Wednesday, April 15, 2009

Glimpses into the 21st Century Threat Matrix: 285 Million Records Compromised, Success of Twitter Raises Issues, and German Insight on GhostNet


Our forensics team analyzed thousands of data points from investigations around the world – including many never publicly reported – and found that in 2008 alone, more than 285 million records were compromised. That’s more than the previous four years combined. 2009 Data Breach Investigations Report

Four variants of the worm hit Twitter, bringing back memories of the infamous -- and groundbreaking -- Samy worm that snaked through MySpace several years ago. ... Each wave of the worm attacks was more intense than its predecessor, according to a post on the official Twitter blog. SC Magazine, 4-13-09

German intelligence also detected a noticeable increase in cyber attacks before meetings between Merkel and the Dalai Lama. The hackers appear to be particularly interested in the Tibet issue. Der Spiegel, 4-10-09

Glimpses into the 21st Century Threat Matrix: 285 Million Records Compromised, Twitter's Success Raises Issues, & German Insight on GhostNet

Here are some news items, data trends and background stories you might find useful.

The Verizon Business RISKS Team's 2009 Data Breach Investigations Report has been released. It is worthy of your attention. -- Richard Power

Our forensics team analyzed thousands of data points from investigations around the world – including many never publicly reported – and found that in 2008 alone, more than 285 million records were compromised. That’s more than the previous four years combined. The 2009 Verizon Business Data Breach Investigations Report offers an objective view of these data breaches, including analysis that we believe will be helpful to the planning and security efforts of our readers.
Here are just a few of our findings:
* 91% of all compromised records were attributed to organized criminal groups
* 99.6% of records were compromised from servers and applications
* 74% resulted from external sources
* 69% were discovered by a 3rd party
* 67% were aided by significant errors
* 32% implicated business partners
2009 Data Breach Investigations Report

Click here to view the full report.

The recent multiple worm assaults on Twitter raises some interesting issues, e.g., as SC Magazine's Chuck Miller writes in the news item excerpted here, "the threat of client-side attacks across social networking sites."

Twitter was struck by a particularly nasty cross-site scripting worm over the weekend, again bringing to light the threat of client-side attacks across social networking sites.
Four variants of the worm hit Twitter, bringing back memories of the infamous -- and groundbreaking -- Samy worm that snaked through MySpace several years ago. ... Each wave of the worm attacks was more intense than its predecessor, according to a post on the official Twitter blog.
SC Magazine, 4--13-09

But another even bigger issue to ponder is what is means when a technology of any sort (e.g., hardware or software, social networking or telecommunications) can establish such an extraordinary user base so rapidly. According to comScore, "worldwide visitors to Twitter approached 10 million in February, up an impressive 700+% vs. year ago." "The past two months alone have seen worldwide visitors climb more than 5 million visitors. U.S. traffic growth has been just as dramatic," comScore adds, "with Twitter reaching 4 million visitors in February, up more than 1,000% from a year ago." (For more on this data, click here.

Der Spiegel has an excellent piece on the GhostNet story from the German perspective.

The German government is constantly the target of hackers seeking to insert spy programs into its computer systems. The attacks, often originating in China, are becoming more and more sophisticated. ...
Clues about the hackers can be gleaned from the technical characteristics of an attack, as well as the identities of the target and the subject matter. The aim of the attacks leading up to the chancellor's trip to China, for example, was to ferret out information about issues Merkel wanted to discuss with representatives of the People's Republic.
German intelligence also detected a noticeable increase in cyber attacks before meetings between Merkel and the Dalai Lama. The hackers appear to be particularly interested in the Tibet issue. In January 2008, various German officials received an e-mail with an attached document titled: "Analysis of Chinese Government Policy Toward Tibet." The sender was supposedly a Tibetan organization in the United States. A malicious program was hidden in the analysis.
Der Spiegel, 4-10-09