Page 2 of 2
Imperva's Rachwald says only the FBI would know about the 12 million people purported to be on the database, and why those people might've been tracked or monitored. "I can say that the breached data could be used to monitor somebody's cell phone activity, not only from the standpoint of what calls they make but also what websites they're visiting and so forth," he said. "And also, cell phones are pretty good for geolocation, so this could be used to identify an individual's location, as well."
It's also difficult to ascertain whether the hackers were aware that this database was present on the agent's machine or if they were merely targeting the individual in hopes of gathering whatever they might find. "This is a guy who's involved in the recruiting of hackers, which might make him a natural target," he said. "But it's also possible that somebody in the organization knew that he had some interesting data on his machine."
Rachwald added that the breach is just the latest testimonial to the complicated world of cyber security. "It tells you that hackers continue to be innovators by definition, and even the most advanced, intelligent defense people will get duped from time to time," he said. "This is the defender's dilemma. You have to know all of your vulnerabilities, but the attacker only needs to find one."