recommended reading

Hacktivists snatch 100 million records in 2011

Petros Giannakouris/AP

Activist groups purloined more sensitive information from organizations worldwide than any other kind of hacker during 2011, according to data Verizon received from the Secret Service, international law enforcement agencies and its in-house investigators.

The telecommunications giant on Thursday is expected to release a study showing that, while "hacktivist" attacks accounted for a relatively small number of cases, they extracted more than 100 million records. The activists' bounty was nearly double the spoils collected by money-driven professional hackers, according to a copy of the report reviewed by Nextgov.

Chris Porter, principal for Verizon's RISK Team and the report's co-author, said, "What they did with some of the personal information, especially with some of the companies they attacked and some of the employees at companies, is something called doxing," which refers to dumping online a victim's personal data, such as emails and phone numbers, to publicly ridicule or intimidate the target.

"They would try to get hashed password lists," that are encrypted, "and then they would crack those passwords and then check to see if those passwords were being reused by any individuals" in an effort to break into the targets' other accounts, he added.

The study's caseload includes 855 breaches that compromised 174 million records. Verizon did not name the organizations victimized or attribute the breaches to specific groups. "All but one of the large breaches (over 1 million records) this year were attributed to activist groups rather than financially-motivated agents," the authors wrote.

Although activists pulled off the heftiest breaches, the frequency of their hacks was limited compared to the sheer number of swindler exploits, the report states.

Among breaches perpetrated by outsiders, 96 percent were committed by people after monetary or personal gain; 29 percent were attributed to fun, curiosity or pride; and 1 percent was prompted by a personal offense. The activists, described as driven by "disagreement or protest," accounted for 3 percent of those compromises.

Many of the activist hacks in 2011 targeted major corporations and government vendors. For example, members of the hacktivist confederacy Anonymous procured about 60,000 e-mails from computer security contractor HBGary, according to court filings. Using information in the messages, the hackers were able compromise 80,000 user accounts inside a company-run online forum, as well as "dox" an HBGary Federal executive.

Both crooks and activists lifted personal information en masse, but for different reasons, the authors noted. "We did not see any fraud that took place by activist groups," Porter said.

A Global Problem

Hackers apparently are becoming more multinational, according to the findings. Victims were spread across a record 22 countries in 2010, but 2011 witnessed incidents expand to 36 countries.

It should be noted that, for the first time, the Australian Federal Police, the Irish Reporting & Information Security Service and the London Metropolitan Police contributed to the report, joining Verizon's own computer forensics division, the Secret Service and the Dutch National High Tech Crime Unit.

The study underscores several perennial human failings that aggravated breaches in 2011. In more than half of the cases, it took months, if not years, for victims to realize their customer data, intellectual property or other private information had been compromised. Eighty-five percent of the time it took authorities weeks or longer to discover breaches in 2011, up 6 percent from the previous year.

In 97 percent of the events, the breaches would have been avoidable through simple or intermediate controls, a 1 percent increase over the prior year. Organizations were unaware they had been overtaken until a third-party notified them in 92 percent of the cases, a 6 percent increase.

The method Verizon used to exchange intelligence while protecting the identities of victims is a model for public-private information-sharing, Verizon officials said.

Government authorities submitted incident data using a standard digital questionnaire, called Verizon Enterprise Risk and Incident Sharing, or VERIS, that asks only for general demographics, such as the size of an organization's workforce, number of IT staffers and industry type. The data amassed was wiped of any information that might identify organizations or individuals before it was provided to Verizon's research team for analysis, according to Verizon officials.

"When the Secret Service sends that information over to Verizon, we don't know that it took corrective measures for ACME organization," Porter said. "We get a lean picture of what's happening without having to share information that could potentially embarrass an organization."

Every year, Verizon adds elements to the VERIS form. This year, due to the popularity of BYOD, or bring your own (mobile) device to work, the survey inserted an item asking whether the targeted devices were employee-owned or corporate-owned. Only 1 percent of cases involved BYODs, according to the report.

Researchers also threw in a question to determine the attack trajectory of malicious software.

"Last year, we had 'installed' and 'injected' combined to describe how malware got into a system," Porter said. "It's important to understand the difference. In order to install something, you have to have access to it, whereas if you're injecting something you don't have to have access already."

Public-private partnerships are at the core of a battle over long-stalled cybersecurity reforms. The debate centers on forcing companies to share network security information that some fear may tarnish their brands.

"At the root of security is secrecy," Porter said. "The framework is designed to collect the bare information that you need that, in aggregate, can help with decisionmaking."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.