That phrase stood out for me. What is a "form of illegal value"?
Can there be such a thing? Like dirty Bitcoin, how would you know?
Certainly the acts of pretexting, exploitation and exfiltration are
all illegal. But who is tracking data sets and marking this one
"illegal" and that one "legitimate"?
What I mean is, the article offers a rather simple world-view of stolen
data being sold on the "darkweb" (shudder). However, we know from
Cambridge Analytica and other scandals that people's data, obtained
without their consent, leaked, deanonymised, compiled, processed,
correlated, and is traded openly by so-called "legitimate
businesses". This isn't a couple of scallywags and ruffians fencing s
stolen bike, its a multi-billion dollar industry.
Data breaches don't just happen in isolation, like a burglar getting
lucky with some expensive jewels. There's a market. And without the
demand for data sets (perhaps exacerbated by data laws like GDPR)
there would be less motive, and fewer incidents.
It's precisely because the data has value that _cannot_ be
distinguished as legal or illegal that breaches are so lucrative. (I
wrote something on this a few years ago with regard to cyber-attacks
on Hollywood and music studios "Why Radiohead got hacked" [1])
Which leads me to wonder, as money notes are marked with anti-robbery
dye, whether data sets can be poisoned to make them not just worthless
in the wild, but an active liability. The entertainment business uses
watermarking as a deterrent (they can be removed of course - but at
cost). What about our PII and credentials?
1 comment
[ 2.8 ms ] story [ 14.7 ms ] threadThat phrase stood out for me. What is a "form of illegal value"? Can there be such a thing? Like dirty Bitcoin, how would you know?
Certainly the acts of pretexting, exploitation and exfiltration are all illegal. But who is tracking data sets and marking this one "illegal" and that one "legitimate"?
What I mean is, the article offers a rather simple world-view of stolen data being sold on the "darkweb" (shudder). However, we know from Cambridge Analytica and other scandals that people's data, obtained without their consent, leaked, deanonymised, compiled, processed, correlated, and is traded openly by so-called "legitimate businesses". This isn't a couple of scallywags and ruffians fencing s stolen bike, its a multi-billion dollar industry.
Data breaches don't just happen in isolation, like a burglar getting lucky with some expensive jewels. There's a market. And without the demand for data sets (perhaps exacerbated by data laws like GDPR) there would be less motive, and fewer incidents.
It's precisely because the data has value that _cannot_ be distinguished as legal or illegal that breaches are so lucrative. (I wrote something on this a few years ago with regard to cyber-attacks on Hollywood and music studios "Why Radiohead got hacked" [1])
Which leads me to wonder, as money notes are marked with anti-robbery dye, whether data sets can be poisoned to make them not just worthless in the wild, but an active liability. The entertainment business uses watermarking as a deterrent (they can be removed of course - but at cost). What about our PII and credentials?
[1] https://www.inmusicconference.com/abstracts