haven these days is morning papers, and that's still to come as well.

This is NEWSNIGHT on CNN.

(COMMERCIAL BREAK)

BROWN: Just a moment, we'll show you how easy it is to design a Web page that could trick somebody into divulging key information, and it takes about 10 minutes.

First at about a quarter to the hour, Erica Hill joins us from Atlanta, with some of the day's other news -- Erica.

HILL: Thanks, Aaron.

The World Health Organization is urging scientists around the world to destroy vials of a potentially dangerous flu virus. The strain killed up to 4 million people in 1957. It was included in a sample pack sent to nearly 5,000 labs by a U.S. company. Those samples help labs make sure they can accurately identify strains. The World Health Organization says that chances of an outbreak are slim, but if the virus were to get into the general population it could spark a global flu epidemic.

Three British men are facing terrorism charges in connection with an alleged plot to attack U.S. financial institutions. The indictment unsealed today charges them with scouting potential targets including the Citigroup Building and the New York Stock Exchange in Manhattan. The men were arrested last August after computer evidence found in Pakistan provided evidence of the alleged plot.

The man who caused a security scare at the U.S. Capitol on Monday will be sent back home to Australia, but won't face any criminal charges. He prompted authorities to send in a SWAT team after standing outside the Capitol with two black suitcases and demanding to speak with President Bush. The man was tackled, nothing suspicious was found in his bag. Immigration officials say he'll be expelled under a public safety provision.

Pop star Britney Spears putting an end to some speculation about her personal life. The pop princess revealed on her Web site today, she is, indeed, pregnant. It will be her first child. The third for her husband Kevin Federline. He has two children with a former girlfriend. Spears' expanding waistline has left the tabloids speculating about her condition for weeks.

And that's the latest from Headline News. We saved the best for last there for you, Aaron. Back to you.

BROWN: Thank you. I've been pretty worried about that.

HILL: I had a feeling.

BROWN: Thank you, I appreciate you clearing that up for me.

It's one thing to tell you how easy it is for the bad guys to come up with ways to trick us all, now we're going to show you how easy it is. We wondered how long it would take someone who is not an experienced hacker to create an e-mail that would look real enough to fool you into giving away your personal banking information.

So we gave the job to one of our college interns, because we're not always sure what to do with them if we don't do this sort of thing.

In less than 10 minutes, after just a bit of cutting and pasting, this is what the spikey-haired kid came up with.

Yeah. I mean, it looks real to us, too. It looks like it came from Wells-Fargo. It has all the right blanks to put in. And all you have to do, basically, is then add a link. Here's what you would just click on down there at the bottom. And you would think you're sending it to Wells-Fargo, but in fact, you would be sending it to the spikey- haired kid who'd then clean out your bank account in about 10 minutes, too. That took him 10 minutes to do.

Morning papers takes us about two and a half. We'll take a break first.

(COMMERCIAL BREAK)

BROWN: Okey-doke. Time to check morning papers from around the country and around the world.

We'll start with "The Washington Times." We started with "The Washington Post" yesterday. We should balance this out. I don't know why, but we should. "Religion Under Assault by Liberals" up at the top. "Commandment Suit: Latest Fight." I don't know about that. I mean, is that a liberal/conservative issue, religion in government and out there? I don't know. Maybe it is.

Was there something else I liked here? No, as it turned out. So unless you're interested in that story, save your quarter. "The Christian Science Monitor." Not really -- it's kind of a fun paper. "At Tax Time, Lots of Money Under the Table: From Gambling to Painting to Child Care; Not All Income Gets Shared With the IRS." Imagine that. Front-page news.

"The Oregonian" out in Portland. I like this story. I like this paper, too. "Nike Casts Light on Factories." The company lists its chain of suppliers for the first time and reports abuses, worker abuses at some. What a giant company Nike's become. And they're based out West there in the Portland area, not actually in Portland.

So how are we doing on time, Will? OK. Thank you. 1:20, if you're timing at home.

"Philadelphia Inquirer," up at the top. "Dela-Whale River." This is a good story, too. A wayward beluga somehow makes its way from the Arctic to Trenton. Why would a whale want to go to Trenton? What's going on in Trenton?

"The Des Moines Register" has a bunch of good stories on the front page. Let's see if we can get to them all. "Telecom Donors Get Attention." "Lawmakers Deny Money Tied to Votes." Sure. Down here, OK? Margaret, the makeup person, is very upset about this. She read about this. "Are Cats Fair Game? Wisconsin Decides." A Lacrosse firefighter has proposed letting hunters shoot stray cats. It's like if a cat's walking across your front yard, you can shoot it? Seems a bit much to me. I'm not a cat person, but -- "Richmond Times Dispatch." "Where Are They?" This is missing sexual offenders. They're supposed to register, but incredibly, 20 percent do not. We don't know where they are.

"The Chicago Sun-Times," we'll wrap it up. "It's Official: She's Pregnant." Britney Spears made the front page. Yikes. Weather tomorrow in Chicago, by the way, "ho-hum."

Wrap it up in a moment.

(COMMERCIAL BREAK)

BROWN: Good to have you with us tonight. "AMERICAN MORNING," 7:00 a.m. Eastern Time. "LOU DOBBS TONIGHT" next. For most of you, we'll see you tomorrow at 10:00. Good night for all of us.

