'Hacktivists' stole 58% of thieved data in 2011

@CNNMoneyTech March 22, 2012: 5:44 AM ET
Verizon's most recent report on data breaches shows Anonymous and other hacktivists' capabilities are on the rise.

Verizon's most recent report on data breaches shows Anonymous and other hacktivists' capabilities are on the rise.

NEW YORK (CNNMoney) -- Anonymous and other "hacktivist" groups rose to new prominence in the cybercrime universe last year, and a new report shows that they made some serious mischief.

Verizon's (VZ, Fortune 500) annual Data Breach Investigations Report, released Thursday, found that hacktivist groups were responsible for 58% of all data stolen last year. The telecom giant compiled data breach information from its customers and from law enforcement agencies in five countries.

The hacktivists' success is partially due to the sharp rise in the number of attacks Anonymous and its peers launched last year. Verizon, which has been tracking hacktivist activity since 2004, said that last year's collection of hacktivist breaches exceeded the total from all previous years combined.

That trend is "probably the biggest and single most important change" in this year's report, said Bryan Sartin, head of Verizon's data breach investigations team.

When online hacktivism first started in the 1990s, most of what the attackers accomplished were website defacements and denial of service attacks -- annoyances more than serious problems.

How they hack you

But last year, Verizon began to notice what it calls a "major shift" in hacktivist activity. In addition to their usual methods, Anonymous and its cohorts were starting to launch data breach attempts against their targets, in what became a new "core tactic" for the groups.

"2011 saw a merger between those classic misdeeds and a new 'oh by the way, we're gonna steal all your data too' twist," Verizon said in its report. "This re-imagined and re-invigorated specter of 'hacktivism' rose to haunt organizations around the world."

Here's a startling twist: Verizon found that in many cases the denial of service attacks served as diversions. The hacktivists would often publicly announce a big attack, and the target would dedicate all of its resources to stopping that. While that was happening, hacktivists would go in unnoticed and steal some company data.

"It's the old bait-and-switch," said Sartin. "That concept, as basic as it seems, is a level of ingenuity we've never seen before."

In all, hacktivist groups stole more than 100 million records last year, almost twice the amount of data captured by financially motivated cybercriminals.

Still, just 2% of all attacks could be attributed to Anonymous and its peers. The vast majority of online data thieves remain professional criminals looking to steal information that can lead to money.

The cost of cybercrime

So why did hacktivists manage to grab so much more data than the pros?

Those big-time cybercriminals -- typically organized crime rings -- are usually surgical in their attacks. They take a "rinse and repeat" approach, stealing small chunks of data on a massive scale.

Hacktivists, on the other hand, go after big organizations, since their goal is to get the public to notice them. Some prime targets of Anonymous and other hacktivists last year included News Corp. (NWS), Sony (SNE), PBS, the Federal Bureau of Investigation, Central Intelligence Agency, Department of Justice, and a multitude of security firms.

The "good" news is that most of what hacktivists stole was relatively benign data. Customer lists of names, usernames and e-mail addresses were the most commonly grabbed data. Hackers were rarely able to capture -- or perhaps didn't go after -- more sensitive data like credit card information or passwords.

But it wasn't all "protest and lulz," Verizon said. Sartin now thinks that hacktivists are a more significant threat than previously believed.

Fighting the cyber Mafia

"The numbers suggest clearly that people need to reevaluate how they view the capabilities of hacktivists," he said. "The tools, tactics and methods of advanced persistent threats and hacktivists are largely the same."

Traditional cybercriminals are also upping their game.

Cybercriminals last year went after end-user devices like ATMs, laptops and smartphones much more often than they did in previous years. Those devices accounted for 60% of all attacked targets, and Sartin said he wouldn't be surprised if smartphones make up the majority in 2012.

In all, Verizon said it and its partners recorded 855 data breaches, encompassing 174 million compromised records. That represented the second-highest total since Verizon's report was first issued in 2004. To top of page

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer.

Morningstar: © 2014 Morningstar, Inc. All Rights Reserved.

Factset: FactSet Research Systems Inc. 2014. All rights reserved.

Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved.

Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor’s Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2014 and/or its affiliates.