How to protect data from Trust Attacks
We all agree that protecting information is important and while there are risks to exposure of sensitive information and terrible consequences there is another type of risk that is often given less attention.
The manipulation of information.
Historical records, sensitive or otherwise are valuable so long as they are accurate. If something should affect their accuracy, the information becomes worthless and if trusted can produce great harm.
When we talk about data storage and security, preventing unauthorised access is paramount. Having data unlawfully disclosed can be harmful and embarrassing. But having data accessed and changed could be crippling for an organisation and have impact for years. If they even know about it.
This is a common tactic in cyber espionage, commonly known as a ‘Trust Attack’.
What could be more damaging than exposing or stealing data? Subtly changing it.
In 2016, for example, Russian hackers breached the systems of the World Anti-Doping Agency and released the medical data of many famous athletes. However, investigators discovered that much of this data was altered before release.
Altered health data. Imagine if that was done in a hospital.
In 2017, Konrads Voits hacked the IT system of the Washtenaw County Jail in Michigan. A friend was serving a sentence there, so Voits digitally altered the county’s electronic prison records to accelerate his scheduled release date. Fortunately, jail staff found paper records proving the deception and promptly notified the FBI and Department of Homeland Security. Voits has now joined his friend serving time behind bars.
Prison records. Imagine how that would affect the trust of the surrounding community.
Both of these types of records are not pieces of information that would be kept for short periods of time. They have likely been archived in some form.
Being able to trust in the integrity and authenticity of information is critical for any public administration, military organisation or any institution that values accuracy – covers most organisations I can think of.
There are many measures we can take to protect the integrity of our information. Proper online management and security is of course the first step.
Ensuring integrity in the long term can be more challenging.
Offline data is obviously at less risk. Most offline data, however is migrated to newer media every few years as tapes and hard-drives become obsolete. Each migration represents a risk of data integrity compromise and data loss. One third of organisations have lost data while migrating or upgrading operating systems3.
We believe the ideal solution is to store data on a permanent offline digital medium, where data can be stored in its authentic form and be easily accessible in the future.
How to defend against trust attacks:
Ensure you have an offline copy of critical information (back-up) as well as a permanent copy (in a form that cannot be altered)
Protect your network and prevent unauthorised access to information.
Conduct regular data integrity audits
Trust your gut – if it doesn’t feel right, investigate
We’re here to help, reach out to us if you want help defending against trust attacks.