Big hacks, big data add up to blackmailer's dream

Do the data records stolen in a pair of recent hacks signal the start of something more sinister?
Written by John Fontana, Contributor

While breach reports often fixate on the number of records stolen, accounts compromised and people affected, the real question is what will hackers eventually do with the data they've collected.

It isn't a game of catch and release anymore. The thrill is not the hack, but the potential financial gain. Is an initial hack a first act to be followed by an intermission and a concluding horror show?

"When you look at it today ... almost 80 percent of [hackers] are in the business for profit," Al Berman, president of New York's Disaster Recovery Institute International (DRI), told the website Techtonic.

That's a troubling statement when you look at two recent hacks that cut into the same vertical industry and included a number of people in highly compromised positions.

The word blackmail comes to mind.

Consider the Office of Personnel Management (OPM) case with 22 million stolen records on current, former, and prospective federal employees juxtaposed to some suspected 15,000 email addresses in the Ashley Madison hack, minus the fakes, that trace back to government and military domains.

What will the results contain in a hacker's big data analysis of those unlucky enough to be caught up in both breaches. It's uncertain, but it could very well ring like a Las Vegas slot machine.

"We are aware of the reporting," is all the Pentagon would say after the Ashley Madison hack. In reality, what they said likely said it all. One person working in a federal agency focused on security told me the fear of blackmail is the ongoing discussion topic.

People with security clearances and sensitive information, combined with verified extramarital affairs must rank as a blackmailer's easiest target.

With a billion records stolen by hackers in 2014 and likely that and more when 2015 is complete, hacking appears to be creating the premiere big data archive of all time. These cross-referenced data breaches may become the norm, exploding months or even years after the initial hack.

Part of that may not even be financial, but done to weaken the stability of an organization. The government worries about hackers who may change or manipulate data in order to influence an outcome down the road. Altered or destroyed records could taint the integrity or credibility of an employee or wipe them off the map.

Last week, Jason Waxman, vice president and general manager of Intel's cloud platforms group, told investors, "This is the dirty little secret about big data: No one actually knows what to do with it."

He was talking about the enterprise, because it looks certain hackers know exactly what to do with it. Researchers at Carnegie Mellon University put the annual global costs of online crime at around $3 billion to $4 billion.

Eventually hackers may push those numbers to even more unbelievable heights and discover big data analytics as the quickest tool in their box.

The concern then becomes a hack that unfolds in two stages: impact on reputation, customers, executive officers and costs as the staggering punch in the initial breach, and then the more potent strike, the post-hack financial knockout blow.

Not to mention potential national security concerns and the prospect of physical harm or even the death of employees, federal or otherwise.

The hack is moving into a different shadow and it's shaping up to be more sinister than what we've seen so far.

Editorial standards