Slashdot Mirror
Verizon Says Hactivists Now Biggest Corporate Net Threat
alphadogg writes "Hactivists — not cybercriminals — were responsible for the majority of personal data stolen from corporate and government networks during 2011, according to a new report from Verizon. The Verizon 2012 Data Breach Investigation Report found that 58% of data stolen in 2011 was the result of hactivism, which involves computer break-ins for political rather than commercial gain. In previous years, most hacking was carried out by criminals, Verizon said. Altogether, Verizon examined 855 cybersecurity incidents worldwide that involved 174 million compromised records. This is the largest data set that Verizon has ever examined, thanks to its cooperation with law enforcement groups including the U.S. Secret Service, the Dutch National High Tech Crime Unit and police forces from Australia, Ireland and London."
where you need real technicians!
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Maybe I'd have an ounce of sympathy if Verizon (or any ISP/phone company) didn't constantly fuck over their customers.
What goes around comes around...
What do I know, I'm just an idiot, right?
When you are hacked by an activist, they will make sure that you and the rest of the world know about it. Criminals, on the other hand, try to be as subtle as possible. Some victims might not even realize that they have been breached, and even if they do it's much easier to cover up. I don't think activism surpasses crime, it's just much more visible.
As others have said, the distinction is motive.
There is also a distinction in the damages.
If I steal a million debit card numbers for greed, I'm going to try to cover my tracks and exploit the cards for profit. There will be tens of thousands of individuals who will suffer direct financial harm as I drain their bank accounts. Even those "made whole" by the banks will still suffer embarrassment. Their banks are also victims. Only when it is traced to the company I stole the data from do they realize they are a victim.
If I do it for lulz, like "The Joker" on Batman, there's no telling who will be the immediate victim. Will I publicize it to embarrass the banks? Will I order adult-novelty products on the credit cards and send them to the card-owners and watch the fallout on national TV? Who knows.
If I do it as an "activist" I'm probably only interested in hurting the company, not the cardholders. Yes, the cardholders will suffer collateral emotional damage and some will spend time or money trying to protect themselves in case I'm also motivated by greed, but the intended victim is the company I stole the data from.
Of course, I may be targeting a third party such as a security vendor by directly attacking its corporate customers, or I may attack a government by attacking those who support it. But in each case, the owners of the bank card numbers I steal aren't going to have their bank accounts drained. Unless of course I have a little greed or I'm careless and let the numbers fall into the hands of someone who is greedy.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I think the point is that hacktivism occurs mostly because of unethical behavior of the target companies, not because they have generally weak security or valuable data. Therefore, companies can avoid being targets of hacktivism more by avoiding unethical behavior, rather than spending millions to beef up their security.
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart
Indeed... especially in this case.
Think about how the data was generated: the data comes from reported incidents of network compromise.
EVERY hacktivist compromise will be reported by the victim, as the hactivist group has already reported it and they have a responsibility to disclose such things.
I'd bet that most intrusions and data extractions conducted by other groups (organized crime, government special ops, industrial espionage) are never reported to Verizon, therefore they wouldn't show up in the statistics. For that matter, most of these intrusions likely go completely unnoticed. Considering we've just been finding out in the last year about intrusions that have been ongoing for TEN YEARS, who's to say how many like these are still in the "unreported" category?
Without all the rhetoric, Verizon's study is really saying that intrusions reported for political reasons are more highly reported than those that both the intruder and the victim have no desire to make public. Any other conclusions involve too much conjecture (on the same level as the RIAA losing billions to piracy) unless more data is provided.
there's a difference between hacktivists and cybercriminals? sounds like a false distinction to me.