Weaponising Stolen Data

Uploaded on 2018-07-18 in TECHNOLOGY--Hackers, NEWS-News Analysis, FREE TO VIEW

For years, cyber attackers’ primary aim has been to pilfer sensitive information from businesses and individuals, either to sell it in the dark corners of the Internet, hold it for ransom, or use it themselves for material gain.

More recently, efforts to connect all manner of machines to the Internet has led to growing worries that hackers will gain control of critical infrastructure, such as the electrical grid or traffic lights, and wreak havoc. 

One of the next frontiers in cyber threats, some security investors and technologists say, could be to manipulate data to use it against us in new ways.

“The obvious play today is to disrupt systems and steal data,” says Joseph Witt, vice president of engineering at data management software firm Hortonworks  and a former National Security Agency software engineer. “But a much more nefarious and troubling problem is slow, persistent manipulation of systems and enterprises.”

Call this emerging threat the “weaponisation of data,” says Bob Ackerman, founder and managing director of AllegisCyber, a bicoastal venture capital firm that backs startups in cybersecurity, data science, and connected devices.

“We see the beginnings of this in the Russian interference in elections by manipulating data,” Ackerman says. By that he means adversaries creating fake online identities and distributing disinformation “designed to shape opinion” or to “sow confusion and undermine trust” in American institutions and leaders.

The spread of disinformation is “something that we’ve practiced in warfare for eons, propaganda and electronic warfare,” Ackerman adds. “How do you make the planes being tracked on the screen appear some place other than where they are? That’s all disinformation.”

That concept could spread to commercial arenas. One threat Ackerman suggests would be to inject false data into automated financial trading systems, to drive certain stocks up or down.  Or, in a worst-case scenario, feeding bad data to a high-frequency trading system could set off a chain reaction that could disrupt or melt down entire financial markets, Ackerman says. 

Ackerman says any digital system that involves “data-driven automation” could be vulnerable to such an attack.

“Machine-learning systems are only as good as the data that they are trained with,” Ackerman says, meaning that if trained with disinformation, the systems could go haywire. “In a digital economy, everything we’re processing is ones and zeroes. How do we trust it?”

Witt thinks it’s possible hackers or a business’s competitors could try to infiltrate a company’s IT infrastructure to insert false data that could trip up their operations. In the case of an automaker, for example, perhaps the hacker would create erroneous data about supply chain activity that might cause the company to spend more on inventory.

Greg Dracon, a partner with Boston-based venture capital firm .406 Ventures, which invests in cybersecurity startups, says he has heard of targeted cyber-attacks based on manipulating data. One involved changing a company’s financial documents to try to influence negotiations of its acquisition, Dracon says.But outside of the sort of election interference that Ackerman alluded to, Dracon says he hasn’t heard about widespread cyber-attacks involving the spread of disinformation or weaponising data. One reason for that may be economics.

“It’s harder to monetise that,” Dracon says. “It’s much easier to steal data [and] sell it on the dark Web.”
Ackerman admits that his concerns about weaponizing data are still mostly just the “paranoid reflections of a cybersecurity guy.” “It’s like, where are those bastards going to go next?” he says of cyber criminals. “This is where they’re going to go next.”

If he’s correct that such attacks will become more common in the next five years, he says, companies and organisations must get better at tracking data and confirming its authenticity. Ackerman thinks a potential technology tool could be a sort of digital wrapper that keeps data secure and helps verify that no one has tampered with it as it travels between different systems. 
That idea sounds similar to encryption techniques, but Ackerman says it’s different because hackers could theoretically manipulate data before it gets encrypted, so that the encrypted package delivers bad data to the recipient.

“I think data provenance is going to turn out to be one of the significant areas of data science innovation going forward,” Ackerman says.

Much of Witt’s software development work during the past decade-plus has been on tools that can help establish data provenance, among other capabilities, he says. He describes data provenance as a “digital chain of custody for data,” beginning at the point where a piece of digital information is created, and following it as it travels through any IT pathway or database.

While at the NSA, Witt was the lead developer of software called Niagarafiles (NiFi), which was aimed at automating the transfer of data between computer networks, even if the data formats and processes weren’t the same. The NSA released an open-source version of the software, called Apache NiFi, in 2014. 