TO ORDER A VIDEO OF THIS TRANSCRIPT, PLEASE CALL 800-CNN-NEWS OR USE OUR SECURE ONLINE ORDER FORM LOCATED AT www.fdch.com


Aired April 12, 2005 - 22:00   ET
THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.
AARON BROWN, HOST: Good evening, again, everyone. Today the big online database company Lexis-Nexis admitted that personal information on about 310,000 people was stolen last month when hackers broke in. That's 10 times more than the company first said. Funny how it always works that way, isn't it?
Financial data, perhaps your financial data: addresses, Social Security numbers. In other words, who we are. Because we've become nine digit numbers starting with an area code, where income brackets and credit scores were bits and bytes, some of which we're perfectly happy to volunteer because it makes life incredibly convenient. Sometimes.

Tonight, the dark side, beginning with CNN's Deborah Feyerick.

(BEGIN VIDEO CLIP)

DEBORAH FEYERICK, CNN CORRESPONDENT: You may never have heard about Choicepoint, may not know about Lexis-Nexis, but chances are they know about you. Not just your name, but where you live, what you buy, your driver's license and Social Security number. In short, they know just about everything.

MARK RASCH, SOLUTIONARY INC.: Every place you've ever lived, every address, everything you've ever owned in terms of real estate, every time you've been sued -- all that information is collected.

FEYERICK: Databases are huge businesses. Buying and selling your personal details to virtually anyone who wants to make sure your credit's good, like stores, credit rating agencies, even potential employers.

And companies buy and sell your information not just in the United States but around the world, making identity theft a global problem.

How serious of a problem is this?

UNIDENTIFIED MALE: It's a very serious problem. And it's growing every year. You know, the greater technology becomes, the more advanced technology becomes, the greater the risk, of course. The greater the criminal element becomes.

FEYERICK: Kevin Barrows cracked his first big computer hacking case as an FBI agent. He says, if you think this doesn't apply to you, think again. Because if you've ever had a job, owned a home, rented a car, gone to college, used a credit card or paid a bill, you're in a database. And once you're in, there's no way out. And it can be virtually impossible to stop others who want to know about you and hide behind your identity.

KEVIN BARROWS, RENAISSANCE ASSOCIATES: It's not just financial loss that you have to be concerned with with identity theft. It's terrorism. It's the ability to get into this country by using someone else's identification. It's the ability to commit crimes under someone else's name. And there are hundreds of thousands of stories of people who have been victimized in this way.

FEYERICK: Last year the Federal Trade Commission received over 635,000 complaints of consumer fraud and identity theft. And the thing about identity, once it's gone, it's up to you to get it back.

RASCH: It's really, really difficult for people to be able to prove to banks and insurance companies and other entities that, whoever it was who charged these accounts or created these false identities, wasn't you. And getting your own identity back is very, very difficult to do.

FEYERICK: Lexis-Nexis says it's sending out letters to everyone affected. But except in California, there are no laws forcing companies to tell you if someone's accessed your identity. A subject so popular, we found "Wired News" reporter Kim Zetter at a yearly news conference on it.

KIM ZETTER, WIRED NEWS: There should be, perhaps, laws, that say that companies should be required to encrypt data, which would make it more a little more difficult if someone did get into a system to interpret what the data says. There definitely are things that legislators could do, but currently there isn't anything like that.

FEYERICK: In February, data broker Choicepoint says it sold 145,000 personal profiles to identity thieves by mistake. The irony? It appears choicepoint never did a background check on the bogus company that bought its files.

Congress is now looking into that, fearful this is just the beginning.

Deborah Feyerick, CNN, New York.

(END VIDEOTAPE)

BROWN: Which is the point: add to Choicepoint and Lexis-Nexis, add a company, public institutions, a virtual who's who of companies out there who have lost your data. Microsoft today released patches for a number of software applications.

Some of the security flaws, if not dealt with, could allow an attacker to take control of someone else's computer. Back in January, T-Mobile revealed a breach of 400 customer records, but also, somehow, information used by the Secret Service as well. Bank of America recently admitted to misplacing computer backup tapes containing the records of more than a million people. Cal-Berkeley got hit last summer: hackers gained access to 1.25 million records from a researcher's computer. And, late last month, someone stole 185,000 billing records from a medical practice in San Jose, California. And those are just a few that we've heard about.

When your identity is stolen from a third party, be it Choicepoint or Lexis-Nexis or T-Mobile, it is impossible to see it comes. But third parties aren't the only weak link in the system. Often, in fact far more often than you might imagine, identity thieves get the information they need straight from you. It comes down from this. The bad guys are constantly creating new schemes to trick us all, and many people never see the scams, no matter how obvious some seem. Here's CNN's Gerri Willis.

(BEGIN VIDEOTAPE)

GERRI WILLIS, CNN CORRESPONDENT: You're smart, you're a wary consumer. There's no way that you will be scammed by identity thieves like nearly 9.5 million Americans were in the past year alone. Don't be so sure. The bad news is that scammers are finding new ways to fool you every day. The most popular scam: online auctions. According to the FBI's White Collar Crime Center, fraudulent auctions account for 71.2 percent of the close to 280,000 complaints filed last year. The average loss per person was $200. Consumers pay their money, but the goods are either not what they were promised or never delivered at all. Another top scam used to reel in victims, phishing.

