View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Hacktivist steal more data than cybercriminals: report

Verizon report says over half reported instances of stolen data were carried out by hacktivist groups such as Anonymous and LulzSec in 2011

By Vinod

Anonymous members

Hacktivism groups such as Anonymous caused over half of all the known data thefts committed last year, according to a new report.

Verizon’s 2012 Data Breach Investigations Report claims that groups such as Anonymous and LulzSec, who carry out attacks to bring attention and embarrassment to their targets, caused more data breaches than traditional cybercriminals, who targeted organisations for money and IP.

The report examined 174 million stolen records across 855 different data breaches. It is the second highest number of breaches Verizon has seen since it started the report in 2004.

Over half (58%) of the data records stolen were attributed to hacktivism, which Verizon called a "sharp contrast" to previous years where financial gain was the primary driver.

Hacking and malware were the two primary attack methods – hacking was a factor in 81% of breaches and 99% of data lost, Verizon says. The use of hacking and malware has risen sharply in the last year, according to the report.

Despite many headlines about the dangers of socially-engineered attacks, Verizon said "social tactics" were used in just 7% of breaches, down 4% on last year.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

One of the more interesting discoveries of the survey is just how bad defences are at many companies, and how bad they are at detecting attacks.

The report says that many attacks were launched because of opportunity rather than choice, meaning that a vulnerability was discovered in a company’s defences, leading to them being targeted.

In fact, 96% of attacks were not "highly difficult" and 94% of all data compromised involved servers being accessed. Server vulnerabilities rose 18% in the year, the report said. The vast majority (85%) of breaches took "weeks" (rather than months) to discover and 92% were discovered by a third party rather than the victim itself.

Most worryingly, nearly all (97%) breaches were without difficult or expensive countermeasures the report said.

"This re-imagined and re-invigorated spectre of "hacktivism" rose to haunt organisations around the world. Many, troubled by the shadowy nature of its origins and proclivity to embarrass victims, found this trend more frightening than other threats, whether real or imagine," the report stated.

"Doubly concerning for many organizations and executives was that target selection by these groups didn’t follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can’t predict their behaviour," it added.

Anonymous and LulzSec caused havoc across the globe throughout 2010, 2011 and 2012, targeting a wide variety of organisations, ranging from Scientology to MasterCard and government organisations.

The groups target organisations that it claims suppress freedom of speech online while they say their aim is to protect civil rights online.

However in March this year it was revealed that the infamous hacker Sabu, leader of LulzSec, was in fact an FBI informant and had been working with authorities since the summer of 2011. Information he provided led to the arrest of a number of Anonymous and LulzSec members recently.

CBR’s recent in-depth feature on hacking, Hacktivism: Doing it for the lulz?, is available here.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.