The story of how HBGary Federal’s network was recently hacked, resulting in the leak of numerous emails belonging to the US cyber-security firm’s employees and bosses has been big news over the last few days.
Leaving the motive as well as the legal and ethical issues to one side, I would like to focus in on another aspect of this incident. What we are currently witnessing here is a shift in the cyber-threat landscape.
As I see it, what happened to HBGary almost exactly echoes some of our main predictions for 2011 which we published in December of last year. We predicted that in the near future we would see:
1. The emergence of new organizers of cyber attacks with new aims;
2. Attacks that aim to steal data of absolutely any type;
3. A rise in attacks targeting corporate users
Of course, those behind the attack on HBGary are not “traditional” cybercriminals and, as far as I can gather, malware was not used. It appears the main tools used by the hackers were vulnerabilities and social engineering techniques.
It’s important to remember that social engineering is always going to be more effective than malicious programs. Human factors can jeopardize any system no matter what level of technological protection it has. Those attacking an organization can achieve so much more with a polite letter than they ever could with the most sophisticated virus.
The HBGary episode is a perfect example of how to organize and carry out a successful attack to steal information. The hackers managed to penetrate the network of an IT security firm that has contracts with government agencies and financial organizations. Anyone with the slightest knowledge of the situation can appreciate the scale and value of the stolen data and the kind of damage it has inflicted on the injured party.
The attack on HBGary only became big news because publicity was the overriding aim of the organizers. It has hit the headlines purely because of the links to WikiLeaks, secret services and so on. However, this is just the tip of the iceberg. Attacks like this are taking place every day and their implications can be far more serious than the HBGary incident.
Far more serious.
In fact information about the vast majority of these attacks never makes it into the news at all.