The uncertainty among German Internet users is large, since the Federal Office for Information Security (BSI) this Tuesday announced that up to 16 million passwords have fallen into the hands of criminals. Shortly after the publication of special reports broke the specially created website of the BSI together and was no longer temporarily accessible.
As great as the uncertainty is, but so sparse are the information about the background of the warning. Users can on the BSI side – if they can be reached – check if their e-mail address is being affected. If this is the case, they receive a message with tips on how to protect themselves from abuse (an appropriate overview and Tips for creating strong passwords can be found in FAZ.NET).
More than half of the affected mail addresses end, according to the BSI. “de” and probably include Internet users in Germany. The records usually contain an email address and a password. It must, however, not be simply access for e-mail accounts, as many of the same combination also use to sign in to other services, such as for forums, social networks or shopping sites.
Where does the 16 million user data exactly as submitted, is still unclear. Researchers and prosecutors were encountered in the analysis of so-called botnets to the data and would have passed them, said the BSI. For more information there was with regard to the ongoing investigations are not.
FAZ.NET talked to the hackers and security experts Felix Lindner. He explains how such a million times data theft works – and how Internet users can protect themselves in front of it:
The BSI has announced that 16 million passwords of email accounts are in the hands of criminals. What happened in your view, Mr. Lindner?
Until now, the information situation is quite thin. But in my view, have not been cracked 16 million passwords. Here was working with so-called bots. This is software that stores passwords as they are typed. The situation is comparable to withdraw money from the bank. When I type in my PIN number and someone here looks over my shoulder, then he is the bot addition, 16 million accounts worldwide chopped not a big event.Where do these bots?
bots are malicious software that infect while surfing the Internet or downloading files to the computer. This happens especially often when you illegally loads data or open attachments from mails with questionable sender. For example, in Cracks the computer prompts the user to turn off the virus software. Only the program can be executed. And too often agree users to turn off their anti-virus software and catch by bots, which infect the computer.Help particularly unusual passwords against bots?
No, this does not help at complicated passwords. If someone looks at me while typing my bank PINs over the shoulder, the PIN can not be so complicated, he realizes it anyway. However, many users download illegal data, and so take the risk of a bot infestation in purchasing. Even a completely flawless virus software does not exist. But by protecting their computer from malicious software, which reduces the risk that something happens.How can you protect yourself then?
Who does not want to be beat up, should not drive around at night to three in a pub rockers themselves. So it is with the Internet. Who’s afraid of malware, you should get a second computer. With the one to write mails and manages his online banking. The other is then there just for surfing.What is the next step?
The BSI is doing a great job. It is internationally unique, that a State authority shall in such a case, a tool with which you can check if your own account is infected or not. The BSI does not ask for passwords and does not look bad and the provider of e-mail accounts. That’s great, because I have nothing to complain about.Are passwords so unnecessary?
What is happening now has nothing to do with the password. None of the alternatives that have been tried so far are as powerful as passwords. As an example, the fingerprint technology, in which the own fingerprints to replace passwords used. I only have ten fingers, so you can only use ten different secrets. In contrast, I can think of so many passwords as I want.