Voltage Security Comments on Hacker Charges and Sentencing
Voltage Security has issued the following statements from security expert and VP Mark Bower in light of recent hacking news, including charges against Reuters’ Matthew Keys and yesterday’s sentencing of AT&T hacker Andrew Auernheimer.
Mark Bower of Voltage Security today said, ”Vulnerable systems exploited by attackers can have serious consequences beyond ‘hacktivists’ claiming their break-in trophies. The impact of the Keys’ situation was manipulation of the media and potentially, access to sensitive data. That could have a costly impact, depending on how readers or even industry groups might respond to a manipulated story, as well as the fallout from potential sensitive data theft. If the system used to communicate with the public can be manipulated, then there will be consequential costs and harm.”
“Over the years we've witnessed repeated successful attacks to critical infrastructure, hospitals, patient data, banks, credit card processors and government - the stakes are high. Courts can't take any attacks to any critical infrastructure lightly when establishing the extent of punishment,” he added.
Bower, who was featured in a live interview with The Huffington Post on Monday about the Keys’ case, further commented that “for every attacker who’s caught and penalized, there are probably 50 or more who aren't. Firms can't rely on the courts and punitive sentences to deter attackers as a strategy to defend their valuable data assets. Many attacks originate outside the jurisdiction of law enforcement, and law enforcement's ability to trace attacks might also be very limited. By then however it’s too late. The damage is done and the data is long gone or the system is manipulated. This, once again, points back to the need to take pro-active steps to mitigate the fallout from the inevitable system compromise and breach.”
“The good news is that today it’s not hard to do. There are new, powerful techniques available, such as data-centric security technologies which make attacks to data benign events, without disrupting business. Leading firms all around the world who saw the writing on the wall for traditional IT defenses are already using the approach successfully today. The outcome is that the business can get on with growth, and the attackers will move on to easier targets. As history proves, there's plenty of those for Anonymous and the like to pursue,” said Bower.