By Mark Milian, CNN
June 23, 2011
(CNN) — From scanning news headlines over the last couple of months, you might think the walls around Internet strongholds are made of rotting wood.
Yet the frequency of data breaches actually hasn’t increased dramatically, according to security experts and reports compiled by nonprofit advocacy group Privacy Rights Clearinghouse.
What appears to be changing is how quickly companies are publicly disclosing network intrusions and the breadth of information stolen in each case. Those factors, in turn, spur the rabid media attention that’s being given to digital security.
More personal info is being nabbed as part of these break-ins because, simply, each company is taking in reams of data from more customers. As Web usage grows and becomes more personalized, so too do the databases that store the names, addresses and, in worse instances, credit card numbers that are routinely dispensed over Internet lines.
Still, the incidents, with new targets popping up every week, are no less frightening.
Several national governments are on the defensive, while simultaneously exploring ways to use cyber tactical strikes to their own ends.
Google said last year that a widespread intrusion into its system originated in an area that’s home to a national security branch of the Chinese army and then blamed the Chinese government for slowing access to its services. A U.S. diplomatic cable made public by WikiLeaks charged that the Chinese government ordered the computer hacking, according to a report in The New York Times. Chinese officials denied any involvement in the attack.
Hackers from China, Russia and other countries reportedly penetrated the U.S. electrical grid in 2009. U.S. federal agencies have used digital detective work in countless investigations. President Barack Obama signed executive orders more than a month ago that provide guidelines for how extensively U.S. international military forces can use cyberwarfare, The Associated Press reported on Wednesday.
But the cyberattacks that directly affect millions of people (Whoops! Bank account is empty!) are also getting attention from regulators. The FBI is pitching in to help companies make sense of system intrusions, as in the case of Sony.
The Japanese tech giant has become a recent poster child for data mismanagement. Sony’s systems have been breached 20 times in the last two months or so.
Hackers accessed 177,000 e-mails from the French website of Sony Pictures last weekend. About two weeks earlier, hacker group Lulz Security obtained more than 1 million e-mail addresses, passwords and other personal info from the U.S. Sony Pictures.
Those, of course, pale in comparison to the more than 100 million accounts, many of which had credit cards on file, from PlayStation and other Sony game networks.
The PlayStation hack was the biggest on record (many institutions have never publicly disclosed the details of past data theft) since a combined 130 million credit and debit card numbers were taken from Heartland Payment Systems and some retail chains, including T.J. Maxx, several years ago.
Before that, 26.5 million people’s information and some Social Security numbers were taken from U.S. Department of Veterans Affairs computers in 2006. A year before that, CardSystems fumbled info from 40 million accounts.
The scope of these intrusions wasn’t fully understood until years after they had happened.
But U.S. regulators have become less patient. A congressional inquiry to Sony executive Kazuo Hirai asked why the company took so long (a week or two) before releasing details about stolen subscriber info or the fact that credit card numbers were taken.
“As soon as you figure out there’s a breach, you have to put it out right away,” said Jeff Carter, the development chief for security firm Hoyos Group. “After the Sony breach, it finally reached a maturity level that caught everyone’s attention.”
Security consultancies, including Carter’s, began receiving calls after the Sony incidents from companies suddenly more concerned about locking down their systems. For example, Carter said his group saw an influx in requests from video-game makers, as well as from financial institutions.
Banks and credit card processors are typical targets for rogues proficient in circumventing computer security who are trying to find a big payday. But entertainment companies, not traditionally hoarders of customers’ info, have found themselves in the crosshairs of high-profile hacker collectives that identify themselves as nerdy gamers and purveyors of Web culture.
The hacker group LulzSec, fresh off its raid on Sony Pictures, offered to help Sega investigate a recent break-in that exposed 1.3 million accounts. “We love the Dreamcast,” a spokesperson for the group wrote, referencing Sega’s cult classic game console. “We want to help.”
Sony uncovered a file after one of its incidents that suggested the group Anonymous might be behind the attacks. Anonymous denies the charge. Sony says it still hasn’t uncovered the names of the culprits.
As this novelty plays out — the prominent and enigmatic cyberpunks, the flailing conglomerates, the superpower nations issuing declarations on cyberwar — interest in the data-hacker phenomenon grows. Even though it’s all been an open secret for years.