Record breaking hack: 1.2 billion usernames and passwords compromised
(CNN) — Most people’s first response on hearing that 1.2 billion usernames and passwords have been compromised by a group of Russian hackers? We check our own most important accounts for evidence of misuse, and change our passwords. If a week or two goes by with nothing out of the ordinary happening on our credit cards, we breathe a sigh of relief and go back to life as normal.
In short, if nothing happens to us, personally, then we really don’t care.
But that’s not how the Internet works. We’re all in this thing together, and when the network is compromised, so too are we all.
So what lessons should we take from the news that this cyberposse has managed to break into over 420,000 websites of companies large and small?
First off, your data is not safe — certainly not in an online universe where it’s supposed to be protected by consumer-created passwords and computer-illiterate merchants. Over the years, I have been laughed off more than one panel for suggesting that we won’t begin to take digital education seriously until nine Chinese teenagers break into a major Wall Street bank and create such havoc that we’re forced to reset the entire economy to yesterday at noon.
So it turns out to be a dozen Russian 20-somethings in a small city near Mongolia, but the achievement was equally spectacular and should provoke an equally widespread response.
Yes, the compromised 420,000 websites belonging to companies large and small need to be reconfigured, but so does our entire approach to information and its security.
In the most immediate and practical sense, we pedestrians have to accept the fact that we are utterly incapable of protecting ourselves on the information superhighway. We don’t use good passwords, we use the same ones on multiple sites, we don’t change them often enough, and we store them in files and e-mails and other places where they are not secure.
The easy cure is to use a password service such as Dashlane, KeePass or LastPass to create and manage your passwords for you. You can even share passwords securely with others, revoke access, and change passwords regularly without having to remember anything but your own master key.
Likewise, those of us working in businesses simply have to learn to surrender authority of our security to those IT people who keep telling us to do stuff that we ignore. We have to respect the firewalls, scan USB sticks before we stick them in our machines or printers, and not defeat the security protocols they’ve established for us. They are not the enemy.
It’s akin to good collective hygiene. When you don’t wash your hands, that’s one thing. If you work in a restaurant, it’s another. Now that we’re all connected digitally, we are all working in the equivalent of a virtual cafeteria, spreading whatever we happen to pick up to everyone else.
That’s the vulnerability these Russian kids exploited. They collected all these usernames and passwords through a botnet installed on our computers. That weird file you opened that didn’t seem to have anything in it? Or that link you clicked on and the extra window that opened in your browser? That was you installing a piece of malware on your machine — a tiny program that turned your laptop into part of this tiny hacker group’s global supercomputer. Your processor, your contact list, and your access becomes theirs. From there, they just watch and collect.
Basic digital literacy is certainly the best option against these infiltrations. But the first and most important step in that education is to realize that there are people who know how this stuff works better than we do. The scary part of living in a networked world is that we’re all responsible for our mutual well-being. But the great part is that there are many people out here willing to help us rise to that challenge.
As long as we see our interests as personal and individual, we will continue to be used as a giant battering ram on the firewalls of banks and other companies on whom we are depending. They can patch and update, but their processing power pales in comparison with that of a few hundred million home computers controlled by a malicious gang.
That bounty of 1.2 billion usernames and passwords likely isn’t even the prize they’re after; it’s merely the platform from which they’re going after something else. Until we members of a networked society learn to work together, we will continue to be used by those who put us together for themselves.
™ & © 2014 Cable News Network, Inc., a Time Warner Company. All rights reserved.