Slashdot Mirror
Verizon Says Hactivists Now Biggest Corporate Net Threat
alphadogg writes "Hactivists — not cybercriminals — were responsible for the majority of personal data stolen from corporate and government networks during 2011, according to a new report from Verizon. The Verizon 2012 Data Breach Investigation Report found that 58% of data stolen in 2011 was the result of hactivism, which involves computer break-ins for political rather than commercial gain. In previous years, most hacking was carried out by criminals, Verizon said. Altogether, Verizon examined 855 cybersecurity incidents worldwide that involved 174 million compromised records. This is the largest data set that Verizon has ever examined, thanks to its cooperation with law enforcement groups including the U.S. Secret Service, the Dutch National High Tech Crime Unit and police forces from Australia, Ireland and London."
where you need real technicians!
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Anyone stealing personal data is a "cybercriminal". Sounds like they are playing with words.
How much of the "Hacktivist" data that is stolen is then turned over and used for criminal activity? Does it matter why it was stolen, if the result is the same?
Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
And how are they not criminals?
The truth is that hactivisism alone is not a sufficient cause of corporate data breaches. A variety of issues come into play: corporate laxity in IT, a preference for fast deployment of services over careful security scrutiny, absence of strong legal consequences against corporations for permitting data breaches, programming languages/environments that make it easy to deploy vulnerable services, lack of fine-grained data permissions at the hardware/network/OS level, etc.
Remove any one of those factors, and the rate of data breaches would likely go down significantly. I'm not sure where Verizon gets off picking just one of them.
Maybe I'd have an ounce of sympathy if Verizon (or any ISP/phone company) didn't constantly fuck over their customers.
What goes around comes around...
What do I know, I'm just an idiot, right?
Maybe the number one threat is acting like a douche. How many large, successful companies are targetted when they don't act like that? Hey Sony, get a clue.
This is a really dangerous distinction. Crime is crime. Politically motivated crime is - what? Terrorism? I don't like where this is going.
Apache guy, Open Source enthusiast, runner
The federal government is.
---- Booth was a patriot ----
... most data was probably stolen for the lulz.
My how times have changed.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Good security practices will protect from either threat. It doesn’t really matter the vector in this case.
HTC EVO 4G LTE w/ CM 10.2 | NookColor w/ CM 10.2 | Samsung Epic 4G w/ CM 10.1
When you are hacked by an activist, they will make sure that you and the rest of the world know about it. Criminals, on the other hand, try to be as subtle as possible. Some victims might not even realize that they have been breached, and even if they do it's much easier to cover up. I don't think activism surpasses crime, it's just much more visible.
"Hacktavists" are just a highly visible boogeyman. Useful for scaring white people that watch network news and the politicians that cull their votes.
Visible, but hardly a blip compared to the massive spam, fraud, phishing, trojan, and malware ops that the real blackhats run. These things are complex and deep and ever present, so they're useless for scaremongers.
Want a real data set that will turn up evidence of massive economic fraud? Get ahold of Verizon's billing data.
Sounds like the biggest corporate net threat is poor security on their part.
Well, good thing then, that it's easy to protect yourself against hacktivists. Just stop being dicks.
May we live long and die out
If I am the victim of oppression, then I wholeheartedly welcome those who "steal" from my agressors, whether politically motivated or not.
So people who breach poorly executed and even more poorly planned security are the greatest threat to security on the net? Methinks it's the corporations who would rather spend more on propaganda than proper security that are the problem here, the "hacktivists" just point it out.
Hacktivism does not a criminal make. To take a page from the Wikipedia definition on hacktivism: If the definition of "hacker" is assuming illegality, then yes, hacktivism is causal to criminal acts. HOWEVER, if the definition of "hacker" is assuming someone who modifies technology from its original form (the true and original definition of a hacker), then NO, hacktivism is merely utilizing technology to protest.
This is the same as qualifying Islam == Extremist. Not all extremists are Islamic, and not all Islamics are extremists. They are not causal, or even corollary if a lot of causes. So why do we keep hanging on this notion that Hacktivism == Illegal. This is a problem that has plagued hackers for decades, and is stupidly being provoked by people who like to hang on archaic and false definitions.
