Tuesday, May 10, 2011

5 worst digital security breaches of all time

Post by Sebastian Anthony: With yesterday's news of the PlayStation Network being hacked and the unceremonious accompaniment of millions of names, addresses, dates of birth, passwords, and possibly credit card details having potentially been stolen, the tech community's attention has yet again been focused on the tricky and vitally important topic of internet security.

Breaking in to computer networks and stealing data is not a new thing — it's been happening since the advent of computer networks — but as the number of people on the internet grows and more and more sensitive data is being stored by online services, the problem of data security becomes more important. These databases tend to be incredibly secure, but the fact is, your name, email address, and credit card details are worth real money to hackers and spammers, who'll do almost anything to get their hands on them.

While the PlayStation Network breach is one of the biggest in recent months, let's take a look at some others and see what they can teach us about protecting our online privacy and security.

1. Gawker Media — December 2010

One of the most popular targets for hackers is online forums and blogs. They're rarely secured to the same level as large, commercial websites, and they have the added bonus of upsetting a large number of vociferous blogging and commenting types.

The attack on Gawker Media exposed the email addresses and passwords of millions of commenters on popular blogs like Lifehacker, Gizmodo, and Jezebel. Beyond the breach itself, the main problem was that Gawker Media stored passwords in a format that was very easy for hackers to understand. Some users used the same passwords for email and Twitter, and it was only a matter of hours before hackers had hijacked their accounts and begun using them to send spam.

Using a modern browser like Chrome or Firefox and a password manager like LastPass almost completely mitigates the potential damage of such attacks.

2. T.J. Maxx and Marshalls — 2005 to 2007
In what was probably the largest theft of data ever, over 45 million credit and debit card numbers were stolen from off-price department stores T.J. Maxx and Marshalls. The hacker, Albert Gonzalez, was only caught in 2008; in 2010, he was sentenced to 20 years in federal prison.

Between 2005 and his arrest in 2008, Gonzales stole the details of over 170 million credit and debit card numbers, making him the most successful credit card thief of all time.

3. Her Majesty's Revenue & Customs — November 2007
Data is not only stored online; it can also be stored on CDs and DVDs, which can then be stolen or misplaced. In November 2007, the United Kingdom's Revenue & Customs service lost computer discs that contained the names, addresses, and National Insurance numbers of 25 million British citizens.

Fortunately, it's thought that the discs were simply lost in the mail — but even so, it's proof that highly technical online hacking isn't required to obtain large amounts of sensitive data.

The United States Department of Veterans Affairs made a similar gaffe in 2006, when a laptop containing the Social Security numbers of 26.5 million U.S. veterans was stolen.

4. Google and other Silicon Valley companies — mid-2009

At the beginning of last year, news emerged that — believe it or not — the Chinese government had engaged in a massive and unprecedented attack on Google, Yahoo, and dozens of other Silicon Valley companies. It was first announced that China was trying to gather information on Chinese human rights activists, but it soon became apparent that it was mainly an act of industrial espionage.

It's not known exactly what data was stolen from the American companies, but Google admitted that some of its intellectual property had been stolen and that it would soon cease operations in China.

The Chinese hackers exploited a weakness in an old version of Internet Explorer to gain access to Google's internal network — and if you haven't recently updated your web browser, you really should update it right now.

5. RSA Security — March 2011
The worst (and undoubtedly the most ironic) data breaches happen when security companies themselves get hacked. Kapersky and Symantec, developers of antivirus and security software, have been hacked multiple times — and in March 2011, one of the biggest players, RSA Security, had a sensitive and highly confidential internal database laid bare.

RSA's breach was significant because its technology is used to secure thousands of other systems, which hackers might now be able to access.

Theft and fraud: Facts of life
At the end of the day, while these attacks sound both brutal and financially devastating, it's unlikely that you would have felt any direct repercussions. A certain amount of fraud and theft is sadly part of the system, and companies pay large insurance premiums for protection. The truth is, there have always been thieves and fraudsters in the world — and it's probably a good thing that they're moving toward online criminality and away from breaking into your house or car, or conning you into buying double glazing on your doorstep.

[Image credit: dermiller, Patrick Hoesly]

More from Tecca:

View the original article here

No comments:

Post a Comment