Over 360 million credentials and profiles of personal information are on sale on the black market, according to a groundbreaking study revealed by Hold Security. The thefts took place on separate occasions, one of which garnered 105 million records – possibly the greatest cyber-related security breach in history. The scariest part? This data was taken from the month of February 2014 alone.
Furthermore, 1.25 billion email addresses are available on this market – including those issued from providers such as Yahoo and Google. The agencies from which this information was stolen may not even be aware of the breaches. Hold Security has been working to identify victims and will continue to do so. The information could have been obtained from any number of websites – social media, financial institutions, job search engines, home shopping networks, dating sites, etc.
This type of breach is even more concerning than the theft of credit card data because it leaves combinations of user names and passwords vulnerable to abuse. This includes banking and other financial data, health records, tax documents, and corporate networks. The threats become even more alarming considering that many people use the same user names and passwords for multiple accounts, and the majority of the pilfered data is not encrypted.
Virtual Black Markets
Illegitimate websites allow users to register and browse content anonymously. In addition to all sorts of personal records, these marketplaces may distribute weapons, drugs, counterfeit currency, and pornography. Legal products, such as clothing, electronics, books, and collectibles can also be sold.
The infrastructures that support these marketplaces require a considerable amount of care and participation. The black market network consists of spammers, hackers, tech experts, programmers to create malware, and web designers to construct websites.
With the ever-increasing prevalence of security breaches, there comes an abundance of opinion and criticism regarding the mistakes and mishaps that enabled them. So, who should be held accountable – and how?
Sometimes security teams are at the brunt of the blame-game. While this may be justified in some cases, there are circumstances that indicate this isn’t always reasonable. For instance, many IT teams notice warning signs and weak points in business safety nets – and promptly address them with superiors. Lack of responsibility and accountability is certainly an issue at this point. Board members of businesses and organizations may simply ignore, or, for whatever reason, fail to heed the advice of system professionals. As a result, there is often very little internal acknowledgement of responsibility.
There is not a lack of options for improving online safety, however. One technique may be to require project managers to sign off on protective measures put in place on new technology systems. This process could demand additional time and effort because certain members of the business teams may need to work more closely with IT staff to identify risks. Such collaboration, however, is likely the quickest path to improvement. Not only will transparency be intensified, but accountability will be strengthened as it is spread across departments. Moreover, if protocols are put in place to enforce these measures, there may also be grounds for disciplinary action if they are not followed. BlueHost published an in-depth article called “How to Prevent CyberCriminals from Attacking” in December of 2013 which also highlights some strong safety measures.
The implementation of policies and procedures that relate to detailed outlines of the roles and expectations of everyone involved is not so much about blame as it is about taking ownership. Employees on all levels are empowered to be more diligent, and if a security breach does occur, thorough documentation of all measures taken can be presented to victims.
Perhaps it goes without saying that the cybercriminals behind security breaches must be held accountable as well. Although virtual black markets are well-organized and strongly fortified, it is possible for law enforcement to charge those actually committing the crimes. Consider the Silk Road, for example, an online black marketplace that was shut down by the FBI in October 2013. Its founder and chief operator was charged with drug trafficking violations, as well as murder-for-hire schemes, computer hacking, and money-laundering. The case is still pending, and other suspects involved in the operation have since been arrested.
These insidious events function as calls to action. All individuals, businesses, and other organizations must commit to heightening awareness of online risks, as well as taking appropriate steps to prevent further incidents. Such widespread security breaches have led to an evolution in the industry that hosts the data that’s become a target of hackers and thieves. Many web hosting companies are introducing new security-related services to the marketplace in their packages. The importance of regular malware scans, business validation, site certification, and anti-spam email monitoring should not be ignored. These helpful tools don’t just protect the business – they protect everyone who uses the website.