How can you know 100% of the time what the motivation is? Haven't you ever seen Die Hard?
(Did I misread the headline?) Monsanto, Unocal, Dow Chemical, and Goldman Sachs are a far greater threat to human existence. When it comes to Evil, Verizon is merely an annoyance.
Verizon Says [crappy internal security] Now Biggest Corporate Net Threat
There.. I fixed it for you.
The company's aren't anymore responsible for this hacktivism crime than my dog. Your attempt to paint some culpability upon them is a laughable. All you are doing is trying to rationalize criminal behavior under the guise of "they deserved it" (according to you).
What is ethical and what is legal are very different things. Companies are really only required to follow what is legal. However, it is normally in their best interests to act ethically as well -- but we don't require, as a matter of law, people or companies to act ethically. ie: we don't throw people in jail for acting unethically. We throw them in jail for acting illegally.
Your attempt to confuse the two topics seriously discredits your post because it has no meaning. It's like calling for a war against jealousy....
is actually unsecured and improperly managed networks run by corporations that collection too much information on us. There, fixed that...
--- b2b.mallaidh.org | www.mallaidh.org | www.kidsalive.org/article/kahlil-pfaff/
Hacktivists Say Verizon Now Biggest Corporate Net Threat
Indeed... especially in this case.
Think about how the data was generated: the data comes from reported incidents of network compromise.
EVERY hacktivist compromise will be reported by the victim, as the hactivist group has already reported it and they have a responsibility to disclose such things.
I'd bet that most intrusions and data extractions conducted by other groups (organized crime, government special ops, industrial espionage) are never reported to Verizon, therefore they wouldn't show up in the statistics. For that matter, most of these intrusions likely go completely unnoticed. Considering we've just been finding out in the last year about intrusions that have been ongoing for TEN YEARS, who's to say how many like these are still in the "unreported" category?
Without all the rhetoric, Verizon's study is really saying that intrusions reported for political reasons are more highly reported than those that both the intruder and the victim have no desire to make public. Any other conclusions involve too much conjecture (on the same level as the RIAA losing billions to piracy) unless more data is provided.
maffia = organized crime
they have many section they enjoy
and ill say this if corporations continue bashing civil rights and freedoms then were all criminals cause i stand on the side of light here and they know it.
-united hackers association
http://www.uha1.com guess what YOU CANT have access to our stuff waaaaaaaa poor gay faggy corporations no longer having hackers hand you the freebies OH GEE....
Hacktivists are motivated by politics which is motivated by money. So I don't see the difference. I wonder what Google's figures are?
When "hactivists" compromise something, they start screaming it from the roof tops. When "criminals" compromise something they keep their mouths shut. It is quite possible that there are many undiscovered security breaches that fall into the second category. (I use these terms in quotes merely to provide some logical distinction. The acts themselves are generally criminal in nature regardless of motivation.)
there's a difference between hacktivists and cybercriminals? sounds like a false distinction to me.
Is this the same Verizon who has been helping the NSA with warrantless wiretaps -- that is to say helping the gov't steal personal data in real time?
Considering the largest breach of 2011 happened to be Sony (started with Playstation Network, spread through to other Sony sites), it's hard to tell if this is the case. After all, Anonymous and Lulzsec kept breaking into other Sony sites All in all, Sony lost probably close to 150M customer records....
I would call that hackivism since it was meant more to embarass Sony over their lack of security.
I consider corporations like RIAA & MPAA, BSA, and politicians lobbied by corporations to legislate censorship, spying & restrictions of internet usage the biggest threat to internet. Patents & restrictions on writing software are a close second.
When downloading or uploading information or cracking copy protection can ruin your life worse than committing grand theft or murder, I consider that action immoral and unjust. And I will consider any corporation supporting & pushing this kind of legislation a valid target.
While I agree that unlawful implies criminal, lawful doesn't necessarily mean right, and unlawful doesn't necessarily mean wrong. These days the laws are broken mess, and even when they aren't only the rich can afford to defend themselves, rendering justice system broken.
--Coder
hacktivists, by definition, will publicize their break-ins so you can be sure they will be counted.
Common thieves and governmental spies (chinese, russians, etc.) on the other hand, might never be discovered if their level of competence is superior to that of the security administrators of a company.
