Yahoo Finance (blog)
|
|
“Attacking our financial
institutions in ways that we would never be able to prove it was them.”
There's no public evidence anything like that has happened, but it is
assuredly a consideration as President Obama and European leaders
consider how tough ...
Thu, Aug 7, 2014, 2:36AM EDT - US Markets open in 6 hrs and 54 mins
Russia reveals what it's really good at: Hacking
Amateurs draw attention to themselves. The quiet ones are the professionals.
While Chinese hackers have been
causing a ruckus invading U.S. web sites during the last few years, a
gang of Russian hackers has apparently pulled off the largest heist yet of digital data.
The group has stolen 1.2 billion username and password combinations,
according to Hold Security of Milwaukee, and more than 500 million email
addresses.
Russia, with a vast
techno-industrial complex dating to the Cold War, is generally
considered to have premier cyberwarfare capabilities. “When I was in
government, we thought the Russians were the best in the world at this,
after the United States,” security expert Richard Clarke, a top White
House advisor during the George W. Bush administration, said during a
panel discussion at this year’s Milken Institute Global Conference.
“That is still the prevailing view,” said Chris Inglis, who until
earlier this year was deputy director at the National Security Agency.There’s no evidence the huge Russian hack was a government operation. But Russia’s Orwellian security sector has spawned an army of cyberruffians Vladimir Putin’s government has done little to rein in. A year ago, for instance, U.S. prosecutors revealed details of a 7-year scheme perpetrated by Russian hackers who obtained access to 800,000 U.S. bank accounts and more than 160 million credit and debit card numbers -- believed at the time to be the biggest cybercrime ever.
Hold Security says the Russian group carrying out the latest attack seems to be using the stolen data for spamming operations, which would be less serious than the theft of credit-card information that has afflicted Target (TGT) and other companies. Still, the kind of data the Russians stole can be matched with other information and used for identity theft—on a potentially huge scale, given the sheer amount of personal information gathered.
The most notable thing about the Russian hack may be its astonishing breadth. Many cyberattacks drill deep into one company’s databases to extract as much information as possible on the firm's customers. The Russians, by contrast, gathered their data from 420,000 different web sites, ranging from big companies such as Adobe (and many others not yet identified), to small sites that probably have marginal security.
At the Milken conference in May,
Clarke pointed out how the Russian government has the capability to
conduct cyberwar against the United States, if tensions should ever rise
to that level. Russia lacks the economic clout to go toe-to-toe with
the U.S. over sanctions, like those being imposed now in response to
Russia’s military adventurism in Ukraine. But cyberwarfare could level
the playing field. “What they can do, and do it covertly, is a series of
cyberattacks to get back at us for sanctions,” Clarke said. “Attacking
our financial institutions in ways that we would never be able to prove
it was them.”
There’s no public evidence
anything like that has happened, but it is assuredly a consideration as
President Obama and European leaders consider how tough sanctions
against Russia ought to be. It’s also likely Russia could conduct more
aggressive cyberwarfare in Ukraine itself. Up till now, Russia has held
back, perhaps because it doesn’t want to reveal its capabilities, invite
retaliation or appear to be escalating its support for Ukraine
separatists.
Whoever the attackers are,
cybercrime and more sinister variations backed by foreign governments
have become a major problem for American companies, imposing an annual
cost of at least $100 billion per year. The White House has singled out
economic espionage conducted by units of China’s People’s Liberation
Army as a particular threat to U.S. firms. Hackers from China, Syria,
Iran and other countries have also attacked a variety of U.S. companies,
including media giants such as the New York Times, CNN and the Wall
Street Journal, in fairly obvious ways that might best be described as
online vandalism.
There’s one cyberpower that
tends to stay out of the headlines: the United States. While Chinese and
Russian hackers might be good, they do tend to get caught. The best
hackers are the ones who go completely unnoticed.
Rick Newman’s latest book is Rebounders: How Winners Pivot From Setback To Success. Follow him on Twitter: @rickjnewman.
No comments:
Post a Comment