Analysis of sensitive information leakage cases at home and abroad How did your data leak?

  

preface

With the deepening of China's information construction, the Internet has penetrated into every corner of people's daily life, especially the rapid development of mobile Internet, which has greatly facilitated people's food, clothing, housing and transportation. However, while enjoying the convenience, it has also brought us a lot of trouble, such as when someone called to sell mother and baby products after the birth of a child, Just after consulting about loans, there were countless financial platforms calling to provide funds, and after registering a stock account, there were countless so-called bull stock recommendations

Such examples abound. Just now, our life has brought a lot of troubles. We can't help asking, how did these sensitive data leak? Especially in recent years, while personal information has been mined and used by various subjects, the infringement, fraud and other information crimes caused by the disclosure of personal sensitive information have become increasingly serious, which has caused huge losses to the whole society and seriously affected social stability.

In the 2015 Data Leakage Cost Survey: Global Analysis released by IBM and Ponemon Institute, it was pointed out that "the average total cost of data leakage of 350 companies participating in the study increased from 352 to 3.79 million dollars, and the average cost of payment for each lost or stolen record (including sensitive and confidential information) increased from 145 dollars in 2014 to 154 dollars in the 2015 survey".

We collected the sensitive information leakage cases publicly reported between 2002 and March 2017, involving industries such as the Internet, finance, medical care, government institutions, etc. This paper will summarize and analyze these cases, trying to study the trend of sensitive information leakage.

Key findings: American advanced anti DDoS server

√ The types of information disclosed include personal sensitive information, trade secrets and state secrets, of which personal sensitive information and trade secrets are the main ones, accounting for more than 95%.

√ The leakage of sensitive information shows an upward trend, and the leakage means have developed from mainly technical means such as hacker intrusion to combining technical means with non-technical means such as buying internal employees and poor internal management. In particular, the use of non-technical means has shown a relatively rapid growth in recent years.

√ Sensitive information disclosure involves a wide range of industries, but focuses on the Internet, manufacturing industry, government institutions and the financial industry.

√ Information leakage incidents in the Internet industry show a trend of rapid growth, which requires vigilance; Information leakage incidents in the manufacturing industry are declining year by year, but with the application of industrial control technology and information technology in the manufacturing industry, information security should be continuously concerned to reduce the possibility of sensitive information leakage.

1、 Definition and classification of sensitive information

Sensitive information (or sensitive data) refers to all information that, when improperly used or accessed or modified without authorization, will have negative impacts and loss of interests against the country and organizations, or will be detrimental to personal privacy enjoyed by individuals according to law.

Sensitive information can be divided into personal sensitive information, commercial sensitive information and state secrets according to the different types of information. As state secrets are managed by special institutions, this report will directly quote the definition of state secrets in the Law of the People's Republic of China on Guarding State Secrets, which will not be introduced and defined in detail below.

1. Personal sensitive information

The Supreme People's Court and the Supreme People's Procuratorate of the People's Republic of China have interpreted "personal information of citizens", that is, various information recorded in electronic or other ways that can identify the identity of a specific natural person or reflect the activities of a specific natural person, either alone or in combination with other information, including name, ID card number, communication contact information, address Account password, property status, whereabouts, etc.

The judicial interpretation of the Supreme Law specifies the types of personal sensitive information, including:

1) Basic information, such as name, gender, age, ID card number, telephone number, email address and family address, sometimes even includes marriage, belief, occupation, work unit, income, medical record, birth, etc.

2) Device information refers to the basic information that the personal information subject uses various computer terminal devices (including mobile and fixed terminals), such as location information, Wifi list information, Mac address, CPU information, memory information, SD card information, etc.

3) Account information mainly includes bank accounts (especially online banking accounts), third-party payment accounts, social accounts and important email accounts.

4) Privacy information mainly includes address book information, call records, SMS records, IM application chat records, personal videos, photos, and even personal health records, biometrics, etc.

5) Social relationship information mainly includes friend relationship, family member information, work unit information, etc.

6) Network behavior information mainly refers to online behavior records and activities, such as online time, online location, input records, chat and friends, website access behavior, online game behavior and other information.

