Factbox: Cyber attacks: from hactivism to espionage
(Reuters) – The recent spate of cyber attacks have raised questions about the security of government and corporate computer systems, and the ability of law enforcement to track down hackers.
Here’s a breakdown of the different types of cyber assaults, from “hactivists” to serious criminals.
DISSIDENT HACKERS SEEKING MAXIMUM PUBLICITY
The Lulz Security and Anonymous groups have broken into computer servers to steal data that they publish on the Internet to embarrass their targets. Examples of this include LulzSec hacking into Fox TV’s “X Factor” contestant database, or breaking into FBI affiliate Infraguard and publishing its user base.
So-called hactivists also use distributed denial of service (DDOS) attacks, in which they get supporters to crash the websites of their targets by overwhelming the servers with traffic. The Anonymous group launched DOS attacks against Visa and MasterCard because the group thought the companies were hostile to Wikileaks and its founder Julian Assange.
CYBER ATTACKS FOR FINANCIAL GAIN
Primarily based on getting financial information, such as payment card data or bank account details, perpetrators tend to keep their attacks secret because the data is more valuable if victims do not know it has been stolen.
Citigroup disclosed that unknown hackers in May had stolen information from 360,083 credit card accounts in North America, in what was the most significant known direct assault on a financial institution.
These attacks can come from just about anywhere, although Western security experts have said that Russia and China deliberately turn a blind eye to this kind of activity from within their borders, provided it is not targeted domestically.
GOVERNMENT OR STATE-BACKED ATTACKS
Hacking by governments or state-sponsored groups is usually aimed at stealing classified information, such as military secrets or other prized data. Security experts have cited attacks on the International Monetary Fund and Google Inc’s email service as recent examples.
There is often finger-pointing at Russia and China after such attacks, although experts suspect other nations including the United States of using this technique more quietly.
There are also occasional suspected state-backed DDOS attacks, such as on Estonia and Georgia in 2007.
FROM VIRTUAL NETWORKS TO THE REAL WORLD
These are cyber attacks aimed at causing actual physical damage, such as by hacking into industrial computer controls to destroy military assets or public infrastructure.
The Stuxnet virus, which Iran has said was used to attack computers at its Bushehr nuclear reactor, is the only case so far that security experts widely agree fits into this category.
(Reporting by Marius Bosch and Jim Finkle; editing by Tiffany Wu)