By Katherine Albrecht & Liz McIntyre
Russian hackers have figured out how to suck up over a billion user names and passwords from users across the globe.
With the dizzying number of accounts involved, we’re assuming our own information is floating somewhere in the Motherland, and unless we all wise up, it’s just a matter of time before the “CyberVor” culprits upgrade to Sevruga caviar at our expense.
Just to be on the safe side, you should probably make that assumption, too.
Don’t panic, though. It’s not time to say “до свида́ния” to the Internet just yet. Here’s what happened in plain English — and how you can protect yourself.
It’s all about bots
Based on early reports, this may have been the biggest user name and password heist in history. Amazingly, it was deployed on the backs of everyday Web users. The hackers cleverly infected victims’ computers with a virus to turn them into zombie robots (a.k.a. “bots”) to do their bidding. Then they combined a huge number of these computers into a “botnet.”
A botnet is an army of infected devices that can perform jobs for its hacker masters, like sending spam, spreading viruses and spying. In this case, the virus hitched a ride on people’s Web browsers, where it quietly scanned for vulnerabilities on every website visited. When a hackable target was found, the virus reported back to the hackers, who would later siphon data from the websites’ underlying databases.
The resulting jackpots included account information, full names, addresses, usernames, passwords, purchase history — in short, everything the website knew about its customers.
These cyber thugs may have already compromised over 400,000 websites, and security analysts suspect the attacks are ongoing.
Freeze hackers out of your accounts
Have you unwittingly become a hacker patsy? Millions of people have and don’t even know it. We owe it to each other to clean up our acts when it comes to viruses. Here’s how to avoid helping the bad guys:
Watch out for rogue links. Use your cursor to hover over links before clicking them—even those from friends who could unknowingly be delivering you malicious messages. Hovering will reveal where the link goes, usually by displaying it in the lower left-hand corner of your screen. If the link and the hover don’t match, beware. (That Amazon.com link that really goes to www.ra7n.ru/Qpdv, is probably not Amazon.)
Be careful what you download. Questionable software often comes with hidden viruses, especially pirated software and music. Resist that tempting freebie — it could be bot bait.
Practice safe surfing. As you do in real life, stay away from sleazy or dangerous looking sites, and use a proxy when in doubt. Private search engine StartPage.com offers a free proxy with every search result — just click where it says “view by Ixquick proxy.” Watch Katherine’s short video about the proxy.
Get a good antivirus program. Run it regularly and update it fanatically. Use firewalls to help screen out infected emails and shield you from the effects of rogue links.
Keep your computer programs up to date. Are you running a three-year-old version of IE? Viruses prey on security weaknesses. Download and install patches from your software providers regularly.
If you were among those whose data was siphoned — and we should all assume we were — it’s time for the usual security drill. Change your passwords, making them strong and unique for every account. Computer guru Kim Komando has some great tips.
And don’t forget to check your financial accounts for any unusual activity. Don’t just look for big purchases, since identity thieves will often ring up “micro charges” that range from a few cents to a few dollars to test the waters before bagging a big payoff. For more tips on how to minimize the impact of identity theft, check out these helpful tips from the Federal Trade Commission.
Unfortunately, there’s little chance these hackers will be caught and sent to Siberia. Even if they are, a whole new crop of cyberthieves will spring up somewhere else to take their place. If you use these tips, though, the next time a botnet hack is announced, you’ll at least know you weren’t part of the problem.
Til next time,
Katherine & Liz
Join the privacy revolution by switching to StartPage.com the private search engine, and using StartMail.com, both projects Katherine has helped develop. You can catch Katherine on radio daily at www.kmashow.com. And please read our book, Spychips, to learn more about privacy-invading technology and how to defeat it.
Photo credits: Comstock/Stockbyte/Getty Images, PhotoEuphoria/BigStock.com, Tawng/BigStock.com