At present, the leakage of personal sensitive information is mainly realized through artificial reselling, mobile phone leakage, computer virus infection and website vulnerabilities. Especially at this stage, in the context of the popularization of Internet applications and dependence on the Internet, the leakage of personal sensitive information caused by information security vulnerabilities occurs frequently. Therefore, in order to prevent the disclosure of personal sensitive information and protect personal privacy, in addition to improving personal information protection awareness, the country is also actively promoting the legislative process of protecting personal information security. The Cyber Security Law of the People's Republic of China, which was implemented on June 1, 2017, is a milestone, can play a positive role, and is conducive to the protection of personal sensitive information in China.

2. Business sensitive information

The Law of the People's Republic of China on Combating Unfair Competition, implemented on December 1, 1993, defines "commercially sensitive information" as "technical and business information that is not known to the public, can bring economic benefits to the obligee, is practical and has the right to take confidential measures".

Technical information mainly refers to the technical knowledge with economic value, such as design, procedure, product formula, manufacturing process, etc., which is unknown to the public (without industrial property protection) and has been protected by the obligee through confidentiality measures.

Business information refers to the method, experience or other information of economic value related to business and management that the obligee has taken confidential measures and is not known by the public, such as the enterprise's strategic planning, management methods, business model, etc.

3. Description

This analysis will summarize and analyze the collected cases of sensitive information leakage, rather than detailed analysis of specific cases. Through different angles and dimensions, it will try to use statistical methods and big data analysis theory to summarize and analyze data leakage types, industries involved, leakage channels and other different aspects, Find the root cause of the event so as to help the organization protect sensitive information in a targeted way.

The cases collected in this report are from open channels. Due to the limitations of case types and number, this report has inherent limitations. All analysis results cannot fully represent the current situation or trend. All conclusions are only the author's personal views. This report is only for research purposes.

At present, Verizon, IBM, Trustwave and other institutions release data leakage reports every year, distributing annual reports, industry reports, leakage cost reports and other different dimensions. Some cases involved in this report overlap with those used in these institutions' reports.

2、 Main analysis results

A summary analysis of the collected cases shows that from 2002 to the first quarter of 2017, the overall trend of sensitive information leakage showed an upward trend. In 2011, sensitive information leakage incidents exploded and reached a peak in 2016. In recent years, although the degree of protection of sensitive information by enterprises has improved, sensitive information leakage incidents still show an upward trend, The main reason is that on the one hand, hackers have more and more ways to obtain information, on the other hand, more and more enterprises store sensitive information, but many enterprises pay less attention to the protection of sensitive information, resulting in more and more information leakage events. The overall situation is not optimistic.

Summary and trend analysis of sensitive information disclosure cases

1. Summary and analysis of sensitive information leakage cases based on the type of information leakage

According to different data types, the collected cases are summarized and analyzed, and the number and proportion of different information types (personal information, business information, state secrets) involved in the cases of sensitive information leakage are summarized.

As shown in the figure below:

Data leakage of different information types

Through summary analysis, we can see that personal information accounts for 63.5%, trade secrets 32% and state secrets 4.5% of the leakage of sensitive information that has occurred.

The specific distribution of the three information types will be further summarized and analyzed below.

1.1 Personal Sensitive Information

It can be seen that in the existing cases of sensitive information leakage, more than 60% will lead to the leakage of personal sensitive information, so the breeding of downstream illegal and criminal acts such as telecommunications and network fraud has caused huge social losses, seriously affected social stability, become a social hazard, and more seriously, there will be "precision" fraud designed and implemented according to user characteristics, Threaten the property and personal safety of the public.

Further in-depth analysis of the types of industries and means involved in the disclosure of personal sensitive information shows that:

1) The industry is widely distributed, and the Internet and finance have become the hardest hit areas.

