Security

Hacktivism Linked to 100 Million Compromised Records in 2011

But there’s scant evidence so far to substantiate security vulnerabilities in the cloud, according to a new analysis by Verizon.

by / March 22, 2012
Hackers from the international group Anonymous claimed responsibility for taking down several high-profile websites in 2011.

“The online world [in 2011] was rife with the clashing of ideals, taking the form of activism, protests, retaliation, and pranks.” So reads the executive summary of a new data breach report from Verizon, drawing a strong parallel between worldwide social and political unrest in 2011 and the prevalence of online threats.

The report offers analysis of 855 data breaches that occurred across the globe in 2011. Among its findings are the fact that hacktivism — cyberhacking committed with political and social objectives in mind — is on the rise. While only 3 percent of attacks were traced to hacktivist groups, they tend to compromise much higher volumes of data than traditional cybercriminal activity, according to the Verizon 2012 Data Brach Investigations Report. In fact, the work of hacktivists is traced to more than 100,000 million compromised records last year, of the 174 million total records compromised.
The report includes data contributed by the U.S. Secret Service and law enforcement agencies in Australia, Ireland, England and the Netherlands.

Not surprisingly, most breaches are still caused by criminals seeking financial gain, who generally target smaller organizations for specific types of potentially lucrative information. Cyberthieves commonly access insufficiently protected information using weak, default or stolen log-in information.

By the Numbers: Cybercrime in 2011

  • 855 data breach incidents

(Of those: 81 percent included hacking; 69 percent included malware and; 61 percent included a combination of hacking and malware)

  • 174 million compromised records (2nd highest volume since 2004)
  • 98 percent of breaches had external sources
  • 83 percent of breaches were perpetrated by organized criminal groups
  • 3 percent of breaches blamed on hacktivists
  • 100 million + compromised records blamed on hacktivists
  • 67 percent of data breaches originate in Eastern Europe
The report calls traditional cyberattacks less sophisticated than those waged by politically motivated groups, who commonly hijack domain name systems and flood the bandwidth of Web servers using distributed denial-of-service (DDoS) attacks.

Data breaches were traced to 36 different countries, up from 22 countries in 2010. Less than a quarter of all breaches came from North America, with almost 70 percent coming from Eastern Europe.

No Proof of Cloud Security Vulnerabilities

Another interesting finding seems to bolster the argument of cloud proponents, that the long-questioned security of hosting data in the cloud may be unfounded.

“We’re seeing very little evidence of data breaches in the cloud,” said Brian Sartin, vice president of Verizon’s Research Investigations Solutions Knowledge team in a recent CFOworld article. “There’s a compelling lack of statistics for that.”




 

Noelle Knell Editor

Government Technology editor Noelle Knell has more than 15 years of writing and editing experience, covering public projects, transportation, business and technology. A California native, she has worked in both state and local government, and is a graduate of the University of California, Davis, with majors in political science and American history. She can be reached via email and on Twitter.

RELATED

Utah Health Data Breach Blamed on Configuration Error Texas Comptroller’s Data Breach Cleanup Proves Costly
DISCUSS

We invite you to discuss and comment on this article using social media.

MORE FROM Security
SPONSORED ARTICLES

ERP Modernization: How the Cloud Delivers Scalability, Security and Innovation

The Reality of the Local Government Cybersecurity Skill Gap

Government No Longer Has to Choose Between Cybersecurity and Productivity

NEWSLETTERS

GovTech Today - Daily top stories

FutureStructure - Weekly system engineering concepts

Public CIO - Weekly thought leadership