News that hackers busted through Citigroup's online defenses and stole information on 200,000 customers is bad enough. The New York Times makes it worse with two additional points: The hack itself was relatively easy, and we should expect a lot more similar attacks in the near future. “If you think financially motivated breaches are huge now, just wait another year,” says one expert. Demand is on the rise in part because a huge number of credit cards compromised in 2008 are expiring.
In the Citi case, hackers logged onto the site for credit card customers and knew to exploit a particular weakness in the browser with a code that generated strings of text over and over, explains the Times. They tailored the hack to the system, something the growing world of financial hackers is particularly adept at. These networks are like "online bazaars," says an investigator, with each hacker offering his own expertise to a potential crew. “It’s like Mission Impossible when they select the teams,” says another investigator. “And they don’t know each other, except by hacker handle and reputation.” Click to read about the recent "just-for-kicks" hack of the US Senate.)