JAMES VAN DYKE, JAVELIN STRATEGY AND RESEARCH: Phishing, which is spelled with a p-h, is where somebody sends you an e-mail and this somebody is a criminal who claims to be your trusted provider, that bank or credit union, maybe it's the internet site that hosts auctions or payment services. And they say that if you log on, then you'll avoid some security problem. Because there's been a problem with your account.

WILLIS: Experts say phishing scams are getting harder to detect by the day. Phishers use authentic-looking corporate logos and legitimate-sounding letters, all aimed at getting passcodes, pin numbers or personal I.D's.

W.C. Fields once said, you can't cheat an honest man. It's as true now as it was then. Two top scams rely on a victim's greed and their willingness to bend the law. The so-called Nigerian 419 letter is an e-mail asking for your help in getting a Nigerian government official's funds out of that country. In return for depositing his money in your account, you're promised thousands of dollars. Of course, just the opposite is true. According to the Better Business Bureau, victims lose $3,000 on average and some have even been killed.

Like the Nigerian scam, the postal forwarding scam requires that victims be both trusting and desperate for money. The scammers say they're looking for someone to accept merchandise from an offshore company, then reship it overseas. In reality, you've become a fence, moving stolen goods.

Finally, a scheme that's been around a long time. You get an e- mail which says, congratulations, you've just won a fabulous prize, only hitch is that you have to visit a website and provide your debit card number and PIN to cover shipping and handling costs. As you might expect, the only one to get a prize are the bad guys. They get your identity.

Gerri Willis, CNN, New York.

(END VIDEOTAPE)

BROWN: Now, in truth, I know that none of you would ever fall for anything as obvious as the Nigerian scam, would you? But those others, those others do look pretty slick.

So this is both a story of who and how. To give you some idea of the who we're batting it around this afternoon in our afternoon meeting, and one of our staffers said pretty casualty, I got three this afternoon. As for the how, Omar Wasow joins us now to talk about that. All right, we're going to walk through some of this stuff. But because I -- as I was pointed out in the meeting today, the geekiest person on the staff. How do they get your e-mail?

OMAR WASOW, TECHNOLOGY ANALYST: Getting e-mail is remarkably easy. There are a variety of ways. One is, they scour the web for any e-mail addresses on web pages and others...

BROWN: Why are they on web pages?

WASOW: You might say -- you know, people post to blogs and they have their email address there or on family sites they have their email addresses.

BROWN: And they have like a computer that does this, software that does this?

WASOW: Same kind of software that scans the internet for Google or Yahoo!, that just captures every page and sort of organizes that information will pull out e-mail addresses. Virus writers are now working with con artists to make sure when a virus goes out and scours your inbox to spam other people, it is also sending those email addresses to the con artist. So, it's a lot of different techniques.

BROWN: So, this is true -- the other day I got this -- I got a thing from Wells Fargo bank. It said that they were having some problem or another. And all I to do -- and I was there. Until I realized, I don't have an account at Wells Fargo bank.

WASOW: Minor detail.

BROWN: Right. And so -- but I was there with them. So we -- one of the guys on the staff got a bunch of these today. We put one up to try and see what we could see, in a sense. So, Chris, put it up here. So this came from eBay for whatever reason -- I guess because people send money to eBay. EBay gets hit a lot on this kind of stuff. Is there like, no -- can you look at this and know it's phony?

WASOW: You can't. I mean, there are a couple of ways -- often -- there are some techniques you can use, but off the top they've gone to great lengths. For example, you look at the -- where it's from, it says from ebay.com. You look at the logos, the eBay logo is exactly right, powered by IBM.

BROWN: I think that's a nice touch.

WASOW: Yes, they go to great lengths to duplicate. And even some of the links on the page go to legitimate ebay places. But this one, "Please click here to update your billing records," that's the red flag. Nobody who does ecommerce legitimately -- banking, online transactions -- is going to send you an email that says update your personal financial information.

BROWN: But, so -- but you fall for it.

WASOW: You do.

BROWN: Where does it go?

WASOW: So, typically what they have is a site that looks like the legitimate site, Wells Fargo, Bank of America, eBay. The information is then captured and sent to an illegitimate site. There's a web server somewhere, probably abroad, that's taking that information. Once they've got your user I.D., your password, your Social Security number. They go so far to add your mother's maiden name.

BROWN: I think that's also a very nice touch.

WASOW: And it even asks for your bank routing number. Once you've given that kind of information away...

BROWN: They own you.

WASOW: They own you. They've got a piece to your bank.

BROWN: Can you, relatively easily -- not me, but could you or other smart people in this stuff -- figure out where it actually comes from?

WASOW: People can track them. So whether -- everyone from Microsoft to the Federal Trade Commission to anti-crime units do look at the -- what's called the I.P. address, the actually sort of -- almost like the address on the internet.

BROWN: And there are some guys in the Ukraine who are doing this. Is it impossible essentially to prosecute them?

WASOW: Is it very hard to prosecute them. The sites go up and down, on average for just a few days. It is very hard to trace them. In this case, the best defense is a good offense. You want to do thing like have anti-spam software installed on you computer, so it doesn't even get into your inbox.

BROWN: It never gets there at all?

WASOW: Yes. I think I have all this stuff. I have stuff on my computer, honestly I don't know why it's there. The guy says you have to run the spy this and the ad that. I don't know what this is, to be honest. Have you ever gotten nailed? Have you?

WASOW: I've never been nailed by an online scam.

BROWN: You've never falling for anything.

WASOW: Never fallen for anything online. I once got conned...

