March 22, 2012 4:14 am

‘Hacktivists’ stole most data last year

More than half of electronic records stolen last year were by “hacktivists” rather than traditional cybercriminals as a result of the explosion of hacking attacks by ideological groups such as Anonymous and Lulzsec, a study has found.

Analysis of 855 data breaches by Verizon, the US communications group, found that 174m records were stolen through hacking, viruses and other electronic intrusions in 2011, the second-highest since its Data Breach Investigations Report began in 2004.

Fully 58 per cent of those 174m records were stolen by hacktivists, due in part to a handful of very large breaches involving tens of millions of items of email, customer data or payment information. This marks a sharp contrast with previous years when the vast majority of attacks were conducted by financially motivated criminals.

The report incorporates information from Verizon’s own clients and from law enforcement groups in the US, UK, Australia, Ireland and Holland, making it a reasonably representative sample of cybersecurity breaches, despite a large portion of online attacks going undetected or unreported.

Hacktivists such as Anonymous did disproportionate amounts of damage to their victims, relative to the frequency and sophistication of their attacks, Verizon found, as they were responsible for just 3 per cent of the 855 attacks analysed.

Anonymous, which says it campaigns for free speech online and other libertarian causes, and its offshoots Lulzsec and Antisec, which aimed to prove the general weakness of corporate and government security online, struck at targets including Sony, Nintendo, the Central Intelligence Agency and the UK’s Serious Organised Crime Unit.

These groups targeted a different kind of information, with 95 per cent of data stolen involving personally identifiable information last year, compared with 1 per cent in the previous year. In 2010, 96 per cent of records stolen were payment cards.

Law enforcement authorities around the world have co-ordinated dozens of arrests, mostly of young men, who they allege form a large part of Anonymous’s leadership, though few cases have yet to come to trial. Last month, the US Department of Justice revealed that Hector Monsegur, a New Yorker, had admitted to a series of online attacks under the hacker mantle Sabu before turning informant on his former cronies, working undercover for the Federal Bureau of Investigation for several months.

Branding 2011 the “year of the hacktivist”, Wade Baker, Verizon’s director of risk intelligence, said last year may prove to be a “high water mark” for such attacks.

“They’ve managed to arrest quite a few people,” Mr Baker said of Anonymous and its affiliates. “When that happens there is a crackdown. I think that is going to have an effect, but Anonymous is a movement not a group – it’s harder to bust up.”

Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from and redistribute by email or post to the web.


Sign up for email briefings to stay up to date on topics you are interested in