Slashdot Mirror

← Back to Stories (view on slashdot.org)

Verizon Says Hactivists Now Biggest Corporate Net Threat

Posted by timothy on from the is-that-hat-dark-grey-or-light-grey? dept.

alphadogg writes "Hactivists — not cybercriminals — were responsible for the majority of personal data stolen from corporate and government networks during 2011, according to a new report from Verizon. The Verizon 2012 Data Breach Investigation Report found that 58% of data stolen in 2011 was the result of hactivism, which involves computer break-ins for political rather than commercial gain. In previous years, most hacking was carried out by criminals, Verizon said. Altogether, Verizon examined 855 cybersecurity incidents worldwide that involved 174 million compromised records. This is the largest data set that Verizon has ever examined, thanks to its cooperation with law enforcement groups including the U.S. Secret Service, the Dutch National High Tech Crime Unit and police forces from Australia, Ireland and London."

22 of 150 comments (clear)

  1. Welcome in the real world by aglider · · Score: 5, Insightful

    where you need real technicians!

    --
    Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
    1. Re:Welcome in the real world by Bengie · · Score: 5, Insightful

      Most companies have coasted by with bad security practices, now they have to up their game. Boo f'n hoo.

      CEOs tell us "sucks to be you, suck it up" when it comes to their monopolies. I say the same thing back at them. Actually employee decent programmer, engineers, admins, and managers. Quality > Quantity?!

    2. Re:Welcome in the real world by tripleevenfall · · Score: 4, Insightful

      The trend over the last 10 years in software development has been labor minimization, offshoring, "just meet the specs" mentality.

      Now a lot of companies are getting bitten in the rear in return for the supposed "savings" they realized over the years. Think your $1500 a year software engineers in Bangalore are going to be able to handle this...? Communication is difficult with them even when you have well defined specs - let alone when the engineer needs to be aware of current events and think of unspecified scenarios themselves.

      I think a lot of corporations are going to find out that IT staff is not dispensable in the way that, say, payroll staff became in the 1990s.

  2. Hactivists == cybercriminals by jcaldwel · · Score: 4, Insightful

    Anyone stealing personal data is a "cybercriminal". Sounds like they are playing with words.

    1. Re:Hactivists == cybercriminals by 0racle · · Score: 1, Insightful

      They're separating out based on motivation.

      --
      "I use a Mac because I'm just better than you are."
    2. Re:Hactivists == cybercriminals by Anonymous Coward · · Score: 2, Insightful

      Anyone stealing personal data is a "cybercriminal". Sounds like they are playing with words.

      Not from the perspective of the larger companies/governments.
      While the actual action is similiar enough the result is vastly different.
      The main objective for a "cybercriminal" is to steal customer information. The end result is that the customer gets screwed over and the company gets some bad publicity that they have to deal with.
      Hacktivists on the other hand tends to look for indications that the company/government does anything illegal. This causes damage that isn't as easily passed down on the taxpayer/customer.
      I expect that we will see better security for servers and harder punishments for "cybercrime" soon.

    3. Re:Hactivists == cybercriminals by Experiment+626 · · Score: 3, Insightful

      Agreed. It's weird how the article tries to spin them as separate things. "Most cybercrime now politically motivated" would have made for a more accurate headline.

    4. Re:Hactivists == cybercriminals by davidwr · · Score: 5, Insightful

      As others have said, the distinction is motive.

      There is also a distinction in the damages.

      If I steal a million debit card numbers for greed, I'm going to try to cover my tracks and exploit the cards for profit. There will be tens of thousands of individuals who will suffer direct financial harm as I drain their bank accounts. Even those "made whole" by the banks will still suffer embarrassment. Their banks are also victims. Only when it is traced to the company I stole the data from do they realize they are a victim.

      If I do it for lulz, like "The Joker" on Batman, there's no telling who will be the immediate victim. Will I publicize it to embarrass the banks? Will I order adult-novelty products on the credit cards and send them to the card-owners and watch the fallout on national TV? Who knows.

      If I do it as an "activist" I'm probably only interested in hurting the company, not the cardholders. Yes, the cardholders will suffer collateral emotional damage and some will spend time or money trying to protect themselves in case I'm also motivated by greed, but the intended victim is the company I stole the data from.

      Of course, I may be targeting a third party such as a security vendor by directly attacking its corporate customers, or I may attack a government by attacking those who support it. But in each case, the owners of the bank card numbers I steal aren't going to have their bank accounts drained. Unless of course I have a little greed or I'm careless and let the numbers fall into the hands of someone who is greedy.

      --
      Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    5. Re:Hactivists == cybercriminals by jcaldwel · · Score: 3, Insightful

      But the motivation determines if it is a crime in the first place.

      Kill someone with malice, got to prison, kill someone in self defense, no prob.

      I don't think this article was talking about homicide.
      What motivation would make it legal to hack a government or corporate system and stealing personal data?

