Verizon: Organized crime behind data breaches

Of the 285 million records compromised in the 90 confirmed network breaches Networx vendor Verizon examined last year, 91 percent were linked to organized crime. And only a third were publicly disclosed.

With increasing supply and falling prices, criminals have had to overhaul their processes and differentiate their products to maintain profitability, the report states. Their method: Target points of data concentration or aggregation to get the most valuable information.

“The big money is now in stealing personal identification number information, together with associated credit and debit accounts,” the report states.

In the "2009 Data Breach Investigations Report" released April 15, the Verizon Business Risk Team based its results on evidence the company collected during data breach investigations from 2004 to 2008, with 2008 events forming the primary analytical focus.

Although financial organizations were the biggest targets, 13 percent of the team’s caseload were companies that had recently been merged or acquired. “Mergers and acquisitions bring together not only the people and products of once separate organizations, but their technology environments as well,” the report states. “Integration rarely happens overnight or without a hitch. Technology standards are sometimes set aside for the sake of business expediency.”

The report also quashed the widely held belief that insiders perform most hacks: 74 percent of the breaches were from external sources, such as organized crime and government entities.

However, hackers were greatly aided in their activities by the victims, with 67 percent of breaches resulting from someone taking advantage of a vulnerability to hack into a network and install malware to collect data.

More than 80 percent of attacks occurred in Eastern Europe, East Asia and North America, the report states. “Though it’s tempting to pander to hype surrounding state-sponsored attacks from Asia, we find no evidence to support the position that governments are a significant source of cyber crime,” Risk Team members wrote. However, evidence is strong that malicious activity in Eastern Europe is the work of organized crime, they added.

The Verizon team “regularly interacts with governmental agencies and law enforcement personnel from around the world to transition case evidence and set the stage for prosecution,” the report states.

Tips to protect your data:

  • Ensure the essential controls are met.
  • Find, track and assess data.
  • Collect and monitor event logs.
  • Audit user accounts and credentials.
  • Test and review Web applications.

About the Author

Sami Lais is a special contributor to Washington Technology.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.