The huge scale of theft of personal records from industry and governments led to 2014 being described as the “Year of the Data Breach”. An estimated 3.4 billion records have been lost worldwide since 2013, according to an industry database tracking the trend. But if the scale of the loss is hard to fathom, the motives and identity of the suspects behind them can be harder still.
The line that previously divided hacktivists, criminals and outsourced, state-led efforts at espionage have become blurred, a report by the European police agency said last month. Criminals are increasingly adopting the long-term tactics of highly skilled, highly motivated groups often charged by a state to break into critical systems of rival nations and steal information. “Even though cyber sabotages have been infrequent so far, attacks on critical infrastructures are a threat that is here to stay,” said Europol.
When Russia invaded Georgia in 2008, patriotic hackers were given the technological tools to carry out cyber-attacks to back the military efforts, according to analysts; similar attacks were used against Ukraine six years later. The covert state activity led one academic to liken the hackers to the privateer ships in the Elizabethan era sent off to attack treasure ships of enemy nations.
Europol said there was a blurring of the lines between groups who broke into critical infrastructure systems to steal information and profit-driven cyber criminals – “with both camps borrowing tools, techniques and methodologies from each other’s portfolios”.
Cyber crime remains a growth industry and data is one of the most sought-after prizes; the majority of malware [malicious software] created by criminal technologists is designed to obtain it. The theft of information leads to secondary crimes of fraud and extortion.
The clumsily worded statement that followed the cyber-attack on TalkTalk led one security analyst to scoff that the claim of responsibility appeared to have come via Google Translate.
But the online release gave few clues to suggest whether “The Web of Haram” was a jihadist-inspired attack, a cover for a Russian-backed attempt to create economic mischief, or the work of a disaffected schoolboy operating from his bedroom.
The growth of the market in hacking tools has allowed a new broad base of “unskilled, entry-level” cyber criminals to launch attacks on a scale way beyond their own technical ability.
Partly because of this, companies have come to see data breaches as inevitable, and the response of organisations affected is crucial. The repeated and continuing failure of TalkTalk to encrypt the personal data of its customers suggests that its response has fallen badly short.