Welcome to the World Wide Web of threats. Nextgov's new feature, ThreatWatch, is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.
The accompanying map you see illustrates attempted hacks worldwide, in real-time. The dots represent devices distributing malicious software programs that may or may not breach their targets. At the bottom of the page, I've tried to highlight divergent views on the gravity of the cyber threat, with tweets from skeptics, public service announcements from federal agencies, and relatively unbiased newsfeeds.
While many organizations, including the U.S. government, are reluctant to fess up to weak security, increasingly they are disclosing more to, among other things, help others avoid similar incidents, build trust and comply with privacy rules.
The samples show trends in how fast infiltrations are detected, how quickly affected individuals are notified, and the types of tricks attackers are using. The suspected perpetrators might surprise you. As of this writing, there are more internal employees than Chinese-sponsored hackers responsible for data compromises.
What's disconcerting are the holes that organizations failed to discover or neglected to tell victims about until years after the fact, like a newly-disclosed, two-year-old breach at the Texas Comptroller’s Office that exposed Social Security numbers and birthdates of 3.5 million residents.
The exposure of sensitive personal information might be more frequent and far-reaching than the exposure of sensitive government information, like Top Secret intelligence. But, some U.S. officials would say national security compromises present a graver danger to the entire population than identity theft. Conversely, transparency advocates might argue uncloaking government secrecy is democracy in action. Meanwhile, others might consider last week's announcement about a cyber-racket that cribbed 160,000 payment card numbers as more damaging than a city employee reading his mayor's secret emails. For this reason, the severity rating of each incident recorded on ThreatWatch is subjective.
Caveats: The database is not an index of newly-discovered hacking techniques, spam campaigns, phishing attempts or malware discoveries. It logs successful breaches. And it is not an exhaustive list. I began documenting stories about breaches in November and on average see about three reports a day. They don't all make the cut. Some seem unsubstantiated. And in other cases, I just had too much going on in my own threat reporting to keep track.
ThreatWatch is not a scare tactic. Many of these misadventures are easily preventable. And every week there are somewhat comical penetrations -- "Hacker breaks into his jail's mainframe during prison IT class" or Japan accidentally sells an old coast guard ship to Pyongyang supporters without destroying onboard navigation records.
You often will see blank entries for the locations of assaults and the locations of assailants. Because of the amorphous nature of the "cloud" and the limitations of computer forensics, it's hard to spot the network coordinates where a culprit enters or where a keyboard is based. Maybe that unknown will change. And that's another reason for this website. The nature of the threat is always changing. Breaches that seem sophisticated today will be easier to pull off sooner rather than later, so be prepared: Corrupted ATM today; corrupted Google Glass tomorrow.
A note to journalists: When multiple sources are reporting the same hack within days of each other, and there isn't time to identify the outlet with the first scoop, I pick a lucid breakdown. And I apologize for that. Hopefully, you are credited elsewhere in this ever-expanding collection.