UK ID card cloned in 12 minutes
THE DAILY MAIL has revealed that it is possible to hack and clone a UK ID card in twelve minutes, or roughly the time it takes to scan through a copy of the newspaper, hurl it into a bin, and have a shower.
The Mail often has an agenda and it is well acknowledged that one element of that is ramming the threat of illegal immigrants down its readers' throats. Today's story sees it hire two security experts, get them to clone a card, and then tell us how easy it was. Thus reminding us how easy it might be for immigrants to come over here and take our jobs and single women using cloned cards.
As long as they manage to hire their own highly skilled security professional as a hacker, of course.
For its well-balanced and sensitive piece, The Mail flipped a card in the direction of white hat hackbag Adam Laurie who managed to clone it using a Nokia phone and a laptop in no time at all.
Flushed with success after changing just about every piece of personal data on the card Laurie added the message, "I am a terrorist - Shoot on sight." Something the Mail called a "chilling twist" but just sounds like overkill to us, if you'll pardon the pun.
Rarely not known for alarmist editorialising in its 'news' stories, the Mail said, "Laurie's fake card could be used to fool banks, commit fraud and maybe even illegally claim benefits or free NHS care. More disturbing still, it could be used to cover the tracks of terrorists planning atrocities on British or foreign soil. By any sensible measure, his demonstration, as part of a special Mail investigation, should be the final nail in the coffin of the Government's £5.4-billion ID scheme."
Police are advised to be on the lookout for a mid-40s security expert going by the name of McLovin. µ
L'Inq
Daily Mail
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
i plan to have at least 6 different ID cards
the government is making it sooooo easy to commit identity theft - thanks!!
..how difficult it is to clone the first ID card. The second one can be done for free using a package downloadable from the internet and some cheap hardware.
Actually, since the UK government hhas decided to populate the ID database from crap sources, it will be full of bad data anyway...
May be I am wrong but surly that if it was the security services they would be able to read of the details on card directly and then compare it to there internal database, which holds photographs, finger prints, facial recognition data, and in future probably a lot more. Which from this article say have not been hack. I am just presuming that the emigration people would do the same, and well the NHS would do the same and the police, in fact it be stupid for anyone doing official business not to compare the details on the card to the central database records and do a direct comparison between the persion in front of them and the person on database under those details.
Which surly means this actually limited to all the illegal under-age drinking usage, highly profitable I am sure and the non face to face fraud, presuming that private firms can pay to use the system to check people identities.
May be I wrong through and they the government design the system to enable front line people to do that kind of cross comparison and provide them with the right equipment, which know this government an the privacy lunacy group will have done.
For a government that has lierally given the Americans & Europeans,along with a mass of "Private" firms in India,China & elsewhere,OUR "Private" data, the inability to protect anyone's data doesn't surprise me one bit.
When the object of this 'STASI' gov't is to 'give' your data away free, to anyone, or any gov't, what is the point of an ID Card anyway?
Remember the reasons the gov't wanted them introduced in the first place?
One of the 'spurious' reasons was to STOP serious crime,tell me.. is cloning someone else's ID a serious crime?
Is 'giving' such private data away to foreign gov'ts not a crime?
If not, I'm Dutch!
People need to wake up to the FACT, that once YOUR data is in complete control of government, YOUR freedom is LOST period.
surely the inq is no stranger to alarmist editorialising?
take any charlie article as evidence ;)
So for the ID card to be of ANY use then anywhere it is OF use it will have to talk to the central database to check.
So to check you are allowed to sign on the dole office will have to buy several thousand pounds of secure card reader and the central database will have to have MASSIVE IO.
So you've spent £10 billion to stop some oik getting £60 pw.
Oh no you haven't cos we forgot to take a gene scan to make sure he was who he said he was - make that £100 billion. And the cost to small business for having ID readers to check you can use your Visa card...
I am American, and I think they should use this man Mr. Laurie in the same way they should use your Brit who hacked into our sensitive database, hire them as consultants to try and strengthen the protocol. That being said, as commented before, I think our freedom is gone, sold to India and beyond, so it's not a matter of that anymore, but more a matter of maintaining ones identity as opposed to protecting it. Also a sidenote, I got screwed on my Everex laptop with the Nvidia 8600M GS, fan runs full bore constantly, and unlike Dell and HP and Apple, Everex was not included in the recall, 700 US down the drain, thanks to the INQ at least for trying to keep them honest.
