Big Data Analysis Makes Breaches a Greater Threat to Cyber-Security

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.eweek.com/security/big-data-analysis-makes-breaches-a-greater-threat-to-cyber-security.html

A few days ago I reported on the theft of some outdated employee
information from the Department of Homeland Security and the Federal Bureau
of Investigation.

The data, which included names, titles, email addresses and office phone
numbers of employees, was of limited use to someone attempting identity
theft. However, the less known fact is that it could actually be a windfall
for a foreign intelligence agency.

That's because when combined with other data from a broad variety of
sources it can be used to paint an accurate picture of individual
government employees in extreme detail.

It works like this: A hacker commits a breach into a government site and
either posts the list of names for free, as was the case with the DHS and
FBI data, or attempts to sell it, which is what happens with more valuable
data such as health care records and credit card accounts.

An astute intelligence agency acquires the data, regardless of the source,
and hangs on to it. As new breaches happen, the agency gathers potentially
related data that is included in what has effectively become a vast data
warehouse of government employees.

This compilation of personal information is bad enough, but when the bad
guys perform data analysis, the risk to national security skyrockets. This
is why "national security has to begin with cyber," said Dipto Chakravarty,
senior vice president of engineering for security at CA Technologies.
Chakravarty said that cyber-security is the hardest challenge for national
security.

"I think what happens is that stealing data is easy," Chakravarty said. He
pointed that information on how to find the various successors to the now
closed Silk Road underground market is readily available on the dark web.

Once data, such as the employee lists stolen from the Department of
Justice, is combined with other readily available information, the data can
tell some important stories. He said that with big data analysis tools,
it's easy to find a person's patterns and habits, where they routinely
travel, how they spend their money and any activities they're involved in
that could make them subject to exploitation.

Here's an example of how this all might happen. A foreign intelligence
service perhaps has a list of employees for a critical government agency,
such as the National Security Agency, which could have happened, since the
health insurance plan used by that agency was breached two years ago.

The foreign intelligence analysts compare that list against credit card
activity available because of a different, unrelated breach. That credit
card data reveals a series of hotel stays and restaurant charges in an
overseas location that the staffers being examined don't normally visit.

When a few other employees of the same agency are examined, they also
exhibit related activities in the same location, perhaps charges at nearby
hotels or dinners at the same restaurant.

Big Data Analysis Makes Breaches a Greater Threat to Cyber-Security


Airline records obtained in a breach would confirm when those employees
have traveled and where they came from. Suddenly, you now have the
beginnings of a picture of some operation that this agency has carried out.

While such travel data won't reveal a purpose of that hypothetical meeting,
other information could. For example, if you have the person's job title
and work location, as you would have had from the FBI data breach, then
you'd know if there might be a meeting on a topic within their specialty.

Compare that with other hotel stays and other airline arrivals, and you
might be able to see whom they're meeting with. While this may sound like a
large collection of a lot of tiny details, this is exactly the sort of
analysis that works best with big data. All you need is access to many
small details over a lot of data.

"You can predict what they're going to do, where they're going to be,"
Chakravarty explained. He said that with the right data, you can understand
a person's behavior and their motives and from that you can usually
determine their intent. "We get so paralyzed by an ocean of information,"
he said. "Most people don't know what to ask for."

Part of the reason many people don't know what to look for is because
they're looking for the wrong thing. While there are plenty of specifics
that might be useful on some level, it's the big picture that really shows
up if you know how to look for it. That technique is called data looming.

Just as a loom is used to create patterns into woven fabric, data looming
is a way of looking at big data to reveal patterns inside data. If you
examine all of that data that's been gathered, it's possible to find those
pattern and then discover actions or vulnerabilities that may not appear by
examining each data set separately. But this is only possible with enough
data.

The national security challenge, then, is to deny the bad guys the data
they need to perform their data looming, to make it impossible to discover
those patterns in the data. Without those patterns, it becomes much more
difficult to determine how those employee records fit into an overall
picture.

Unfortunately, with the low level of security currently being displayed by
the U.S. government, the data needed for big data analysis or data looming
is far too easy to get. While it's unlikely that President Obama's $19
billion cyber-security project will make it through Congress, the need is
there even if the method is wrong.

Cyber-security is critically needed, of course, but it needs to start at
the retail level, one agency, one credit card provider at a time. That big
effort is probably doomed, but lots of small efforts would make a bigger
difference anyway.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.