Beyond the Password

Originally published September 26, 2011

By Ian Sherr

One day five months ago, Karim Hijazi saw an unusual sight while reading his work email. A message that had been marked as “read” was suddenly marked “unread.”

What the founder of Unveillance, a computer-network security firm, soon learned was that hackers had broken into his account.

The hackers gained access to his email by stealing log-in information from an insecure website, which they then matched up with a password they found on the Internet. After downloading all of his emails, the hackers sent Mr. Hijazi a message demanding he share sensitive security information with them. When he refused, the hackers released his emails on the Web.

“It was like a baby with a gun,” he says.

Mr. Hijazi is one of the latest victims of computer hackers focused on getting into websites, corporate networks and email accounts by using legitimate passwords. Many break into poorly secured websites, steal databases filled with personal information and then comb through that data for log-in information for companies, government agencies and banks.

The growing frequency of these attacks has pushed companies to seek other forms of data protection than simple passwords.

Demand for additional barriers and detection programs is already large. Sales of these types of products topped $900 million world-wide last year, according to International Data Corp., and the Framingham, Mass.-based research firm expects the market to double by 2015.


To read the rest of the story, either contact me directly or read more online at the WSJ: here. (subscription required)

(Published Sept. 26, 2011 in The Wall Street Journal.)