Over the last month, cyberterrorists operating from offshore locations, launched a massive attack on US citizens. By hacking point of sale terminals in Target stores, the group was able to steal information from 40 million citizens across the US.
Given the unique nature of this attack, it didn't only steal credit card numbers. It was also successful in gathering the three digit verification codes as well as name and address information. The ability to link all three is a huge coup for the attackers, since it allows the construction of databases that will enable much more sophisticated attacks in the future.
For example, phishing e-mails (e-mails that look like messages from a trusted source, like a bank) are already being sent to e-mail addresses linked to these addresses to gather even more information and/or install malware.
Although, large numbers of these credit cards have already been sold at $100 a pop (although that price is decaying quickly), the biggest benefit, long term, is that this information is major addition to databases that stitch together the information needed to easily mount attacks on Americans in the future.
What it Means
Simply:
- This isn't just a simple crime. It's an attack. An attack with both short term and long term ramifications.
- The US national security establishment didn't even attempt to protect us from this. Why? The folks running the show down in Washington don't, and still don't, consider the biggest cyber attack on US citizens to date a national security issue. As with 9/11, our expensive national defense syste was totally ineffective when we needed it.
- Finding and neutralizing cyberattackers doing real and tangible damage to tens of millions of US citizens is a much better role for the NSA than what it is currently doing -- a combination of spying on tens of millions of Americans (unconstitutional) and supporting the pursuit of traditional terrorists at a mindboggling price of $100 m each.