ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

More Snake Oil: LifeLock spokesperson's stolen ID leads to lawsuits

By | May 22, 2008, 8:30pm PDT

Can you remember being a kid, when your parents first told you what your SSN was?  I remember mine telling me to never give it to anyone.  Of course, then as soon as I got my first job as a caddy at the local golf course I had to give it up, same with when I bought my first car, hell, my college username was my SSN for awhile, and after that changed, my password was based off of it (not my choice).

Somehow along the way, our government decided not to punish companies for using SSNs, which they should’ve.  Now we’re stuck with this huge identity theft problem, and tons of products that apparently don’t work to fix the problem.

From Slashdot:

OrochimaruVoldemort writes “It seems as though LifeLock isn’t as secure as Todd Davis makes it out. According to a LifeLock spokesman, his identity has been stolen. For two years, Davis has been daring hackers to steal his ID. Looks like he got what he wanted. CNN reports: ‘Now, LifeLock customers in Maryland, New Jersey and West Virginia are suing Davis, claiming his service didn’t work as promised and he knew it wouldn’t, because the service had failed even him.’”

Wow, and to think I just about bought this service.  Thing about this is, it’s just another example of snake oil being sold in this industry, just like HackerSafe, PCI, WAFs, scanning tools, etc.  I wouldn’t take so much exception if these companies weren’t so damn bold and blatant with their advertising.

Honestly, in Info Sec, you have the perfect maelstrom of advertising… under educated consumers, tons of money, mass confusion , throw in a great product pitch like “Sick of worrying about security, just plug us into your network and you’ll be 100% safe”, or “LifeLock’s so great I can advertise my SSN on the side of this van in the middle of a city.”  Seriously though, this guy got what he deserved and I think LifeLock should be facing law suits over this.

-Nate

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

LifeLock, Identity Theft, Government, Security, Nathan McFeters

Disclosure

Nathan McFeters

http://i.zdnet.com/images/auth/nmcfeters_53x53.jpg

Biography

Nathan McFeters

Nathan McFeters is a Senior Security Advisor for Ernst & Young's Advanced Security Center in Chicago. Nathan has performed web application, deep source code, Internet, Intranet, wireless, dial-up, and social engineering engagements for numerous clients in the Fortune 500 during his career at Ernst & Young and has spoken at a number of prestigious conferences, including Black Hat, DEFCON, ToorCon, and Hack in the Box. He can be found at his Pwn* blog and XS-Sniper, a blog with Billy Rios.

28
Comments
Add Your Opinion

Join the conversation!

Just In

RE: More Snake Oil: LifeLock spokesperson's stolen id leads to law suits
koz123 26th Jul 2009
I think Todd Davis has more problems coming after reading this blog....

http://blogs.myspace.com/index.cfm?fuseaction=blog.view&friendId=388730644&blogId=502035461
View in thread
0 Votes
+ -
Thanks for the story.
TripleII-21189418044173169409978279405827 22nd May 2008
I was interested in this kind of service. I already have an opt out with all the credit unions, but following the links, I found out that as of Jan 1, 2008, I can, in Texas, absolutely freeze my credit report. It used to be only for Victims.

This means even with your SSN, if they don't have access to your physical home phone and pin, etc, they can't get new credit. I found this site very useful.

http://www.consumersunion.org/campaigns/learn_more/003484indiv.html

A freeze is for me, I have no need for credit at the speed of light (it takes a few days if needed). People might also be interested in setting up what this guy charged you for (the convenience of renewing for you every 90 days it expires).

http://www.fightidentitytheft.com/flag.html

TripleII
0 Votes
+ -
I wouldn't advise totally freezing your credit
Lerianis 22nd May 2008
I have heard some bad stories about people who have had a HELLISH time unfreezing their credit because they forgot the information and pin number that they gave the credit freezing service.

The real answer to all of this, is to NOT have to give out our Social Security number for any reason. Not when we get a new job (our name, address, phone number, etc. should be enough for even the FEDS to get the SS money and tax money they are supposed to get), not when we apply for credit, not EVER!

It was stupid to make our Social Security number our 'one stop shop' for credit and for identity theft.
0 Votes
+ -
Except that....
nmcfeters 23rd May 2008
It's too late for that. Your SSN flys over the Internet so often it may as well be a credit card number.

-Nate
0 Votes
+ -
Wow, that's great!
nmcfeters 23rd May 2008
I wonder if they have similar for Illinois, I need to check this out. I signed up for Equifax Gold and I've been fairly happy, but I'm not really sure what it does. Hopefully it is above and beyond lifelock.

