PresseBox
Pressemitteilung BoxID: 376930 (Imperva Inc.)
  • Imperva Inc.
  • 3400 Bridge Parkway, Suite 101
  • 94065 Redwood Shores, CA
  • https://www.imperva.com
  • Ansprechpartner
  • Darshna Kamani
  • +44 (20) 7183-2834

Below is a comment from Amichai Shulman, CTO of Imperva on ACS:Law, the anti-privacy law firm data breach

(PresseBox) (Redwood Shores, CA, ) "This is the latest in a series of attacks against ACS: law. It started last week with a Distributed Denial of Service (DDos) attack against them, as well as a site defacement. And now their email database has been published online. In general we've seen cases where the victim was a DDoS target, only to later find that the attackers were really using the DDoS as a diversion to help with the real goal - data theft. However, I don't think this was the case here. Hackers had one point in mind - to cripple the services of the law firm, to disrupt business services and cause humiliation.

Since ACS: Laws site was corrupted they've reconstructed it from a backup location which also included archive files with sensitive information. In the reconstruction process (which was probably done in haste) the archives with the sensitive data were copied to publicly accessible locations in the reconstructed web site. Attackers immediately took advantage of that and downloaded them. They are now going through the stuff in those archives and are making public the "interesting" data that they find. The more time they have to review the files the more public stuff we should expect to find.

The moral of this story is surprisingly not about web security but rather about sensitive data stored in an unstructured format. While organizations are keeping themselves busy with protecting data in its structured format within databases or as it flows out of web applications a new threat is quickly becoming apparent - the dissemination of sensitive data from structured repository into unstructured formats (e.g. MS Office files, text documents, etc.). In its unstructured format the sensitive information is flowing around the organization almost unmonitored and uncontrolled. It is time for organizations to get ready to fight this new battleground of keeping close track of unstructured information repositories and controlling their flow around and outside their organization."