Hacktivists Pilfered More Data Than Cyber Criminals in 2011

Hacktivists like Anonymous and LulzSec stole more data than cyber criminals in 2011, even though they didn’t commit as many breaches.

Verizon’s threat report, which looked at 855 breaches across 174 million stolen records, found hacktivists got their mitts on 58 per cent of all pilfered data, yet they were behind just two percent of breaches.

Hacktivists stole over 100 million records in 2011, almost twice as many as financially-motivated cyber criminals.This was largely due to the fact that activists target large organisations sitting on rafts of records, whereas everyday cyber criminals go for the lowest hanging fruit and steal whenever and wherever they can.

Simple skills

Groups like Anonymous and LulzSec have hit major companies with relatively simple hacking techniques, such as SQL injection. Verizon found 97 percent of breaches “were avoidable without the need for organisations to resort to difficult or expensive countermeasures.”

Keylogging, or use of spyware to watch over victim activity, was responsible for more data breaches than any other threat. Number two was exploitation of default or guessable credentials, three was use of stolen login credentials.

“The type of attacks being used are not that advanced,” Jay Jacobs, senior consultant at Verizon, told TechWeekEurope. “They are going to stick to stuff that works. I don’t know if we can say hacktivists aren’t that advanced. It’s clear they don’t have to be advanced to get what they’re after.”

The insider threat has now been minimised too. Just four percent of breaches were down to employee mistakes or malicious behaviour.

There has also been a notable shift to SMEs, as hackers look to go for smaller companies without solid security stacks.

“We see hackers setting up these opportunistic attacks, where they scan basically the entire internet looking for vulnerable point of sale systems. They are going after the softer targets and it’s a much smaller haul for them,” Jacobs added.

“They look for default credentials or easily guessable credentials, log in, drop some malware in there to do some keylogging and that keylogger will then pick up the swipe of a credit card.”

Law enforcement continues to try and clamp down on hacktivism, with numerous arrests made over the past year. LulzSec suspect Ryan Ackroyd, an unemployed 25-year-old from Mexborough in South Yorkshire, appeared at Westminster Magistrates’ Court charged with conspiracy to bring down the websites of the CIA and the UK’s Serious Organised Crime Agency.

How much do you know about security? Test your knowledge with our quiz.