As many as 16 million online accounts have been compromised after cybercriminals hijacked computer networks, according to Germany’s Internet security agency.
Germany’s Federal Office for Information Security, or BSI, reveals it discovered the security breach after analyzing botnets. Botnets are computer networks that host malware. The breach left user names and passwords vulnerable, with more than half the hacked accounts ending in “.de,” which is the Internet country code for Germany.
BSI launched a Web site that aims to help consumers determine if their e-mail accounts were hacked. That site crashed temporarily on Tuesday as people rushed online to find out if their private information was in the hands of online crooks.
We’re Making Progress
We caught up with Chester Wisniewski, senior security advisor at Sophos, to get his take on the security news. This is obviously bad news, he told us, but it does indicate progress from where we were a year ago.
“In the past this information was being stolen in enormous numbers, but no one knew it. Victims weren't warned and cases weren't being investigated. So the good news here is that law enforcement is raising awareness and notifying victims. The bad news is this demonstrates the large percentage of people whose computers are infected with malware,” Wisniewski said.
“While everyone is busy fretting about who might be listening to whose phone calls, garden variety criminals are exploiting us for our money, identities and online accounts by the millions. Unfortunately I am not surprised by the news, but hopefully the victims can be notified, clean their PCs of any malware and use this as an opportunity to change their passwords to unique, difficult-to-guess passphrases for all of their online accounts,” he said.
Germany’s Hacking Action
The latest attack is one in a string of data security stories coming out of Germany in the last few months. In October, Germany said it thought U.S. intelligence agencies were monitoring Chancellor Angela Merkel’s cellphone. That headline came in the wake of reports that the National Security Agency was collecting data about online activities and cell phone usage of European consumers.
Vodafone Group was hacked last September. The accounts of about 2 million consumers were compromised. According to the company, hackers tapped into an information pool of addresses, bank account numbers and dates of birth. Vodafone argued it had “world-class security systems that are constantly updated and upgraded to block new emerging threats. However, this attack was highly complex and conducted with insight knowledge of our most secure internal systems.”
In that case, security experts suggested security models have failed to keep up with an increasingly interconnected world: Servers that contain critical data, such as personally identifiable information that was stolen in the Vodafone hack, should not be accessible on the public Internet.