'Activists responsible for most data theft in '11'
Activists who hack into government and corporate computer networks and then release files to embarrass those organizations were responsible for more than half of all data thefts last year, according to a new survey.world Updated: Mar 22, 2012 10:07 IST
Activists who hack into government and corporate computer networks and then release files to embarrass those organizations were responsible for more than half of all data thefts last year, according to a new survey.
That's a big change from recent years when the motivation behind most cyber attacks has been to make money, according to Verizon Communications Inc, which outlined its finding in one of the biggest annual global surveys on data loss.
The telecommunication company's own researchers and law enforcement agencies in five countries came to the conclusion after reviewing roughly 174 million records stolen in 855 incidents.
They found that 58% of the stolen data was due to so-called "hactivism" last year, while no losses had been attributed to that cause in previous surveys.
"It's not just about the money anymore. It's a big change in our adversaries," said Bryan Sartin, head of Verizon's computer forensics unit and co-author of the survey.
Anonymous, a loosely organized collective that is the most prominent hactivist group, claimed responsibility for a string of incidents last year, beginning with attacks on the websites of the governments of Tunisia, Algeria and Zimbabwe. Other targets included military contractors, law enforcement agencies and corporations including Sony Corp, News Corp and Apple Inc.
In a major blow to Anonymous, US authorities revealed earlier this month that a leading hacker secretly became an FBI informant last year, providing evidence that led to charges against five other suspected leaders of the international hacking group.
Cyber security analysts said that they expect hactivism to continue, though it may not be as severe.
"It may be episodic with peaks and valleys," said Andy Purdy, chief cyber security strategist for CSC, which helps companies and government agencies fight cyber attacks.
Mary Landesman, senior security researcher with Cisco Systems Inc, said that she thinks the influence of hactivists will wane.
She believes that the hackers who are arrested get caught because they become too focused on a need to become famous and make mistakes that enable law enforcement to catch them.
"That has discredited Anonymous as a whole," she said. "When you see your buddy going off to jail, it's a great sobering force."
Verizon said that it does not know what percent of all data breaches is accounted for in its survey. It does not make sense to compare data from 2011 with that of previous years because it collected information from more law enforcement agencies than in earlier surveys.
CSC's Purdy said that businesses need to keep their eye on intellectual property theft, which did not score as high on Verizon's survey.
Only about 4% of records stolen were related to intellectual property, yet those secrets clearly have more value than that number would suggest. Some 39% of breaches affecting large organizations targeted sensitive organizational data, copyrighted information, trade secrets and classified information.
"Systematic online theft of intellectual property rises to the level of national security significance because of its impact on competitiveness on major American companies," said Purdy, a former Department of Homeland Security official responsibility for cyber security.
In November a US intelligence report to Congress warned that China and Russia are using cyber espionage to steal US trade and technology secrets to bolster their own economic development and that poses a threat to US prosperity and security.
Verizon said that it obtained data from the US Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police.
The company said that nearly all of the attacks were not highly difficult to launch and could have been avoided if the victims had done a better job of implementing basic security measures.
"I'd love to tell you we see a lot of indications that companies are getting better and more secure," Sartin said.
"But if you look at where these companies are falling down, it's still unfortunately in common sense."