Verizon today released its 2012 Data Breach Investigation Report and highlighted the growing threat of “hacktivism” by groups such as Anonymous. The report was compiled with the help of the Australian Federal police, dutch national High Tech Crime Unit, Irish Reporting and Information Secuity Service, Police Central e-Crime Unit, and U.S. Secret Service.
It its summary, the report states:
“[The] unrest that so typified 2011 was not… constrained to the physical world. The online world was rife with the clashing of ideals, taking the from of activism, protests, retaliation, and pranks. While these activities encompassed more than data breaches (e.g. DDoS attacks), the theft of corporate and personal information was certainly a core tactic. This re-imagined and re-invigorated specter of “hacktivism” rose to haunt organizations around the world. many, troubled by the shadowy nature of its origins and proclivity to embarrass victims, found this trend more frightening than other threats, whether real or imagined. Doubly concerning for many organizations and executives was that target selection by these groups didn’t follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can’t predict their behavior.”
Though only 5% of external security breaches were undertaken by those motivated by “disagreement or protest” and/or “fun, curiosity, or pride,” this was a huge increase, meaning frequency of cases tied to activist groups was greater than those in all previous years combined. Also, a majority (58%) or all data theft was tied to activist groups. “…this trend is probably the biggest and single most important change factor in this year’s DBIR,” stated the report.
The report sees this as a shift away from classic acts by “hacktivists” such as website defacement and denial of service attacks towards data theft. And they are good at it. In the cases reviewed, “hacktivists” stole over 100 million records. This is almost twice that of normal cyber criminals, who favor easier, less risky targets.
The report concludes by revealing that most security breaches were easily preventable using simple precautions. Specifically, firewalls and password vigilance are the things businesses should focus on to prevent cyber crimes.