-Nate
0 Votes
+ -
reactive
coffeeshark 23rd May 2008
Equifax Gold emails you after the accounts have been opened in your name. I had that service, too, but it doesn't help much if the account is opened and bills are run up in the first day. It does nothing for other areas of identity theft like drivers licensing, either, which seems to be a big knock on Lifelock.

Without a recurring request for fraud alerts on your credit file, you have to do the cleanup. With the proactive fraud alerts, you get the call requesting permission to open the account, not an email after telling you someone already did it.

You can do that yourself, you don't have to pay for it, it's just a pain to remember to refresh the fraud alerts every 90 days, that's the service that Lifelock does for you.
0 Votes
+ -
...
Linux User 147560 23rd May 2008
I don't have a credit card, neither does the wife. We each have one debit card and that's it. Our spending history is so consistent that any large deviations are noted immediately and we are queried by our bank to make sure we made the purchase. We are teaching our children how to live without a credit card and within their fiscal means. It's hard at first but once you get it together it's amazing how much less stress there is in your life and just how little you worry about things like ID theft.

Living debt free is the way to be. This whole living off of credit is one reason why we are in such a fiscal mess in this nation. People are living way beyond their means which is one reason why we are seeing so many foreclosures. Peoples purchasing power is being stolen and abused which leads to bankruptcy that means the rest of us pick up the tab on that.

I listen to economists and all these financial oriented people and all I hear is an inflation lie of speculation and deceit to give the appearance of fiscal health... when the reality is a very sick fiscal state. And it all encourages the theft of peoples ID and purchasing power.

The wife and I have worked hard to get where we are today and it has been well worth it. While others around us are struggling to make ends meet or to keep their over rated and over priced homes, we are sailing through this without too much notice. The 7 P's and living within ones means, good advice the majority of this nation has lost sight of. Good luck out there, gas is now $4.09 ? 4.21 a gallon here in central California, fire season has started 3-4 months early and the price of all of our goods are on the rise as well, while the dollar limps along.

Things keep going this way... ID theft will be pointless, nobody will have credit or any fiscal worth to steal! devil
0 Votes
+ -
credit cards
dhays Updated - 28th May 2008
Whether or not you have a credit card is immaterial. We pay our bills every month. My wife keeps track of our account and if it is close to our biling date, she will "slow" us down on our charges, then when the bill comes it is manageable. She has said that if we EVER have to not pay the whole bill, then it is time to cut up the card! I agree. One has to fiscally responsible, unlike our government. One solution is to have a job like Bill Gates, where you don't have to worry about the amount of your paycheck, but most of us don't have that kind of income.
0 Votes
+ -
And don't forget about . . .
JLHenry 23rd May 2008
www.clarkhoward.com

He's got all kinds of advice to help with these kinds of problems. . .
0 Votes
+ -
I think it's an up-hill battle no matter what...
dunn@... 23rd May 2008
Since the proprietor of LifeLock's ID theft incident was by an individual using his SSN to open an account by a vendor that never checked his credit.

So in these cases it really doesn't matter what safeguards you have in place, you are going to wind up having to clean up a mess.

It happened twice to my wife and luckily both times we were able to clean it up quickly but not without a lot of time, effort and most of all registered, return-reciept mails to the creditors involved.

While some of these services (even those offered by the credit reporting agencies themselves) will help they are not a "cure all".

