Would it surprise you to learn that you’re very wealthy – that is, when it comes to possessing one of the most valuable commodities in today’s world? That commodity is your personal data. It’s worth a lot of money and hackers will stop at nothing to get it.
For the past couple of decades, the headlines have focused on hacking in these four primary categories:
Hacking as a geopolitical weapon for governments and militaries.
Hacking as a form of espionage for corporate warfare.
Hacking as a tool for anarchists and extremists.
Hacking as sport for talented software coders, and creeps on the street.
Things are changing. Now, the new stories are of massive, sensational hacks at major consumer companies that result in the mass exposure of their customers’ private information. These hacks are different because they are for profit and the forces behind many of them are the most sophisticated and ruthless criminal cartels from around the world.
For ambitious criminals, stealing and selling your personal information, or using that information against you for fraud, extortion, or worse, represents the opportunity of a lifetime. These crimes are safe and can be committed from anywhere. They have an unlimited upside in profit and a relatively minimal downside to the consequences. The crimes are anonymous, the chances of being caught are slim and the loot (Bit Coins and other digital currencies) is portable, liquid and cannot be traced.
Criminals have discovered the perfect crime in hacking,
and now you and your information are the score.
The high-profile breaches of the last two years are case studies in the trend toward cyber-crime for profit by criminal hackers from around the world. What follows is part one of this series "Now, It's Personal - Why The High Profile Hacks of 2013 and 2014 Matter to You." Part two will be published next week.
Target - Incredibly, Target’s breach is estimated to have impacted an amazing one in three American consumers.
In November of 2013, just as the Christmas shopping season kicked off, someone installed malware on Target’s IT systems. The malware virus was designed to steal payment information from every transaction made at every company store. To add insult to injury, the hackers stored the stolen credit card numbers on a commandeered Target server.
What is even more outrageous is that Target was apparently aware of its vulnerabilities. It hired a security company – one that had done work for the CIA and the Pentagon – to monitor their systems. The company detected the breach but ultimately Target took no action. Detecting a breach is just the start and does no good without immediate remedial action.
Ultimately, Target spent $61 million addressing the breach, far less than they had spent on their cybersecurity up to that point. And that’s not counting a 46% drop in holiday shopping. Even more incredible, Target’s breach is estimated to have impacted an amazing one in three American consumers.
Home Depot - Hackers used a vulnerability in the Microsoft Windows operating system to gain deep access.
In April of 2014, home improvement giant Home Depot’s systems were breached. Hackers gained access to 53 million email addresses and 56 million credit card accounts.
How did it happen? Hackers stole information from a third-party vendor and used that to access Home Depot’s internal computer systems. From there, the hackers used a vulnerability in the Microsoft Windows operating system to gain deeper access. Then they used custom-designed malware to swipe information from 7,500 self-checkout terminals. The malware was new and unique, which made it very effective. Just like a human body that rallies its antibodies to ward off known viruses, computer antivirus protection is based on known viruses. And just like a human body encountering a novel virus for the first time, the system wasn’t able to defend itself.
The breach ended up costing Home Depot an estimated $62 million. Home Depot offered all affected customers complimentary credit monitoring.
Common Denominators - What do these cases have in common? The answer: You.
You can hardly buy or sell or rent or maintain anything in this world without divulging personal information, which ends up getting stored indefinitely on a company’s server. Every transaction skims a piece of you off the top and permanently saves it on someone else’s system. You don’t just give these corporations your business, you give them your trust and the keys to the castle of your digital life.
Have they earned your trust? Are they investing the necessary time and money to safeguard you and your data? As we’ve seen, even the biggest companies with the deepest pockets slip up, and the repercussions from those mistakes trickle all the way down to the individual consumers whose information was stolen.
These were not isolated incidents, and in our next piece, we’ll continue to explore the major data breaches of the past year and the devastating impact they've had on consumers.