Forgot your password?
typodupeerror
Privacy Security IT Politics

Verizon Says Hactivists Now Biggest Corporate Net Threat 150

Posted by timothy
from the is-that-hat-dark-grey-or-light-grey? dept.
alphadogg writes "Hactivists — not cybercriminals — were responsible for the majority of personal data stolen from corporate and government networks during 2011, according to a new report from Verizon. The Verizon 2012 Data Breach Investigation Report found that 58% of data stolen in 2011 was the result of hactivism, which involves computer break-ins for political rather than commercial gain. In previous years, most hacking was carried out by criminals, Verizon said. Altogether, Verizon examined 855 cybersecurity incidents worldwide that involved 174 million compromised records. This is the largest data set that Verizon has ever examined, thanks to its cooperation with law enforcement groups including the U.S. Secret Service, the Dutch National High Tech Crime Unit and police forces from Australia, Ireland and London."
This discussion has been archived. No new comments can be posted.

Verizon Says Hactivists Now Biggest Corporate Net Threat

Comments Filter:
  • by aglider (2435074) on Thursday March 22, 2012 @11:43AM (#39441241) Homepage

    where you need real technicians!

    • by Anonymous Coward

      Yep. Security measures should be valid regardless of the motivation of the attackers. Unless of course you can get to shoot the attackers, in which case it really does matter they're activists.

    • by Bengie (1121981) on Thursday March 22, 2012 @12:17PM (#39441681)

      Most companies have coasted by with bad security practices, now they have to up their game. Boo f'n hoo.

      CEOs tell us "sucks to be you, suck it up" when it comes to their monopolies. I say the same thing back at them. Actually employee decent programmer, engineers, admins, and managers. Quality > Quantity?!

      • by tripleevenfall (1990004) on Thursday March 22, 2012 @01:55PM (#39442911)

        The trend over the last 10 years in software development has been labor minimization, offshoring, "just meet the specs" mentality.

        Now a lot of companies are getting bitten in the rear in return for the supposed "savings" they realized over the years. Think your $1500 a year software engineers in Bangalore are going to be able to handle this...? Communication is difficult with them even when you have well defined specs - let alone when the engineer needs to be aware of current events and think of unspecified scenarios themselves.

        I think a lot of corporations are going to find out that IT staff is not dispensable in the way that, say, payroll staff became in the 1990s.

      • by dachshund (300733)

        It's not just bad corporate policies. It's the entire commercial security industry as well:

        http://blog.cryptographyengineering.com/2012/03/why-antisec-matters.html [cryptograp...eering.com]

    • by noh8rz3 (2593935) on Thursday March 22, 2012 @01:19PM (#39442535)
      there's a difference between hacktivists and cybercriminals? sounds like a false distinction to me.
      • there's a difference between hacktivists and cybercriminals? sounds like a false distinction to me.

        I think it is meant to distinguish between motives. Cybercriminals are doing it to make money. Hacktivists are doing it because they are pissed off.

        • by rtb61 (674572)

          I think the distinction here is one of ego. Criminals are just seeking to masquerade their activity behind an illusion of activism. Rather than being seen as petty criminals they want to be seen as activist.

          Right now the government is blatantly letting that lie slide on through, is a slimy shit eating way of making political protest criminal.

          Truth here is the bulk of computer hacking is done by;
          petty criminals, including spammers, credit fraud (no such thing as identity theft, just a corporate lie to

  • by jcaldwel (935913) on Thursday March 22, 2012 @11:47AM (#39441305)
    Anyone stealing personal data is a "cybercriminal". Sounds like they are playing with words.
    • by X0563511 (793323) on Thursday March 22, 2012 @11:51AM (#39441355) Homepage Journal

      Criminal. People who stick "cyber" in front of things because the innerwebs are involved need to be slapped.

    • Re: (Score:2, Insightful)

      by 0racle (667029)

      They're separating out based on motivation.

      • by jcaldwel (935913)

        They're separating out based on motivation.

        I saw that... and that IS playing with words. In this case, a criminal is a criminal regardless of motivation.

        • by 228e2 (934443)
          Agreed. Hacktivists should fall under the Cybercriminal subset instead of being on equal level.
          • by Bengie (1121981)

            But the motivation determines if it is a crime in the first place.

            Kill someone with malice, got to prison, kill someone in self defense, no prob.

            • by jcaldwel (935913) on Thursday March 22, 2012 @12:42PM (#39442033)

              But the motivation determines if it is a crime in the first place.

