Fake data

Fake data

There's a new cyber threat on the horizon. And it's fiendishly subtle and potentially very dangerous.

Fake data - altering databases and documents without anyone noticing.

Say you changed centrally held figures for a key metric such as soil fertility that many arable farmers use to organise their planting schedules.

"That data is used to drive another process, and lots of decisions are made on that basis," says Jason Hart from security firm Gemalto.

Unless the attack was noticed quickly, he says, it could have devastating consequences because the sabotaged data would kick off actions that played out over months and years.

You could end up with failed crops, food shortages and, in a worst case scenario, famine.

"You have no way of going back once a decision is made and the impact has happened," says Mr Hart. "There's a real amplifier effect to that kind of problem."

Fake data

Other scenarios include hackers interfering with automated stock market trading, triggering mass sell-offs and economic instability.

Or "poisoning" supply chain data so that the wrong stuff goes to the wrong stores, not to mention the potential dangers to energy supplies if production forecasts are tampered with.

Many of the decisions we make in business and government are based on data that we assume is accurate. So if you undermine the authenticity of that data - and our trust in it - you can potentially bring an economy to its knees, experts warn.

Businesses are vulnerable to this type of cyber sabotage because they inherently trust the data and documents they produce, says Abe Smith of Dealflo, a company that helps financial firms automate transactions.

Fake data

"There's about $15 trillion [?12tn] of financial agreements processed every year and most of them are manual in one sense or other," says Mr Smith.

Automation helped to cut costs involved with those financial agreements and to weed out mistakes, but these changes only reinforced reliance on digital information.

And anything digital can be tampered with.

Documents that teams have been collaborating on are vulnerable to attackers that can change the core text, alter numbers, or re-write terms and conditions to one party's benefit, says John Safa of Pushfor, a company that makes secure ways for firms to share data and other content.

"At the end of the day it can be edited and it can be changed," he says. "The problem then is if it is a legal contract without enough back-up, then it could be represented as something factual."

Fake data

It is still all too easy to drill down into a document's metadata and change its basic properties that, if examined, lend weight to the fiction of it being authentic.

"Whatever emerges at the other end of a workflow system people will accept," he says. "The document preserves the memory and we believe what it says all the time.

"Trust in all of this process is critical," he says. "If that trust is lost then the entire process breaks down."

But there are technical ways to lock down data and documents to thwart the efforts of stealthy attackers to read or change them.

Many firms now use Digital Rights Management (DRM) systems to police who can do what to reports, files and other documents floating around their organisations, says Stuart Barr, chief strategy officer at workflow system firm HighQ.

DRM has been used to stop pirates stealing copies of copyright movies and video games, he says, but is now regularly applied to documents. It restricts editing to a select few and resists other attempts to make changes.

Fake data

"You should not be able to fiddle with them," he says.

It's one of the reasons why blockchain technology is gaining momentum as a way to authenticate contracts and transactions.

Mr Barr says firms using DRM have to strike a balance between putting good protections around valuable documents, and not making them so onerous that people avoid them.

"You would be surprised how many people let documents run around in the wild without any protection," he tells the BBC, adding that a lot of organisations are "porous", letting key files flow back and forth with few checks on what has happened to them in the meantime.

Some firms seek to filter this flow using specialist cloud-based services, but, says Mr Barr, work has to be done to ensure that this innovation does not introduce more risk.

"If they have files that are stored in any reputable cloud they should be encrypted at rest and in transit," he says.

Scrambling data, allied to techniques that generate unique identifiers for important files, could go a long way towards preventing attacks on data integrity, he says.

"There's a growing awareness that this is an issue that has to be taken seriously."

Cloud-based management systems that use encryption to protect important documents are still very new in the legal world, says Susan Hall, a partner at law firm Clarke Willmott.

A lot of law firms still rely on Redline editing, she says, which uses the edit tracking systems built in to Microsoft Word.

Fake data

This allows edits to be made and marked on versions of contracts and other documents as negotiations or talks progress, she says.

"Often you have junior staff go through the final version to make sure nothing has crept in inadvertently or has otherwise changed before the signature," she says.

"But in a lot of these situations you are operating under extreme pressure and there's a high risk that people won't pick up that something should have been included but wasn't."

In highly complex business contracts, a surreptitiously included clause could end up losing your business millions.

So it's not just cyber theft we need to worry about, it's data integrity.

Follow Technology of Business editor Matthew Wall on Twitter and Facebook

Add Comment

all comments

  Other news

Grand jury expands felony indictment of Wasserman Schultzs former IT aide

Grand jury expands felony indictment of Wasserman Schultzs former IT aide..

17-Aug, 23:57

A former House IT aide who had access to emails and files of dozens of...

Britons joining Kurds to fight IS 'pose security risk' to UK

Britons joining Kurds to fight IS 'pose security risk' to UK..

17-Aug, 04:52

British volunteers fighting against so-called Islamic State in Syria pose...

Number of asylum seekers to Canada up four fold in August

Number of asylum seekers to Canada up four fold in August..

17-Aug, 17:41

A majority of those arriving in the current wave are from Haiti and were...

Brother of Chloe Ayling kidnap suspect in court

Brother of Chloe Ayling kidnap suspect in court..

17-Aug, 12:30

The brother of the alleged captor of British model Chloe Ayling is to...

That Sun in the Sky Episode 106

That Sun in the Sky Episode 106..

02-Feb, 23:44

The following That Sun in the Sky Episode 106 English Sub has been...

The Latest: Hamas says Saudi push to isolate it regrettable

The Latest: Hamas says Saudi push to isolate it regrettable..

07-Jun, 06:36

The Latest on the Gulf crisis after Saudi Arabia and other nations cut...

Corruption charge pressures Brazil's president

Corruption charge pressures Brazil's president..

27-Jun, 00:48

In a scathing 64-page indictment, Brazil's top prosecutor described a...

Thai husband kills baby, self on Facebook Live

Thai husband kills baby, self on Facebook Live..

25-Apr, 22:25

A man in Thailand upset with his wife hanged their 11-month-old daughter...