lego figures. and nick says "it's over", showing shell and a lego nan. and another "everything is awesome." >> thank you very much. i'm david shuster. "inside story" is next. for more stories go to joms. -- go to aljazeera.com. do you know me? when i go to a restaurant the waiters may not know that i host a daily nags at news programme, but hackers rooting in my credit card records already do. it's "inside story". [ ♪ music ] hello, i'm ray suarez. another day, another data

breach. this one is huge. involving one of america's giant bank combines jpmorgan chase, and they used the beach head at morgon to burrow into the digital vaults of other institutions. among them deutsche bangs and bank of america and five others like hs b.c. and citigroup reported they were attacked by the same virtual vandals that penetrated jpmorgan were fiddling with the locks at their place. the size of the breach and ambition is troubling, and this had a national security aspects as tensions over the russian invasion of ukraine rose, officials up to the president watched closely, suspecting a russian hand behind the computer attack. >> reporter: that old saying may tell you cash is king. the crown july -- jewel is

plastic, visa, mastercard, american express and discover reported 546 million cards in use. the sensis card said the number tops a billion. how safe is your number, money and personal information. hackers and leaves never sleep. >> it's the result of unrelenting criminal activity, which so far we have not found an effective way to deter. it's too easy for the bad guys to do this and get away with it. >> the data breach is among the biggest, compromising the accounts of 76 million households and 7 million small businesses. the bank released details in a security tiling. hackers were inside the banks systems for three weeks before the break-ins were discovered. other financial institutions were targeted from the same rogue ip addresses. concerns reached all the way to

the white house. president obama was briefed and reportedly asked in this attack was state sponsored, linked to russia and vladimir putin, in retaliation to the sanctions in response to the troubles in ukraine. jpmorgan chase says there's no evidence account numbers, passwords, user ids or security numbers were stolen. in the filing the banks said the thieves did get customer names, dresses, phone numbers. hackers are after personnel information. >> then they put it on the mash, the markets are the own sector. the dark markets, and then the people who buy it, take the chance. >> when cyber thieves get personal information, they use it to send you fake emails, it's call fishing. none of this is new. there has been high profile data breeches at target, home depot and other big retailers, in those cases big credit card

companies notify you about the breach and send you cars. prosecutors say the companies are obly dated to do more. >> unfortunately companies are not doing as much as they can or should be doing. we see appearance where companies failed to encrypt the engines, failed to update software when there's a security flaw, taking too much information that they don't need or hold it for too long, which obviously opens it up to the participation of being stolen by cyber criminals. >> attorneys germ in illinois -- general in i.s.i.l., connecticut and others are investigating the breach. congress are asking questions - should there be stronger disclosure rules. tougher rules on the back end wopt keep the cyber wolves from the back. we trust the information is safe, it's unclear how well the public is, to watch the locks on someone else's door. maintaining confidence in a

business that runs on confidence. the jpmorgan data breach this time on the programme, personal information of 83 million customers exposed to, well, who nose who. joining us for that conversation from san francisco, adam levin, chairman and founder of identity theft 911. he was director of new jersey's division of consumer affairs. martin libbicy, senior management scientist at rand corps, and edfel tonne, professor at prisons tonne, directing the -- princeton, directing the information center. every time this happens, when you ask the question "well, what did they get?" the answer is vague. is it important to know what they got so that we understand how it was done, who should be worried, and what they should be worried about? >> it's important to know what was taken.