I agree with the poster that said not to totally freeze your credit as even if you are not looking to get credit of any kind potential employers sometimes check this data and if it is not available you are not considered.
0 Votes
+ -
The plaintiffs must all be Darwin Award candidates
Vesicant 23rd May 2008
Honestly, who'd believe and buy into those kinds of "services" just because they saw a commercial? Oh well, "against stupidity the gods themselves strive in vain."
0 Votes
+ -
LOL...THE MOST IRONIC THING I'VE EVER HEARD
Teyecoon 30th May 2008
Someone who believes the BS that they are told (in church) is negatively judging others who believe something (about security) without any real justification or proof is so pathetically ironic. You're so self-absorbed with your own beliefs that you even purport to know what the "gods" struggle with which is even funnier because evidently they are troubled by a problem that they created themselves. I use themselves because you used "gods" and not "God" for some likely even more sillier reason. You are right about one thing and that is that the tide of stupidity is definitely difficult to counter.
0 Votes
+ -
Who Authorized These Credit Bureaus
duclod 23rd May 2008
How is that these Credit Bureaus came to have all my financial data? Who gave them the authority to do this? I never gave them anything or in anyway authorized them to open and maintain a dossier on me.
I have in some way blocked access to my credit and have not had any problems as a result of this blocking. I guess if I needed new credit I?d have a problem.
0 Votes
+ -
RE: More Snake Oil: LifeLock spokesperson's stolen id leads to law suits
Linux User 147560 23rd May 2008
I was wondering how long before life lock got owned. Yup, just another snake oil salesman! devil
0 Votes
+ -
RE: More Snake Oil: LifeLock spokesperson's stolen id leads to law suits
sarahqg 23rd May 2008
Nate, Why is it Snake Oil? Maybe I'm missing something and you can help enlighten me, but I dont see where LifeLock is guaranteeing that NO ONE can EVER use your information fraudulently or without your permission. If you go to their website, the first thing that you see is $1 Million Guarantee which exists as insurance IF AND WHEN someone does break a barrier and harms your credit or wallet. Their website is full of testimonials of people WHO WERE VICTIMS - with or without the service because Todd Davis is not saying that they can PREVENT IT ALL THE TIME 100% - he's saying they can help you in many ways to do everything possible to help prevent it. I read about this yesterday and saw Todd Davis on the Today Show this morning, and I feel the company is offering a service that the common consumer has a right to pay for if they want it. They also can go and create their own alerts for free themselves, which LifeLock clearly tells you, but that's only one of the things covered by the $10/month. As a regular consumer, I can't go and scan 10,000 websites that are selling stolen data, I cant cover up to $1 Million of usage out of my own pocket if I were held liable from creditors where theft occured, I'd rather call up one number if I lost my wallet and get all my credit cards and information cancelled in a minute than go do it myself at the time....I don't have LifeLock as a service, but I probably will get it after all this media press due to convenience. It's a service and it provides just that - a guarantee, or insurance, against the 'what if' of the biggest crime in the nation today - identity theft. I have house insurance in case my house is robbed or burns down, I have car insurance in case I get into an accident, I have life insurance but I'm not hoping to die tomorrow - this is no different. What bothers me is that your bio says you are a Security Advisor for E&Y, so your opinion does matter and could provide information to the average consumer who's not in this type of arena professionally. You have a right to your opinion if you think there service is valid or useful, but isn't 'Snake Oil' just a bit strong? Instead of 2 Starbucks a month, or the cost of one cheap designer handbag in a year, a person could benefit from a lot of the services provided for the $10/month IN THE EVENT they needed it. As stated above and with all insurance we buy, the point is you hope you'll never need it, but speaking as a person who was comprimised in the past and knows the extreme hassle and money lost, this isn't 'Snake Oil' to everyone....

Sarah
0 Votes
+ -
Sara
Linux User 147560 23rd May 2008
Can you please go back and edit your post so it has paragraph breaks? It makes it much easier to read than a large run on mass of text.

We all thank you! devil
0 Votes
+ -
Couldn't have said it any better...
medcombwb 24th May 2008
I advised my kids to use Lifelock and still do; exactly for the reasons you just outlined. Most people do not have the time, money or personal resources to be able to do what this company does for themselves.

There are never any total guarantees in life, but I would say the $1,000,000 guarantee is good enough for me and should be for most people. If it isn't then I do agree, the person should then do something other.

This guy getting on the soap box calling it 'Snake Oil' is typical of the personallity that looks for all the bad and does not weigh it properly against the good. Someone who just likes to complain and tear down someone else to try and build himself up.
0 Votes
+ -
Identity Theft and Lifelock
bb_apptix 27th May 2008
LifeLock does for a fee what you can do for free. That is, to contact the major crecdit bureaus and put a fraud alert.

One of these credit bureaus, Experian, sued LifeLock for fraud and false advertising. Experian alleged that LifeLock initiated false credit fraud alerts on Experian customer accounts and misled the public as to the necessity of its services.

The leading way that people get their Identity stolen is through carelssness - leaving receipts and CC and SS numbers in the open and not disposing of them propberly. The leaders in stolen identity are illegal aliens, who need a valid ID to get a job.
0 Votes
+ -
He was just looking for something to post
markbn 30th Jul 2008
it seems
0 Votes
+ -
Where's the snake oil
coffeeshark 23rd May 2008
Try looking up the definition of snake oil salesmen. They sold a product that they knew didn't work. Lifelock has demonstrably worked.

Out of 87 attempts known, the Lifelock guy had his name used once, a $500 loan from an online loan center that didn't bother to go through the credit agencies to validate before lending. This is the fault of the lender, not Lifelock.

The issue with his driver licenses is not his issue, it's the fault of the DMV, who issues a license based solely on the SSN, which wasn't supposed to be the end-all of identfication, but has become that. Lifelock never promised anything about insuring against DMV stupidity, although the wording of their website may indicate full identity protection, in which case they need to be more clear, for sure. Our government is a great example of the worst possible security in SSNs and drivers licensing. No private company can compete with that idiocracy.

