Faked identities detected by mouse movements.
Tech experts are fighting a never-ending battle against identity thieves, and have a variety of tools at their disposal. Unfortunately, as quickly as they come up with a new way to fight back against this crime, hackers come up with new ways to break the law.
One recent study found that identity thieves might have a slight quirk that gives them away – a tell, if this was a high-stakes game of cards. In the study, the group was divided into a control group and an experimental group. The control group was set to the task of logging into different websites as themselves; the members of the experimental group were each given a fake identity to memorize, including a highly detailed set of obscure information about their new personas. The group was quizzed on their new identities several times to make sure they had a complete grasp of the data.
Different mousing pattern
But when it came time to log in under their new assumed identities, the group showed some interesting tendencies. Researchers found that they didn’t just hesitate in terms of time it took to answer any log in data fields, but that they also employed a different mousing pattern than the control group. It was almost as if the unfamiliar information caused the users to alter their typical mouse input behavior.
What’s your sign?
One of the chief questions that stumped the experimental group was in things that should be automatic to an individual and that could have been deciphered from a stolen data set if the user had cared to look it up, namely, zodiac sign. Most of us can rattle off the sign for our birth date, but that particular security question tripped up many of the users who were entering the assumed profile information.
The study was conducted in Italy, but then repeated with German participants to help ensure that it wasn’t just a cultural behavior or learned computer use skill. Admittedly, the study groups were small in number, too small to base anything concrete off the observation, but still indicative of the need for more study. In time, security experts could possibly develop a “red flag” system based off of the physical mousing behavior of an identity thief using stolen credentials.