The Fine Art Of Zippering…

… or ‘enrichment’ as it is sometimes known. Zippering is where you take data from multiple sources and put it together to create something more meaningful. It is usually used in the ‘phishing’ sense, where cyber criminals gather the information to put together a targeted attack (aka spear phishing). However, there is a call to collect all sorts of information in a single database but there are a number of problems - not withstanding the privacy ones!

Firstly, if someone gets hold of all the information, they need look no further as it is a treasure trove for phishers. Secondly, when zippering information it is vitally important that the pieces relate to a specific individual - and this is the tough part. Imagine if it is done based on name… oops… too many John Smith’s out there… what about address… umm… well there are quite a few people at the same address who have different email addresses… by phone record… pay-as-you-go. Email… cyber cafe’s. The list of potential problems is vast. If you do get it wrong the consequences for an individual can be disasterous. There was recently a case where a stolen credit card was used to download illegal material - and the card owner was accused and it, to all intensive purposes, destroyed his reputation and his life.

So… if we are going to collect vast amounts of information it needs to be secure AND accurate - and failure on either of these counts, is not (as the saying goes) an option.

May 28, 2008 | Filed Under Reputation, data-loss, security 

comments

Leave a Reply