In the wake of a massive breach of Target Corp.’s security, in which hackers compromised around 110 million credit card numbers, several other hacking incidents across the globe have highlighted the acute need for better security against intrusions.
According to a BBC report on January 20, an IT worker in South Korea attained over 20 million credit card numbers, equivalent to almost half of the country’s population, and sold them to marketing firms.
A company called Korea Credit Bureau, a private credit score producer, employed the worker. He was able to use a simple USB stick to copy the data, which was unencrypted.
According to the same report, “The credit card firms [KB Kookmin Card, Lotte Card, and NH Nonghyup Card] did not know it had been copied until investigators told them about the theft.” The heads of each of these three companies issued a formal apology promising to pay for any damages the incident might produce.
A day later, January 21, reports emerged that Germany suffered from a similar breach, with 16 million passwords and e-mail addresses stolen. The German Federal Office of Security claimed that the perpetrators had “infected computers with software which allowed them to gather email addresses and account passwords” (BBC).
This attack has left almost one in five Germans vulnerable to exploitation if criminals get ahold of their account information. There is little detail in reports issued so far, noting that the Office of Security has not made further comments about who might be suspected, though they have set up a website for potential victims to see whether their information was compromised.
On the same day, Microsoft suffered another security breach at the hands of the Syrian Electronic Army. This organization, loyal to Bashar al-Assad’s government in the Middle Eastern country, was set up to disrupt the activities of companies, news organizations, and political opposition groups of which it disapproves.
A few days earlier, on the fifteenth, the SEA accessed what Microsoft called a “small number” of employee e-mail accounts. The current breach is less serious, with only Microsofts’ Office blog being compromised.
The SEA uploaded several articles claiming responsibility for the hack before they were taken down (The Verge). Though more embarrassing than harmful, these intrusions demonstrate that even redoubtable tech giants like Microsoft are vulnerable.
These three attacks range widely in scale and seriousness, but because they all took place at high-profile targets and within a compressed time frame, they serve as a pointed reminder of the dangers inherent in the use of the Internet.
Determined thieves and foreign operatives have been able to hack into everything from company blogs to banking information. At the same time, the United States government and other sovereign states have begun to employ cyber warfare–for instance, the Stuxnet attack against the Iranian nuclear program–in order to disrupt the activities of and gather information from potential enemies.
Even as the Internet becomes the place where commerce, communication, and work is done, it is also fraught with risks that everyone accepts when storing information in networked computers. Given that almost all of our information is so stored these days, those risks might be unavoidable.