There is a range of types of cyberattacks that the general public have become accustomed to reading about. We hear with some regularity about ransomware attacks, in which hackers cast a broad net in order to extort money from anyone who is unlucky enough to end up infected. We read about advanced persistent threats, in which hackers, sometimes under the employ of a political body, use highly targeted malware in order to extract top-secret information from big enterprises or governments. There are cloud hacks stealing massive amounts of personal financial data from banks, and there are point-of-sale breaches with an obvious financial incentive.
But researchers are anticipating the development of a new kind of cyberattack with a new kind of logic behind it, capable of fomenting chaos in our Internet of Things–enabled world. A recent article on CNBC named data sabotage as the next big hacking threat, and it is a threat that may require a new way of looking at cybersecurity. So let’s explore what security experts need to know about it.
What Is Data Sabotage?
Whereas the data-breach scenarios we’re familiar with often consist of stealing data for profit, data sabotage is distinct from simple theft. It’s even distinct from the malicious destruction of computer networks that some computer viruses aim for. Data sabotage involves hackers making small, hidden tweaks on systems that will go unnoticed and that will work in the favor of the hackers. For instance, a hacker employed by an unscrupulous enterprise could enter a system at a rival business and alter the code that runs a piece of industrial equipment, giving the machine bad directions that would only become obvious somewhere down the line, when the machine begins to function improperly or slowly break.
Hackers Think Big with Small Changes
Data sabotage could have truly destructive implications at both the enterprise and the consumer level. The CNBC article noted, for instance, that in an era of self-driving cars and delivery drones, implanting one bad command that would cause them to all converge on the same location at a certain, seemingly random point could cause a devastating crash. With Internet of Things (IoT) technology enabling people to control everything from their thermostats to their refrigerators over networks, creative methods of data sabotage could lead to dangerous utility and appliance failure in homes and offices.
Data sabotage also offers new, harder-to-detect ways for old-fashioned profit-motivated scamming. For instance, as mentioned in the CNBC article, by artificially boosting the credit scores of dummy customers, hackers could allow themselves to repeatedly take out fraudulent loans unnoticed and unpunished.
A New Cybersecurity Paradigm?
In the case of data sabotage, the system entry used in order to facilitate the attack is a quick in-and-out, and the results are far less easily detectable than data theft. In the case of theft or conventional malware, someone invariably notices a mistake on the books. A customer’s credit card is being billed erroneously, or a computer begins to move more slowly. With data sabotage, especially in the case of IoT home devices, well-planned sabotage will indicate no obvious anomaly until the device hits the rogue code and ceases to function—or does something dangerous—days, weeks, or years down the road.
Data sabotage may pose a particularly vexing problem for security experts as the IoT becomes a more integrated part of our daily lives. Rather than taking obvious advantage of a system’s vulnerability, in cases of data sabotage, hackers understand how an entire system works from end to end and take advantage of what are perhaps the system’s least obvious flaws.
Whether or not data sabotage indeed becomes a prevalent source of social and economic disruption remains to be seen. But regardless, security experts will need to continue using a creative combination of technology and intelligence in order to stay one step ahead of the tech-savvy criminal mind.
In what ways could you see data sabotage impacting home and office IoT devices?