              Kill someone with malice, got to prison, kill someone in self defense, no prob.

              I don't think this article was talking about homicide.
              What motivation would make it legal to hack a government or corporate system and stealing personal data?

            • But in that case the intention/motivation/circumstances make a difference between being a criminal and not. In this case, both groups are criminals, the intention is irrelevant... at least, under English law, which is all I really know anything about.

              The BBC's headline [bbc.co.uk] was particularly silly in this regard: "Data theft: Hacktivists 'steal more than criminals'" - as the BBC of all news groups should have someone available to point out that it's not stealing, and that hacktivists are criminals.

              Of course, the

        • by Endo13 (1000782)

          But aside from all of that, how the hell do they even know exactly what the motivation was? Just because the intruder said so? Just because nothing bad happened immediately?

          BTW, does anyone have the contact number of the people who made this determination? I have a really nice bridge I'd like to sell them.

          Much as I like the idea of cyber Robin Hoods, you still gotta call them what they are.

        • by 0racle (667029)
          I'm not saying they're not, but the distinction is important for the targets. A course of 'Stop being a dick' might be enough to stop being a target of this group of people.
      • by jellomizer (103300) on Thursday March 22, 2012 @12:05PM (#39441525)
        Yes they are both motivated by making a lot of money. It is just that one group comes up with a lame excuse that makes it seem like they are fighting for the little guy like a robin hood... Except for the fact they are stealing form everyone and giving to themselves.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Anyone stealing personal data is a "cybercriminal". Sounds like they are playing with words.

      Not from the perspective of the larger companies/governments.
      While the actual action is similiar enough the result is vastly different.
      The main objective for a "cybercriminal" is to steal customer information. The end result is that the customer gets screwed over and the company gets some bad publicity that they have to deal with.
      Hacktivists on the other hand tends to look for indications that the company/government does anything illegal. This causes damage that isn't as easily passed down on the taxpayer/c

    • by Experiment 626 (698257) on Thursday March 22, 2012 @11:55AM (#39441409)
      Agreed. It's weird how the article tries to spin them as separate things. "Most cybercrime now politically motivated" would have made for a more accurate headline.
      • Agreed. It's weird how the article tries to spin them as separate things. "Most cybercrime now politically motivated" would have made for a more accurate headline.

        One important differnce is that the "hackitivists" will tell you they did it as shaming the target is generally part of the plan. Real for-profit criminals will keep their mouths shut because they would like to do it again and not talking about it helps with that.

        So, in and of itself, I think that's going to skew the numbers because what is really under discussion here are the number of cases of detected attacks, not total attacks.

    • by HalAtWork (926717)
      They're just a criminal. If they're a cyborg committing a crime, that makes them a "cybercriminal."
  • How much of the "Hacktivist" data that is stolen is then turned over and used for criminal activity? Does it matter why it was stolen, if the result is the same?
    • Depends. If the hacktivists make the hack public and hence I know about my CC being stolen before it can be abused, I can react. Plus, my bank has no way to play dumb and pretend it was my fault that my CC number got abused.

      So yes, the average hacktivist is less of a threat to me than the average for-profit hacker.

    • by gl4ss (559668)

      usually the data was available for criminal activity already.

      hactivists just tend to publish their exploits on the high seas and share their plunder. usually that means that the hole gets plugged.

  • Bad analysis (Score:5, Insightful)

    by DoofusOfDeath (636671) on Thursday March 22, 2012 @11:48AM (#39441319)

    The truth is that hactivisism alone is not a sufficient cause of corporate data breaches. A variety of issues come into play: corporate laxity in IT, a preference for fast deployment of services over careful security scrutiny, absence of strong legal consequences against corporations for permitting data breaches, programming languages/environments that make it easy to deploy vulnerable services, lack of fine-grained data permissions at the hardware/network/OS level, etc.

    Remove any one of those factors, and the rate of data breaches would likely go down significantly. I'm not sure where Verizon gets off picking just one of them.

    • by Anonymous Coward

      I'm not sure where Verizon gets off picking just one of them.

