New Hacker Plan: Don't Steal Data, Change It

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.wfmynews2.com/story/homepage/2015/12/02/new-hacker-plan-dont-steal-data-change/76707022/


You know hackers around the world are working nonstop to steal your
personal information. But there's a new, much bigger threat emerging right
now.

It has the power to cost you money, put your family at risk, or even open
up America to a real-world attack. I'm looking at the newest hacker threat
-- experts are warning that instead of only stealing your data, hackers
will start changing your data.

What if a hacker hit your bank and got into your financial records? That's
bad.

But what if that hacker changed your records? Even something subtle, like
turning all the 5's into 4's?

Do that to a million more people, and that one hacker could destroy the
trust in an entire bank's records. Do it enough, and trust in the whole
American economy is gone.

That is the cybersecurity threat experts say is coming next.

"Everything with cybersecurity is evolving. Every day, it's something new.
For example, six months ago, no one talked about the data being changed,"
Sri Sridharan told me.

He runs the Florida Center for Cybersecurity. From a secret location at
University of South Florida in Tampa, they work with universities and
others to spot, study, and stop the cyber attacks of the future.

"It's just a matter of time before somebody does it successfully that has
enormous consequences to a firm, or a nation, or an economy," Sridharan
said.

An entire economy? Is the risk really that massive? Just one tweet shows
how much damage even a little wrong information can do.

Two years ago, Syrian hackers got control of the Twitter account for the
Associated Press. They posted, worldwide, that President Obama had been
hurt in explosions at the White House.

The Dow plunged! In minutes, $136 billion worth of investments had been
wiped out by one phony fact.

The stock market recovered, but Sridharan and experts at the Pentagon say a
whole range of future attacks could bring pain that lasts.

Change bank data? Our economy tanks.

Change drug company data? Dangerous medicine ends up in your pharmacy.

Change power company or nuclear power plant data? Outages or disasters.

Change police, CIA, or military data? America opens up to crimes or attacks
in the real world.

How can we prevent this? I asked the first head of U.S. Cyber Command,
retired General Keith Alexander.

"Well, I think it all comes down to securing your network… keeping
adversaries and other people out of your data," Alexander told me.

To do that, he wants Congress to set up a nationwide way to share
information on attacks.

"A defensible architecture that works company-by-company… with the
government, and then with our allies. That's where we've got to get to," he
told me.

But Sridharan says a system like that could still be years away.

"Congress has been put on notice," Sridharan told me. "What they do about
it is a different thing."

For now, online, you need to watch your own back. Here's how:

Don't share sensitive numbers over social media or even in an email.
Use different, strong passwords for important accounts.
Don't open questionable emails or links -- just delete them.
Print out or save your bank statements to help find fraud or spot any
unexpected changes.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!