Wednesday, June 15, 2011

Cybersecurity Laughably Easy to Penetrate

The New York Times has been doing a bang-up job reporting on security breaches not only in financial institutions but against governments and the possibility of undermining financial markets and cyberwarfare. (Many believe that North Korea and Russia have attacked the cyberpinnings of the South Korean and Georgian governments, respectively, temporarily paralyzing their responsiveness.)

Nelson D. Schwartz and Eric Dash's article shows how criminally easy it was for sophisticated hackers to enter the Citigroup website to steal names, account numbers, email addresses and transaction histories of more than 200,000 Citi credit card holders.

The hackers responsible for the most comprehensive identity theft seem to be from Eastern Europe:

Many of these attacks have their origins in Eastern Europe, including Russia, Belarus, Ukraine and Romania. In fact, the security expert familiar with the Citi breach said it originated in the region, though he would not specify the country.

They didn't even have to exercise their prodigious skills. All they had to do was log on to the site reserved for Citi credit card customers. Once they were inside they dragged the names and other data into a strip of code located in the URL field and set it up automatically to vacuum up information on a massive scale.

Hacking is not an activity simply confined to a bunch of mischievous 20-somethings with a laptop. The big money is in selling the credit card or other financial personal data in online forums where, as personal information gets more detailed and individualized, prices are rising:

[D]emand for the data is on the rise. In 2008, the underground market for the data was flooded with more than 360 million stolen personal records, most of them credit and debit files.

[P]rices for basic credit card information could rise to several dollars from their current level of only pennies.

It's an established industry, sort of a "dark web" that operates under the superficial skin that we all see:

[S]ome hackers specialize in prying out customer names, account numbers and other confidential information, Mr. Martinez [deputy special agent in charge of the Secret Service's criminal investigation division] said. Brokers then sell that information in the Internet bazaars. Criminals use it to impersonate customers and buy merchandise. Finally, "money mules" wire home the profits through outlets like Western Union or MoneyGram.

People suspend their disbelief when they sit down at the keyboard. It's laughable to think that the Internet offers any privacy or security, even with all the anti-virus, anti-spyware you can pile on. Now you have to be sure that your financial assets are safe. What's going to happen when all personal assets (I include data in that term) exist solely in cyberspace, prey to hackers working at warp speed?

No comments: