The growing scourge of cybercrime demands action from Congress
The scale of cybercrime continues to astonish. The latest eye-opener is a Milwaukee security firm’s claim that Russian hackers stole 1.2 billion usernames and related passwords. This must be one of the biggest hauls of all time, and while it is not clear what the hackers intend to do with their stolen data, the report should serve as another wake-up call to Congress and the American people to break out of their long period of complacency.
According to the firm, Hold Security, Russian hackers strung together networks of virus-infected zombie computers known as botnets that were programmed to do their bidding. Whenever they discovered storage of passwords and usernames, they flagged the location and came back later, injecting a code that caused the database to disgorge its contents. In this way, they managed to accumulate more than a billion unique credentials. While such groups have often peddled similar data troves, in this case the hackers seem to be using them to broadcast truckloads of spam, according to The New York Times. What will they do next?
A natural reaction to this might be to shrug. Doesn’t it happen all the time? Yes, and that’s the problem — these data breaches are accelerating. In December, 40 million credit card numbers and some 70 million addresses, phone numbers and other pieces of personal information were stolen from the retailer Target by hackers who siphoned them right out of the company’s card readers and networks. Losing a credit card number is a real pain, but the theft of usernames and passwords isn’t small potatoes either; it could lead to damaging identity theft or worse. Hundreds of websites provide access for little more than a username and password, and the Russian hackers scooped up the equivalent of three credentials for every person in the United States.
How can there be any further doubt that cyberspace has become a danger zone for theft, intrusion and espionage? If a billion of anything were stolen in this country — say, a billion candy bars were shoplifted on the same day — wouldn’t it be appropriate to demand urgent action? Unfortunately, as a society and an economy, the United States remains vulnerable and overly complacent. Many companies find they cannot defend themselves against the onslaught; the Russian hackers pulled their loot from 420,000 websites, including some run by major firms. This week, Ellen Nakashima of The Post reported that a major U.S. contractor that conducts background checks for the Department of Homeland Security suffered a computer breach that probably resulted in the theft of employees’ personal information, and the company said the intrusion “has all the markings of a state-sponsored attack.”
Congress has been wrestling with legislation to bolster the private sector’s cyberdefenses in collaboration with the government, without much to show for it. Promising legislation is on offer in both the House and Senate. When lawmakers return after the summer recess, perhaps they will finally get down to business and do something about it.
Rules for posting comments
Comments posted below are from readers. In no way do they represent the view of Stephens Media LLC or this newspaper. This is a public forum.
Comments may be monitored for inappropriate content but the newspaper is under no obligation to do so. Comment posters are solely responsible under the Communications Decency Act for comments posted on this Web site. Stephens Media LLC is not liable for messages from third parties.
IP and email addresses of persons who post are not treated as confidential records and will be disclosed in response to valid legal process.
Do not post:
- Potentially libelous statements or damaging innuendo.
- Obscene, explicit, or racist language.
- Copyrighted materials of any sort without the express permission of the copyright holder.
- Personal attacks, insults or threats.
- The use of another person's real name to disguise your identity.
- Comments unrelated to the story.
If you believe that a commenter has not followed these guidelines, please click the FLAG icon below the comment.