These days whenever we hear about cyber-attacks or data breaches, the blame is very conveniently put on some ‘state-sponsored actors’. Whether it was Yahoo’s massive data leak of 2014, disclosed recently or DNC computer hacks, every time the fingers are pointed at state-backed criminals. But that’s not really the case.
According to breach expert Troy Hunt, contrary to popular belief, most of the data breaches stem from either criminal activity or "kids messing around".
In an interview with The Register, Hunt, operator of the breach notification service Have I Been Pwned said that “Blaming state hackers has become like a ‘dog ate my homework’ excuse.”
Just like Cybersecurity firm InfoArmor, Hunt also sees the little weight in Yahoo’s contention that its servers were breached by state-sponsored actors that resulted in half a billion accounts being exposed.
Hunt says that sometimes datasets are leaked online when they are “no longer profitable to sell” like in the case of a LinkedIn breach. However in cases like Ashley Madison, where hackers immediately leaked the purloined data as wide as possible was to embarrass and pressurize the business.
Hunt also spoke about TalkTalk as “negligent” over its October 2015 reach and criticized the record £400k fine imposed by data privacy watchdogs at the ICO as inadequate to serve as any warning.
“TalkTalk was fined 0.02 percent of revenue, something that will have no impact on its business,” Hunt said. “TalkTalk was hit by a 15-year-old kid using free software, not a sophisticated attacker.”
At haveibeenpwned, Hunt has delved deep into many breach matters as to how hackers operate and the flaws they exploit within organizations. Notably, some recent indicate an improving trend where at least some large organizations are beginning to follow industry best practice of password handling.