Yottabytes: Storage and Disaster Recovery

Sep 19 2015   11:46PM GMT

Why Steal Data When You Can Just Muck With It Instead?

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Tags:
Hacking
Security
Storage

We have always been at war with Eastasia.

In an era where people have to resort to smartphones and the Internet just to look up phone numbers, people are warning that the next wave of hacking might not take information, but add or change it instead.

“Most of the public discussion regarding cyber threats has focused on the confidentiality and availability of information; cyber espionage undermines confidentiality, whereas denial of service operations and data deletion attacks undermine availability,” wrote Director of National Intelligence James Clapper, in testimony presented to the House Subcommittee on Intelligence earlier this month. “In the future, however, we might also see more cyber operations that will change or manipulate electronic information in order to compromise its integrity (i.e., accuracy and reliability) instead of deleting it or disrupting access to it. Decision making by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving.”

In particular, hackers or terrorists could wreak havoc by changing data about infrastructure, postulates Patrick Tucker, technology editor for Defense One. Remember that as far back as Die Hard 2, the bad guys were crashing planes by feeding them incorrect data on their actual altitude.

Clapper isn’t the only one to suggest this. For example, when the Office of Personnel Management revealed earlier this year that it had been hacked, some speculated that more could be involved than simply taking information. “For those of us who wear tinfoil hats – what if records were not only taken, but some were added as well?” writes Steve Ragan in CSO Online. “Would the OPM be able to tell?”

As it turns out, Clapper has actually been saying this for some time; articles quoting him talking about hackers who could “change or manipulate” information have been published since at least February, when he testified to the Senate Armed Services Committee. “[Clapper] described future attacks which will change or manipulate [there’s that phrase again] electronic information in order to compromise its integrity,” Business Korea wrote in March. “In the future, hackers may launch more clandestine cyber espionage programs that manipulate data so victims lose credibility.”

What might it have done, for example, if at some point someone had added data to government records to make it appear that President Obama actually had been born in Kenya?

People have always added fake people to rosters to get additional paychecks and other benefits – remember M*A*S*H’s “Captain Tuttle”? – but doing it through the computer can make it a lot easier. “A doctor pulls up your electronic medical records to discover that they have been changed and you have been receiving the wrong dosage of a lifesaving medicine,” writes Rep. John Ratcliffe (R-Texas), who chairs the Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, and sits on the Judiciary Committee, in The Hill. “Now imagine this happening at every hospital in the United States.”

Think the whole notion of messing things up by changing information is farfetched? How many “Han shot first” arguments have you seen? And that’s with film that millions of people have seen – not to mention someone who actually admits that they changed something.

Of course, if you really want to drive yourself crazy, you can remind yourself that this is the age of Edward Snowden. Maybe Clapper is warning us to beware of hackers changing data because he wants us to be suspicious of our data. Maybe he’s going to be changing the data – and is laying the groundwork now to blame it on hackers.

If you need me, I’ll be hiding under the bed.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: