BreachExchange mailing list archives
New Hacker Plan: Don't Steal Data, Change It
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 3 Dec 2015 18:41:03 -0700
http://www.wfmynews2.com/story/homepage/2015/12/02/new-hacker-plan-dont-steal-data-change/76707022/ You know hackers around the world are working nonstop to steal your personal information. But there's a new, much bigger threat emerging right now. It has the power to cost you money, put your family at risk, or even open up America to a real-world attack. I'm looking at the newest hacker threat -- experts are warning that instead of only stealing your data, hackers will start changing your data. What if a hacker hit your bank and got into your financial records? That's bad. But what if that hacker changed your records? Even something subtle, like turning all the 5's into 4's? Do that to a million more people, and that one hacker could destroy the trust in an entire bank's records. Do it enough, and trust in the whole American economy is gone. That is the cybersecurity threat experts say is coming next. "Everything with cybersecurity is evolving. Every day, it's something new. For example, six months ago, no one talked about the data being changed," Sri Sridharan told me. He runs the Florida Center for Cybersecurity. From a secret location at University of South Florida in Tampa, they work with universities and others to spot, study, and stop the cyber attacks of the future. "It's just a matter of time before somebody does it successfully that has enormous consequences to a firm, or a nation, or an economy," Sridharan said. An entire economy? Is the risk really that massive? Just one tweet shows how much damage even a little wrong information can do. Two years ago, Syrian hackers got control of the Twitter account for the Associated Press. They posted, worldwide, that President Obama had been hurt in explosions at the White House. The Dow plunged! In minutes, $136 billion worth of investments had been wiped out by one phony fact. The stock market recovered, but Sridharan and experts at the Pentagon say a whole range of future attacks could bring pain that lasts. Change bank data? Our economy tanks. Change drug company data? Dangerous medicine ends up in your pharmacy. Change power company or nuclear power plant data? Outages or disasters. Change police, CIA, or military data? America opens up to crimes or attacks in the real world. How can we prevent this? I asked the first head of U.S. Cyber Command, retired General Keith Alexander. "Well, I think it all comes down to securing your network… keeping adversaries and other people out of your data," Alexander told me. To do that, he wants Congress to set up a nationwide way to share information on attacks. "A defensible architecture that works company-by-company… with the government, and then with our allies. That's where we've got to get to," he told me. But Sridharan says a system like that could still be years away. "Congress has been put on notice," Sridharan told me. "What they do about it is a different thing." For now, online, you need to watch your own back. Here's how: Don't share sensitive numbers over social media or even in an email. Use different, strong passwords for important accounts. Don't open questionable emails or links -- just delete them. Print out or save your bank statements to help find fraud or spot any unexpected changes.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- New Hacker Plan: Don't Steal Data, Change It Audrey McNeil (Dec 04)