Report: Hacktivists Out-Stole Cybercriminals in 2011 (fwd)

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.wired.com/threatlevel/2012/03/hacktivists-beat-cybercriminals/

By Kim Zetter
Threat Level
Wired.com
March 22, 2012

Just two years ago, cybercriminal gangs were behind record-breaking data 
breaches that resulted in the theft of millions of customer records. But 
the year 2011 will be remembered as the year hacktivists out-stole 
cybercriminals to take the top data breach award, according to a new 
report released by Verizon on Thursday.

More than 100 million of the 174 million stolen records Verizon tracked in 
2011 were stolen by hacktivist groups, according to the authors of 
Verizon?s 2012 Data Breach Investigations Report (.pdf).

Hacktivists have drastically changed their methods and goals since groups 
like milwOrm and G-Force Pakistan first emerged on the scene in the late 
?90s to deface websites and conduct DDoS attacks for political motivation. 
Last year, activists moved beyond simple website defacements into 
large-scale data theft operations that netted e-mail spools and 
intellectual property from firms like HB Gary and Stratfor, who were 
targeted in high-profile, embarrassing breaches for touting anti-WikiLeaks 
and pro-government stances and services.

?Many, troubled by the shadowy nature of its origins and proclivity to 
embarrass victims, found this trend more frightening than other threats, 
whether real or imagined,? according to the authors of the Verizon report. 
?Doubly concerning for many organizations and executives was that target 
selection by these groups didn?t follow the logical lines of who has money 
and/or valuable information. Enemies are even scarier when you can?t 
predict their behavior.?

[...]

_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.