There are three basic online precautions you have to do nowadays to keep yourself secure especially if you use the internet for more than just Facebook and email. One, of course, is to come up with a password which is more than your birthday, your wife’s birthday or your license plate. It has to be strong, a a minimum of eight characters and easily remembered; perhaps your cat’s name plus a couple of symbols.
Second important precaution is to use two-factor authentication wherein the website in which you’re a member of asks you for your phone number so that it can send you an authentication code via text every time you log in or log in from somewhere unfamiliar. It keeps hackers from logging into your account when they find out your 1234567890 p@ssw0rd.
The third important online precaution is not to use the same handle (is it still the term) or username and password for every web account you go to. For example, you have a Google account called firstname.lastname@example.org, and you have a Facebook account with username mr_squiggles. Many people do this, and it does make online life very simple. And it also makes hackers lives very easy to get everything about you.
“Well, I speak one… One Zero One Zero Zero. With that I could steal your money, your secrets, your sexual fantasies, your whole life. Any country, any place, anytime I want…”
— Taz “Rat” Finch, The Core (film)
Take the case of MySpace for example. What’s MySpace again? The Facebook of the early 2000s. It’s still around. Still around to be hacked. By now many of its users have transferred their social lives over to Facebook along with their old usernames and passwords. But now many of those accounts have been hacked recently. If you’re one of those users and if you’re using the same old username and password, then you’re in trouble. Do you use the same account on eBay, Amazon, Paypal? Then you cousin, are in deep baba-stiki! But if you added two-factor authentication to those accounts, then you’re somewhat okay. Other sites with recent breaches include Tumblr, Fling and Badoo as well as any forums and websites from Toronto-based hosting company VerticalScope.
“We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies…We believe that any potential breach is limited to usernames, user IDs, email addresses, and encrypted passwords of our users. In addition, we are reviewing our security policies and practices and in response to increased Internet awareness of security-related incidents, including potential incidents in our communities, we are implementing security changes related to our forum password strength and password expiration policies across certain forum communities.”
— Jerry Orban, VP of corporate development, VerticalSope, email to ZDNet
The thing is, these breaches will just keep coming. There’s high value in hacked account information, a black market if you will, and that data gets dumped into the deep web where shady guys who want this sort of info often go. Stolen accounts in the deep web is nothing new. It’s often stolen credit card info, social security and porn site info. Apparently, the market is at an all-time high. Due to the current high level of interconnectivity, any sort of data, even old ones now have value and hackers are scrambling to acquire sell all this info to anyone who wants it. If you have an old account you no longer use, delete it; that is if the site actually deletes it. There are reports where US government agency and department accounts are on sale. So there’s some plausibility in Hugh Jackman’s Swordfish blowjob hack if he already has such an account. It’s not just accounts.
So again, if you’re the type that uses similar user accounts and passwords everywhere you’re in big trouble if you also use them at work. Your account may already be in the black market. Remote server access taken from governments and businesses are also on sale with over 5000 servers from China, 2000 in India and over 200 from Singapore. Each account sells as low as six dollars a pop. If you’re an aspiring blackhat, it’s Black Friday at the deep web.
“Purchasing access to a server located in a European Union country government network can cost as little as $6… It is a hacker’s dream, simplifying access to victims, making it cheaper and faster, and opening up new possibilities for both cybercriminals and advanced threat actors,”
What’s scary is that many owners of these servers-for-sale may not even be aware that they’ve been hacked. They merrily trudge along, business as usual unaware that important data is being sucked from their servers. And they wonder why their spam mail suddenly spikes and that they become targets for ransomware.