Who knows more about you: government or criminals?
‘The X-Factor got hacked’ is not the title of Stephen King’s new book: it’s the latest major security breach in just the last few weeks. First we had Epsilon, then Sony and now the X-Factor (oh, and Sony again). But according to Andy Kemshall of SecurEnvoy these are merely the highest profile breaches, and there have been many more in recent months.
“It’s actually quite easy to see a pattern emerging in these attacks. Previously, frauds were card-centric and built around opportunistic database hacks; but the sheer volume of the system hacks in recent months suggests that there is now a longer-term strategy involved,” he said.
“We already know that people’s credentials, including their names and unique identifiers such as social security/national insurance and address details, are being bought and sold on underground forums, along with dates-of-birth, email addresses and other personal data. Our observations suggest that this data is being compiled into one or more databases, meaning that low-level frauds can be carried out on a steady basis, bursting into periods of high activity when the people’s debit or credit card details become available.”
It’s been apparent for some time that online criminals are becoming more organised, more sophisticated and more willing to take the long view for their ROI – and that’s exactly what Andy Kemshall sees here. “It’s very easy to dismiss the X-Factor US systems database hack as a one-off incident, but if you look at the hack against the backdrop of a constant stream of corporate hacks in recent months, the reality starts to hit home.
“And that reality is that cybercriminals are starting to conduct these attacks on a carefully planned basis, with the longer-term strategy of building their own fraudulent database on as many people as possible.”
If we don’t start improving our security, the criminal databases will soon contain as much personal information about us as the government databases already contain.