The fact that he has no hits against his credit report seems to be a decent sales pitch.

If you don't broadcast your SSN, and you use a proactive credit protection, it's a pretty good combination, and better than nothing.
0 Votes
+ -
Not A Panacea
MBridge llc 24th May 2008
Doesn't this story however show us that there is no single panacea? The mantra is security is a process, not a product. Just because you have one piece of the network secured does not mean you have 100% fault protection.

http://www.MBridge.com
0 Votes
+ -
The snake oil is here
seanferd 24th May 2008
Where Lifelock claimed that none of those things could happen while using the service.



Interesting: http://whistlersear.wordpress.com/2008/05/19/thats-what-ya-call-ironic-lifelock/



Never mind that Davis is a complete freak, stalking and assaulting the semi-retarded guy who stole his identity, and is an identity thief himself.



Regardless as to the poor procedures of DMVs and others who handle personal information, LifeLock does not work as advertised. I don't care what it says in the fine print, I've seen the television commercials, and those ads are selling snake oil if the company can't protect what it claims to protect.
0 Votes
+ -
RE: More Snake Oil: LifeLock spokesperson's stolen id leads to law suits
Altiris_Grunt 23rd May 2008
Check out the spin-control (er, rebuttal):
http://tinyurl.com/6zzh5o
0 Votes
+ -
Great PR Spin
MBridge llc 24th May 2008
Perhaps the most ironic part is their web-site attempts to use the incident as a positive for the service:

???What???s important is the whole incident proves that LifeLock works, because I was never out a dime of my own money or a minute of my own time.??? Davis says.

Only Fox News could have done a better job of spinning the story.

www.MBridge.com
0 Votes
+ -
RE: More Snake Oil: LifeLock spokesperson's stolen id leads to law suits
nellwal@... Updated - 25th May 2008
Snake oil is right - and, apparently Davis' partner thought up the whole idea for the business while he was sitting in jail in Las Vegas because he couldn't pay a $16,000 casino marker. http://whistlersear.wordpress.com/2008/05/19/thats-what-ya-call-ironic-lifelock/
0 Votes
+ -
It's not Snake Oil. It's Money Well-Spent (for Lazy People)
JPSeabury Updated - 25th May 2008
Snake Oil: a quack remedy.

That's clearly not what's being sold here. Lifelock is a very valuable service ... for lazy people.

Lifelock is very open and descriptive on what their service does, and freely admits that it's users could do all of it on their own. They even use the "changing your oil" analogy:

"Think of it this way: all of us can change our own oil, but most of us have it done by specialists."

For a fee of $10/month ($120/year), Lifelock will (1) register fraud alerts with the three major credit bureaus and refresh / update these alerts when they expire (every 90 days), (2) remove your name from pre-approved credit card mail lists and refresh / update these removals when they expire (this is automatic when you put a fraud alert on your credit file), (3) order credit reports to be delivered to you annually, (4) in the event you lose your wallet, they help you identify all the credit card, banks or document issueing businesses you need to contact to get your cards canceled / reissued.

These are services that you can easily do yourself -- and Lifelock openly says as much on their website.

It would take 10-20 minutes a year to do all these services your self each year (longer the first time you do it, faster each time you do it -- just like it took you longer to change your oil on your own the first time you did it, but each time you did it, you get better and faster at it). Sites like http://www.fightidentitytheft.com/flag.html make it easy.

So it's not Snakeoil -- it's just a service. You decide if it's something you're willing to pay someone else to do on your behalf.
0 Votes
+ -
RE: More Snake Oil: LifeLock spokesperson's stolen id leads to law suits
twaynesdomain 26th May 2008
There's one born every second. All it takes is common sense, some self education, and a healthy amount of paranoia. A very small amount of research in to how idenitity theft is accomplished will expose what's wrong with this thing. And I guess I also have to mention RTSP, or, Read The Small Print (similar to RTFM).
Anytime you cannot understand the small print, and you opt into whatever it is anyway, you're only proving what a non-thinking fool you can be.
0 Votes
+ -
RE: More Snake Oil: LifeLock spokesperson's stolen id leads to law suits
Scrod 28th May 2008
They USED his SSN, but didn't get anything. It's a tricky legal point.
0 Votes
+ -
RE: More Snake Oil: LifeLock spokesperson's stolen id leads to law suits
koz123 26th Jul 2009
I think Todd Davis has more problems coming after reading this blog....

http://blogs.myspace.com/index.cfm?fuseaction=blog.view&friendId=388730644&blogId=502035461

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix