To print: Click here or Select File and then Print from your browser's menu
This story was printed from silicon.com, located at http://www.silicon.com/
Story URL: http://www.silicon.com/publicsector/0,3800010403,39265475,00.htm
Stolen ePassports 'worth £20m' on black market
A treasure trove for ID thieves, say experts
By Nick Heath
Published: Tuesday 29 July 2008
The thousands of UK ePassports stolen on Monday are likely to sell for up to £20m on the black market, say privacy experts.
A van carrying about 3,000 blank ePassports and visas was hijacked on route to RAF Northolt, near London.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
While the Home Office claims that "high tech checks" render the blank ePassports useless, privacy experts say they could be used to fool everyday ID checks, for limited travel abroad or be fitted with cloned chips.
Simon Davies, director of Privacy International, said: "It's unlikely that the stolen passports could easily navigate the UK borders but a criminal could use one indefinitely for 'flash and go' purposes. Alternatively the passports could be used for at least a few months for entry to most countries in the world.
"The presence of so many potentially strong false identities would have a very high black market value - perhaps in the range of £20m - and so a criminal enterprise would easily justify making the investment to hack the chip."
Phil Booth, national co-ordinator for anti-ID card and privacy pressure group NO2ID, said: "The really tricky part about faking a passport is getting a hold of convincing blanks. As NO2ID and others have shown, the security of the passport chips - which can easily be cloned - is laughable. The things are designed to spit out your details, which could now be harvested by equipment easily available on the internet and used by criminals to produce thousands of apparently valid passports."
Professor of security engineering at Cambridge University Ross Anderson said: "This all goes to show how unwise it would be to rely on the UK government for all authentication. Businesses are better off using their own systems than putting all their eggs in a basket that's not competently managed."
But an Identity and Passport Service spokesman said: "Our high tech security features mean that these passports are unusable. The police are doing everything in their power to catch the perpetrators."
He said all of the stolen passports have serial numbers that will be placed on a watch list to see when they are used and that ePassport chips are scanned and verified when people enter the UK.
The Foreign Office has launched an urgent inquiry into the theft and Greater Manchester Police has launched a criminal investigation.
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
