Last week it was announced that Russian hackers had stolen hundreds of thousands of passwords to LinkedIn accounts. This news prompted an outbreak of frantic yawning, as the Internet collectively tried to remember if they had a LinkedIn account and whether there was anything actually in it. "I think I just had a link to my old boss from two jobs ago," the Internet eventually decided, sighing with relief. "Also maybe that one guy from high school who now has his own unpopular Web design business."
And although the Internet had collectively decided this wasn't a very big deal, knowing that a contrarian take makes for excellent linkbait, I immediately thought the exact opposite thing. Needing to come up with some sort of evidence to support the claim I'd decided I was going to make, I set to the task of research: diligently reviewing security journals and whitepapers, bravely ignoring the facts that I didn't like and shrewdly doping my editor's coffee before hitting him up to fund a trip to Russia to track down the hackers themselves.
You'll never get a Pulitzer if you aren't willing to break a few eggs.
When I arrived in Russia, I asked for directions to the nearest, shadiest dayclub, following a tip I'd received from reading spy novels during the entire flight. Thumping electronic beats greeted me as I descended the steps, leaving the daylight to enter a dark, cigarette-reeking club, full of just the illegalest-seeming dudes you've ever seen. You know the type: shaved heads, large fur jackets, carrying huge sacks with dollar signs printed on them. I strode confidently up to the shadiest guy I could see and started asking questions, which is how I found out exactly why we should all be very concerned about LinkedIn getting hacked.
#3. Identity Theft
Cracked: What is happening, my man?
Russian: Who are you?
Cracked: I should have started there, shouldn't I? I'm from Cracked. We're essentially the Voice of the West, and I'm doing research on hacking groups in Russia.
Russian: I don't know anything about that.
Cracked: Would a brand new pair of Levis loosen your memory hole?
-I turn around and walk away from him, modeling the single pair of Levis I wore for just this circumstance-
Russian: -long blank look- That is very insulting.
Cracked: You haven't seen me walk toward you yet. That might change your mind.
-It does not-
Russian: I think you should go.
-One of the other Russians whispers into his ear. He listens for a while, a thoughtful look on his face, before nodding. Looking up, he smiles at me-
Rodion: Actually, maybe I can help you with this. Call me Rodion.
Cracked: Fantastic. My name's Bucholz.
Rodion: That's an interesting way you pronounce your name.
Cracked: It is, isn't it?
-Rodion sits down in a booth and gestures for me to join him. As best as I'm able to in my rather-small Levis, I make myself comfortable-
I ended up standing on the table.
Cracked: So. What is the deal with this LinkedIn hacking thing? Are you guys after our resumes or something? Do you really need to know what that one intern we all worked with four years ago is doing now?
Rodion: Well, understand that it's not me personally who did this hacking.
Cracked: You tell your story, and I'll understand what I'm able to.
Rodion: -He snorts in amusement- All right. One reason a person might want to do this is for identity theft.
Cracked: I try not to post my credit card numbers on my LinkedIn profile, thanks. And even if I did, honestly, a hacker could only really improve my credit rating.
Rodion: The problem is more subtle than that. LinkedIn is full of personal information: email addresses, street addresses, friends, important dates. All of that can be used for identity theft. For password recovery, for example; a lot of this info could be the answer to those secret questions.
Cracked: Oh shit. I did put my first pet's name down as a reference on there.
Rodion: Interesting. What was your pet's name?
Cracked: Skeletor. Skeletor the cat. He uh ... he wasn't well. And he was evil, so the name kind of fit thematically as well.
-Rodion nods thoughtfully, while beside him one of the other Russians scribbles something down on his phone-
Cracked: Hey, are you guys reporters, too? Man, what a coincidence.
#2. Password Reuse
Cracked: I find it a little hard imagining someone trying to steal my identity. Because being Chris Bucholz is a hard road to walk down.
Rodion: There are other reasons why they did this; identity theft probably isn't even the main one.
Cracked: What's that?
Rodion: Well, by getting a bunch of people's LinkedIn passwords, the hackers may have gotten passwords to a lot of other sites as well. For example, do you use the same password for your email and LinkedIn?
Cracked: Oh ........ derp.
Rodion: So now the hackers could log in to your email.
Cracked: Shiiiit. And I'm right in the middle of a huge cyberstalking/flame war right now with Fred Savage. I would be fucked if any of those hateful, sexy musings got out.
CHRIS WHY HAVE YOU STOPPED CYBERSTALKING ME!?
Rodion: It gets worse. Remember that most password reset functions send the new passwords to your email account. With your email account, hackers could get into almost everything.
Cracked: It sounds like it's about time I should change my passwords.
And maybe come up with something a little more secure than "keyboard."
Rodion: You know what? Let me help you out. This interview here. You're recording it? For your readers? You're just going to print this all up verbatim?
Cracked: Of course. I wouldn't dare paraphrase anything you said; Cracked is synonymous with journalistic ethics. Well, that and "broken."
Rodion: In that case, remind your readers that they can reset their LinkedIn passwords here: http://10.34.255.1/linkedIn/passwordReset.html
Cracked: That is almost impossibly helpful of you. It occurs to me that you seem to know an awful lot about this crime that you didn't commit.
Rodion: A coincidence, I assure you. In my line of work, it helps to have a mindset like these hackers.
Cracked: What's your line of work again?
-Long blank stares-
Cracked: I'm going to retract that question.