Playstation Invasion: Child Identity Theft is No Game

Hacking the System

I have always believed that all of the gaming networks, and other kids’ sites that have an e-commerce component, are the most vulnerable repositories of any large caches of PII, for a few very simple reasons. It is undeniable that although the universe of avid gamers and the galaxy of talented hackers aren’t congruent, there is a rather substantial overlap. Many of our children are light years beyond our technological prowess. Smart kids have been responsible for some of the most famous hacks of history, involving compromises of both government and industry computer networks, many of which were “innocent” pranks—done for thrills rather than financial gain or more nefarious purposes. Remember when, a decade ago, the recording industry announced the development of the “copy-proof” music CD? The idea was to prevent the uploading of music on a physical disk to one of the file-sharing sites like Napster or Kazaa where the music could be freely traded (and traded for free). A good friend of mine who had a large company that distributed physical CDs informed me that within a few days the elaborate and very expensive protection system was defeated by kids around the country using only a felt tip pen!

More importantly, youthful online gamers often exist in a culture that seems to make hacking more socially acceptable, perhaps even socially esteemed. There is a “cheat site” for virtually every popular game—just Google the name of the game followed by the word “cheat” and you’ll see what I mean. Sure, this kind of cheating is victimless and really doesn’t constitute any type of crime, but it’s worth considering why little Johnny, who gets straight A’s in school and would never cheat on his math test, probably has no problem using the cheat sites or even contributing to them.

The worst unintended consequence of this culture seems to be the false sense of anonymity and invincibility kids tend to feel when they’re online. They don’t cheat in school because there’d be consequences if they got caught. But I sense that many kids feel that cyber-hacks, regardless of their severity, occur in an online vacuum and are free of real-world consequences. To take it one step further—because of this assumption, young people tend to be more cavalier about the sensitive information they share publicly.

If you think about it, the Sony breach merely underscores something obvious. The gaming networks and similar sites are delicious targets for the “because I can” crowd. Although the hackers themselves may not be trying to open a phony bank account with your child’s newly acquired PII, there are others, most likely older and much more venal, who would love to get their paws on that data for just such a purpose. Beyond this, there is another type of currency available uniquely on the gaming networks—access to the accounts and special permissions related to a gamer’s skill, highest play level and acquired “spoils of war”—all of which have value on the Internet black market. That’s right, the youngest hackers are probably stealing identities because they are looking to make General in Halo Reach without having to do all the work themselves to rise through the ranks. (For those of you who are older than 15, Halo Reach is a video game in which players earn military-style ranks for successfully completing missions and shooting stuff.)

Regardless of the motivation, it is harmful on several levels that this information is now airborne. And as all readers of this column must know by now, once the data is airborne—it’s out there!

Sad reality check—we need to be as careful with our kids’ PII as we are with our own. Limit the amount of data your child makes available to anyone online. In fact, an effective countermeasure may be to fudge the data a bit. Does the gaming network really need to know any child’s street address (frankly, do they really need to know yours)? From the moment your child is born and assigned a Social Security number, you’d best monitor it, perhaps not every minute but certainly at least once or twice a year. And you should be sure to instruct them to pass it along to no one (employers aside). Bottom line—don’t allow your child’s zeal for vanquishing extra-terrestrial invaders, terrorists or street thugs alienate them from the benefits of a sound financial beginning as they come of age.