Slashdot Mirror
Verizon Says Hactivists Now Biggest Corporate Net Threat
alphadogg writes "Hactivists — not cybercriminals — were responsible for the majority of personal data stolen from corporate and government networks during 2011, according to a new report from Verizon. The Verizon 2012 Data Breach Investigation Report found that 58% of data stolen in 2011 was the result of hactivism, which involves computer break-ins for political rather than commercial gain. In previous years, most hacking was carried out by criminals, Verizon said. Altogether, Verizon examined 855 cybersecurity incidents worldwide that involved 174 million compromised records. This is the largest data set that Verizon has ever examined, thanks to its cooperation with law enforcement groups including the U.S. Secret Service, the Dutch National High Tech Crime Unit and police forces from Australia, Ireland and London."
where you need real technicians!
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Anyone stealing personal data is a "cybercriminal". Sounds like they are playing with words.
How much of the "Hacktivist" data that is stolen is then turned over and used for criminal activity? Does it matter why it was stolen, if the result is the same?
Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
The truth is that hactivisism alone is not a sufficient cause of corporate data breaches. A variety of issues come into play: corporate laxity in IT, a preference for fast deployment of services over careful security scrutiny, absence of strong legal consequences against corporations for permitting data breaches, programming languages/environments that make it easy to deploy vulnerable services, lack of fine-grained data permissions at the hardware/network/OS level, etc.
Remove any one of those factors, and the rate of data breaches would likely go down significantly. I'm not sure where Verizon gets off picking just one of them.
Maybe I'd have an ounce of sympathy if Verizon (or any ISP/phone company) didn't constantly fuck over their customers.
What goes around comes around...
What do I know, I'm just an idiot, right?
Maybe the number one threat is acting like a douche. How many large, successful companies are targetted when they don't act like that? Hey Sony, get a clue.
This is a really dangerous distinction. Crime is crime. Politically motivated crime is - what? Terrorism? I don't like where this is going.
Apache guy, Open Source enthusiast, runner
... most data was probably stolen for the lulz.
My how times have changed.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Good security practices will protect from either threat. It doesn’t really matter the vector in this case.
HTC EVO 4G LTE w/ CM 10.2 | NookColor w/ CM 10.2 | Samsung Epic 4G w/ CM 10.1
When you are hacked by an activist, they will make sure that you and the rest of the world know about it. Criminals, on the other hand, try to be as subtle as possible. Some victims might not even realize that they have been breached, and even if they do it's much easier to cover up. I don't think activism surpasses crime, it's just much more visible.
"Hacktavists" are just a highly visible boogeyman. Useful for scaring white people that watch network news and the politicians that cull their votes.
Visible, but hardly a blip compared to the massive spam, fraud, phishing, trojan, and malware ops that the real blackhats run. These things are complex and deep and ever present, so they're useless for scaremongers.
Want a real data set that will turn up evidence of massive economic fraud? Get ahold of Verizon's billing data.
Well, good thing then, that it's easy to protect yourself against hacktivists. Just stop being dicks.
May we live long and die out
So people who breach poorly executed and even more poorly planned security are the greatest threat to security on the net? Methinks it's the corporations who would rather spend more on propaganda than proper security that are the problem here, the "hacktivists" just point it out.
How can you know 100% of the time what the motivation is? Haven't you ever seen Die Hard?
(Did I misread the headline?) Monsanto, Unocal, Dow Chemical, and Goldman Sachs are a far greater threat to human existence. When it comes to Evil, Verizon is merely an annoyance.
Verizon Says [crappy internal security] Now Biggest Corporate Net Threat
There.. I fixed it for you.
The company's aren't anymore responsible for this hacktivism crime than my dog. Your attempt to paint some culpability upon them is a laughable. All you are doing is trying to rationalize criminal behavior under the guise of "they deserved it" (according to you).
What is ethical and what is legal are very different things. Companies are really only required to follow what is legal. However, it is normally in their best interests to act ethically as well -- but we don't require, as a matter of law, people or companies to act ethically. ie: we don't throw people in jail for acting unethically. We throw them in jail for acting illegally.
Your attempt to confuse the two topics seriously discredits your post because it has no meaning. It's like calling for a war against jealousy....
is actually unsecured and improperly managed networks run by corporations that collection too much information on us. There, fixed that...
--- b2b.mallaidh.org | www.mallaidh.org | www.kidsalive.org/article/kahlil-pfaff/
Easier definition:
Terrorist: Someone who doesn't agree with you, wants to go to war with you but lacks the funds for a big enough army to actually call it a war.
Criminal: Someone who does something against the interests of society but lacks the money to change the laws accordingly, or someone who does something against the interests of those that have the money to change the laws.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Hacktivists Say Verizon Now Biggest Corporate Net Threat
The very same federal government that can't figure out a conversation between two RPG players planning a raid in a game of cyberpunk not being real, despite the weapons being mentioned being invented in 2018?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Fun science fact: the word "cracktivism" sounds even sillier than "hacktivism."
That being said, the label "hacktivist" has only been applied thus far to groups like LulzSec who trespass on others' computers to make a point; the others are just tech-savvy activists. I'm afraid your hopeful alternative is just a unicorn.
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
Indeed... especially in this case.
Think about how the data was generated: the data comes from reported incidents of network compromise.
EVERY hacktivist compromise will be reported by the victim, as the hactivist group has already reported it and they have a responsibility to disclose such things.
I'd bet that most intrusions and data extractions conducted by other groups (organized crime, government special ops, industrial espionage) are never reported to Verizon, therefore they wouldn't show up in the statistics. For that matter, most of these intrusions likely go completely unnoticed. Considering we've just been finding out in the last year about intrusions that have been ongoing for TEN YEARS, who's to say how many like these are still in the "unreported" category?