Therefore, the statistics offered are very dubious and I would not be surprised if they are completely and spectacularly wrong.
... was the result of hactivism, which involves computer break-ins for political rather than commercial gain. In previous years, most hacking was carried out by criminals
The cake is a lie.
Until the Supreme Court ruled that corporations were persons under the law in the late 19th century, corporations were legally obligated to serve the public good. They also had limited lifetimes, had to stick to a single industry, and had to have a specific purpose.
Because my Verizon iPhone has NO data on their 3G network anywhere near down town.
Do not look at laser with remaining good eye.
The Legion of Doom Says Superheroes Now Bigges Business Threat.
But... the future refused to change.
As I posted this (#39443235), the cute witticism at the end of the /. page reads "Go directly to jail. Do not pass Go, do not collect $200."
Perhaps /. was trying to answer noh8rz3's question - "hactivist or criminal?" - for me.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
What happened to the motives we had in the nineties, like fun, bragging rights and `because we can'. What about the modern variant of `for the lulz!'.. ?
They're just a criminal. If they're a cyborg committing a crime, that makes them a "cybercriminal."
Twinstiq, game news
Big public leaks are the only way to show off the gaping security holes corporations leave. These holes are already being exploited by people other than "hacktivists", believe you me.
the hack of stratfor was aided and abedded by the FBI. they provided the servers to store the data. they 'flipped' Sabu. they were monitoring him the whole time he was running the anonymous hacks of various companies. the FBI just stood by while they did it.
the FBI is responsible here. it went too far.
Verizon is a very credible source for enterprise security. My top picks for application security consulting:
1. HP Enterprise Security
2. Cigital
3. Verizon Business
Uhh... You realize that London isn't a country ? Much as they'd like to be, as Manhattan...
blood diamonds
Funny thing about blood diamonds. In the past, diamonds typically moved from source-to-sink, with only a small proportion of trade in used stones. About the time the whole blood diamond stink started, the DeBeers cartel was facing a rising problem concerning independent dealers and second-hand diamonds that they could not control, and which threatened to undermine their pricing structure.
Since post-consumer stones typically have no documentation, the "conflict-free" certification process effectively throttled the used-diamond market.
and I thought the biggest threat to personal saftey are these shadowy groups hording zero day exploits only available to the uber rich, corporates and govnerments. They openly flaunt their unwillingness to share code or data on their exploits to get the most dollar out of their insanely priced holes in other reputable companies software.
Hackitists I'd say are more ethical in general, and even petty cyber crooks who use publicly available exploits far less a threat. In fact any hacker regardless of motive who shares information of any kind his exploits is FAR better than that.
I do agree that stealing credit card numbers is excessive. I don't condone in harming other people, especially people who aren't complicit in the wrongdoing. Corporations are different matter- no matter what the law says I don't consider them human. To be human you need to have morals and be mortal, and corporations don't have that.
I would probably stick to defacing websites or stealing internal documents or emails of executives or similar if I were a hacktivist. Anyway, it was nice having this discussion.
--Coder
The trends / statistics in this report are not generated based on self-reporting as you stated. They are based on investigations performed by Verizon's Investigative Response team (as well as the USSS, Dutch National Police, etc).
Furthermore, if you read the document, you would see that 90+% of cases were reported by a third party, not the organization that experienced the breach. In cases involving PCI data, the organization must conduct an investigation as mandated by the card brands. These third party agencies do not distinguish between hacktivist or non-hacktivist breaches. Most breaches do not occur for 10 years as you stated. Yes, we read about them but I would venture to guess they make up 1% of the population. These are the sorts of things you could learn by reading the document. To summarize, if you're going to talk out of your ass, please do so in an informed manner.
With regard to the comments about hacktivism == cybercriminals, that distinction was made in the report to distinguish between breaches that were publicized by the attacker. In most cases, they were publicized by the attacker for political means. Cyber-criminals, as the report has classicly defined them, are attackers who don't want their attack publicized and have no political motivation. The use of the term, "hacktivists" was simply made to make that distinction.
Yes, I saw that your post got +5, so I did the same title as a response to an earlier comment, and also got +5!