Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

The Risk of Triangulation: You May Just be a Piece of the Puzzle

As the world’s ongoing conversion to the digital realm continues, the risks involved with protecting sensitive information will only intensify.  

As the world’s ongoing conversion to the digital realm continues, the risks involved with protecting sensitive information will only intensify.  

For security teams, this means expanding your view of risk and considering factors outside your company when evaluating potential motivations for a breach. Companies have to keep an eye on current events in ways that were never under IT’s purview in the past. And that means you have to bring in the right talent to do so.

Having that broader view is important because the different motivations behind today’s attacks mean they can seemingly come out of nowhere. How you look at the information itself is no longer the sole concern. Your organization and your data may just be a piece of the puzzle. 

One of the more intriguing ways this is playing out is in the murky world of cyber espionage—and just about every national government is engaged somehow. 

Perhaps the oldest and most widely known example is the Stuxnet worm attack on Iranian nuclear facilities a decade ago, widely attributed to the United States and Israel. Stuxnet was introduced to the facility—which had no internet connection—via hacks against partners and subcontractors working at the site. It targeted a specific type of equipment being used to control the facility’s uranium enrichment centrifuges, which is believed to have been identified in the background of a photograph. 

Stuxnet also illustrates how an attack on one entity may only represent an incremental gain and not the ultimate goal. Cyber espionage and criminal organizations realize that the value of a piece of data is much greater when correlated with other data sets. 

Data, after all, are just points of information, details from which real insight can be derived. Standalone pieces are rarely useful, but when data points are connected in context, they begin to tell a story. 

Today’s malicious entities are sophisticated enough to leverage different data siloes in ways that can be tricky to anticipate. And all of this is relatively new, simply because the level of information out there today was never available before. It’s easy for a company to be caught off guard. 

Advertisement. Scroll to continue reading.

Take the hack of the U.S. Office of Personnel Management (OPM) that hit the headlines back in 2015. Clearly this was very sensitive information: names, addresses, phone numbers, even fingerprints of millions of U.S. government employees and their level of security clearance. 

The hack itself sparked fears of blackmail attempts, since federal background checks include deep detail on a person’s private life—vices, past relationships, criminal history, financial situations—which would be recorded in each person’s security clearance file. 

But as grave as that was, it may have become even more powerful over the past few years as the same malicious entity—thought to be related to the Chinese government—seems to be continuing its attempts to triangulate and correlate that information with other data sources. 

Soon after the OPM hack, there was an attack on United Airlines that compromised travel itineraries. United is one of the U.S. government’s primary air carriers, ferrying diplomatic and military personnel all over the world. 

Correlating passenger information with security clearance information, then triangulating those points with destinations could have provided valuable insight into whether a potential spy was entering a particular country or neighboring ones, compromising U.S. national security, not to mention the personal safety of the employee. 

More recently, an attack on financial and credit reporting provider Equifax in 2017 has also shown signs of being linked to the same attackers. Compare this against the OMB’s practice of conducting ongoing credit reports on those holding security clearances. 

The point of OMB regularly pulling credit reports is to identify security clearance holders that may be putting themselves at risk of blackmail by foreign entities through financial difficulty. What if said foreign entity knew of the holder’s financial situation and was able to offer a remedy before the OMB became aware of it? 

It all becomes more alarming on the heels of former CIA case officer Kevin Mallory’s recent conviction on charges of espionage and lying to the FBI. Mallory was recruited by Chinese intelligence in early 2017, and was a prime target for compromise with a failed business putting him thousands of dollars in the red and behind on his mortgage. He faces a possible life sentence in prison at a hearing later this year. 

So far no one has linked the Equifax breach and Mallory’s recruitment into espionage, but it’s not hard to see how that could have happened and that there may be more such stories on the horizon. Any sophisticated cyber-criminal organization could use these same techniques, no matter what their motivation is.

As such, these stories should be a warning shot across your bow. It’s no longer enough to protect your own IT systems as if you’re on an island. You have to be thinking about how your data might connect with data from other organizations or industries and how those combined data sets could be triangulated into a larger picture that ultimately puts you at risk. 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...