Cybersecurity

SPOTLIGHT ON SECURITY

Data Breach? Try Rubbing Some Free Credit Services on It

Before your company finds itself embroiled in a lawsuit over a data breach that spills personal information about your customers all over the Internet, you might want to take a look at some recent research by Carnegie Mellon and Temple Universities.

Data breach victims are six times less likely to file litigation against a company if they receive free credit monitoring following a breach, according to analysis of 230 federal breach lawsuits from 2000 to 2010.

That finding surprised one of the researchers working on the study.

“It was unexpected,” David A. Hoffman of the Temple University James E. Beasley School of Law told TechNewsWorld. “Going in, we would not have said it would have had such a strong effect.”

Good Will

Hoffman hypothesized that credit monitoring may have such a powerful impact of the decision to go to court because it’s often what a court awards plaintiffs in those kinds of cases. “If it’s given before litigation, there’s less incentive to file the case,” he noted.

In addition, credit monitoring could prevent harm, which also removes a reason to take a company to court, he added.

What’s more, it buys good will for the firm. “People could feel better about the firm and be less likely to want to sue the firm if it’s a good actor and proactively sets out to try to reduce the consequences from the wrongdoing,” he maintained.

The Stratfor Memos

A portion of some 5 million emails stolen from geopolitcal analytics company Stratfor were posted to the Internet last Monday by WikiLeaks.

The emails reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations and U.S. military and security agencies, WikiLeaks claimed.

The documents, it added, show Stratfor’s web of informers, pay-off structure and payment-laundering techniques.

In a video posted to the company’s website, Stratfor’s Founder and CEO George Friedman refused to address the accusations leveled against the company by WikiLeaks.

“Some of the emails may be forged or altered to include inaccuracies,” he said. “Some may be authentic. We will not validate either, nor will we explain the thinking that went into them. Having had our property stolen, we will not be victimized twice by submitting to questions about them.”

WikiLeaks did not reveal who gave them the Stratfor emails, but the hacktivist collective Anonymous has claimed responsibility for the break-in.

Anonymous made its own headlines during the week when 25 of its alleged members were rounded up by Interpol in four countries on two continents. In retaliation for the international dragnet, the hackers launched a Distributed Denial of Service (DDoS) attack on Interpol’s website, which took the location offline for less than 24 hours.

The Sin Digoo Affair

The use of malware by both government and cybercriminals to conduct espionage on other governments and corporations is a common practice in the Net underworld, but just how complex it can be was illustrated in research released last week at the RSA conference in San Francisco.

In the report from Dell SecureWorks titled “The Sin Digoo Affair,” the company’s Counter Threat Unit showed how one malware web has reached into government ministries in Vietnam, Bruei and Myanmar, as well as in the Middle East and Europe, where an embassy and nuclear safety agency were also infected.

The unit also found the infections in a regional newspaper and petroleum company in Southeast Asia.

In addition, SecureWorks tied the Sin Digoo network to the notorious RSA breach last year that rippled throughout the defense industry. They discovered that Sin Digoo’s hackers shared some IP addresses with hostnames linked to the RSA break-in.

However, the unit was unable to finger the perpetrator of the RSA attack. “The only thing we can say is these attackers have something in common; they both have access to a certain infrastructure,” Joe Stewart, director of malware research, told TechNewsWorld.

Where did the name Sin Digoo come from? In identifying one of the founders of the espionage net, Stewart discovered they listed as their residence Sin Digoo, California.

“I looked on a map and I couldn’t find a Sin Digoo, California,” he explained. “However, they used a San Diego ZIP code so I assumed they meant to write San Diego; they just didn’t know how it was spelled.”

Breach Diary

  • Feb. 25: Wallace Community College in Alabama was breached and eight email addresses and passwords, as well as 276 usernames, passwords and proper names, were posted to the Internet.
  • Feb. 25: Valley View University in Ghana was breached and a number of email addresses, passwords and full names were posted to the Net.
  • Feb. 27: Registered users of the Microsoft India Store received an advisory from the company that a breach on Feb. 12 may have exposed financial information to a Chinese hacker group known as “Evil Shadow.”

John Mello is a freelance technology writer and former special correspondent for Government Security News.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Cybersecurity

Technewsworld Channels