it tells you the seriousness of the incident, fore chateaued other things that may take place, and tells you about the security establishments of the companies broken into. jpmorgan suspend a quarter of a million on cyber security. it's a great deal. did you not spend enough because people got into your systems, or you spent money and as a result you didn't lose money or the personally identifiable money causing consumers to lose money. >> didn't lose money period, or so far? >> everything is as far as we know. they have been busy monitoring the various markets, looking at credit card fraud, all the sorts of things that may tell them that money has been got. and they haven't found it yet. snow what do you make of the seriousness of the breach, and the potential value of what was

taken? >> it is a serious breach. and information about a lot of people could be turned into money by the intruders in all kinds of ways. i think it's important both for the significance of this particular breach, and for what it tells us about the more general problem of how to protect large corporate databases where this is the latest in a string of ever larger breaches that we have seen. >> adam, what do you make of the - how seriously we should take the announcement? >> i think you have to take it seriously. breaches are the third certainty of life, unfortunately, therefore, we all have to be on high alert. at first blurn when you get a -- blush when you get a notification of a breach like this, you think it was names, addresses and phone numbers, what is the deal. the problem is it's a big deal. if it was a credit card breach,

you make a phone call. when you have data like this, where you can attach a name or number to an email address, you release a trieffecta. you mention fishing. there's fishing, which is voice based or telephone based fishing. and there is smishing, which is text-base fishing. and usually a consumer is contacted, given an emergency scenario required almost to respond immediately, and when they are not thinking and are concerned they are asked to give more information. in a breach like this, millions of consumers are being made unwitting coconspirators in the thefts of their own identity. >> but the thing is we base the modern system, don't we, on being willing to surrender these things in return for for exampleless purchase, easy one-click, two-click purchases of goods that will be on their way to my home.

this is correct. the question i think one has to ask, not necessarily in this case is whether the attempt to collect so much information on people, so as to market them doesn't create a larger pool of information to collect than companies can reasonably expect to do given the technology and cyber security. so, really, they don't have to know as about me in order to process my transactions? >> no, they don't really have to know as much about you as some of the companies take in, when they deal with you. for instance, amazon not only knows my credit card information because i shop with them, but they keep a record of every book i look at to make remedieses. it becomes part of a database that may be accessible to hackers. >> so what about that. adam levin, if we say "i don't want to give you that information, i want to give you the minimum amount necessary so that i can buy what i'm buying,

and you'll know where to send me the bill. are they ready to play? >> the fact of the matter is that, you know, they'll ask what you ask for. you'll provide what you want to provide. there'll be a back and forth and a decision made. they'll do anything they can to get you to buy. when you go to a doctor's office and they ask you for a social security number, a lot of people say "no, you don't need it", you have insurance information, i can't get out of the office unless i pay by credit card and you are reimbursed by the credit company. people have to be more aggressive in their own defense. the more convenience is dialled up, the more consumers have to also dial up their guard, they have to dial up whatever privacy settings they can and take a much tougher stand, because convenience is great. convenience can sabotage

security. >> ed, i have been ushered into this world where i'm constantly told of the convenience, the speed of the swipe. i used to fish in my pocket for a couple of bucks for cope. not necessarily. just swipe your card, swipe to buy your gas. a couple of bucks extra room on the transit fair card. keep swiping that card. every time we do, somebody nose something more about us, right? >> that's right. everything we do in this electronic world is leaving exhaustive data behind us, and there are companies scooping up the data, trying to find ways to make money from it. of course, there's nothing wrong with companies when they tell us what they are doing, collecting the data and using it for our convenience. it's also true, i think, that companies could be operating with less data.

and i think we are starting to move towards a reality where people exert a back pressure through the marketplace, and against these sorts of promiscuous data clecked and retention practices, where people are questioning a little more, a little more suspicious about a company that seems to be asking for too much data. people are recognising increasingly that these large stockpiles of data are a risk. and that even the best security practices from a company can only reduce that risk, they can't eliminate it. >> we'll be back... >> there's more opportunities. >> sorry to cut you off. we'll be back with more "inside story" after a short break. maybe you are one of the millions who got a new credit card in the mail because of the home defail mail breach and you thought you dodged a bullet until another hack. what is your next move? wait until someone figures out

an answer, or take personnel action to keep your data safe. stay with us.

