In the past couple of months, security hacks have made all kinds of headlines. Unfortunately, this trend has no end in sight.
According to Hold Security LLC and it’s chief security officer Alex Holden, around 360 million accounts have been compromised in attacks. One attack compromised over 105 million accounts alone. With these accounts, cyber criminals are selling an additional 1.125 billion emails to spammers. But these 360 million include usernames, passwords, and emails in unencrypted word. Holden believes these attacks were breaches that haven’t been reported. Holden believes some of these companies attacks probably won’t even be aware that they have been hit until a third party tells them.
Obviously, this is going to put people at risk for ID theft, stolen bank accounts, health records, even military records. Hold Security LCC, which has seen it all, says this is overwhelming. And think of all the Fortune 500 companies and even governments that has dealt with this in recent years. I don’t report these things to scare you but to inform you. And this isn’t going to go away.? So we need to do what we can to protect ourselves. Change your passwords often, and don’t use the same ones for all your accounts. Check your bank accounts often. If you see anything suspicious, take action immediately! What else can be done to keep us safe online?
First came target. Then came Neiman Marcus. And today, it’s my unfortunate duty to report yet another major hacking.
This time it was Kickstarter. Kickstarter is a website where struggling artists can form alliances, get funding for their work, and maybe even be discovered by a major label or company. By summer 2013, they hosted over 100,000 projects submitted by artists and raised over $700 million in pledges. But last week, their defenses were broken into. Users’ usernames, emails, physical addresses, phone numbers and passwords were compromised. Fortunately, no credit card or financial data was compromised, as far as we know. Kickstarter quickly revamped it’s security system and vows they’ve learned and improved. But they’re being hush about how many people were affected.
Like I said, the good news is the hackers got no financial info this time. But the info they got could easily lead to ID theft. It can also lead to more sinister problems: What if someone uses the personal info stolen to settle scores, or to sabotage someone’s artistic ability and dream? If you’re using Kickstarter, change your password immediately! I’ll go even further: if you’re using the same passwords for other websites, change those too. Kudos to Kickstarter for catching and reporting this breach before it got anymore severe. But this is the third major breach in as many months that we’ve heard about. Is there anywhere that’s safe?
According to security watchdogs like Krebs on Security, much of that data has entered the underground stolen credit card market. Some people’s credit card numbers, security codes, and other info is being bought, sold and traded for as little as $20 a pop as I write this. In fact, the breach was encouraged after one underground ‘card shop’ advertised there would be a place where thieves could get stolen credit/debit cards. Not only that, this particular card shop has a reliable reputation throughout the cyber crime community. What they do is clone cards. They get the stolen number and the pin, put their name on the cards, and then use the cards at stores and ATMs like it’s theirs.
But you want to know the saddest thing of all is? Chain stores and law enforcement, or legal banks can’t seem to catch up with this disturbing trend. While some cards have been recovered, the majority of them looks like they’ve entered this underground market. While these markets thrive, legit companies are struggling to fight back, or even keep up. What can be done to turn this tide?
Remember last week, when one tweet caused the stock market to lose 150 points and over $136 billion dollars in an instant? It did recover, but it’s a sign of powerful social media is, and how easily it can be abused.
You can’t blame this all on the hoaxer. It was the Securities and Exchange Commission, a federal agency watchdog for business and stock exchange, who allowed Twitter and Facebook to be broadcasting sites. This hoax went out to financial data terminals, which sent that data to financial institutions, and on and on. I wonder what would have happened if the hoax was never found out. Let’s not forget: this hoax broke out around the same time?when Syrian hackers attacked the Associated Press.
These Syrian hackers are the main suspects of this hoax. Keep in mind Syria is in the midst of a civil war and in the middle of an unstable region. Fortunately, enough traders were close enough to?a media outlet?to know there were no injuries or explosions at the White House. Then things went back to normal, sort of.
The SEC and other agencies are working hard to prevent a repeat of this. Of course, Twitter and Associated Press are keeping quiet. But lets’ get closer to home. How many tweets or Facebook posts or You Tube videos do you know have put out false doctrine? Remember the social media hoax that said Eddie Murphy was dead? Or the one where Bill Cosby made this ‘I’m 83 and Tired’?post and it wasn’t really him? They didn’t even get Dr. Cosby’s age right.?I have a solution: Don’t believe everything you read! When you hear something this fantastic, check and double check these sources. One thing about social media, it’s easier to catch on to these lies.?What other lies will be fed to us next?
