The Gore Score: Are Hacks Being Overhyped?Comparing Outsider Breaches to the Mayhem Seen on Local TV News
The problem with the overemphasis in reporting on mayhem is that it doesn't truly reflect the reality of a community. The adage seeing is believing doesn't always show what's real. Take, New York City. Most viewers of TV news as well as crime shows such as the Law and Order franchise and movies would believe NYC is among the most dangerous places on earth. In fact, in recent years, New York consistently ranks among the five safest large cities in the United States.
Which leads to the recent slew of reports of computer hacks. The gore score of my youth reminds me of the coverage of security breaches in my late middle age. Not all shootings, fires and accidents are of equal import, regardless of the dramatic visuals they may produce; the same can be said about information security breaches.
Not all shootings, fires and accidents are of equal import, regardless of the dramatic visuals they may produce; the same can be said about information security breaches.
A day doesn't go by, sometimes just a few hours in recent weeks, when another information security breach is unveiled. Keeping up with the likes of LulzSec (see LulzSec: Senate, Sony Hackers Profiled), the hacker group that claims to have breached the CIA, Senate and Sony, is turning into a fulltime job for some reporters, as the group tweets throughout the day boasting of new conquests.
But are some of these hacks worth the coverage we in the media give them? Erez Liebermann, chief of the computer hacking and intellectual property unit for the U.S. attorney's New Jersey district, suggests the significance of some breaches are being blown out of proportion (see Weighing Pros, Cons of Reporting Breaches to Authorities). "These data breaches are more like shoplifting nowadays; they are run of the mill; they happen all of the time," Liebermann says. "And, if companies start to report them more often, they wouldn't make any news, frankly, because shoplifting and bank robberies barely make news."
Even minor breaches cause problems, something I think Liebermann would agree with. But all breaches are not equal. Let's take a look at some recent breaches of the websites of entertainment provider Sony.
Between April 17 and 19, hackers penetrated Sony's PlayStation Network and Qriocity services, stealing account and personally identifiable information from 77 million customers, and forcing Sony to shutter the gaming system for more than three weeks (see Sony Breach Ignites Phishing Fears). There were real consequences to Sony - financial ($171 million, according to one report) and reputation - as well as to its customers. "We still have no insights into who attacked us," says Jack Tretton, president and chief executive of Sony Computer Entertainment America (see Sony Sees Self as One of Group of Hack Victims).
But since then, LulzSec has claimed to have hacked into different Sony websites a number of times, causing more embarrassment for Sony than hardship. No doubt, these hacks have caused some damage - the hackers tweeted they stole 54 megabytes of SVN (Apache Subversion) Sony developer source code - but nothing to the extent of the original breach.
The increase in computers being hacked is genuine, and even the less damaging ones remind IT security professionals that they need to be more vigilant in protecting their digital assets from outsiders. But the reality of the situation is not necessarily being reflected in the headlines of the hour.