  3. Bad analysis by DoofusOfDeath · · Score: 4, Insightful

    The truth is that hactivisism alone is not a sufficient cause of corporate data breaches. A variety of issues come into play: corporate laxity in IT, a preference for fast deployment of services over careful security scrutiny, absence of strong legal consequences against corporations for permitting data breaches, programming languages/environments that make it easy to deploy vulnerable services, lack of fine-grained data permissions at the hardware/network/OS level, etc.

    Remove any one of those factors, and the rate of data breaches would likely go down significantly. I'm not sure where Verizon gets off picking just one of them.

  4. Well gee... by JustAnotherIdiot · · Score: 5, Insightful

    Maybe I'd have an ounce of sympathy if Verizon (or any ISP/phone company) didn't constantly fuck over their customers.
    What goes around comes around...

    --
    What do I know, I'm just an idiot, right?
    1. Re:Well gee... by Enderandrew · · Score: 5, Insightful

      We shouldn't support criminals just because they target people we don't like. Effectively that is saying that rights and protection should be applied only to those we favor in a given moment.

      And in some of these cases, passwords, credit cards and personal data was leaked publicly. So the customers are the ones suffering more than companies like Verizon.

      --
      http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
  5. #1 threat by Anonymous Coward · · Score: 3, Insightful

    Maybe the number one threat is acting like a douche. How many large, successful companies are targetted when they don't act like that? Hey Sony, get a clue.

  6. Crime is crime by rbowen · · Score: 4, Insightful

    This is a really dangerous distinction. Crime is crime. Politically motivated crime is - what? Terrorism? I don't like where this is going.

    --
    Apache guy, Open Source enthusiast, runner
    1. Re:Crime is crime by LordNimon · · Score: 5, Insightful

      I think the point is that hacktivism occurs mostly because of unethical behavior of the target companies, not because they have generally weak security or valuable data. Therefore, companies can avoid being targets of hacktivism more by avoiding unethical behavior, rather than spending millions to beef up their security.

      --
      And the men who hold high places must be the ones who start
      To mold a new reality... closer to the heart
  7. Activism is more visible by Hentes · · Score: 5, Insightful

    When you are hacked by an activist, they will make sure that you and the rest of the world know about it. Criminals, on the other hand, try to be as subtle as possible. Some victims might not even realize that they have been breached, and even if they do it's much easier to cover up. I don't think activism surpasses crime, it's just much more visible.

  8. Bullshit. by Anonymous Coward · · Score: 1, Insightful

    "Hacktavists" are just a highly visible boogeyman. Useful for scaring white people that watch network news and the politicians that cull their votes.

    Visible, but hardly a blip compared to the massive spam, fraud, phishing, trojan, and malware ops that the real blackhats run. These things are complex and deep and ever present, so they're useless for scaremongers.

    Want a real data set that will turn up evidence of massive economic fraud? Get ahold of Verizon's billing data.

  9. Easy to protect against by Kidbro · · Score: 4, Insightful

    Well, good thing then, that it's easy to protect yourself against hacktivists. Just stop being dicks.

    --
    May we live long and die out
  10. Re:And how are they not criminals? by Opportunist · · Score: 1, Insightful

    Easier definition:

    Terrorist: Someone who doesn't agree with you, wants to go to war with you but lacks the funds for a big enough army to actually call it a war.

    Criminal: Someone who does something against the interests of society but lacks the money to change the laws accordingly, or someone who does something against the interests of those that have the money to change the laws.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  11. Re:Verizon is credible???? by Em+Adespoton · · Score: 5, Insightful

    Indeed... especially in this case.
    Think about how the data was generated: the data comes from reported incidents of network compromise.

    EVERY hacktivist compromise will be reported by the victim, as the hactivist group has already reported it and they have a responsibility to disclose such things.

    I'd bet that most intrusions and data extractions conducted by other groups (organized crime, government special ops, industrial espionage) are never reported to Verizon, therefore they wouldn't show up in the statistics. For that matter, most of these intrusions likely go completely unnoticed. Considering we've just been finding out in the last year about intrusions that have been ongoing for TEN YEARS, who's to say how many like these are still in the "unreported" category?

    Without all the rhetoric, Verizon's study is really saying that intrusions reported for political reasons are more highly reported than those that both the intruder and the victim have no desire to make public. Any other conclusions involve too much conjecture (on the same level as the RIAA losing billions to piracy) unless more data is provided.

  12. hacktivists == cybercriminals by noh8rz3 · · Score: 5, Insightful

    there's a difference between hacktivists and cybercriminals? sounds like a false distinction to me.

  13. They might be criminal, but they are NOT threat by coder111 · · Score: 3, Insightful

    I consider corporations like RIAA & MPAA, BSA, and politicians lobbied by corporations to legislate censorship, spying & restrictions of internet usage the biggest threat to internet. Patents & restrictions on writing software are a close second.

    When downloading or uploading information or cracking copy protection can ruin your life worse than committing grand theft or murder, I consider that action immoral and unjust. And I will consider any corporation supporting & pushing this kind of legislation a valid target.

    While I agree that unlawful implies criminal, lawful doesn't necessarily mean right, and unlawful doesn't necessarily mean wrong. These days the laws are broken mess, and even when they aren't only the rich can afford to defend themselves, rendering justice system broken.

    --Coder