      Probably because all of the other things you mentioned are a pain for Verizon. They'd have to implement more stringent IT practices, defer speed and convenience for security, abide by new laws and generally put more effort into how they handle data. But Hactivism? No, that's the result of Other People doing Naughty Things, so don't look at us. Preventing this sort of thing is the FBI's problem, not ours. When we lose customer data it's all the fault of the hactivists doing things they shouldn't, nothin

      • the hack of stratfor was aided and abedded by the FBI. they provided the servers to store the data. they 'flipped' Sabu. they were monitoring him the whole time he was running the anonymous hacks of various companies. the FBI just stood by while they did it.

        the FBI is responsible here. it went too far.

    • by bws111 (1216812)

      None of the things you listed are 'causes' of data breaches. They are things that can be tightened up to help prevent breaches, but they are in no way causes. The cause, in nearly every case, is someone trying to get at something they have no right to.

  • Well gee... (Score:5, Insightful)

    by JustAnotherIdiot (1980292) on Thursday March 22, 2012 @11:50AM (#39441331)
    Maybe I'd have an ounce of sympathy if Verizon (or any ISP/phone company) didn't constantly fuck over their customers.
    What goes around comes around...
    • Re:Well gee... (Score:5, Insightful)

      by Enderandrew (866215) <enderandrew.gmail@com> on Thursday March 22, 2012 @12:27PM (#39441819) Homepage Journal

      We shouldn't support criminals just because they target people we don't like. Effectively that is saying that rights and protection should be applied only to those we favor in a given moment.

      And in some of these cases, passwords, credit cards and personal data was leaked publicly. So the customers are the ones suffering more than companies like Verizon.

      • by coder111 (912060) <{coder} {at} {rrmail.com}> on Thursday March 22, 2012 @01:22PM (#39442577)
        I consider corporations like RIAA & MPAA, BSA, and politicians lobbied by corporations to legislate censorship, spying & restrictions of internet usage the biggest threat to internet. Patents & restrictions on writing software are a close second.

        When downloading or uploading information or cracking copy protection can ruin your life worse than committing grand theft or murder, I consider that action immoral and unjust. And I will consider any corporation supporting & pushing this kind of legislation a valid target.

        While I agree that unlawful implies criminal, lawful doesn't necessarily mean right, and unlawful doesn't necessarily mean wrong. These days the laws are broken mess, and even when they aren't only the rich can afford to defend themselves, rendering justice system broken.

        --Coder
        • Do you remember the Oklahoma City bombing?

          The terrorists in question disagreed with the federal government. They felt that the only way to enact change was to break the law. So they murdered innocent civilians, including toddlers in the daycare.

          The families of the victims were unhappy with the federal government and how the death penalty was applied in federal cases. So they wrote a law. They traveled to Washington D.C. and testified before Congress. They got their law passed less than a year after the atta

          • by coder111 (912060)
            Um, Rosa Parks, Gandhi, Founding Fathers all broke the law as well. See how that turned out.

            And I don't have the ability to make changes within the system. I'm not an American nor am I living in USA, but laws dictated by US corporations get pushed down our throats all the time. Even if I were, lobbying & greed would triumph most of the time anyway.

            --Coder
            • You'll note that people like Rosa Parks didn't victimize others in her peaceful protest because she didn't have civil rights.

              Stealing credit card info and releasing it publicly because you don't like a company isn't the same. Don't for a moment pretend they are.

              • I do agree that stealing credit card numbers is excessive. I don't condone in harming other people, especially people who aren't complicit in the wrongdoing. Corporations are different matter- no matter what the law says I don't consider them human. To be human you need to have morals and be mortal, and corporations don't have that.

                I would probably stick to defacing websites or stealing internal documents or emails of executives or similar if I were a hacktivist. Anyway, it was nice having this discussio
        • by Que914 (1042204)
          Mod parent up!

          In theory laws are a tool to facilitate justice, and many of our rulers have abandoned that principal so long ago that now they're even abandoning the illusion. To quote Frederic Bastiat: "The safest way to make laws respected is to make them respectable. When law and morality contradict each other, the citizen has the cruel alternative of either losing his moral sense or losing his respect for the law." While I'd rather not have to choose, I'm far more comfortable retaining my sense of mor
        • by artor3 (1344997)

          Pro-lifers consider abortions to be "immoral and unjust". Indeed, from their point of view, abortions are equivalent to the murder of over a million infants every year, which (if they were right) I'm sure you would agree is much worse than a billion dollar fine for downloading an MP3. So by your logic, they are completely justified in treating abortion doctors and clinics as "valid targets".

          If you think only people you agree with deserve the protection of law, then you are far worse than any of the villai

      • by Ihmhi (1206036)

        We shouldn't support criminals just because they target people we don't like.