BROWN: So, that's true that you work for the Nigeria --

WASOW: Yes. One of my favorite stories about this was, there was the I love you virus a few years ago. There was a guy very senior in security who fell for it. When you get an e-mail from a friend that says, I love you, you can't help but open it. They play on our weaknesses. That's the art of it.

BROWN: Just quickly, will it get -- will technology make it so that this gets -- actually gets better or will it get worse?

WASOW: Technology is making this get better. There's a sort of an arms race right now between the con artist and the virus writers. What you're seeing that it's getting harder and harder for those spam messages to get through. It's harder for the phishing messages to go through. It will never get to zero. But you're seeing that the antivirus software and anti-spam software is getting better. Companies like Yahoo! and Microsoft are creating systems to make it harder for spokes to bulk spam. And, I think over time will become less an issue.

BROWN: Nice to see you. Feel free to leave any trinket or gadget that you're working with these days.

WASLOW: Will do.

WASLOW: Thank you for coming up tonight.

Coming up another scam. This one as simple as stealing from a baby. First, a quarter past the hour or thereabouts, let's look at some of the other stories that made news today. Erica Hill joins us from Atlanta.

ERICA HILL, CNN CORRESPONDENT: Hi, Aaron. An FDA advisory panel has voted to recommend continuing a ban on silicone breast implants. This comes after two days of testimony. The panel voted 5-4 to continue the ban on implants made bay company called Innamed. Silicone breast implants were pulled off the market over health concerns. The panel says more data is need on how long they'll last. One manufacturer argues that implants are more safer and more durable.

The nationwide hunt for an exconvict suspected of killing two people and assaulting a teen in South Carolina has ended in Georgia. 37-year-old Stephen Stanko was arrested without incident at an Augusta shopping mall after four days on the run. Stanko has served time in the past for kidnapping and aggravated assault.

In the Michael Jackson trial today, the stepfather of Jackson's accuser testified his family was both harassed and offered bribes, including a free house and college education to make a video defending the singer. The stepfather also says his stepson appeared to have brainwashed after his last visit to Jackson's Neverland ranch.

Beer giant Anheuser-Busch is threatening to boycott rice grown in Missouri if the state allows genetically grown crops to be grown. Engineer rice is engineered to produce human proteins that can be used in making drugs. Anheuser-Busch, the largest buyer of rice, is concerned that cross pollination could contaminate other crops.

The world's largest retailer is giving a boost to wildlife preservation. Wal-Mart says it will be an amount equal to its stores, parking lots and distribution centers will use over the next 10 years and then donate that land to the National Fish and Wildwife Foundation. The arrangement will cost Wal-Mart $35 million.

This is the latest from "HEADLINE NEWS" at this hour. Aaron, back to you.

BROWN: Thank you, Erica.

More to come from us tonight on who is trying to make your identity their own. We'll start off pretty small.

(BEGIN VIDEO CLIP)

JOHN BROOKE, FATHER OF ID THEFT VICTIM: Went out to get the mail one day. Opened up the mail from a medical clinic, and realized that Andrew was being billed for an office visit for $94. Apparently he had driven himself across town, walked in to see the doctor for a work-related back injury. And then prescribed narcotic pain reliever that can sell for $30 apiece on the street.

(END VIDEO CLIP)

BROWN: Andrew is a baby. Laura is not.

(BEGIN VIDEO CLIP)

UNIDENTIFIED FEMALE: I had said that the boss is a jerk. He had been acting a bit arrogant and pompous with me all week.

(END VIDEO CLIP)

BROWN: She used e-mail to say it. Her boss found out. And how he found out could be the story where you work, too.

Also tonight a man who knows perhaps better than anyone else what the internet can do and what bad guys can use it to do. We'll talk with Scott Mcneely of Sun Microsystems because analog or digital, this is NEWSNIGHT.

(COMMERCIAL BREAK) BROWN: Identity theft is nothing if not Democratic. Anyone is a potential victim. You are, I am, your friends are, so are your neighbors. Dead people can be victims. So can newborns.

(BEGIN VIDEOTAPE)

BROWN (voice-over): At just 21 days old, Andrew Brooke was causing his parents a few more problems than your average infant.

JOHN BROOKE, ANDREW'S FATHER: I went out to get the mail one day and opened up the mail from a medical clinic. And realized that Andrew was being billed for an office visit for $94. Apparently he'd driven himself across town, walked in to see the doctor for a work- related back injury, and then prescribed a narcotic pain reliever that can sell for up to $30 a piece up the street.

BROWN: Since Andrew was barely drooling, let along walking and working, his parents suspected something was up.

BROOKE: The first thing we did is call the medical clinic and say, where did you get this information? What's going on? And they told us it had been provided by the person who had walked in.

BROWN: Andrew's full name appeared only on two pieces of paper -- his birth certificate and his medical records, and neither had left the Seattle area hospital where he was born. But the hospital told the family it found no evidence of a security breach, and police, the family says, were of little help.

BROOKE: It took two months to actually get them to even file the police report. And that was only after weekly phone calls from me, just badgering them until they finally filed one.

BROWN: No one has been arrested for stealing Andrew Brooks' identity, just as no one is usually arrested in such matters.

BROOKE: It's the fastest growing crime in this country. It's the most expensive crime to this country, costing between $46 and $53 billion a year -- that's billion with a "b" -- depending on whose study you look at. And what I find really amazing is fewer than one in 700 cases are even investigated.

