A recent study by Verizon showed that activist hacker groups have overtaken cybercriminal gangs in the theft of personal and corporate data from internet sites. More than 100 million out of the 174 million records stolen in 2011 were appropriated by groups of hacktivists. The motivations behind these attacks may be ideological rather than directly related to monetary theft, but the effect is the same: Massive losses and fingers pointed at insufficient IT security.

A Watershed Moment in Hacking History

The study found that while organized cybercriminals are still committed to their electronic misdeeds, 58% of all data theft in 2011 was linked to activist groups. This statistic marks a watershed in the history of widespread hacking as ideological issues and the desire to “stick it to the man” take on a prominent position in data breaches over the conventional motivations of appropriating funds illegally. The number of breaches linked to internal employees dropped 13% from the previous year to stand at just 4%, demonstrating that external agents should now represent the primary concern of IT security managers everywhere.

A Shift to Non-Physical Methods

Server security is at the heart of breaches caused by hacktivists as well as seasoned cybercriminals. Ninety-four percent of all the data compromised in 2011 resided on servers, up 18% from the previous year. The manner in which these breaches occurred increasingly skews towards hacking and malware distribution. Eighty-one percent of all breaches were due to some form of hacking attack, up 31% from 2010, and 69% utilized malware, up 20% from the previous year. These twin threat actions have proven to be the favorite tools of external agents, as their mastery of thwarting authentication through stolen or deduced credentials and the leveraging of backdoors has reached epidemic proportions. Physical attacks such as gas pump card reader or ATM machine skimming dropped 19% to just 10% of the total, amply illustrating the shift of cybercriminal activity to vectors that can be implemented in purely non-physical methods over the internet.

Hacktivists vs. Cybercriminals

Hacktivists tend to target a different type of organization than other cybercriminals who are motivated solely by theft of a financial nature. The activist hackers tend to hit larger corporations so that a smaller number of attacks will provide greater volumes of data, while the financial cyberthief will focus on smaller organizations that have fewer or weaker protections. An example is a New England franchise restaurant chain that was targeted by cyberthieves at the individual outlet level as the point of sale servers were connected to the net without having antivirus software or a firewall.

Faulty IT Security Largely to Blame

Echoing the conventional wisdom that the burglar is going to pass on the house with bars on the windows in favor of the one next door that isn’t quite so secure, 79% of all victims were attacked because they incorporated a security flaw that was often easily exploitable, making them targets of opportunity. Of cause for real concern in the IT community is the determination that fully 96% of all attacks were not rated as highly difficult, pointing to the fact that although there are many ways to boost site security they are often not implemented properly if at all. A significant number of these data breaches could have easily been avoided outright if the correct precautions had been integrated into the systems and, most importantly, if they had been applied comprehensively. The study found that a staggering 97% of all breaches could have easily been avoided by the presence of the proper controls of either a simple or intermediate basis.

Another worrisome statistic pointing out widespread failures in IT management is that only 8% of all incidents were actually discovered by the breached party with the balance being recognized by a third party. Furthermore, 85% of all breaches went immediately unnoticed, and took weeks or even months to discover! With the burgeoning aura of the crusading hacktivist flaunting their Vendetta mask to “right the perceived wrongs,” we can expect that 2012 will be another high water mark for hacktivism around the world, their idealism continuing to out-do their money-motivated counterparts.