Without all the rhetoric, Verizon's study is really saying that intrusions reported for political reasons are more highly reported than those that both the intruder and the victim have no desire to make public. Any other conclusions involve too much conjecture (on the same level as the RIAA losing billions to piracy) unless more data is provided.
Hacktivists are motivated by politics which is motivated by money. So I don't see the difference. I wonder what Google's figures are?
Incompetence does not have to equate to threat level.
---- Booth was a patriot ----
there's a difference between hacktivists and cybercriminals? sounds like a false distinction to me.
Is this the same Verizon who has been helping the NSA with warrantless wiretaps -- that is to say helping the gov't steal personal data in real time?
Considering the largest breach of 2011 happened to be Sony (started with Playstation Network, spread through to other Sony sites), it's hard to tell if this is the case. After all, Anonymous and Lulzsec kept breaking into other Sony sites All in all, Sony lost probably close to 150M customer records....
I would call that hackivism since it was meant more to embarass Sony over their lack of security.
I consider corporations like RIAA & MPAA, BSA, and politicians lobbied by corporations to legislate censorship, spying & restrictions of internet usage the biggest threat to internet. Patents & restrictions on writing software are a close second.
When downloading or uploading information or cracking copy protection can ruin your life worse than committing grand theft or murder, I consider that action immoral and unjust. And I will consider any corporation supporting & pushing this kind of legislation a valid target.
While I agree that unlawful implies criminal, lawful doesn't necessarily mean right, and unlawful doesn't necessarily mean wrong. These days the laws are broken mess, and even when they aren't only the rich can afford to defend themselves, rendering justice system broken.
--Coder
hacktivists, by definition, will publicize their break-ins so you can be sure they will be counted.
Common thieves and governmental spies (chinese, russians, etc.) on the other hand, might never be discovered if their level of competence is superior to that of the security administrators of a company.
Therefore, the statistics offered are very dubious and I would not be surprised if they are completely and spectacularly wrong.
... was the result of hactivism, which involves computer break-ins for political rather than commercial gain. In previous years, most hacking was carried out by criminals
The cake is a lie.
Because my Verizon iPhone has NO data on their 3G network anywhere near down town.
Do not look at laser with remaining good eye.
You were discussing nomenclature and the legality of hacktivism, were you not? I pointed out that, to date, the word "hacktivism" has only been applied to illegal activities, regardless of the underlying etymology and semantics of the word "hacker". The traditional term used to clearly indicate the activity of illegal hacking is "cracking"; hence the more precise word "cracktivism," which, in turn, sounds funny.
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
Oy! No citations in a political debate! Facts and non-anecdotal evidence are against the rules!
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
The Legion of Doom Says Superheroes Now Bigges Business Threat.
But... the future refused to change.
As I posted this (#39443235), the cute witticism at the end of the /. page reads "Go directly to jail. Do not pass Go, do not collect $200."
Perhaps /. was trying to answer noh8rz3's question - "hactivist or criminal?" - for me.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
What happened to the motives we had in the nineties, like fun, bragging rights and `because we can'. What about the modern variant of `for the lulz!'.. ?
They're just a criminal. If they're a cyborg committing a crime, that makes them a "cybercriminal."
Twinstiq, game news
No, the corporations that own the federal government are more of a threat.
Well, if corporations and other wealthy interests seek to control the powers of government as they always have and always will seek to do, then why the hell are we sweetening the pot for them by making the target (government) an even juicier plum for those interests by making it larger and more powerful, with ever-growing control over the behavior of common citizens, and controlling ever-growing percentage of the nation's wealth, and with even deeper levels of bureaucratic obfuscation in which to hide bad deeds and their perpetrators?
I mean, it's not like passing laws/Acts or forming oversight committees will ever change basic human behavior. People have always and will always seek to influence/corrupt government as long as government has enough power to be an attractive target, and is large enough that being caught-out and punished is more unlikely than likely.
Why is it that those that appear to be most vocally upset by the corruption in their government persist in insisting on making it more certain that corruption will increase in both depth & breadth by making it increasingly easy to hide and providing an increasingly-attractive target by making government increasingly larger and more powerful?
It's like being upset with being mugged, so you carry more cash and valuables, walk down more dark & deserted alleyways, post your route on FB/Twitter, and give the muggers bigger guns and better masks.
Silly humans.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Big public leaks are the only way to show off the gaping security holes corporations leave. These holes are already being exploited by people other than "hacktivists", believe you me.
the hack of stratfor was aided and abedded by the FBI. they provided the servers to store the data. they 'flipped' Sabu. they were monitoring him the whole time he was running the anonymous hacks of various companies. the FBI just stood by while they did it.
the FBI is responsible here. it went too far.
and I thought the biggest threat to personal saftey are these shadowy groups hording zero day exploits only available to the uber rich, corporates and govnerments. They openly flaunt their unwillingness to share code or data on their exploits to get the most dollar out of their insanely priced holes in other reputable companies software.
Hackitists I'd say are more ethical in general, and even petty cyber crooks who use publicly available exploits far less a threat. In fact any hacker regardless of motive who shares information of any kind his exploits is FAR better than that.
I do agree that stealing credit card numbers is excessive. I don't condone in harming other people, especially people who aren't complicit in the wrongdoing. Corporations are different matter- no matter what the law says I don't consider them human. To be human you need to have morals and be mortal, and corporations don't have that.
I would probably stick to defacing websites or stealing internal documents or emails of executives or similar if I were a hacktivist. Anyway, it was nice having this discussion.
--Coder
Yes, I saw that your post got +5, so I did the same title as a response to an earlier comment, and also got +5!