In the Media

Activists 'commit more data breaches than cybercriminals'

PUBLISHED March 22, 2012

Anonymous and other 'hacktivism' groups were responsible for more cyberattacks than thieves in the past year, according to a new survey

Activists such as "Anonymous" who hack into government and corporate computer networks and then release files to embarrass those organisations were responsible for more than half of all known data thefts last year, according to a new survey.

That's a big change from recent years when the motivation behind most cyberattacks has been to make money, according to the US mobile carrier Verizon Communications , which outlined its finding in one of the biggest annual global surveys on data loss (PDF).

The company's researchers worked with law enforcement in the UK, US, Australia, Holland and Ireland, and reached the conclusion after reviewing roughly 174m records stolen in 855 incidents. They found that 58% of the stolen data was due to so-called "hacktivism" in 2011, while no losses had been attributed to that cause in previous surveys.

"It's not just about the money any more. It's a big change in our adversaries," said Bryan Sartin, head of Verizon's computer forensics unit and co-author of the survey. The report notes: "Doubly concerning for many organisations and executives was that target selection by these [cyber activist] groups didn't follow the logical lines of who has money and/or valuable information."

Anonymous, a loosely organised collective which is the most prominent hacktivist group, claimed responsibility for a string of incidents last year, beginning with attacks on the websites of the governments of Tunisia, Algeria and Zimbabwe. Other targets included military contractors, law enforcement agencies and corporations including Sony, Rupert Murdoch's News Corporation and Apple.

But in a major blow to its hacktivism efforts, US authorities revealed earlier in March that a leading hacker known online as Sabu secretly became an FBI informant last year, providing evidence that led to charges against five other suspected members of the international hacking group LulzSec, which carried out a number of breaches.

Cybersecurity analysts said that they expect hacktivism to continue, though it may not be as severe.

"It may be episodic, with peaks and valleys," said Andy Purdy, chief cyber security strategist for CSC, which helps companies and government agencies fight cyber attacks.

Mary Landesman, senior security researcher with Cisco Systems Inc, said that she thinks the influence of hacktivists will wane.

She believes that the hackers who are arrested get caught because they become too focused on a need to become famous and make mistakes that enable law enforcement to catch them. "That has discredited Anonymous as a whole," she said. "When you see your buddy going off to jail, it's a great sobering force."

Verizon said that it does not know what percentage of all data breaches is accounted for in its survey. The company said that it did not make sense to compare data from 2011 with that of previous years because it collected information from more law enforcement agencies than in earlier surveys.

CSC's Purdy said that businesses needed to keep their eye on intellectual property theft, which did not score as high on Verizon's survey, but had become of growing concern as reports grew about corporate breaches apparently driven by national interests which silently targeted commercially sensitive data.

Only about 4% of records stolen were related to intellectual property, yet those secrets clearly have more value than that number would suggest. Some 39% of breaches affecting large organisations targeted sensitive organisational data, copyrighted information, trade secrets and classified information.

"Systematic online theft of intellectual property rises to the level of national security significance because of its impact on competitiveness on major American companies," said Purdy, a former Department of Homeland Security official responsibility for cyber security.

In November, a US intelligence report to Congress warned that China and Russia were using cyber espionage to steal US trade and technology secrets to bolster their own economic development, and that posed a threat to US prosperity and security.

Verizon said that it obtained data from the US Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police.

The company said that nearly all of the attacks were not highly difficult to launch and could have been avoided if the victims had done a better job of implementing basic security measures.

"I'd love to tell you we see a lot of indications that companies are getting better and more secure," Sartin said. "But if you look at where these companies are falling down, it's still unfortunately in common sense." © 2012 Guardian News and Media Limited or its affiliated companies. All rights reserved. | Use of this content is subject to our Terms & Conditions | More Feeds