Wanted: Your name and number

The hijackers in the terrorist attacks were masters of identity theft. Now lawmakers are worried about copycat persona stealing.

Published October 2, 2001 7:30PM (EDT)

Just three days after the Sept. 11 terrorist attacks, the FBI released the names of 19 men suspected of carrying out the murderous and suicidal hijackings. Not long after, however, doubts surfaced as to the real identities of the kamikaze terrorists. Days later, a trail of stolen passports and very-much-alive hijack suspects led FBI officials to admit that mistakes had been made.

It now appears that at least seven of the Saudi nationals named by the FBI were falsely fingered; these alleged hijackers claim to have been victims of an extreme form of identity theft, known as "identity takeover."

"You cannot imagine what it is like to be described as a terrorist -- and a dead man -- when you are innocent and alive," said a shaken Saeed Al-Ghamdi, 25, quoted in the The Daily Telegraph. Al-Ghamdi, a Saudi Airlines pilot, was singled out by the FBI as one of the terrorists on the United Airlines Flight 93 that crashed in Pennsylvania. He said his reputation was smeared as his name, place and date of birth, occupation and photo were blasted around the world. (CNN later apologized on air for using the image.) Salem Al-Hamzi, 33, an administrator for the Saudi airline who was in Riyadh as the time of the attacks, said he'd never even heard of Pennsylvania, the state where the plane he'd supposedly helped hijack crashed.

There are hundreds of thousands of cases of identity theft reported in the U.S. every year, bur the crime is usually some form of financial fraud, in which the perpetrator procures credit cards in the victim's name and goes on a shopping spree. A celebrated example of this more commonplace kind of identity theft is the case of Anthony Lemar Taylor, who last year used golfer Tiger Woods' Social Security number and date of birth to get a driver's license and credit cards.

But some of the 19 terrorists are now believed to have perpetrated identity theft on an entirely different scale, using stolen passports to adopt the personas of other foreign nationals and live undetected in American society. At a meeting of the U.S. Department of Justice's Identity Theft Subcommittee of the White Collar Crime Task Force last Tuesday, law enforcement officials agreed that this level of identity theft was unlike anything they had seen before.

"Everyone agreed this was a new wrinkle," says Joanna Crane, an attorney with the Federal Trade Commission, a member of the task force. "You have crime rings like the Nigerian bank fraud rings where individuals assume other people's identities for the purposes of defrauding a bank, but they don't live under that person's identity. These guys had done what's called an 'identity takeover,' living completely under the name of another person, with driver's licenses, passports, bank accounts, phone accounts -- everything that identifies you."

In the wake of the terrorist attacks, calls for new methods of safeguarding personal identities have come from every corner. Oracle Corporation CEO Larry Ellison has suggested the creation of new national identity cards in hopes of preventing identity-theft subterfuge. But the lawyers, government officials and advocates who fight identity theft doubt that such a system would have helped prevent the attacks, and they also fear that the publicity given to identity theft since Sept. 11 will actually increase the incidence of it.

"These guys got identities of people from Saudi Arabia. A national identity card in this country would do nothing to help that at all," says Mari Frank, an attorney who had her own identity stolen. Frank runs a Web site focused on preventing and recovering from such crimes. "Why should I have all that information on a card? It's something else to lose. It's something else to decrypt. In a panic, people will explore unreasonable, outlandish fixes that don't really address the issue."

Oracle's Ellison volunteered to donate the software to create such a system, and has suggested that a card with a photograph and a thumbprint could help prevent future crimes by linking so-called "biometric" data to the cardholder. A study conducted just after the attacks by the Pew Research Center for the People and the Press found that 70 percent of Americans surveyed favored the implementation of such a card. But the Bush administration says that it has no plans to go forward with such a program.

Of the 50,000 calls that the FTC receives every year about identity theft, only about 3 percent are cases of identity takeover. As Crane explains, the perpetrators of such takeovers are usually people trying to escape criminal pasts, such as pedophiles or murderers. Much less frequent are cases in which identify takeover is a preliminary step for a criminal hoping to commit a new crime.

To pull off the worst terrorist attack in history, the hijackers are believed to have lived openly under false identities, creating lines of credit and renting property when and where needed. That the terrorists could live in some cases for years in the U.S. and train for their fatal mission undetected shows how relatively easy it is to live under someone else's name, as long as you pay your bills.

"If they are acting as though they are legit and paying their freight the whole way there is nothing to red-flag it," says Jay Foley, the assistant director of the Identity Theft Resource Center. Many more routine cases of identity theft are only discovered when a bad credit report or a criminal rap sheet catches up with the real person. For the terrorists, using a foreigner's identity just made it that much easier.

Franks suggests that the terrorists might have assumed false identities not only to pull off the crime, but to protect their families and their criminal associates afterwards. Foley says that the hijackers could even have been making use of names purposefully donated to their cause: "They [the identity theft victims] may have given their identities freely to the terrorists, or they may have given it to the organization."

With no national identity card in the U.S., the Social Security number has become a de facto substitute. "In the realm of identity theft the worst thing that someone can have access to is your Social Security number. That's the key to everything -- your rental history, your work history, your credit history," Foley explains. And coming by a Social Security number is not hard to do.

"It's very easy to get information on people throughout the world, especially in the United States where people are buying it like candy," says Frank. "Information in the United States is not considered proprietary to the person."

Part of what makes Social Security numbers so vulnerable is that they started out being used for one purpose, but became required for many others. Today, they're used by everyone from employers to insurance companies to HMOs to keep track of workers, customers and patients. Some employees must wear their Social Security number on their employee badge as an identification number, and some states even print them on driver's licenses.

Stolen passports, not Social Security numbers, appear to be the documents that helped the hijackers live undetected. But at least some of the Saudi Arabians whose identities were used in the hijacking had reportedly lived in the U.S. before -- so living under their identities would be just that much easier, since Social Security numbers are issued to foreign nationals who work in the U.S.

In response to the attacks, Saudi Arabia is considering instituting a tougher passport system to prevent future abuses. Meanwhile, Saudi Airlines is debating whether to sue the FBI for damaging the reputations of its pilots, several of whom were mistakenly named as hijackers.

But the most chilling fallout from the terrorist attacks may be a dramatic rise in the incidence of identity theft.

"There are a lot of people who now know that it's just not that difficult to commit identity theft," says the FTC's Crane. "It's just not rocket science, particularly when the information lands in your lap." She recommends that consumers keep a close eye on their bills to see if they mysteriously don't receive one. One of the first things that credit thieves do is change the billing address so the victim won't notice any mysterious charges.

Frank cautions that we should also be suspicious of anyone who calls soliciting money for charity for the victims of the attacks, and be especially wary of anyone who calls claiming they are trying to recreate financial records lost in the attacks. "What we're telling people is that if anyone calls you and asks for information referring to the terrorist problem, do not give them any information. Hang up, and call the 800 number that you know from your brokerage firm."

By Katharine Mieszkowski

Katharine Mieszkowski is a senior writer for Salon.

MORE FROM Katharine Mieszkowski

Related Topics ------------------------------------------