In this episode of the podcast (#212), Brandon Hoffman, the CISO of Intel 471 joins us to discuss that company’s latest report that looks at China’s diversified marketplace for stolen data and stolen identities.
Data leaks, data breaches and data dumps are so common these days that they don’t even attract that much attention. Back in 2013, news that hackers stole data on tens of millions of customers of the software maker Adobe dominated the headlines for days. These days, news that companies like Facebook or LinkedIn exposed data on hundreds of millions of users barely registered a collective shrug.
“What’s a better way to understand a person you’re trying to victimize than to understand their habits? That way you can have a better chance that whatever scam you’re trying to run has success.”
-Brandon Hoffman, CISO Intel 471
Data leaks and data breaches, for all intents and purposes, have become just the price of doing business online. But those who are ready to be blasé about breaches may be overlooking the role that leaked and stolen data plays in other, more serious problems such as targeted cyber attacks.
A Stolen Data Ecosystem Grows In China
Data lifted today from a health insurer, government agency or retailer often informs tomorrow’s targeted spear phishing attack that can steal sensitive intellectual property, redirect government secrets or fuel attacks on critical infrastructure. That’s the conclusion of a recent report by the company Intel 471. That company recently made a study of how Chinese cyber criminal groups were using big data technology to monetize the data they obtained (often: stole) in the Chinese language underground. The company’s research revealed a sophisticated, cybercriminal ecosystem involving cybercriminals, data brokers and insiders as well as cybercriminals who obtain sensitive data.
In this interview, we invited Brandon Hoffman, the CISO at Intel 471 into the studio to talk about the report and the way that the market for stolen data has created a number of “sub economies” that help fuel cyber crime.