All week, we’ve been wondering if perhaps it wasn’t the credit bureaus that were the weak link for hackers who’ve hit pay dirt with politicians, including Vice President Joe Biden and First Lady Michelle Obama, along with celebrities such as Beyonce. Turns out, that’s exactly where the leak is coming from.
What made many believe it was one (or more) of the three major credit bureaus that had been hacked was the type of information that was being posted. Most of it was dated, which is what makes up a credit report – things like the history of where we’ve lived, past phone numbers, etc. It was the social security numbers and the information that wasn’t dated that had many worried.
Here’s the mindset now – most of us go to AnnualCreditReport.com to ensure the information on our credit reports are accurate. It’s the one website the government recommends we use to annual review what’s been posted. Turns out, it’s the same website malicious hackers used as well. They were able to breach the site and gain access to 200 million Americans’ credit reports. That’s astounding – it just so happens, most of us aren’t in the public eye, so our information isn’t that worthy in the media. See? There’s one good benefit of not being chosen for this season’s American Idol – every cloud has a silver lining.
The Consumer Financial Protection Bureau says more than 16 million consumers use AnnualCreditReport.com annually. That’s massive and efforts are being made to encourage more of us to check our credit reports each year in proactive effort of staying on top of errors and identity mistakes, which is good – but as long as the bureaus are left vulnerable, the efforts of any of us are moot.
What’s most interesting, though, is the hackers were prepared to get past the security process. This means they already had social security numbers for the first lady, the celebrities and even former police chiefs in Los Angeles. Other targets included US Attorney General Eric Holder and former California governor Arnold Schwarzenegger, former VP Al Gore and even former Secretary of State Hillary Clinton. It was just a matter of time before the sensitive information hit the website where it was all made public. That time came on Tuesday and since then, authorities have been scrambling to figure out the details of how the information was gained.
This latest scam shows the vulnerability of companies that provide this kind of information online. Remember – everything from our credit ratings to our mortgage information to our credit cards are found online in any number of ways. The credit bureaus are especially vulnerable. Bloomberg revealed a few months ago that one of the three major companies, Experian, had been breached a whopping 86 times in recent months. That’s huge – and yet these compromised reports – or rather, these potentially compromised reports – are exactly why the credit system in this nation needs to be overhauled. There are already big changes being made, but they’re not enough.
All three credit bureaus — Equifax, Experian and TransUnion – were ordered a few years ago to offer consumers a complimentary credit report once a year. They come together to define a single source for consumers to access their reports, which is what’s now known as AnnualCreditReport.com to fulfill that obligation. And now, Bloomberg says it spoke with representatives of all three bureaus and each said they had discovered vulnerabilities that led to unauthorized access to the credit files. In fact, the information that was posted online can be traced back to one of the three bureaus.
Clifton O’Neal, a spokesman for TransUnion, told Bloomberg during the interview that the hackers had
considerable amounts of information about the victims, including social-security numbers and other sensitive, personal identifying information.
The hackers used annualcreditreport.com to gain access and they wrote new code to bypass the security of the site.
Also yesterday, U.S. Director of National Intelligence James Clapper told a Senate Committee that there existed only a “remote chance of an effective cyber attack” against the U.S. Then, in typical double talk, he said he couldn’t rule out a “less sophisticated but potentially damaging attack within the next twenty four months by isolated state actors – possibly from Russia or China”.
Has Clapper seen the reports? Is he not aware that Experian has been hit 86 times? Has he not seen the nation’s highest ranking politicians’ information plastered all over the web?
He continued by saying the less advanced but highly motivated actors might be able to access a poorly protected network, but that it’s not likely a high impact systemic disruption would follow. We’re wondering what he calls the denial of service attacks that not only hit every single major American bank last fall, but gave fair warning of which banks it would hit – only to realize there were no safety mechanisms strong enough to prevent it. So confident are the hackers that they are moving forward with phase 2 – and announcing each step ahead of time. It’s like they’re taunting security analysts.
Remember, these denial of service attacks hit the stock exchange, too. Servers were flooded with traffic and many customers were unable to access their accounts. Clapper was quick to point out the accounts themselves were not compromised. Who is he kidding? Because if he thinks he’s turning the tables and taunting the hackers the way they’re taunting security officials, he might want to rethink that. These hackers have yet to miss their mark – and that’s troubling.
But here’s where it really gets frustrating – as Clapper continued to talk and provide contradictory testimony, he then said in a prepared statement that
foreign intelligence and security services have penetrated numerous computer networks of U.S. government, business, academic, and private sector entities…most detected activity has targeted unclassified networks connected to the Internet, but foreign cyber actors are also targeting classified networks…much of the nation’s critical proprietary data are on sensitive but unclassified networks; the same is true for most of our closest allies.
And yet he continues to insist there’s no immediate problems.
Similar Credit Card News:
- [May 4, 2011] Stolen PSN Card Details Appear on Black Market
- [July 1, 2011] FBI and Secret Service Fight Against Credit Card Hackers
- [April 24, 2012] Does The Internet Cause Inefficiency and Security Lapses?
- [April 12, 2011] Epsilon Security Breach
- [June 12, 2012] What You Should Know About Vantage Scores
- [December 10, 2012] Former Anonymous Spokesperson Indicted for Credit Card Fraud
- [July 12, 2011] Visa Launches New Security Sense Website