BROWN: Compared to Andrew, Rebecca Bartelheimer was all grown up when at 3 years old her ID was stolen. Her mother learned this when she tried to open a savings account and found that her daughter's Social Security number was already in use.

MICHELE BARTELHEIMER, REBECCA'S MOTHER: I felt very violated, because you know, I thought I was doing everything to protect her. And never even thought that I had to protect her from identity theft. You think of car seats. You think of helmets. You think of coats on a cold day. You never think of someone coming and stealing your child's identity.

BROWN: She has no idea how this happened, but says she spent 1,000 hours trying to undo the damage caused to her 3-year-old's credit rating.

BARTELHEIMER: And I just cry tears, because every day, all day I'd wake up and spend all day. If I wasn't taking care of my kids, I had to be on the phone, or on the Internet researching this and trying to track it down, and sitting on hold on the phone waiting for someone to talk to me. It was horrible. It was a nightmare.

BROWN: When you consider all the things that can happen to your child, identity theft may not seem like much. But as a parent, it does change you. It changed Andrew's dad, a lot.

BROOKE: You don't relax anymore. You're worried about everything. What information am I giving out? Who is going to use that information? How will it be used?

(END VIDEOTAPE)

BROWN: Mostly, of course, the victims are not babies, and mostly the solution is not so simple as proving that your 3-week-old doesn't really have a job. What happens when you get hit is virtually never- ending. You never really know where it's going to hit you next. Fight, fight again, fight not with the thief, of course, but with your bank or your credit bureau. The fight with the people who have heard every sob story in the world and have no reason to believe yours. So most often, they don't. Here's CNN's Allan Chernoff.

(BEGIN VIDEOTAPE)

ALLAN CHERNOFF, CNN CORRESPONDENT (voice-over): Maureen won't share her last name, won't even permit us to tell you what state she lives in. Why? Because she's been a victim of identity theft.

MAUREEN, IDENTITY THEFT VICTIM: I'm afraid that it's still out there. Somebody's selling my Social Security number.

CHERNOFF (on camera): It all started Christmas Eve five years ago. Maureen was doing some last-minute shopping at a store that had been located here. In the rush to get home, she left her pocketbook in the shopping cart. By the time she realized it the next day, it was too late. The pocketbook, including all of her IDs and Social Security card, was gone, never to be recovered.

(voice-over): Maureen canceled her credit cards. Then, more than two years later, she got a phone call.

MAUREEN: I had an overdue balance on your Wal-Mart card. I never had a Wal-Mart card.

CHERNOFF: Two more calls followed.

MAUREEN: Your Midnight Velvet card and your Newport News card. And these are credit cards that I never had. I never even -- I never even received their catalogues.

CHERNOFF: And, Maureen says, none of the retailers had ever sent a bill. When she explained, though, they were quick to help. MAUREEN: They were terrific. And they completed the investigation, I would say, within 60, maybe 90 days.

CHERNOFF: The bills were cleaned up, but Maureen, mother of four, had already suffered damage to her credit. She and her husband found out when a bank rejected their mortgage refinance application.

MAUREEN: I realized that I had to clean up my credit myself. Even though I wasn't responsible for what had gone on.

CHERNOFF: The unpaid bills had led the three credit bureaus -- Equifax, Experian and TransUnion -- to slash Maureen's credit score.

COLLEEN MARTIN, TRANSUNION: If the identity thief has applied for credit, gotten that credit and has begun to charge in her name and not pay off bills, then that could start to deteriorate the score and the credit report.

CHERNOFF: Maureen's good credit had gone bad. Then her situation got worse. Capital One called, demanding payment for a $1,200 credit card bill. This time, Maureen says, the bank rejected her explanation.

MAUREEN: Their attorneys started calling me. And they basically said, you know, pay up. We don't believe your story. They would send me letters that, you know, pay half of the bill and we'll be satisfied with that. And I said, no.

CHERNOFF: Maureen wrote letters, sent the police report of her ID theft. Even so, Capital One sued Maureen. She appeared in court representing herself, and only then did the bank's lawyers finally back down.

MAUREEN: They just basically said, OK, well, we're just going to drop it. And that was the end of it. They never gave me an apology, nothing. I never heard from them again.

CHERNOFF: In a statement to CNN, Capital One said Maureen, quote, "appears to have been the victim of fraud, and we apologize to her for any inconvenience she's suffered. Capital One is committed to protecting our cardholders from those who commit fraud."

Capital One declined CNN's request for an on-camera interview.

If you fall victim to ID theft, consumer advocates say, follow Maureen's example. Contact the police and get a copy of their report. Notify your credit card issuers, and contact the credit bureaus. They can put a fraud alert on your record to watch for any case of ID theft for up to seven years. That's what Maureen has done, even though she once again has good credit, because she fears her nightmare is not over yet.

Allan Chernoff, CNN.

(END VIDEOTAPE) BROWN: Ahead on NEWSNIGHT tonight, think about all the stuff you write in private e-mails you send from work. Everything from the fun you had on Saturday night to the less-than-choice comments about your boss. Now, imagine your boss reading it. He or she probably is, and can, and we'll show you how, after the break. From New York, this is NEWSNIGHT.

