Verizon Business's Bryan Sartin, who investigates corporate break-ins, saw red this year over hacktivist threats to clients.

Sartin is a director of investigative response with Verizon Business. He’s the guy you call when you’ve been hacked and he usually doesn’t get much of a Christmas vacation.

“Right before big holidays, particularly Christmas and New Year’s is when the very vast majority of people seem to find out that they’ve been hacked,” he says. “We’ll do as much as 20 percent of our annual caseload during this part of December.”

In 2010, about 92 percent of those cases involved criminals trying to steal money over the internet, but this year everything changed.

The first signs emerged in December 2010, when activists with the online collective Anonymous called for digital sit-ins — known as distributed denial of service attacks — on the websites of companies that had refused to process payments for Wikileaks. Then, in early 2011, attacks on Sony, HBGary and many law enforcement agencies hit the headlines. None of them appear to have been financially motivated.

That’s meant big changes in the kinds of threats that companies are preparing for.

Sartin helps compile a widely watched yearly study of data breaches, and he says that hacktivist and state-sponsored attacks will show up in this year’s report, big time. “That trend has certainly continued this year and it will embody itself in a big way in our upcoming study.”

But for all the high-profile LulzSec and Anonymous attacks this year, Sartin still believes the hacktivist threat — long ignored by corporate IT — is now frequently overhyped.

He says clients often approach Verizon after they see a Twitter message or an internet post threatening an attack on a pre-determined day. The company gears up for an event, bringing consultants on site, and ordering technical staff to be at the ready.

It’s not cheap, and most of the time, nothing happens. “Very commonly, when companies are receiving these kinds of threats in advance, no one ever makes good on them,” he says.

Last year, reported cyber-threats to the New York Stock Exchange, the Federal Reserve, and Facebook never materialized.

In one actual attack — Sartin wouldn’t name the company — criminals broke in and got access to a database filled with encrypted client data. Looking at the logs, Verizon investigators could see that the attackers had downloaded all of the encrypted data — something that would force the company to notify its customers that their data had been accessed. But they didn’t download the one most useful table of all — an unencrypted list of the encryption keys that could be used to decrypt all of the data they had stolen.

“They were stealing data with no interest in deciphering the encryption,” he says. “They were just stealing it to force this company into making a disclosure.”

While the hacktivists may be overhyped, Sartin says they’re often better than the other hackers out there. According to him, many attacks that are thought to be state sponsored, are surprisingly unsophisticated. Known as advanced persistent threat attacks, Sartin calls them “awfully persistent, but not so advanced.”

There’s one more surprise that will show up in the 2012 Data Breach Report, which will include a lot more data sources from Europe and Asia than previous reports.

“In this part of the world, China is the source of a lot of our crimes, but if you go to China … the U.S. is the number one source of electronic crimes,” Sartin says. “Over here we think that all of these advanced persistent threats and things come from China. Over there, they think they all come from here.”

Photo courtesy of Verizon