The following year, Witt left the agency to help start Onyara, a company that developed software tools, powered by Apache NiFi, for managing the flow of data. Ackerman says he was one of Onyara’s investors. Hortonworks bought the startup that same year (2015). Witt’s role at the Santa Clara, CA-based company involves working on its DataFlow product, which uses Apache NiFi.

The software’s capabilities include automatically generating “rich event-level provenance data,” Witt says. Basically, that means the software tracks all the digital systems that touch the data, registers the timing of each data transfer, and validates the authenticity of such logs, he says. 

The software can help, say, track information about a car’s engine performance as the data gets beamed from an Internet-connected device on board the vehicle, to a cloud database where the manufacturer and its suppliers can access it (after personally identifying information has been scrubbed), Witt says.

Despite all the money spent on data analytics tools and cloud databases, many businesses, especially large global enterprises, still struggle to create a verifiable record of the origin and movements of every piece of data flowing through their IT systems, “At scale, it’s a really hard problem,” Witt says.

Could blockchain technology play a role here? Witt and Ackerman are skeptical. Popular blockchain systems, like the one underpinning the cryptocurrency Bitcoin, involve a public, distributed online ledger that allows multiple parties to verify each transaction, a digital chain of custody. 

But Ackerman says today’s blockchain systems wouldn’t be able to handle the velocity and volume that most businesses would require if they wanted to use the technology to track and verify all of their data.

“But there are some things in blockchain that maybe inform some of our thinking around provenance,” Ackerman says. “How do we adapt that [blockchain model] to these high-volume data environments?”

XConomy.com

You Might Also Read: 

Blockchain: What Business Executives Need To Know:

How Cloud Computing Changes Data Governance Strategies:
 

 

« The White House’s AI Committee's First Meeting
Cybercrime Is A Real Economic Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Silent Breach

Silent Breach

Silent Breach specializes in network security and digital asset protection. Services include Pentesting, Security Assessments, Incident Detection & Response, Governance Risk & Compliance.

File Centre

File Centre

File Centre is a leading specialist when it comes to data backup, we offer our clients a premium backup retrieval and delivery solution.

Intelligent Waves

Intelligent Waves

Intelligent Waves holds and manages contracts to provide an array of intelligence, operational, communications and IT support to the USG in austere, forward-deployed, hazardous duty environments.

OpenText

OpenText

OpenText is a leader in Enterprise Information Management software and a portfolio of related solutions for Information Governance, Compliance, Information Security and Privacy.

Seltek Technology Solutions

Seltek Technology Solutions

Seltek provides Digital Forensics, eDiscovery, Cybersecurity Assessments and IT Support services.

NSHC

NSHC

NSHC is a provider of mobile security solutions, cyber security consulting and training, and offensive research.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

Hub One

Hub One

Hub one is a leading player in digital transformation with expertise in broadband connectivity, business solutions for traceability and mobility, IOT in industrial environments and cybersecurity.

R3I Ventures - House of DeepTech

R3I Ventures - House of DeepTech

The House of DeepTech is an incubator for deeptech entrepreneurs that are transforming global industries. Areas of interest include cybersecurity.

Start Left™ Security

Start Left™ Security

Start Left™ Security's Tauruseer Platform is the patented data-driven security posture management solution that provides a complete life cycle approach for proactive security in one place. 

StrataCore

StrataCore

StrataCore is a single-source technology lifecycle advocate that works behind IT teams as a strategic partner to help them achieve peak enterprise outcomes.

Sencode Cyber Security

Sencode Cyber Security

Sencode provides a range of IT security solutions and services, including penetration testing and cyber awareness training to help mitigate the growing risks to your corporate infrastructure.

American Technology Services (ATS)

American Technology Services (ATS)

American Technology Services provides unparalleled services in information technology to support small and mid-sized business. From top-level strategy, to managed services and infrastructure support.

Avalor

Avalor

Avalor are on a mission to help security teams make faster, more accurate decisions by making sense of their data. With Avalor you can bring in data from anywhere, normalize it and analyze it.

Arista Middle East

Arista Middle East

Arista Middle East is part of Global Arista Technologies specializing in OT Cybersecurity.