The “run-of-the-mill” data breach will no longer be a simple “one and done” attack but, instead, will simply become the first step an attacker takes in an elaborate process for theft, extortion, blackmail, and false trust.
Data is only as valuable as the context in which you wish to exploit it.
For example, gaining access to pre-announced financial results of a publicly traded company is not very valuable if you are trying to apply that information to sports betting. And pre-announced financial results are valuable only if you know how investors will react once the results become public – and we know from past experience that this is unpredictable.
On the other hand, certain data comes with implicit context — a good example being a credit card or social security number. Steal these numbers or even contact information, and cyber-thieves will know exactly what to do with them. In fact, these forms of data theft may simply be the first domino in a very complex system of scams to establish false trust between the thief and the victim, or false trust between the thief and a 3rd party. That false trust will be exploited and leveraged for incredibly sophisticated schemes, possibly involving blackmail and extortion.
Recently, authorities arrested three men who masterminded an elaborate ‘pump and dump’ securities fraud. Hackers manipulated stock prices of penny stocks by buying shares in penny stocks and then selling shares in those companies to unsuspecting individuals whose contact information they had stolen. When the victims bought the stocks, the shares rose temporarily – until the hackers dumped their own shares, which caused the stock prices to fall precipitously. Cyber-thieves were the winners – until they got caught – but the unsuspecting victims were the big losers.
Scams like this one should force people to become more vigilant with who, what, and how they authenticate (data and people) but the sad truth is that nothing will likely change. This, in turn, will cause a gold rush of sorts in the early 21st century for criminal enterprises who will prey on the stolen information of people who will resist changing their online habits because they’ve become numb to the daily headlines of data breaches.
Rod Schultz
Vice President Product at Rubicon Labs Inc.