        Exactly. That's why Robin Hood is unpopular and almost no one knows about him now and why he was universally hated in his own time.

        • Before Robin Hood you had financial inequality. Then Robin Hood robs from the rich to give to the poor. This provokes the ruling class, and in the end a lot of people die. Clearly this is a fine example of how criminal activity made people's lives better.

          In most variations of the story, King Richard eventually comes home from the Crusades and resumes his just rule, which he would have done regardless. All Robin Hood did was get a lot of poor people killed.

    • by grimarr (223895)

      Agreed. And one of the ways they do this is by showing a severe lack of concern for their customers' security. For example, as far as I can find, there is no way to log on to the Verizon.com web site from a HTTPS: page. There used to be, but they removed it. Maybe they should evaluate their own security....

  • #1 threat (Score:3, Insightful)

    by Anonymous Coward on Thursday March 22, 2012 @11:51AM (#39441349)

    Maybe the number one threat is acting like a douche. How many large, successful companies are targetted when they don't act like that? Hey Sony, get a clue.

    • by Anonymous Coward
      Having morality on the internet ruled by a fickle, faceless, and amoral mob is a dangerous state of things even if the only people they're attacking right now are ones you personally consider to be bad guys.
    • by GaratNW (978516)
      In other news, hacktivists state that modern media corporations are the biggest threat to personal liberty and freedom in the last 100 years!

      Annnddd... they're not very wrong.
    • Every fucking one of them is targeted. Ask any CISO what keeps them up at night.

  • Crime is crime (Score:5, Insightful)

    by rbowen (112459) Works for SourceForge on Thursday March 22, 2012 @11:51AM (#39441365) Homepage

    This is a really dangerous distinction. Crime is crime. Politically motivated crime is - what? Terrorism? I don't like where this is going.

    • Re:Crime is crime (Score:5, Insightful)

      by LordNimon (85072) on Thursday March 22, 2012 @12:11PM (#39441601)

      I think the point is that hacktivism occurs mostly because of unethical behavior of the target companies, not because they have generally weak security or valuable data. Therefore, companies can avoid being targets of hacktivism more by avoiding unethical behavior, rather than spending millions to beef up their security.

      • The company's aren't anymore responsible for this hacktivism crime than my dog. Your attempt to paint some culpability upon them is a laughable. All you are doing is trying to rationalize criminal behavior under the guise of "they deserved it" (according to you).

        What is ethical and what is legal are very different things. Companies are really only required to follow what is legal. However, it is normally in their best interests to act ethically as well -- but we don't require, as a matter of law, peo
      • by DarkOx (621550)

        No justice quite like angry mob justice!

      • by Hatta (162192)

        It's not hactivists that are a threat to the net. It's the corporations and government agencies that the hactivists target that are the real threat.

      • This might be so in certain cases and not in others. I would say some go after any company that is large. In fact Verizon has so many people working for them, there is no way customer relations and going to be good. Maybe they ought to hire more people that actually know what they are doing and much less that don't.

      • by gl4ss (559668)

        I think the point is that hacktivism occurs mostly because of unethical behavior of the target companies, not because they have generally weak security or valuable data. Therefore, companies can avoid being targets of hacktivism more by avoiding unethical behavior, rather than spending millions to beef up their security.

        you know that's mostly bullshit. besides, doesn't help that it's unethical to have your customer records easily accessible by spammers and when exploits are carpet bombed over ip ranges.. it's just shit luck. of course if you have unethical operation going on then it's more likely there's something juicy there. they should try to be reasonably secure regardless, it doesn't have to cost millions.

        hacktivism occurs mostly because it can. and it gets noticed because hacktivists want that. thus, it's easier to g

    • Hundred years ago in UK homosexuality was a crime. Following your logic, someone who would pose as gay for political reasons would be a terrorist. As long as data stolen is shared for free, as it was, I don't see hactivists as criminals.
    • It's only terrorism if you lose.
    • Civil disobedience (a form of activism) is also a crime, yet often we hold people who do it in high regard. Sometimes civil disobedience is acclaimed moral courage.

      Now I'm not saying we can group hacktivism in with civil disobedience. But in many cases I don't think that it would be a stretch.

      The issue of of motive is critical. When we speak of criminals we usually mean people who did something illegal for personal gain at the expense of another. But if someone did something illegal in defense of the co

  • The federal government is.