INQ does not believe its readers would know what to make of this, unless a Victim of the story was supplied: Immigrants. Yes, besides that, everything is great when you can duplicate an ID card.
But the immigrants! Oh my, the Poor Vic-Tims!
these cards are being sold to help fight terrorism more than immigration.
terrorists do have skilled people, these cards are a joke and an offense to every free person.
David, Tom & ...Sancho. I am wondering why, if we have a central database and distributed ID checking machinery, why do we need ID cards at all?
Just have distributed fingerprint readers, or for those afraid we will run out of wipes, iris scanners, also height and weight checkers and also face and body recognition.
The subtext of ID cards is oppression. It is an offence against the liberty of the common man to ask us to carry ID in the first place. "They" impugn "our" honour as it is a presumption of guilt and creates an atmosphere of distrust, one step short of tattooing a barcode number on one's forehead.
We dont need to carry that thing around with us for the agents of security to know who we are, so why should we. Plus if we really care about knowing who is who for security, direct bio-metrics are much more secure than indirect, QED.
I agree with the author, alarmism, no doubt another of Freston's dastardly conspiracies.
I'm danish and we have a central database of everybody here from birth, have had it for 30-40 years. Everybody has a "social security" number that follows them through out life.
In the past it was only the police (if required), the govenment institutions and the ofcourse the Tax office that could ask for this number. Now adays it is banks, companies when you buy something, ISP's, the company you work for, aka. just about anybody. And "anybody" can dismiss you if you don't provide the information, even though the law about who has the legal rights to this number hasn't changed.
It is a farce/comedy to have a personal ID without other information to support it and the way it can be used is only for person to person transactions or verifications of you when you initiate a "long distance" releation with somebody/company/"anybody" and it almost always requires real authentication as in a snailmail letter or to show up in person before the ID is verified.
Trusting a national ID to help "hunt down" terrorists is a joke and always has been. See the security at airports, it has been turned up so much that it takes a shorter period of time than the plane, and you might be lucky if your passport is checked. At airports they still havn't told about any big terrorists that have been identified and brought to "justice".
If somebody want to go to another country, then somebody will find a way. If somebody wants to buy things to make bombs/hack a bank or the like, then will find a way out side the small pipes that the govenment is "watching".
IT isn't the solution to everything. Trust is what this world was buildt on and letting national ID's etc. determine who and what you can and cannot do demoralises everybody and makes everybody believe that the world is evil. It is not, but thanks to Bush, this mentality is now world wide, without reason.
Trust, earned, is more valuable than any ID or national system that costs billions of (name your currency) and non will ever succede.
Even in totallitarian sci-fi movies the national ID/checks/verifications arent perfect and can be bypassed with ease, even thouse with bioscannes etc.
If you trust a computer (like the government does) it creates more and more distance between people escalating the current state of play in the world to a place where you can't even go outside your door because your neigbour is a terrorist, or could be.
All this crap is weak by design. Just to ram the next iteration in high speed through the masses.
All they want is a chip in your flesh, all the rest around it is flim-flam.
One 'terrorist'-attack and its mandatory.
I have always assumed that fake cards would be in circulation BEFORE the roll out was complete - even or perhaps especially, if the cards were mandatory or effectively so (ie. banking, benefits, jobs). This would be accompanied by official denials and blindness and woe betide anyone who gets an error in their real data. Shades of Brunner's "Shockwave Rider".
The thing is once you have a fake card - unless it can be validated at EVERY useful point - and that could give every point the data needed to clone a card - then it becomes Gospel of who you are.
It would be more honest if the card held only a very secure ID with public key encryption to id you and all the data came from the Big Brother database.
Ofcourse there will have to be mechanisms to create fake ids for police/MI5/etc so that won't get accessed illegally - will it! irony.
May be they need a system that generates a different number to give to each 'all and sundry'. The number you provide to employer is of limited use and cann't be used as indentification for NHS, gov payments etc. Use the employers public number to create a personal number that only works for that legitimate employer (asymetric keys).
Then again, they can probably crack it with a botnet in less than a day :)