In the cases we collected, there are as many as 20 industries involved in the leakage of personal sensitive information, which are widely distributed, including equipment manufacturers, e-commerce, Internet companies, financial institutions, medical, government agencies, operators, etc. Among them, the top 5 industries involved in personal information leakage are the Internet, finance, government institutions, education, and medical care, accounting for 69.29% of all personal information leakage, becoming the hardest hit area for personal sensitive information leakage. We can see that the top 5 industries are basically focused on the storage, analysis and use of personal information, involving all aspects of our daily life.

Industry distribution of personal information disclosure

Further analysis of the causes of information leakage shows that the main reason is that the attention paid to information security cannot adapt to the rapid change and development of science and technology. With the development of science and technology in recent years, especially the rapid development of mobile Internet, it is basically possible to solve all things with one mobile phone, but the security has not been improved at the same time, but has increased the way of data leakage and reduced the difficulty for criminals to obtain sensitive data, This has led to the unauthorized use and disclosure of personal information.

2) Hacker intrusion becomes the main means to obtain data

The means for non senders to obtain information are divided into technical means (including hacker intrusion, software vulnerability, etc.) and non-technical means (internal personnel leakage, unintentional leakage, etc.).

Analysis on means of personal information disclosure

Through analysis, it can be found that 73.23% of personal information leakage is due to data obtained by technical means such as hacker intrusion, 18.9% of personal information leakage is due to data leakage caused by non-technical means such as internal personnel actively leaking or selling data for illegal profit. In addition, 7.87% of leakage is still unclear which means leads to data leakage.

3) The personal information leakage cases exposed abroad are far more than those in China

According to the collected cases, the exposed foreign personal information leakage cases reached 62.99%, twice as many as the domestic personal sensitive information leakage cases. Although the domestic personal sensitive information cases are less than those abroad, due to the large population base of China, the number of affected people is far more than that of similar leakage events abroad.

Analysis of personal information leakage at home and abroad

1.2 Trade secret

With the development of information technology, the storage mode, storage medium and transmission mode of data have changed, which also makes it more hidden for illegal people to steal trade secrets. In cases suspected of leaking trade secrets, a large amount of evidence exists in the form of electronic documents, and the evidence is generally carried with them.

After further in-depth analysis of the industry types and means involved in the disclosure of business sensitive information, it is found that:

1) The industry is widely distributed, and the manufacturing industry and the Internet have become a major source of trade secrets.

In the cases we collected, there are as many as 19 industries involved in the disclosure of trade secret information, which are widely distributed, including equipment manufacturers, human resources, the Internet, finance, chemicals, manufacturing, etc. Among them, the top 5 industries involved in the disclosure of trade secret information are manufacturing, the Internet, chemicals, human resources, software companies, media, and government agencies, accounting for nearly 80% of all trade secret information leakage.

Trade secret disclosure cases Industry distribution

Through further analysis, it can be found that the leakage of trade secrets is mainly concentrated in industries with certain technical barriers or requiring innovation. Illegal elements or competitors steal trade secrets such as product design, product formula, manufacturing technology, and enterprise strategic planning by employing commercial spies or hackers to invade.

2) Buying internal employees or changing jobs becomes the main means of disclosing trade secrets

Summary and analysis of trade secret disclosure means

It can be found that compared with the disclosure of personal sensitive information, the means of disclosure of trade secrets are mainly non-technical means. We further analyze the means of disclosure, as shown below:

Summary and analysis of non-technical disclosure of trade secrets

Through analysis, we can see that the leakage of trade secrets is mainly through buying internal employees or information leakage caused by former employees' job hopping.

3) There are more cases of leakage of trade secrets in China than abroad

According to the collected cases, the exposed domestic cases of business information leakage reached 64.06%, nearly twice the number of foreign cases of business secret information leakage.

Distribution of trade secret disclosure at home and abroad

1.3 State secrets

Technical means accounted for 44.44% of the means of national secret disclosure, which was mainly caused by hacker intrusion, and non-technical means accounted for 55.56%.

Summary and analysis of national secret disclosure means

Through further analysis of the causes and means of data leakage, it was found that 67% of the secrets were leaked due to weak security awareness, third-party outsourcing personnel and hacker attacks.