(COMMERCIAL BREAK)

BROWN: We may be living in 2005, but there are shades of 1984. Your employer may allow you to send personal e-mails because your employer is a pretty swell person. But it turns out he's swell and perhaps a bit nosy, too. So your employer is actually reading every e-mail you send to everyone. Well, not actually sitting there and reading every one, nothing would get done. The job's been outsourced to a computer. Here's technology correspondent, Daniel Sieberg.

(BEGIN VIDEOTAPE)

LAURA: I had written an e-mail to a co-worker complaining about my boss, complaining about his behavior. And within a week of that e- mail I was fired.

DANIEL SIEBERG, CNN TECHNOLOGY CORRESPONDENT (voice-over): This woman asked that we only identify her as Laura. She's afraid of what this impulsive e-mail would do to future employment prospects.

LAURA: I had said that the boss was a jerk. He had been acting a bit arrogant and pompous with me all week.

SIEBERG: An official with her former employer says Laura was let go for a number of personnel reasons. And that derogatory comments in her e-mail were a factor. This officials also says, the company informs all employees that they're e-mail is monitored.

(on camera): Did you know that your e-mail was being monitored?

LAURA: No, I had no idea.

SIEBERG (voice-over): What -- how did you feel when you found out?

LAURA: I felt a bit violated, frankly, because I felt that we were allowed through the company's own policy, we were allowed to have so much personal e-mail per day.

SIEBERG: Laura isn't alone. Only 50 percent of respondents in a survey from EPolicy Institute say their organizations train on e-mail policies. The same survey finds that nearly 80 percent of companies have e-mail policies, and that one in four has fired employees for violations.

NANCY FLYNN, EPOLICY INSTITUTE: Most employees tend to think my e-mail is my business. My employer has no right to read my e-mail messages, particularly if it's a message to a friend or a family member. But in reality, here in the U.S. the federal government gives employers the right to monitor all employee e-mail, instant messaging and Internet activity.

SIEBERG: Thousands of e-mails messages fly in and out of companies all day long. While it's impossible for the boss to literally look over your shoulder, businesses are turning to technology, computers that can read every word of every e-mail, and raise red flags.

PAUL JUDGE, CTO, CIPHERTRUST: We've taken the approach of having machines and algorithms, that can go out and understand what's the vocabulary of normal legitimate business e-mail, and then what are the anomalies to that. And what's the vocabulary used in jokes or used in chain letters.

SIEBERG: Ciphertrust helps companies sort through the flood of e-mail, running every message through a series of filters looking for key words. Some of them are so offensive, we can't show them to you. The company can then decide whether to respond or let it go.

JUDGE: I see many that set up a rule that say notify human resource or notify the legal department. Or an organization may set up a rule that says just block that message. Do not let it go out of network.

SIEBERG: And while it may not get out, it could well come back. Most employees don't realize that e-mail is forever.

FLYNN: What everybody needs to be aware of, is that e-mail and instant messaging create written records. It's not the same as standing around the water cooler gossiping about somebody. You gossip about somebody via e-mail, there's a written record of it, and it could come back to haunt you and your employer.

LAURA: They still fear for their jobs a bit.

SIEBERG: For Laura the experience left her angry and frustrated. Right now, at least, she doesn't have to worry about her e-mail. She's currently self-employed.

Daniel Sieberg, CNN, Phoenixville, Pennsylvania.

(END VIDEOTAPE)

BROWN: You can make a pretty good case that our next guest tonight has done more to make computers and computing an integral part of our lives than just about anyone. Microsoft may put a computer on every desktop, and IBM may have once had a lock on huge mainframes. But Sun Microsystems has arguably done the most to tie it all together. Large and small, hardware and software.

Scott McNealy is the CEO of Sun Micro. I'm pleased to have him with us.

Is this whole notion that we have any privacy any more quaint and done?

SCOTT MCNEALY, CEO SUN MICROSYSTEMS: Well, I'm pretty famous for a statement I made a while back at a keynote once, "That you have no privacy. Get over it." And that was taken a little bit out of context. The point is you don't want absolute privacy or absolute anonymity. One is you want your doctor to have your medical records. You want your banker to have your financial records. And you want different organizations to maintain and hold and safeguard the important information in your life. Another statement I'll make is that absolute anonymity breeds irresponsibility. So you want audit trails and other things. But privacy is a complicated topic, as we're all seeing here.

BROWN; I agree. I want my doctor to have my medical records, but I want to decide if my doctor has my medical records.

MCNEALY: That's right.

BROWN: That's where this -- I mean, there is a social cost to just the uncertainty of knowing who knows what about you?

MCNEALY: And we've lived with that forever. And I always use the example of your medical records are shipped around -- through the U.S. mail system on 8 1/2 by 11 sheets of paper, unencrypted in English, folded up and put in an envelope -- a paper thin envelope, sealed with spit, put in a tin box, with a tin door, no lock, given to the U.S. government for a few days, who then keeps it. And then hopefully puts it in a tin box, with a tin door, no lock, on a publicly available street some time later.

All of these identity theft issues can be done online or can be done in the physical world. So, we've been living with this issue forever.

BROWN: I'll grant you that they can be done physically as well as online, but they can't be done as simply it seems to me or in the kind of volume or as stealthly, if that's a word.

