The scale of cybercrime continues to astonish. The latest eye-opener is a Milwaukee security firm’s claim that Russian hackers stole 1.2 billion usernames and related passwords. This must be one of the biggest hauls of all time, and while it is not clear what the hackers intend to do with their stolen data, the report should serve as another wake-up call to Congress and the American people to break out of their long period of complacency.
While such groups have often peddled similar data troves, in this case the hackers seem to be using them to broadcast truckloads of spam, according to The New York Times. What will they do next?
A natural reaction to this might be to shrug. Doesn’t it happen all the time? Yes, and that’s the problem – these data breaches are accelerating. In December, 40 million credit card numbers and some 70 million addresses, phone numbers and other pieces of personal information were stolen from the retailer Target by hackers who siphoned them right out of the company’s card readers and networks. Losing a credit card number is a real pain, but the theft of usernames and passwords isn’t small potatoes either; it could lead to damaging identity theft or worse.
How can there be any further doubt that cyberspace has become a danger zone for theft, intrusion and espionage? If a billion of anything were stolen in this country wouldn’t it be appropriate to demand urgent action? Unfortunately, as a society and an economy, the United States remains vulnerable and overly complacent. Many companies find they cannot defend themselves against the onslaught; the Russian hackers pulled their loot from 420,000 Web sites, including some run by major firms. This week, Ellen Nakashima of The Post reported that a major U.S. contractor that conducts background checks for the Department of Homeland Security suffered a computer breach that probably resulted in the theft of employees’ personal information, and the company said the intrusion “has all the markings of a state-sponsored attack.”
Congress has been wrestling with legislation to bolster the private sector’s cyberdefenses in collaboration with the government, without much to show for it. Promising legislation is on offer in both the House and Senate. When lawmakers return after the summer recess, perhaps they will finally get down to business and do something about it.