Attacks Using Attacks

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 716539

    Comments posted to this topic are about the item Attacks Using Attacks

  • David.Poole

    SSC Guru

    Points: 75198

    Those are incredibly important points.  Let us suppose that I have a product catalogue in a database and an external actor gains read access to that database.  The data they have access to is nothing beyond what I want customers to see.  It's the equivalent of stealing an Argos free catalogue that is in the "Please take one" bin outside every store.

    What will be reported is that my company suffered a data breach.  Headlines and newspapers are not sold with a headline "Free catalogue stolen".  There is instant reputational damage.  This point should be obvious to all employees of any organisation but somehow it doesn't seem to be.

    The "Fake News" aspect is also a worry.  It borders on outright fraud but the rumour and damage can go twice around the world before the truth has got its boots on.

  • BrainDonor

    SSCoach

    Points: 19206

    Disinformation is an old weapon of choice, these days it can travel faster and further.

    Many years ago I can recall the chairman of a company I worked at telling us that he had heard a competitor was in financial difficulties. "The trouble is" he continued "Is that I don't know if it's true or just the rumour that I started, coming back".

    The propensity for people to pay more attention to bad news over good helps disinformation and unverified facts to spread at the speed of gossip - possibly the fastest speed that can be attained.

    Steve Hall
    Linkedin
    Blog Site

  • Eric M Russell

    SSC Guru

    Points: 125032

    When it comes to hacks against corporate or government targets, it is entirely plausible that in many cases the public disclosure itself is of more importance to the hacker than data breached. Stealing 100,000 credit card numbers may only net a few thousand dollars for the hacker, but the damage to the company targeted could cost tens of millions of dollars.

    Also, hacking could be leveraged purely as a tool for manipulation of public opinion, not necessarily opinion of the target itself but rather about information security in general. For example, imagine if someone stole the web browsing or phone call history for all the candidates currently running for US president and then posted the data on the web. A logical first reaction would be to suspect that it's a partisan attack by the opposition in an attempt to influence the election, but then again maybe not. The motive might only be to spark a debate about digital privacy legislation and impact the candidates in a personal way that motivates them into action.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 716539

    The scary thing is that some of these attacks might become commonplace to move stock prices and we'd see criminals do some trading about that. Or they might start to do more ransom type attacks, asking for money before disclosing data, leaving companies in a very difficult position.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply