The New York Times reported earlier this month that a group of security experts gathered at the Black Hat conference in Las Vegas to discuss current issues concerning identity protection and company vulnerabilities.
Alex Holden, the founder and chief information security officer of Hold Security, reported that a group of Russian hackers have been collecting personal information that they have stolen from numerous websites and organizations internationally. Holden reports that many of the victims remain vulnerable to further attack and still more are unaware they have even suffered a breach.
At the conference, Holden theorized that the ring is made up of about 10 young men who contribute different computer skills to the group and share a division of labor. The hackers use botnets, computer networks infected with a virus, to identify and target vulnerable sites. When an infected user visits a weak webpage, the criminals then use a hacking technique called an SQL injection that forces the site to surrender its contents. By July, Holden estimates the hackers had accumulated 4.5 billion records in this manner. Holden was careful to note that sites within Russia were also hacked, and that he had no reason to believe the Russian government was in any way involved.
And it’s not just retailers who are vulnerable to attacks. This summer a group of Chinese hackers penetrated Community Health Systems, the major systems operator for U.S. hospitals, and stole the personal information of 4.5 million patients.
Because of the widespread and costly nature of these incidents, experts at the gathering strongly recommended that businesses scan their systems and update their point of sale systems in order to maintain ideal security levels. H&R Block recently took this advice, installing a new identity confirmation software to strengthen security.