Most hackers still want your money, but a growing number of cyberattacks last year were motivated by espionage rather than simple theft.
A new survey of hacking attacks in 2013 found that 511 were some form of espionage -- up from 120 in 2012. The attacks typically came from Asia or Eastern Europe and hit government agencies or businesses in the United States, according to the annual Data Breach Investigations Report from Verizon.
The majority of cyberattacks still focus solely on financial gain, not stealing state secrets or compromising government computers. The report looked at 63,000 hacking incidents worldwide, more than 1,300 of which resulted in stolen data. About 65 percent of the successful breaches were motivated by money, while 19 percent were espionage.
Espionage hackers focus on gaining entry into the computer network of a business or government agency and either try to control it or -- more often -- pilfer it for information. Most of the attacks aren't discovered for months.
The report's authors caution that the rising number of known espionage attacks is due at least in part to better reporting. Law-enforcement agencies and cybersecurity experts from as far afield as Australia, Ireland and Ukraine participated in this year's survey, pooling their knowledge of breaches and attackers.
But the growing espionage numbers may indicate that the problem is more prevalent than previously known.
"Like a streetlight illuminating cars parked along the street, more contributors allow us to see more cars," the report says. "Unfortunately, we can also see that those cars have broken windows and stolen stereos."
Cyberattacks on stores and retail websites drew the most public attention last year, with retail giant Target the most notable example. First reported in December, the breach at Target potentially exposed personal or payment data of up to 110 million people.
But Target had company. Over the course of the year, hackers compromised computer systems at such disparate businesses as high-end clothier Neiman Marcus, the Raley's and Sprouts grocery chains and cloud computing firm Evernote.
"If they can steal it and sell it, they will," said Sean McGurk, managing principal for Verizon's risk team and a former cybersecurity specialist with the U.S. Department of Homeland Security.
Hackers affiliated with foreign governments also gained more notice in 2013. That was particularly true in Asia, where the Mandiant cybersecurity firm traced a number of attacks to a building in China controlled by the People's Liberation Army. South Korea blamed its northern neighbor for a March 20 cyberattack that hit media outlets and financial institutions. Both the Chinese and North Korean governments denied that they had any role in hacking.
The Syrian Electronic Army, which supports the government of President Bashar Assad, hacked into the Associated Press Twitter account on April 23 and tweeted that the White House had been bombed. A brief sell-off shook Wall Street.
While many espionage attacks concentrate on government agencies, others focus on private businesses, trying to steal trade secrets or infiltrate the systems that run critical infrastructure. The threat has drawn increasing interest in Washington.
"We've got to protect the critical infrastructure," said former Homeland Security Secretary Tom Ridge, speaking last week at a cybersecurity forum in San Francisco. "The government has no critical infrastructure of its own, it relies upon the private sector to provide those services and infrastructure. And when that goes down, the government goes down."
In the vast majority of espionage attacks, hackers gained access to computer systems through "spear-phishing" -- e-mails carefully tailored to an individual employee, official or executive, including a compromised link or attachment. E-mail attachments accounted for 78 percent of espionage attacks, according to the report.
Of the data breaches blamed on espionage, 49 percent originated in east Asia, while 21 percent came from Eastern Europe. The launching point for 25 percent of espionage attacks could not be tracked.
"Quite frankly, the adversaries are becoming more and more sophisticated in their obfuscation techniques," McGurk said.
© 2014 San Francisco Chronicle
NEW ON THE PODCAST