The scale of cybercrime continues to astonish. The latest eye-opener is a Milwaukee security firm's claim that Russian hackers stole 1.2 billion usernames and related passwords. This must be one of the biggest hauls of all time, and while it is not clear what the hackers intend to do with their stolen data, the report should serve as another wake-up call to Congress and the American people to break out of their long period of complacency.
According to the firm, Hold Security, Russian hackers strung together networks of virus-infected zombie computers known as botnets that were programmed to do their bidding. Whenever they discovered storage of passwords and usernames, they flagged the location and came back later, injecting a code that caused the database to disgorge its contents. In this way, they managed to accumulate more than a billion unique credentials. While such groups have often peddled similar data troves, in this case the hackers seem to be using them to broadcast truckloads of spam, according to The New York Times. What will they do next?
A natural reaction to this might be to shrug. Doesn't it happen all the time? Yes, and that's the problem these data breaches are accelerating. In December, 40 million credit card numbers and some 70 million addresses, phone numbers and other pieces of personal information were stolen from the retailer Target by hackers who siphoned them right out of the company's card readers and networks. Losing a credit card number is a real pain, but the theft of usernames and passwords isn't small potatoes either; it could lead to damaging identity theft or worse. Hundreds of Web sites provide access for little more than a username and password, and the Russian hackers scooped up the equivalent of three credentials for every person in the United States.