MCNEALY: Yes, there's no question the Internet provides an interesting level of anonymity, although somebody can drive up to my mailbox -- In fact, somebody has, driven up to my mailbox, actually stolen my mail. She wanted to meet me when I was single, and it didn't work. But you know, you can still do that anonymously, because who can watch every mailbox on the planet? And stuff does get stolen at airport out of mailbags, that sort of thing. But you're right, anonymity, they don't know who you are or where you are on the Internet, unless we get solid authentication mechanisms. And we have the technology today. I've got a Java card here. There are 8 million or 9 million Java cards out there used that create multi-factor authentication, that is what you know a password, as well as what you have, the actual Java card. And then maybe even a biometric, who you are, a retinal scan, a voice printer, whatever. And if we authenticate not only ourselves, but the Web sites that we're talking to, we can eliminate a lot of this scamming, spoofing, counterfeiting, that sort of thing.

BROWN: Here's just a last question and maybe a thought. You know a gazillion times as much about this stuff as I know. And the fact is, I was saying this earlier, I have stuff on my computer that my computer guy, because these guys you got to have a computer guy, says just run this stuff every week because there's spy this and ad that. And I don't even know what that stuff is, but I just know that people are snooping on me or computers are snooping on me.

MCNEALY: Well, so there's a concept of should you become your own personal administrator and keep all of that state local? My view is, if it's really important to you, you shouldn't handle it. If money's important to you, give to it the bank. If your medical records are important, give it to your doctor. If your financial records are important, give it to your bank or whatever. And if your voice mail's really important, don't put it on your home answering machine, give it to your service provider. That's what we do in the cell phone world, but we have authentication, we have audit trails and we can track very, very quickly anybody who gets out of line.

BROWN: Good to meet you.

MCNEALY: Thank you.

BROWN: Thank you buddy. Thank you. Still to come tonight, helping victims of identity theft fight to get their identity back, because not fighting, as it turns out, is not an option. You'll meet some people who have been on both ends of this. We take a break, first around the world.

It is a small world these days, this is NEWSNIGHT.

(COMMERCIAL BREAK)

BROWN: Identity theft comes with this cruel twist, as we've shown you tonight, once your good name or even your bad name is stolen, for that matter, is stolen, it is up for you to reclaim it. And restoring your credit can take years, years of phone calls and credit checks, years of doubts, denials and suspicion, years of endless red tape. Most are just glad to get it over with. A few take it on as a cause.

Here's CNN's Frank Buckley.

(END VIDEOTAPE)

FRANK BUCKLEY, CNN CORRESPONDENT (voice-over): They work out of their home in San Diego, Jay and Linda Foley spend their days and nights in front of computer screens and on the phone.

UNIDENTIFIED FEMALE: Identity Theft Resource Center.

BUCKLEY: With a handful of paid staffers and some 75 volunteers, they help victims of identity theft reclaim their identities.

UNIDENTIFIED FEMALE: And so look out for other lines of credit that shouldn't be opened. That's what you're looking for when you monitor your credit.

BUCKLEY: They know what identity theft victims are going through. They've been there. LINDA FOLEY, IDENTITY THEFT VICTIM: When you need someone who's empathetic who says, yes, I know how you feel. And the first thing you want to say is, you don't have a clue, lady, how I feel. You want to make a bet? Yes, I do. I've been living identity theft for seven years now.

BUCKLEY: She found out she was a victim when a credit company called to ask about her new address.

L. FOLEY: And I said I haven't moved. And they said, yes, you did. And I said, no, I have moved.

BUCKLEY: It turned out the thief was this woman -- Berry Nestle (ph), her boss.

L. FOLEY: I filled out my tax form. She used those to get credit cards and a cell phone. The very same cell phone I was calling her on on a daily basis. Little did I know I was going to end up getting the bill.

BUCKLEY: Along with the phone were the credit cards. All these bills were due in your name?

L. FOLEY: Yes.

BUCKLEY: Nestle was eventually convicted and sent to prison.

L. FOLEY: I was one of the lucky ones. I caught my impostor. She got some jail time out of it. She'll be out in a couple years. What about all the thousands and thousands of victims who never get it resolved that way?

BUCKLEY: Foley and her husband Jay resolved to help those victims through the nonprofit Identity Theft Resource Center. They say they get 700 requests for help every week.

L. FOLEY: And we get these -- for 2 1/2 years I've been battling this. I don't know what else to do other than to just give up. And let them take all the money, let them have everything, and then they can't hurt me anymore. We write back, that's not an option. There's nothing a thief can do that eventually cannot be undone or we can find a way through using the system to get to the point where you can continue your life.

BUCKLEY: The Foley's have testified in state legislatures, and in Congress, trying to raise awareness and get tougher laws passed.

L. FOLEY: I now have your Social Security number. I now have access to your credit and to your lives.

BUCKLEY: They've received numerous awards. They get by on grants and donations.

(on camera): Why didn't you just leave this to some government agency or some credit card company to deal with?

L. FOLEY: Because no one else will do the job.

UNIDENTIFIED MALE: Good morning. Identity Theft Resource Center.

BUCKLEY: A job that's become a mission.

UNIDENTIFIED MALE: We want to help you, we want to help you get through it. And it can be overcome.

BUCKLEY: Overcome with the help of these fellow survivors of identity theft.

Frank Buckley, CNN, San Diego.

(END VIDEOTAPE)

BROWN: And on the program, we'll go phishing. We'll show you just how easy it is to create an e-mail to scam somebody out of their idenity. The only safe haven these days is morning papers, and that's still to come as well.

This is NEWSNIGHT on CNN.

