recommended reading

Introducing ThreatWatch: A New Way to Explore the Evolving World of Cyber Dangers

Pavel Ignatov/

Welcome to the World Wide Web of threats. Nextgov's new feature, ThreatWatch, is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves. 

The accompanying map you see illustrates attempted hacks worldwide, in real-time. The dots represent devices distributing malicious software programs that may or may not breach their targets. At the bottom of the page, I've tried to highlight divergent views on the gravity of the cyber threat, with tweets from skeptics, public service announcements from federal agencies, and relatively unbiased newsfeeds. 

While many organizations, including the U.S. government, are reluctant to fess up to weak security, increasingly they are disclosing more to, among other things, help others avoid similar incidents, build trust and comply with privacy rules. 

The samples show trends in how fast infiltrations are detected, how quickly affected individuals are notified, and the types of tricks attackers are using. The suspected perpetrators might surprise you.  As of this writing, there are more internal employees than Chinese-sponsored hackers responsible for data compromises.

What's disconcerting are the holes that organizations failed to discover or neglected to tell victims about until years after the fact, like a newly-disclosed, two-year-old breach at the Texas Comptroller’s Office that exposed Social Security numbers and birthdates of 3.5 million residents.

The exposure of sensitive personal information might be more frequent and far-reaching than the exposure of sensitive government information, like Top Secret intelligence. But, some U.S. officials would say national security compromises present a graver danger to the entire population than identity theft. Conversely, transparency advocates might argue uncloaking government secrecy is democracy in action. Meanwhile, others might consider last week's announcement about a cyber-racket that cribbed 160,000 payment card numbers as more damaging than a city employee reading his mayor's secret emails.  For this reason, the severity rating of each incident recorded on ThreatWatch is subjective.

Caveats: The database is not an index of newly-discovered hacking techniques, spam campaigns, phishing attempts or malware discoveries. It logs successful breaches. And it is not an exhaustive list. I began documenting stories about breaches in November and on average see about three reports a day. They don't all make the cut. Some seem unsubstantiated. And in other cases, I just had too much going on in my own threat reporting to keep track. 

ThreatWatch is not a scare tactic. Many of these misadventures are easily preventable. And every week there are somewhat comical penetrations -- "Hacker breaks into his jail's mainframe during prison IT class" or Japan accidentally sells an old coast guard ship to Pyongyang supporters without destroying onboard navigation records.

You often will see blank entries for the locations of assaults and the locations of assailants. Because of the amorphous nature of the "cloud" and the limitations of computer forensics, it's hard to spot the network coordinates where a culprit enters or where a keyboard is based.  Maybe that unknown will change. And that's another reason for this website. The nature of the threat is always changing. Breaches that seem sophisticated today will be easier to pull off sooner rather than later, so be prepared: Corrupted ATM today; corrupted Google Glass tomorrow.

A note to journalists: When multiple sources are reporting the same hack within days of each other, and there isn't time to identify the outlet with the first scoop, I pick a lucid breakdown. And I apologize for that. Hopefully, you are credited elsewhere in this ever-expanding collection. 

(Image via Pavel Ignatov/

Threatwatch Alert

Software vulnerability

Malware Has a New Hiding Place: Subtitles

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.