Summary and analysis of specific means of national secret disclosure

2. Summary and analysis of sensitive information leakage cases based on leakage means

According to the different means of information disclosure, the collected cases are summarized and analyzed, and the main means and proportion of sensitive information disclosure are summarized.

Summary and Analysis of Sensitive Leakage Means

It can be seen that more than 60% of sensitive information leakage events occur through technical means, and less than 40% of sensitive information leakage events occur through non-technical means.

The trend of sensitive information leakage events caused by technical and non-technical means is further analyzed, as shown in the following figure:

Summary and trend analysis of sensitive information disclosure means

The study found that in the past 15 years, the leakage of sensitive information caused by non-technical means remained flat on the whole, with a relatively flat trend and no significant growth; The leakage of sensitive information caused by technical means shows a significant growth, and it is expected to continue to grow at a high speed for some time in the future, which needs attention and vigilance.

2.1 Technical means

Summarize and analyze the distribution of industries that steal sensitive information through technical means. The Internet, government institutions, and financial industries have become the hardest hit areas for information leakage.

Summary and analysis of industries involved in sensitive information disclosure technology

Further analysis found that:

1) Due to the massive application of information technology, especially new technology, in the Internet industry, while providing services to customers, it will correspondingly capture a large number of customer behavior information, identity information, financial transaction information, etc., but there are deficiencies in its protection, leading to illegal elements to steal a large number of these sensitive information through technical means, resulting in information leakage.

2) The types of sensitive information leaked by government agencies are mainly personal sensitive information, including personal basic information, medical information, social security information, etc. The leakage of these information has a high degree of harm. Many information is accompanied by lifelong information, and a leak is equivalent to a leak forever.

3) The types of sensitive information leaked by the financial industry are mainly personal financial information, credit information, insurance information, etc. Such information obtained by criminals is mainly used to implement telecommunications fraud.

Based on the summary and analysis of the types of information that lead to the disclosure of sensitive information through technical means, we found that the sensitive data caused by technical means are mainly personal sensitive information. In terms of the protection of national secrets and trade secrets, the overall technical protection is relatively good.

Summary and trend analysis of sensitive information disclosure means - technical means

With the wide application of big data analysis technology in recent years, the value of data has become increasingly high. Especially for many companies, their business information is the personal information of these customers. Improving the protection of personal information is to protect their business secrets. It can be seen that from 2010 to 2013, the proportion of stealing personal sensitive information through technical means has increased year by year, reaching the highest level in 2013. With the protection and attention to sensitive information, it has shown a steady downward trend in the past three years.

Analysis of technical means of sensitive information disclosure - personal information

Through analysis, it is found that the main technical means of sensitive information leakage is hacker attack to steal sensitive information, which reached its peak in 2014. In recent years, the upward trend has eased. Through analysis of its reasons, in recent years, various institutions and units have successively launched many technical protection measures, which has increased the difficulty of hacker attacks to a certain extent. However, it is worth being vigilant that due to the massive increase of Internet users and the uneven awareness of personnel, the use of phishing to steal sensitive information has increased.

2.2 Non technical means

Summarize and analyze the distribution of industries that steal sensitive information through non-technical means. Manufacturing, the Internet, government agencies, and the financial industry have become the main sources for criminals to obtain sensitive information.

Summary and analysis of industries involved in non-technical means of sensitive information disclosure

By summarizing and analyzing the types of information that lead to sensitive information leakage through non-technical means, we found that:

1) In terms of trade secrets, the trend is relatively stable. With the development of science and technology and the increase of attention to information, the trend is declining year by year;

2) In terms of personal information, there is a trend of explosive growth. It is not difficult to find the reason by further analysis, mainly because the difficulty of stealing information by technical means is increasing year by year, and then the criminals are gradually changing the means and methods of obtaining information, which needs to be vigilant, further improve internal management and control, and enhance personnel's safety awareness.

3) State secrets also show an upward trend, especially with the further strengthening of China's comprehensive national strength and the improvement of its international status, the author believes that this aspect will further rise.

Summary and trend analysis of sensitive information disclosure means - non-technical means

The main reasons are the disclosure of secrets by internal employees, job hopping of former employees and imperfect internal management.