Earlier this week, I reported on cyber attacks and those who fight to prevent them. So that got me thinking: What are the worst cyber crimes and cyber attacks of all time?
10. The LA Traffic Light Attack: In 2006, Los Angeles, CA traffic engineers went on strike, The perfect opportunity for two hackers to lengthen red lights and further?snarl traffic in a city that’s notorious for crawling. Two disgruntle engineers were eventually sentenced to probation.
9. Mafia Boy: In 2000, 15-year-old Michael Calce slowed down?and interfered?with?web traffic. He did this to major sites, like?CNN and Yahoo, even ?caused security concerns in the White House.?Mafia Boy?shed light on how easy it was for anyone to attack any site anytime.
8. FBI Virus: In 2012, this virus wouldn’t let victims go until it paid at least $200. It’s scary because it’s dressed up to look life a federal site, but it isn’t. One analyst said 40 percent of CP repair issues have to deal with this virus. I don’t know how much money this malware ripped off, but this virus was universal and sly!
7. Citigroup Attack: In 2011, this mega bank lost 2.7 million dollars and over 200,000 customers’ personal info to thieves. The fact it happened to an international bank reminds us nobody is safe!
6. Conficker: Perhaps the most overrated worm of all time. Okay, so it did infect tens of millions of systems, and?survived a lot of destruction attempts. But I put it on this list because of the media hype and fear this?worm produced. I like to call it ‘The virus that cried wolf’.
5. TJ?Maxx and Marshalls: This Massachusetts??bases retail chain had 45 million debit and credit cards compromised. This super data breached cost TJ Maxx and company over a quarter billion dollars.
4. Albert Gonzales: He was part of the TJ Maxx?scheme, as well as?hacking into Hannaford Brothers Supermarket,?Dave and Busters and 7-11. He and his gang compromised over 100 million debit/credit cards worldwide. He won the longest?ever prison term for hacking: 17-25 years.
3. Max Vision:??He was a security researcher who crossed over to the dark side.?In 2006,?he created?one of the largest cyber criminal?markets of all time with 6,000 members! His organization, Carders Market, compromised 2 million?accounts and?ripped?approximately $86 million dollars.
2.?Epsilon: This marketing and email handling service for banks like JP Morgan was hacked in 2011. Some estimated up to $4 billion dollars was stolen. Fortunately, more emails than cards were compromised, so it could be far less.
1. Original Logic Bomb: Never heard of this one? It occurred in 1982, long before the Web as we know it. During Cold War tensions, the US blew up a Soviet Siberian gas pipe line. This burst caused technological and natural chaos. It also demonstrated the power of hacking years before most ever heard of the word.
If you know of ay cool cyber attacks worthy of this list, we’d love to hear from you.
“Hey, come check out these cute kittens! They’re so adorable!,” the email says. You click on the email. But it’s not kittens, it’s a dramatized cyber attack!
Many companies are using phony attacks to wise up their employees to hacker schemes. They turn to cyber trainers like PhishMe, the creator of the cute kitty Dr. Zaius email, to teach employees what to avoid. Employers and cyber trainers agree it’s not the big hacker armies that destroys systems. But it’s the cute little emails and subtle seductions and temptations that wipe out systems and start trouble. That’s what Phish Me educates individuals and businesses about.
They’re not the only one. Will Pelgrin is now VP for Center for Internet Security, a non-profit organization that teaches cyber safety. He used to work for the state of New York. While holding that security officer position, he sent 10,000 emails to individuals and businesses all over the state telling them to give up their emails and other personal information. The first time, 15% did as the phony email told them. The second time, only 8%. Some cyber trainers drop drives in public facilities and put ‘confidential’ and a company logo on them. Often, curiosity takes over, the mark puts the drive in the computer, and, well, they’re lucky this is just a test.
Personally,?I wish there were more companies like Phish Me. Let’s face it, hackers, ID thieves and cyber crooks are getting smarter. We should get smarter?too. I’d much rather be fooled by a cyber trainer than?to realize some crook overseas has wiped me out?of everything or exposed me of everything because I hit some tempting email. So I take my hat off to the Will Pelrgrins of America and others in the fight for online security. Do you or your office use Phish Me or?other cyber trainers? How has that experience impacted?your surroundings?
