In recent testimony before congress, Admiral Mike Rogers the commander of U.S. Cyber Command and the National Security Agency pointed to the trend in recent cyber-attacks to steal large amounts of data. Data itself is the target.
The recent data thefts from the Office of Personnel Management, health insurance provider Anthem, and UCLA Health System reinforce the idea that personal data can be a primary purpose of a cyber breach. Intelligence, in military terms, is the art and science of putting together an understanding of the enemy and the enemy’s intentions from an assembly of discrete pieces of information.
The OPM and health care breaches potentially exposed millions of bits of intimate information about individuals. It provides information about where people live, where they work, and who they associate with in the course of their personal lives. Cross-referencing of the OPM data and the names from the Ashley Madison site would be an intelligence officer’s dream of how to pressure a potential informant.
The announcement of a hack of United Airlines by groups linked to Chinese intelligence adds to the mix of large troves of travel manifest data. A connect the dots effort where an individual is tracked through financial, personnel, and travel records is certainly a possibility, especially when you have a very large workforce to apply to the task. Data science is not only for marketing.
Another potential concern going forward is that not only have records been accessed, but have they been altered or deleted? If a sophisticated hacker can exfiltrate data, it is quite likely that they can insert or alter the data on the same network.
If you would like to explore a career in cybersecurity you can get a degree through the NCI at Excelsior college.