We seem to hear about a major data breach at a company on a daily basis. Either the media is reporting more or the number of publicly known attacks rises or both. What can we learn from these reports?
It is always data and application that adversaries are after. Although this is a no-brainer, we see new purposes why data gets stolen now.
In the past malicious attackers were after identities and especially their credit card data or whatever else was available to commit business crime. Lately espionage based attacks is on the rise.
The new attack goal seems to threaten a company’s core business.
In the Sony case the attackers exposed movies, before they were even shown in the theaters.
In the Ashley Madison case the attackers published the users’ identities of a service that they regarded unethical. Now Ashley Madison’s future is at stake and maybe the future of some people whose identity got exposed. The attackers might even have been able to seriously harm the business model of paid services to connect people via the internet for special interests that are presumed unethical.
The first analysis of the published data seemed to come to the conclusion, that the whole business might have been a charade. It seemed that there were not enough active users from the opposite sex to make the intended business purpose likely. However, new research seems to prove that bots created accounts. One starts to wonder what happens in other internet businesses where users are charged a fee to connect to others for special interests.
There are larger social issues involved here. We can expect more data breaches where the attackers are not after business crime nor espionage, but exposing data publicly where the behavior and actions of people or companies are presumed unethical if not outright illegal.
Internet pillory will become a new form of data breach performed by global groups of hackers.