FYI.

This story is over 5 years old.

Tech

China Is the World's Leader in Cyber-Espionage, Criminals Steal More Data than Hacktivists

The vast majority of hack attacks in 2012 were done with low-tech methods.
This photo was titled "Ninja Hacker" so I had to use it. Via Brian Klug/Flickr

The vast majority of hack attacks in 2012 were done with low-tech methods, with criminals with financial interests responsible for far more data breaches than hacktivists, who relied on DDoS attacks far more than they did in 2011. Meanwhile, China is responsible for nearly all cyber-espionage that was tracked last year.

Those three findings stood out in the 2013 Data Breach Investigations Report (DBIR), an annual look at security and cyberattacks that's put together by Verizon's security team, along with 18 other groups, including folks from the US government. The report looked at 44 million compromised records that were part of 621 confirmed data breaches in 2012.

Advertisement

It's a mega-sized report (you can snag a PDF of the executive summary if you like), but I think those three points really stand out. The first—that low-tech methods still rule when it comes to security compromises—is nothing new. The DBIR states that 78 percent of data breaches it measured initially boiled down to "low" or "very low" tech methods, which mean little or no skill was required.

From the DBIR

That means the usual stuff–laptops, servers, even ATMs—remain the most vulnerable assets. Generally, it's because people still aren't well-versed in security: They don't look out for card-skimmers, they click and download all kinds of Powerpoints and PDFs sent from sketchy sources, get phished regularly, and plug in their porn flash drive into their work computer. What's worrisome about that, at least if you've got sensitive data, is that 62 percent of breaches took months to discover, and 4 percent took years.

Perhaps more relevant to Motherboard's interests, hacktivism in the form of actually breaching security and stealing data pretty much disappeared last year. In 2011, hacktivist were responsible for more than half of data stolen, as measured by last year's DBIR, while this year they made up only 2 percent of all "threat actors." Folks with criminal interests, meanwhile, made up 55 percent. Those folks were looking to make money, targeting finance, retail, and food industries, and especially the woefully unsecure POS systems that make credit card skimming a breeze.

Romania led the world in attackers looking for financial gain.

But all of that card skimming and phishing hardly fits the cloak-and-dagger hacking image we all love to pretend exists. So let's talk about China. Of 120 acts of cyber-espionage recorded by the DBIR partners, 96 percent were attributable to China. As the report states, "the remaining 4% were unknown. This may mean that other threat groups perform their activities with greater stealth and subterfuge. But it could also mean that China is, in fact, the most active source of national and industrial espionage in the world today."

As experts told the Washington Post, China is hardly the only player in the cyber-espionage game, as Russia, Israel, France, the US, and plenty others all fooling around with each other's networks. Also, counting more of China's attacks may be easier because attackers tend to use similar methods; in simple terms, once you figure out someone's style, it's easier to attribute more to them. But still, the scale at which China is trying to compromise other countries' systems is astounding. Of course, that in its own right isn't a new revelation, and the US and others are beginning to fight back.