By Robert Capps, vice president of Business Development for NuData SecurityThe Adult Friend Finder massive hack of over 400 million records, combined with the Ashley Madison hack of over 37 million user accounts, has brought to light that we really have arrived in the golden age of mass hacking where one of the intents is to embarrass or destroy the credibility of another person, or group of people. This is an incredibly dangerous escalation, that will see even more sensitive data being stolen and opportunistically leaked for political or personal gain.A new age of shame hackingWe've already seen in the recent US election, there is potential for hacks to obtain data with the intention to leak it and use it to sway opinion as in the case of the Clinton Wiki-Leaked emails. We could see how leaks can be used as a kind of weaponized information blast to target certain parties, groups or organizations for retribution or political gain.It's always been easy to step out-of-line and find yourself in hot water socially but in our social media-driven society, the consequences are just that much larger and widespread. Many people have found themselves in a firestorm for posting an inappropriate picture or comment online. Hacked data could be released to publically embarrass or shame individuals with accounts on certain sites with impactful, sometimes devastating, consequences to these individuals' families, careers and other affiliations. Following the Ashley Madison hack, for example, there was concern that military member's spouses exposed in the attack could be targeted for spear phishing. And, in these cases it's entirely in the hacker's control to decide how and when this information is exposed with very few repercussions to them.In such an environment, we're all vulnerable to the whims of hackers who might find our passions and interests worthy of exploiting for their own personal reasons. While hackers are often guided by financial gain, at times they are guided for personal, social, political reasons. In this paradigm, every piece of information that exists online about you could be used. We all should think about what this means and find ways to protect ourselves from information about us that could be used against us if was released online from malignant hackers.Ransomware amps up the stakesAnother disturbing element of this is the increase in recent years of ransomware. It's not such a stretch to envision the potential for users of sites like Ashley Madison and AdultFriendFinder to be targeted for blackmail. Indeed, several cases of extortion were reported following the Ashley Madison hack where blackmailers were attempting to get bitcoin payments from targets under threat of exposing their Ashley Madison activity. Other ransomware cross-correlates information scraped from social media to find marginalized subpopulations that could be targeted for blackmail, political and economic mischief and crime.The lack of security, and resultant breaches on the part of these online service providers for example, could have a chilling effect on the desire of marginalized groups and communities to engage and feel safe in these online forums. These are troubling implications that it could leave communities thinking twice before publically or “privately” affiliating with groups that were previously considered private and safe.Finally, attacks, leaks and hacks like the AdultFriendFinder attack combine to have a dampening effect on the growth and economics of vulnerable online businesses, communities and groups. If we are indeed entering an age where we can be exposed at a whim, many will opt not to join with like-minded communities veering on the safe side of exposure. Passive biometrics offers a customer friendly solutionThere is a bright side though. We don't have to live in a world where hackers can use our data to get into our accounts and wreak havoc with impunity. Companies who hold such critical and personal information about their users have a choice. Rather than just protecting transaction data, companies can accept the full ramifications of data protection and system security by designing their systems to protect their users and ALL account data first. It's a radical idea, but by doing so we can ensure that the data hackers can get their hands on won't allow for ready access into our accounts and our personal information. Even better – banks, retailers, and online communities have the ability to protect account information now. Passive biometric tools exist the provide organizations with a better understanding of who the real account holder is (and who isn't) with very accurate behavioral analytics. These tools identify users with their own natural behaviors, are completely frictionless for genuine users, and are very difficult to mimic or impersonate because of the intricacy and complexity of all the hundreds of interactions they monitor online. Passive biometrics, as opposed to physical biometrics, don't require any inputs from customers either.Once we have systems in place like this everywhere, hackers who steal data will find it much less lucrative because the data they steal will be irrelevant. I'm very much looking forward to that future and work toward seeing it realized every day.Robert Capps is the vice president of Business Development for NuData Security. He is a recognized technologist, thought leader and advisor with more than 20 years of experience in the design, management and protection of complex information systems – leveraging people, process and technology to counter cyber risks.
Recent Video
- New non-profit trade association of HAND will standardise global talent ID
- No cards, no phones: J.P. Morgan’s biometric revolution in payments
- Anthony Vidiano on building the future of access management
- Charisma Check wins 2025 Start-Up Pitching Competition, advancing identity verification and background checks for dating app users
- How to protect one billion Amazon customers: Lessons from continuous risk assessments