(COMMERCIAL BREAK)

BROWN: Just a moment, we'll show you how easy it is to design a Web page that could trick somebody into divulging key information, and it takes about 10 minutes.

First at about a quarter to the hour, Erica Hill joins us from Atlanta, with some of the day's other news -- Erica.

HILL: Thanks, Aaron.

The World Health Organization is urging scientists around the world to destroy vials of a potentially dangerous flu virus. The strain killed up to 4 million people in 1957. It was included in a sample pack sent to nearly 5,000 labs by a U.S. company. Those samples help labs make sure they can accurately identify strains. The World Health Organization says that chances of an outbreak are slim, but if the virus were to get into the general population it could spark a global flu epidemic.

Three British men are facing terrorism charges in connection with an alleged plot to attack U.S. financial institutions. The indictment unsealed today charges them with scouting potential targets including the Citigroup Building and the New York Stock Exchange in Manhattan. The men were arrested last August after computer evidence found in Pakistan provided evidence of the alleged plot.

The man who caused a security scare at the U.S. Capitol on Monday will be sent back home to Australia, but won't face any criminal charges. He prompted authorities to send in a SWAT team after standing outside the Capitol with two black suitcases and demanding to speak with President Bush. The man was tackled, nothing suspicious was found in his bag. Immigration officials say he'll be expelled under a public safety provision.

Pop star Britney Spears putting an end to some speculation about her personal life. The pop princess revealed on her Web site today, she is, indeed, pregnant. It will be her first child. The third for her husband Kevin Federline. He has two children with a former girlfriend. Spears' expanding waistline has left the tabloids speculating about her condition for weeks.

And that's the latest from Headline News. We saved the best for last there for you, Aaron. Back to you.

BROWN: Thank you. I've been pretty worried about that.

HILL: I had a feeling.

BROWN: Thank you, I appreciate you clearing that up for me.

It's one thing to tell you how easy it is for the bad guys to come up with ways to trick us all, now we're going to show you how easy it is. We wondered how long it would take someone who is not an experienced hacker to create an e-mail that would look real enough to fool you into giving away your personal banking information.

So we gave the job to one of our college interns, because we're not always sure what to do with them if we don't do this sort of thing.

In less than 10 minutes, after just a bit of cutting and pasting, this is what the spikey-haired kid came up with.

Yeah. I mean, it looks real to us, too. It looks like it came from Wells-Fargo. It has all the right blanks to put in. And all you have to do, basically, is then add a link. Here's what you would just click on down there at the bottom. And you would think you're sending it to Wells-Fargo, but in fact, you would be sending it to the spikey- haired kid who'd then clean out your bank account in about 10 minutes, too. That took him 10 minutes to do.

Morning papers takes us about two and a half. We'll take a break first.

(COMMERCIAL BREAK)

BROWN: Okey-doke. Time to check morning papers from around the country and around the world.

We'll start with "The Washington Times." We started with "The Washington Post" yesterday. We should balance this out. I don't know why, but we should. "Religion Under Assault by Liberals" up at the top. "Commandment Suit: Latest Fight." I don't know about that. I mean, is that a liberal/conservative issue, religion in government and out there? I don't know. Maybe it is.

Was there something else I liked here? No, as it turned out. So unless you're interested in that story, save your quarter. "The Christian Science Monitor." Not really -- it's kind of a fun paper. "At Tax Time, Lots of Money Under the Table: From Gambling to Painting to Child Care; Not All Income Gets Shared With the IRS." Imagine that. Front-page news.

"The Oregonian" out in Portland. I like this story. I like this paper, too. "Nike Casts Light on Factories." The company lists its chain of suppliers for the first time and reports abuses, worker abuses at some. What a giant company Nike's become. And they're based out West there in the Portland area, not actually in Portland.

So how are we doing on time, Will? OK. Thank you. 1:20, if you're timing at home.

"Philadelphia Inquirer," up at the top. "Dela-Whale River." This is a good story, too. A wayward beluga somehow makes its way from the Arctic to Trenton. Why would a whale want to go to Trenton? What's going on in Trenton?

"The Des Moines Register" has a bunch of good stories on the front page. Let's see if we can get to them all. "Telecom Donors Get Attention." "Lawmakers Deny Money Tied to Votes." Sure. Down here, OK? Margaret, the makeup person, is very upset about this. She read about this. "Are Cats Fair Game? Wisconsin Decides." A Lacrosse firefighter has proposed letting hunters shoot stray cats. It's like if a cat's walking across your front yard, you can shoot it? Seems a bit much to me. I'm not a cat person, but -- "Richmond Times Dispatch." "Where Are They?" This is missing sexual offenders. They're supposed to register, but incredibly, 20 percent do not. We don't know where they are.

"The Chicago Sun-Times," we'll wrap it up. "It's Official: She's Pregnant." Britney Spears made the front page. Yikes. Weather tomorrow in Chicago, by the way, "ho-hum."

Wrap it up in a moment.

(COMMERCIAL BREAK)

BROWN: Good to have you with us tonight. "AMERICAN MORNING," 7:00 a.m. Eastern Time. "LOU DOBBS TONIGHT" next. For most of you, we'll see you tomorrow at 10:00. Good night for all of us.

TO ORDER A VIDEO OF THIS TRANSCRIPT, PLEASE CALL 800-CNN-NEWS OR USE OUR SECURE ONLINE ORDER FORM LOCATED AT www.fdch.com