Summary and analysis of non-technical means of sensitive information disclosure

Further analysis is made on the trend of non technical means of information leakage, as shown in the following figure:

Trend analysis of sensitive information disclosure means - non-technical

After analysis, it is found that:

1) The leakage of sensitive information caused by employee job hopping is declining year by year. Analysis of the main reasons shows that, on the one hand, because enterprises begin to attach importance to the protection of sensitive information, the protection of core confidential information is becoming stronger and stronger, and fewer and fewer people master core confidential information, and their loyalty is becoming higher and higher; On the other hand, the core confidential information of the enterprise has become more and more complex, and the division of labor is more meticulous. The situation that one person has mastered all the core information has basically become a thing of the past. Even if there is job hopping, the impact on the enterprise is greatly reduced.

2) The situation of bribing internal personnel to continue to leak secrets has increased. This way is highly concealed and persistent, which has caused great harm to enterprises.

3) The leakage of sensitive information due to internal management problems is on the rise. Information leakage due to internal management problems such as imperfect internal management, imperfect system, and unfavorable implementation of internal control system has become more and more, which requires vigilance and attention.

3. Summary and analysis of sensitive information leakage cases based on industry distribution

According to the different industries of information disclosure, we summarized and analyzed the collected cases, and summarized the distribution of industries leading to the disclosure of sensitive information.

Trend analysis on non-technical means of sensitive information disclosure

In the statistics of sensitive information leakage cases, a total of 26 industries are involved, among which the Internet industry, manufacturing industry, government institutions and financial industry are the main sources of sensitive information theft by criminals.

The following will analyze the current situation of sensitive information leakage of the Internet, manufacturing industry, government institutions and financial institutions.

3.1 Analysis of Sensitive Information Leakage in the Internet Industry

Based on the summary and analysis of sensitive information leakage cases in the Internet industry, it can be found that the number of information leakage incidents caused by criminals through technical means reached 81.82%.

Summary of sensitive information disclosure means in the Internet industry

Further analysis of the means of information disclosure shows that Internet companies have been subjected to hacker attacks for a long time, and 67.27% of sensitive information leakage incidents of Internet companies are due to hacker attacks. In addition, the leakage of internal employees and the system's own vulnerabilities have also become the main way of sensitive information disclosure.

Analysis of sensitive information disclosure means in the Internet industry

Based on the summary and analysis of the information types of sensitive information leakage in the Internet industry, nearly 80% of information leakage incidents will lead to the leakage of personal sensitive information.

Summary and analysis of types of leaked information in the Internet industry

The analysis of the trend of sensitive information leakage in the Internet industry shows that since 2010, the leakage of sensitive information in the Internet industry has increased significantly. At present, this growth trend will still maintain its high-speed growth trend. The author believes that this is consistent with the development of the entire Internet industry, This requires us to pay attention to the protection of sensitive information while developing our business, and further enhance the importance of information security.

Analysis on the trend of sensitive information leakage in the Internet industry

3.2 Analysis of Sensitive Information Leakage in Manufacturing Industry

By summarizing and analyzing the cases of sensitive information leakage in the manufacturing industry, it can be found that 78.26% of sensitive information leakage is achieved through non-technical means.

Summary of sensitive information disclosure means in manufacturing industry

Further analysis of the means of information leakage shows that the main reasons for information leakage in the manufacturing industry are employees' job hopping and buying internal employees to obtain sensitive information.

Analysis on the Means of Sensitive Information Disclosure in Manufacturing Industry

Summarize and analyze the information types of sensitive information leakage in the manufacturing industry. The main type of information leakage in the manufacturing industry is trade secret data, which is inseparable from the characteristics of its industry.

Summary and analysis of information leakage types in manufacturing industry

Based on the analysis of the trend of sensitive information leakage in the manufacturing industry, it is found that the leakage of sensitive information in the overall manufacturing industry shows a downward trend year by year, which is inseparable from the enterprises' increasing protection of sensitive information year by year. However, with the transformation and development of the manufacturing industry, the large-scale application of industrial control technology and information technology, especially the "Manufacturing 2025" proposed by the state, under the strong support of policies and the tilt of funds, the author believes that there will be a significant growth in the manufacturing industry in the future. At that time, it may usher in a new round of challenges of sensitive information disclosure, which requires vigilance.