welcome back to "inside story." on "al jazeera america". i'm ray suarez. the jpmorgan data breach this hour on the programme. little by little word continues to leak out on the size and breadth of the breach. what does it mean to you. adam levin, we are told don't respond to unsolicited requests for information, regularly change your password, but even doing those things doesn't seem to protect you in a world where every couple of weeks you find out an enormous amount of data

has been stolen. what can somebody do that is prudent and doable to make sure they are not the victim of fraud? >> well, i tell people you have to think about it in terms of 3 ms, minimise the risk of exposure, do everything that everyone told you to do from shredding to not giving away too much information to people you don't know. never auth ept kating yourself -- auth ept kate yourself to someone calling you. if you make the call, it's different. putting security protection on your computer and smart phone. it is a data storage device. you have to move to the other twomms. -- two m, you have to get the credit report and check them out. sign up for transitional monitoring programs, which are free, offered by financial services companies telling you of activity in your accounts, and buy more sophisticated

monitoring. and the third m. manage the damage, you need a damage control programme. some think it's prohibitively effective. there are many institutions like insurance companies, smaller banks and enp programs, where they'll help you through situations like this, and it may be free, it may be a perk of your relationship with the institution. >> ed, i was listening to adam run down the steps i should take to protect myself and it sounded like all the convenience i earnt through the new world is going away, because all that swipy, easy commerce is now outweighed by the need to check whether someone is robbing me or not. >> i think it's really about being alert. and you can go ahead and use a lot of the convenient services. be alert to things that mite show up on your bill that shouldn't be there.

when you see an opportunity to sign up for some - for some service or get some report from a legitimate organization that is free or easy, you can do that. it doesn't have to be a big hassle. it meanings being alert and recognising there is a risk in what we do. >> it means trying to find ways to do more with less as far as data goes. is there a way to get the convenience without giving so much data or have a company hold the data for so long. if you look hard, you can find ways to do more with less. we are not necessarily stub into a harsh trade off between convenience and risening permanently. we are struggling through a rough spot. >> what burden do the companies carry. i hear a lot about what consumers ought to be doing on their own behalf. shouldn't i be protected if i use their services? >> a large extent you are

protected by the large regime of the banks, and they want you to take that. it calls for more information about data breaches that they are a useful thing, and i believe that publicity will tend to give people an incentive to behave better. the publicity only works as long as the people care. that was an article in the newspaper a couple of days ago that people are greeting a lot of this with a yawn. is that a good or bad thing? there is something to be said for being alert, and not having to pay attention to too many things at the same time. you have to find a tradeoff that works for you. >> do we have much control over secondary markets for our information? >> when we surrender it to one entity, can it be sold willy-nilly beyond our control to people we have never heard of

or given permission. >> it's been a problem. that's why you have to read the privacy policies with organizations with whom you do business. and a lot of breaches have been caused by vendors, and in the health care area, you are your vendor. in the retail area, when you think about what happened with target, there was a breach of an h.b.a. c g contractor. i have a suggestion, i made a recommendation recently that we create something called the data breach disclosure box. that is just like the shooumar box for financial services, the nutrition label for food, that there be a box wherever you would provide information to institutions telling you how much breeches occurred in the past five years, what was breached, what they did about it, what information they are asking from you, how they protect your informs, and

educational information in order to better acquaint consumers with the risk that they face and the things they can do to lower the risk. >> i bet it's popular in the credit card issuing and financial services industry. they'll probably send you love letters and flowers. >> no question. >> let's talk about the market a little more. have we lost ed? okay. well, see, who nose, we may be hacked right now. those markets - i suspect they are international. they are no longer confined by regional problems or national borders as much as they can whip across the globe in an instant. >> they are international, conducted global lang wedges, they are growing -- languages, they are growing, popes can be mash -- participation can be

measured in tens of thousands of folks, and they put out a report on the markets for the - black markets for information under the term hackers wanted. >> excuse me, hackers bizarre. >> what is in the bizarre, what is for sale. >> it's a commingling of things. distribution of services, credit card information, there's personal information that you can use to try to get more information about things, and a lot are co-mingled with drugs. it's a broad crime of which there is a strong submarket in the tools, technique and take of cyber crime. >> we'll be back with more "inside story" after a short break. when we return we'll take a look at the rumoured involvement of state actors, governments, in

rifling through your personal data. stay with us.

