recommended reading

Introducing ThreatWatch: A New Way to Explore the Evolving World of Cyber Dangers

Pavel Ignatov/

Welcome to the World Wide Web of threats. Nextgov's new feature, ThreatWatch, is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves. 

The accompanying map you see illustrates attempted hacks worldwide, in real-time. The dots represent devices distributing malicious software programs that may or may not breach their targets. At the bottom of the page, I've tried to highlight divergent views on the gravity of the cyber threat, with tweets from skeptics, public service announcements from federal agencies, and relatively unbiased newsfeeds. 

While many organizations, including the U.S. government, are reluctant to fess up to weak security, increasingly they are disclosing more to, among other things, help others avoid similar incidents, build trust and comply with privacy rules. 

The samples show trends in how fast infiltrations are detected, how quickly affected individuals are notified, and the types of tricks attackers are using. The suspected perpetrators might surprise you.  As of this writing, there are more internal employees than Chinese-sponsored hackers responsible for data compromises.

What's disconcerting are the holes that organizations failed to discover or neglected to tell victims about until years after the fact, like a newly-disclosed, two-year-old breach at the Texas Comptroller’s Office that exposed Social Security numbers and birthdates of 3.5 million residents.

The exposure of sensitive personal information might be more frequent and far-reaching than the exposure of sensitive government information, like Top Secret intelligence. But, some U.S. officials would say national security compromises present a graver danger to the entire population than identity theft. Conversely, transparency advocates might argue uncloaking government secrecy is democracy in action. Meanwhile, others might consider last week's announcement about a cyber-racket that cribbed 160,000 payment card numbers as more damaging than a city employee reading his mayor's secret emails.  For this reason, the severity rating of each incident recorded on ThreatWatch is subjective.

Caveats: The database is not an index of newly-discovered hacking techniques, spam campaigns, phishing attempts or malware discoveries. It logs successful breaches. And it is not an exhaustive list. I began documenting stories about breaches in November and on average see about three reports a day. They don't all make the cut. Some seem unsubstantiated. And in other cases, I just had too much going on in my own threat reporting to keep track. 

ThreatWatch is not a scare tactic. Many of these misadventures are easily preventable. And every week there are somewhat comical penetrations -- "Hacker breaks into his jail's mainframe during prison IT class" or Japan accidentally sells an old coast guard ship to Pyongyang supporters without destroying onboard navigation records.

You often will see blank entries for the locations of assaults and the locations of assailants. Because of the amorphous nature of the "cloud" and the limitations of computer forensics, it's hard to spot the network coordinates where a culprit enters or where a keyboard is based.  Maybe that unknown will change. And that's another reason for this website. The nature of the threat is always changing. Breaches that seem sophisticated today will be easier to pull off sooner rather than later, so be prepared: Corrupted ATM today; corrupted Google Glass tomorrow.

A note to journalists: When multiple sources are reporting the same hack within days of each other, and there isn't time to identify the outlet with the first scoop, I pick a lucid breakdown. And I apologize for that. Hopefully, you are credited elsewhere in this ever-expanding collection. 

(Image via Pavel Ignatov/

Threatwatch Alert

Stolen laptop

3.7M Hong Kong Voters' Personal Data Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.