If you’ve got an eBay account you must change your password. eBay told us overnight they had been hacked and about 145 million passwords are now useless.
Now here’s the worst part. It’s not like eBay was hacked yesterday or last week. Nope, eBay was hacked back in February and March…three months ago!
That’s alarming because the hack impacted about 140 million accounts. Email addresses, encrypted passwords, birth dates and mailing addresses were some of the info the hackers made off with.
The hackers compromised employee security credentials, allowing them to log into the eBay corporate network. This type of entry is becoming all too common in these kinds of hacks.
Most companies the size of eBay have high-level security protection. So now internal espionage is one of the best ways in. That might be outsiders paying off an employee, a disgruntled employee acting alone, or hackers breaching an employee’s unsecured networks outside of the target networks.
Free Reports:
Get Our Free Metatrader 4 Indicators - Put Our Free MetaTrader 4 Custom Indicators on your charts when you join our Weekly Newsletter
Get our Weekly Commitment of Traders Reports - See where the biggest traders (Hedge Funds and Commercial Hedgers) are positioned in the futures markets on a weekly basis.
But as you probably know, the eBay attack isn’t an isolated case. There was the infamous Target hack just a few months ago. Hacking Target’s networks, the hackers made off with the details of 40 million credit cards and user information.
Then of course LinkedIn, Twitter, and Facebook are hacked regularly.
The world is in the midst of a hacking epidemic. And government pretend like they can control the situation. The reality is government have no idea what’s going on.
The AFR reports the Australian Federal Police arrested two men over a hack of AAPT in 2012. That’s right…two men. Apparently they’re a part of the Anonymous hacktivist group. Good luck to the government proving that one…
This is the problem with government funded attempts to put a stop to cyber warfare. They simply don’t have the resources and capabilities that the wider world has, or that private companies have, for that matter.
We know this because government can’t even recruit the best cyber security talent. The FBI recently stated they might have to change their policies to recruit new talent. The long standing rule is they won’t recruit anyone that’s smoked marijuana in the last three years.
That pretty much rules out 98.7% of the entire cyber security community (statistic is made up).
But if the FBI is changing their ‘weed policy’ then hackers around the world know they’ve already got the government beat.
All these hacks and security breaches tell us one key thing. It’s a timely reminder that in our connected world, nothing is safe.
The Digital Cold war is About to Begin
More evidence of this came this week with the arrest of five Chinese nationals in the US.
Between 2006 and 2014 the men hacked Westinghouse Electric, US Steel, Alcoa Inc., Allegheny Technologies, SolarWorld and the US Steelworkers Union.
The US attorney general said it’s the first time any charges against ‘known state actors for infiltrating US commercial targets by cyber means,’ have been laid.
The five were members of the People’s Liberation Army (PLA) Unit 61398.
In a dodgy rundown suburb of Shanghai is a dirty 12-story building. If you drove past it you’d think it was deserted. It’s believed the People’s Liberation Army Unit 61398 exist in this building. Estimates are they may have hundreds, even thousands of cyber personnel in this 12,139 square metre facility.
It’s likely these five men have seen and worked inside this building. It’s also likely they know the details of their operations. So for the US to have them charged and held is a major one-up for US intelligence.
For many years cyber security firm Mandiant has tracked the most prolific ‘Advanced Persistent Threat’ (APT1) in the world. In their 2013 report Exposing One of China’s Cyber Espionage Units, Mandiant concluded this group is likely to be PLA Unit 61398.
Mandiant believe Unit 61398 is possibly responsible for hundreds of terabytes worth of IP theft from over 141 different organisations worldwide.
Of course, the Chinese Defence Ministry would have you think otherwise about Unit 61938. Even after the arrest and charges against the men last week, China Foreign Ministry spokesman Qin Gang said,
‘China is a staunch defender of network security, and the Chinese government, military and associated personnel have never engaged in online theft of trade secrets.’
Whatever these men did or didn’t do, there’s no doubt it could be the start of a digital cold war between China and the US.
Gang also said the situation, ‘damages Sino-American co-operation and mutual trust’.
While there’s no categorical evidence of state vs. state espionage there’s little doubt in the security world it exists.
The worries of the most connected man in Cyber Security
In March I attended CeBIT in Hannover, Germany. It’s CeBIT’s largest event worldwide. I had the pleasure of listening to and meeting cyber security pioneer Eugene Kaspersky.
Kaspersky is the founder of Kaspersky Labs and is possibly the most connected man in the world of cyber security.
In his presentation at CeBIT he outlined three categories of cyber threat. Cyber Criminals, Cyber Espionage and Cyber Sabotage.
Clearly this aspect of cyber espionage is one of Kaspersky’s biggest concerns. He said,
‘I want to live in a world which is [being] development so quick like it was in the past, like it is now. But I’m afraid because of the espionage attacks, which damage the trust. Which are forcing the nations to invest in the local projects.’
Right now the Chinese nationals under lock and key are damaging trust. The dangerous thing is it doesn’t look like the situation is going to ease any time soon.
We all need to be concerned about this. As cyber tensions escalate we could see World War D explode to a level never seen before.
We already know there’s an immense level of cyber attacks around the world. And as the world connects more devices, and we rely on more computer networks to live, we will all be under threat.
The future will be exciting, and an immersive world of connected everything will be an amazing world to live it. But the fact is anything that’s connected, is vulnerable. And if we can’t rely on government to protect us we need to look elsewhere.
We can take steps ourselves to protect our digital world. But increasingly we need to look to white hat cyber security companies that will fight for us. These companies have the knowledge, the resources and the motivation to protect not just the internet, but also the future of the world.
Sam Volkering, Editor, Tech Insider
Ed Note: The above article originally appeared in Tech Insider.
