It’s being presented as mainstream media shockers that a Russian cyber gang stole 1.2 billion cyber identities, including user names and passwords, or that somebody stole 4.5 million hospital records including including addresses, birth dates and social security numbers. How awful!
Now, a good reality check is clearly in order. The alleged Russian criminal gang of less than a dozen members comes from a small town in the middle of Russia that most people never heard of. By any measure this gang is nowhere close to the top of Russian cyber criminal outfits, never mind the government spooks of many countries. If they managed to get all the data reported, there’s absolutely no doubt that higher-level cyber attackers have much more — they just prevent others from finding out about it. Actually, it’s usually wisest to hide your success in any intelligence operation or theft.
The current cyber reality is that practically all user data is stolen. One of the qualities of cyberspace is that the same cyber asset can be stolen multiple times by multiple perpetrators. In other words, in the physical world a burglar can steal your asset only once; in cyberspace it can be stolen many times by multiple cyber burglars. So understand: whether you like it or not, all user data is stolen by many attackers, including multiple cyber gangs and, of course, by several countries’ spooks.
The real question isn’t whether user data is stolen, nor who stole it—it’s what to do about it. And, in another reality check, it’s being recognized by more and more “experts” that nothing can be done about it beyond fuming until we finally get to develop a real cyber security. Indeed, what difference does it make who stole your assets? There is none, unless you have a preferred burglar for your house.
So, it looks like all this hype about stolen identities is no more than a lot of hot air until we develop a cybersecurity technology that actually works. Then we can seriously discuss the issues now hotly and fruitlessly debated in apparent perpetuity.