Further, a tweet indicated that “the whopper flopped” and that BK had thus been sold to McDonald’s. Several other tweets contained obscenities.
It’s not clear who hacked BK’s account, and I am not implying that it was a “competitor hack” (that is, it was not likely initiated by McDonald’s, or any potential rogue employee of that firm – although the Hamburglar’s criminal tendencies are well-established).
However, this hack has to fit squarely into one of two realms, and it provides a nice entrée to some new definitions for an evolving threat landscape. Let’s create the concept of a “branded hack” that is unique to this forum – branded hacks that will be handles for discussion, and which will hopefully propagate for ease-of-discussion at orgs, with vendors, with media, etc.: 1) Competitor-Hack (CH), and 2) Hack-at-Random (HaR). This is a good opportunity to define these two types of hacks, for purpose of establishing exactly “where we are” in 2013, in getting to where we need to go – these definitions will likely evolve a bit:
New Definitions for New Realities
Competitor-Hack (CH): This is a directed hack by a business competitor, with a business motivation: The purpose of disrupting the competition’s ability to conduct competing business through harm to enablements (data, infrastructure, apps, etc.), or to cause damage to any specific competitor’s reputation (such as false Tweets, implanting of false content, false business positions, etc.). These CHs can include political motivations, and political targets – they include any orgs and/or individuals who compete on some plane.
Hack-at-Random (HaR): This is an attack that has more of a mischievous spirit as motivator. Motivators can include humor, bragging rights, or even the preference of Big Macs over Whoppers, or Whoppers over Big Macs – but generally speaking, the people mounting these are not employees or formal representatives of the organizations in question – they are people who mount trouble for sport and fun.
Recognize this: In discussing cybersecurity a few articles ago, as contained in this post, and as indicated in another post’s matrix, I mentioned that organizations would have to guard against CHs from business competitors. I also debuted the concept of HaR. It is easy enough for me to envision these things coming, as immodest as that may sound: In the realm of risk, unmanaged possibilities become probabilities.
It is easy enough to see that risk is being compounded by three fundamental things that are being driven to everyone:
Ever-more power, affordability, and capability are being driven to very modest “players” and devices.
Ever-more robust hacking tools will be available on rogue “gaming” sites, and the business and sport of hacking is going to explode. Watch for it – and be positioned to guard against it.