    • The very same federal government that can't figure out a conversation between two RPG players planning a raid in a game of cyberpunk not being real, despite the weapons being mentioned being invented in 2018?

  • ... most data was probably stolen for the lulz.

    My how times have changed.

  • Good security practices will protect from either threat. It doesn’t really matter the vector in this case.
  • by Hentes (2461350) on Thursday March 22, 2012 @12:01PM (#39441481)

    When you are hacked by an activist, they will make sure that you and the rest of the world know about it. Criminals, on the other hand, try to be as subtle as possible. Some victims might not even realize that they have been breached, and even if they do it's much easier to cover up. I don't think activism surpasses crime, it's just much more visible.

    • Not only that, but even when the companies realize they were hacked, they are also very likely to cover it up instead of anounce they had a breech. When anouncing the crime is harmful to both the criminal, and the holders of the evidence, things tend to not be reported.
  • Bullshit. (Score:1, Insightful)

    by Anonymous Coward

    "Hacktavists" are just a highly visible boogeyman. Useful for scaring white people that watch network news and the politicians that cull their votes.

    Visible, but hardly a blip compared to the massive spam, fraud, phishing, trojan, and malware ops that the real blackhats run. These things are complex and deep and ever present, so they're useless for scaremongers.

    Want a real data set that will turn up evidence of massive economic fraud? Get ahold of Verizon's billing data.

  • by Kidbro (80868) on Thursday March 22, 2012 @12:11PM (#39441611)

    Well, good thing then, that it's easy to protect yourself against hacktivists. Just stop being dicks.

    • Telling a manager to stop being a dick is like telling a techie to wear tie and suit. It just won't happen in this universe.

    • A big problem with that. That's in the eye of the beholder.

      • by Kidbro (80868)

        Of course. So is crime. Thus we form a consensus to decide what is and what is not a crime - but it is nontheless "in the eye of the beholder".
        Hacktivists act because they feel that the laws, for whatever reason, are either unjust, insufficient or not thoroughly enforced. It is the means they have available - others have other means open to them, such as bribing/tricking law makers to make absurd laws, or governments to invade other countries on false premises. I have a hard time arguing that the former are

  • by Anonymous Coward

    So people who breach poorly executed and even more poorly planned security are the greatest threat to security on the net? Methinks it's the corporations who would rather spend more on propaganda than proper security that are the problem here, the "hacktivists" just point it out.

  • How can you know 100% of the time what the motivation is? Haven't you ever seen Die Hard?
  • (Did I misread the headline?) Monsanto, Unocal, Dow Chemical, and Goldman Sachs are a far greater threat to human existence. When it comes to Evil, Verizon is merely an annoyance.
  • by Anonymous Coward

    Verizon Says [crappy internal security] Now Biggest Corporate Net Threat

    There.. I fixed it for you.

  • is actually unsecured and improperly managed networks run by corporations that collection too much information on us. There, fixed that...

  • Hacktivists Say Verizon Now Biggest Corporate Net Threat

  • Hacktivists are motivated by politics which is motivated by money. So I don't see the difference. I wonder what Google's figures are?

  • Is this the same Verizon who has been helping the NSA with warrantless wiretaps -- that is to say helping the gov't steal personal data in real time?
  • Considering the largest breach of 2011 happened to be Sony (started with Playstation Network, spread through to other Sony sites), it's hard to tell if this is the case. After all, Anonymous and Lulzsec kept breaking into other Sony sites All in all, Sony lost probably close to 150M customer records....

    I would call that hackivism since it was meant more to embarass Sony over their lack of security.

  • by gozu (541069) on Thursday March 22, 2012 @01:23PM (#39442587) Journal

    hacktivists, by definition, will publicize their break-ins so you can be sure they will be counted.

    Common thieves and governmental spies (chinese, russians, etc.) on the other hand, might never be discovered if their level of competence is superior to that of the security administrators of a company.

    Therefore, the statistics offered are very dubious and I would not be surprised if they are completely and spectacularly wrong.

  • ... was the result of hactivism, which involves computer break-ins for political rather than commercial gain. In previous years, most hacking was carried out by criminals
  • Because my Verizon iPhone has NO data on their 3G network anywhere near down town.

  • by Requiem18th (742389) on Thursday March 22, 2012 @02:21PM (#39443221)

    The Legion of Doom Says Superheroes Now Bigges Business Threat.

Genius is one percent inspiration and ninety-nine percent perspiration. -- Thomas Alva Edison

Working...