you're watching "inside story" from "al jazeera america". i'm ray suarez. one of the reasons the developments in the jpmorgan chase data breach were followed in the oval office was the inspector that the crime was connected to the rising tensions in ukraine. this was no longer simply another hack, another theft, another attempt to commit fraud, but something in a way more sinisterster. computer crime as state craft. with us on "inside story" from san francisco, adam levin, chairman and found are of id theft 911, and he served as director of new jersey's

consumer affairs. martin libicki, and ed felten, professor of computer science at princeton, directing the university's center for information technology policy. since we lost you in the last segment, let me bring you in. what are some of the international headquarters for hackers, and people using the new world of the internet to commit crime? >> well, there are a bunch of places around the world that seem to be hot beds. you would point to eastern europe, russia, china, and there's a hacker community in the united states as well. >> can they cover up tracks by using dummy accounts and. >> p addresses in other places in the world so we wouldn't know they are sitting in eastern europe? >> that's right. the sophisticated attackers compromise a bunch of computers

around the world, and use those as launching pads for the attacks. so you would have to trace the steps back, and probably through multiple intermediaries to get back. if they are careful and cler, you may not find out where an attack like this came from. >> along with aircraft carriers and bullets and planes, is the computer one of the new tools of fighting around the world. ? >> it's interesting. if you look at the conflict between russia and ukraine - both had advanced weapons and hackers on the payroll. you didn't see much computer hacking between the two. you didn't see a large number of distributed service attacks. each of the countries get into the infrastructure, and as far as we know, there was not attacks on weapons. there was something more interesting. and that is there was a lot of discussion in the west that the

effect of us putting sanctions on the russians, the threat to intervene in uh-uh crane would be met by their hacking. this is something called deterrence, i don't want you to do something, i give you a threat. in this case they didn't threaten us, we used our fear of them to deter ourselves. we did their work for very much. i'm not sure it was wise on our part. >> adam, how do you fight against this. do you do it to the other guy. it seems just passing laws inside this country, when the crime is sort of placeless in nature won't necessarily fit the bill. >> it doesn't fit the bill. the other problem is half the time you can't figure out who the other guy is. as we talked about, they do a great job masking who they are, where they are and they are so protected by wherever they are

that we really don't have a jurisdiction over them, and so all we are doing - we are not going to reach mutually assured destruction. we have a continuing technological arms race, and the baddies are clearly ahead. so our situation is we have to we double our efforts at home. this has to be a collaborative effort between consumers, business, government, where everyone works together to do as best we can to protect ourselves as best we can and have as many technological advances as we can put forth and keep going. this, unfortunately, is not going to end. there's a reality here, and the scary part about jpmorgan, and other financial institutions is the fact that someone is basically saying "i can shut down your financial grid", and you are worried about the power grid. that is nothing compared to what could happen if i shut your financial grid.

gentlemen, thank you all for joining us at this time on "inside story". that brings us to the end of this edition of the programme. thank you for being with us. we may stop for now, but the conversation continues. we want to hear what you think about the issues raised on this or any day's programming log on to facebook, send us your thoughts on twitter. we promise we won't try to find out where you are hosting from. our hand is aj inside story am. reach or follow me@ray suarez news. i'm ray suarez.

>> it's friday afternoon in the rio grande valley in texas. >> abortion is one of the most common medical procedures for women around the world. >> two friends are reading a manual on how to give yourself an abortion. >> and then i asked you for sure like how pregnant you are. >> for sure right now, i'm seven weeks. >> that's good because once you get to 12 weeks, it's like riskier. >> they wouldn't let us film their faces because here, like in most states, what they are about to do could be considered