Friday, August 15, 2014

Time to change your password again?

Ever notice how those identity theft security commercials on television always portray the “thief” as “ethnic”—or at least not “white”? Well, it was very doubtful that the identity thief who got a hold of my bank debit card number—an incident I wrote about several months ago—was not “white,” since the thief’s address was a home in a swank whites-only North Seattle neighborhood bordering Lake Washington. Fortunately the bank refunded my money and I didn’t have to personally confront this person, and it didn’t happen again after I received a new account number. 

Nevertheless, this incident was instructive (at least to me) about how people tend to view crime as a mostly “ethnic” or racial minority occupation. But now comes news of a relatively small but “close-knit” hacker “gang” operating in Russia that has accumulated 1.2 billion username and password accounts and over 500 million email addresses from 420,000 websites around the world. What exactly they are doing with this “stash” is not known in detail, but one can surmise that even minor use of individual accounts that one might not notice initially can become a very lucrative enterprise. 

This follows on the heels of accusations that the Russian government and its spy agency, the FSB, arbitrarily hacked into the computers and “smart” phones of tens of thousands of random visitors during the Sochi Winter Olympics games. While it is not believed that the Russian government is involved in this private hacking “business,” it has made no effort to stop it either. 

According to the New York Times, the hackers have gone from “amateurs” to “professionals” in a very short time, employing such methods as capturing “credentials on a mass scale using botnets — networks of zombie computers that have been infected with a computer virus — to do their bidding. Any time an infected user visits a website, criminals command the botnet to test that website to see if it is vulnerable to a well-known hacking technique known as a SQL injection, in which a hacker enters commands that cause a database to produce its contents. If the website proves vulnerable, criminals flag the site and return later to extract the full contents of the database.”

According to the Internet security company Hold Security, money is also made from such theft by selling the information to other hackers, and this “sharing” of information only makes the problem “bigger.” According to the Times, “fixing” these breaches of security have become a costly business in and of itself. “The average total cost of a data breach jumped 15 percent this year from last year, to $3.5 million per breach, from $3.1 million,” according to one study on the issue last year.

One may speculate that smaller such “businesses” are more “dangerous” because of the greater likelihood that an identity thief would take more from an individual account, but that is just speculation. The reality is that identity theft is a bigger occupation that anyone could have imagined, and the perpetrators could just be a half-dozen hackers operating in a remote city somewhere in the south central Russia—or in Vietnam, where federal prosecutors uncovered a ring that stole 200 million records, including Social Security numbers, or another East European hacker ring that stole 40 million credit numbers from servers used by Target stores. In this new age of “smart” devices and cashless transactions, a certain “dumbness” seems to prevail that wasn’t the case in earlier times. “Easier” isn’t necessarily “safer.”  

But of course, it is easier and more “believable” in the U.S. to accuse someone with a vaguely “Latino” appearance, at least according to television ads. Who knew they were so smart with computers?

No comments:

Post a Comment