This came to mind when I read Ukrainian Hacker Makes a Killing in Stock Market Fraud by Kim Zetter. She writes:
The case involves a Ukrainian engineering consultant named Oleksandr Dorozhko who is alleged to have hacked into a computer belonging to IMS Health, a company that provides market research to the pharmaceutical and health care industries.
Through the computer breach, Dorozhko apparently obtained advance information about a negative earnings announcement that IMS was to make a few hours later on October 17, 2007. He quickly purchased 630 put options for IMS Health, betting that the price of IMS shares, which were then trading at $30 each, would drop within three days. Dorozhko invested about $42,000 in the options, an amount that nearly equals his annual income, estimated to be between $45,000 and $50,000.
Hours later, IMS Health announced that its earnings had dropped 15 percent from the previous year and 28 percent below analysts' estimates, causing its stock price to fall to $21.20 the next day. Dorozhko's prescient purchases landed him a tidy profit of $286,457 in one day -- nearly six times his annual income.
I like this story because it explains why an intruder wants to compromise your company. Too often executives have trouble envisaging risk (expanded on in Analog Security Is Threat-Centric.)
Overall I see a progression like the following. (I thought I posted this before but I cannot find it!)
- First they came for bandwidth... These are attacks on availability, executed via denial of service attacks starting in the mid 1990's and monetized later via extortion.
- Next they came for secrets... These are attacks on confidentiality, executed via disclosure of sensitive data starting in the late 1990's and monetized as personally identifiable information and accounts for sale in the underground.
- Now they are coming to make a difference... These are attacks on integrity, executed by degrading information starting at the beginning of this decade. These attacks will manifest as changes to trusted data such that those alterations benefit the party making the change. This sort of attack undermines the trustworthiness of data.
The scariest part is the last attack can be the hardest to detect and recover.