SciTechBits – Interesting Bits of Science & Technoglogy Served For You!

Your right to privacy is shrinking, but it’s happening quietly without much publicity. Identity theft steals far more than your privacy.  So far in 2009, over 13 million records have been breached! Here are the top privacy breaches this year.

by Angie Porter
Cyberspace is the new Wild West frontier where sophisticated hacking is like having the fastest gun. Man-in-the-middle attacks are common place, while credit card PIN crackers lead the pack of cyber outlaws. Neither SSL websites nor the “smart” grid can be considered safe anymore. Lucifer, AKA a social engineer, may dwell on your friend’s list within instant messengers or social sites. Even if you manage to avoid tweeting your intentions, botnets, or clickjackers, the vast frontier of cyberspace is shrinking in regards to your privacy.

The privacy debacle hall of fame would not be complete without the top breach of the century. This would have to be the privacy piracy conducted by Intelligence Agencies from September 1993 – February 2008. The EFF came out with cyber guns blazing but “to date” has exhausted all administrative remedies with respect to some of the defendants wrongfully withholding requested records. The “whois” makeup is a list of heavy hitters against privacy, including but not limited to this dazzling array of acronyms: CIA, NSA, DHS, DOD, DOJ.

The EFF wrote in its lawsuit, “Using this shadow network of surveillance devices, defendants have acquired and continue to acquire the content of a significant portion of the phone calls, e-mails, instant messages, text messages, web communications and other communications, both international and domestic, of practically every American who uses the phone system or the internet.”

Who else is stealing your privacy and your identity? Lax security threatens to crash the cyber ecosystem. Identity Theft Resource Center (ITRC) reports 342 identity theft breaches and 13,160,647 exposed records in 2009 alone. ITRC does not count stolen encrypted records as data exposure and their breach database only includes what they consider previously published records from credible and reliable sources. (Link)

41.8% of the breaches happened within the business sector, making business the highest percent of breaches but not the highest number of records compromised. The dubious honor of most exposed records belongs to the medical and healthcare industry. Running totals for this year include top offenders in each category:

• The Medical/Healthcare industry has had 41 breaches that compromised 8,694,040 records. Virginia Department of Health Professionals was the top offender in this category so far in 2009 with a whopping 8,257,378 exposed records.
• The Business sector has had 143 breaches that exposed 886,889 records. Network Solutions recently publicized breach leaked 573,928 records.
• The Banking/Credit/Financial industry has had 45 breaches to crack 25,082 records. Top offender in this industry is reported as an “unknown” payment processing gateway where 19,000 records were stolen.
• The Government/Military has reported 64 breaches and that revealed 3,102,636 records. 1,000,000 records were exposed by top offender Oklahoma Department of Human Services. This is not the first time Oklahoma has suffered from a deficiency of common sense and bad coding. The Oklahoma Department of Corrections leaked tens of thousands of social security numbers and other sensitive data in 2008. Second place in the WTF were you thinking awards goes to Arkansas Department of Information Services where 807,000 records were compromised. In comparison, Virginia Prescription Monitoring Program leaked a mere 531,400 records.
• Educational institutes report 48 breaches for 437,500 records now in the hands of cyber-criminals. 160,000 of those records were stolen from the University of California – Berkley.

Forensics teams analyzed how these breaches were accomplished. According to the 2009 Verizon Business Data Breach Investigations, only 1/3 of the thefts were publicly disclosed. Hacking is the attack method of choice by data thieves. Top level threat categories include:

Note: The sum of the percentages exceed 100 as several breaches fit into multiple categories.

The hacking breaches recorded were again broken down into several categories. The following chart represents the number of hacking breaches in each of the categories, last year:

The best bet to protect your privacy might be darknets, but some brilliant yet malicious soul may soon move beyond that security. Encrypt your data, don’t drink and drive a keyboard, and think before you click. Even if you are careful and wise, the people with whom you do business can leave themselves vulnerable to cyber thieves who will exploit any available weaknesses. Privacy is an endangered entity in the networked frontier where we work and play.