Analysis of Sensitive Information Leakage Trend in Manufacturing Industry

3.3 Analysis on the leakage of sensitive information of government agencies

Based on the summary and analysis of sensitive information leakage cases of government agencies, 57.89% of sensitive information leakage incidents were caused by technical means, and 36.84% of sensitive information leakage incidents were caused by non-technical means. In addition, 5.26% of sensitive information leakage incidents were not clear about the reason.

Summary of sensitive information disclosure means of government agencies

Further analysis of the means of information disclosure shows that 47.37% of government agencies are exposed to hacker attacks, and 10.53% of government agencies are exposed to insider leaks, bribery, theft and other reasons.

Analysis on the Means of Sensitive Information Disclosure by Government Agencies

Based on the summary and analysis of the information types of sensitive information leakage in government agencies, the leakage of personal sensitive information accounts for 52.63%. Further analysis shows that the main types of information leaked include personal basic information, medical insurance information, social security information, etc. Most of these information is information that accompanies a lifetime. Once leaked, it will be a permanent leakage, with great harm.

Summary and analysis of types of information leaked by government agencies

The analysis of the trend of the leakage of sensitive information from government agencies shows that the overall trend is on the rise. Especially with the application of new technologies such as big data analysis, the basic information of personnel, medical insurance, social security and other information become more and more important. The leakage of these information also brings huge hidden dangers to people's lives, and the protection of sensitive information should be further strengthened.

Analysis on the trend of sensitive information leakage of government agencies

3.4 Analysis of the disclosure of sensitive information in the financial industry

Based on the summary and analysis of sensitive information leakage cases in the financial industry, 55% of sensitive information leakage events are caused by technical means, and 40% of sensitive information leakage events are caused by non-technical means. In addition, 5% of sensitive information leakage events are still unclear which means is responsible for the leakage.

Summary of sensitive information disclosure means in the financial industry

Further analysis of the means of information leakage shows that in the financial industry, information leakage accounts for 45% due to hacker attacks, and in addition, information leakage accounts for 25% due to imperfect internal management.

Analysis of sensitive information disclosure means in financial industry

Based on the summary and analysis of the types of sensitive information leaked in the financial industry, more than 90% of the leaked information is personal sensitive information. The leakage of such information will further aggravate telecommunications fraud and cause a lot of losses.

Summary and analysis of information leakage types in the financial industry

The analysis of the trend of sensitive information leakage in the financial industry shows that the overall trend is relatively flat. At present, there is no significant growth trend. Compared with the Internet and government agencies, the overall situation is slightly better.

Analysis on the trend of sensitive information leakage in the financial industry

3、 Recommendations

After the summary and analysis of sensitive information leakage cases at home and abroad, the author believes that the following aspects need to be strengthened in view of the current situation.

1) We will further strengthen the fight against sensitive information disclosure cases, improve the legal protection system for sensitive information, ensure that there are laws to abide by, maintain a high pressure situation, and increase the illegal costs of criminals.

2) All organizations should pay more attention to information security while their business is developing rapidly. On the one hand, they should increase investment in information security, deploy information security equipment, and strengthen the protection of sensitive information. On the other hand, they should establish a special information security team or clarify the responsibility for sensitive information protection, so as to achieve reasonable planning and overall consideration.

3) Improve the protection awareness of sensitive information of personnel, and the organization should strengthen the training and publicity of information security awareness to prevent the occurrence of unintentional disclosure events.

4) For some industries with high incidence of sensitive information leakage, such as the Internet industry and the financial industry, on the one hand, we should strengthen supervision and urge enterprises to improve sensitive information protection measures; on the other hand, organizations should strengthen internal management, strengthen the implementation of the system, increase the intensity and frequency of inspection of high-risk links, control the authority of personnel, and establish necessary restriction and control mechanisms.

Attachment: Some sensitive information leakage cases