Biggest hacks of 2015

Ferenc Barta

In today’s world more and more features are available online. New solutions become available day by day for making our life easier, simpler, faster. Regarding the last decade we have been able to say goodbye to long hours of administration. The notion of physical distance has changed too as we can speak now with anyone anytime. The main things we gained from the technological boom? Time saved, childhood friends reunited, less trees cut, but have you ever thought of the downsides of global information availability?

 

Server Security has never been such a hot topic

Try to imagine your life without internet connection. We all have a picture about it and most of us who are 20 or older may still embrace vivid images from the times of non-tech living. How developed our Tamagotchis and Nintendos had seemed back then! Then once came this magical-mysterious “internet” people started to spread rumors about and in a minute it turned our world upside.

 

Once online never again private

Our personal info and everything we share on the web – from our Facebook conversations to our medical records – is stored on servers controlled by hosting companies who sell virtual space to people who wish to run a website. There is strict privacy policy for user protection but as the quote sais.: “knowledge is power”, people would eventually try to gain it by getting into possession of others’ private life or intellectual property.

 

There is a Christian Grey in all of us

Or at least in the 40 million people who thought that it was a good idea to simply manage their dirty cheating relationships online. Despite modern liberal worldview it was still a slap on the face for Christian Grey-like rich and influential figures to inform the world of their sexual habits and share a photo of their intimate parts. No, you wouldn’t want that to happen!

World’s leading adultery website Ashley Madison may have missed philosophy classes at UNI and misunderstood Horace’s saying ‘Carpe Diem’ when they promoted the idea of having sexual affairs with an evergreen justification: life is short. “Impact Team” certainly did not share their ideas, because they decided to bring down the whole enterprise behind Ashley Madison to set an end to users’ pleasures.

In mid-July, 2015 “headlines were dominated by news that the affairs/dating site called Ashley Madison was breached. It was reported and confirmed that files containing millions of records of users of the Ashley Madison site were stolen and were threatened to be released.” (forbes.com, 2015)

Protect your bread better in 2016

Yes, everyone can be victim of data breach today, even SMEs. Betty’s Tea Shops did not feel like being hacker-target and they invested into fancy cake design instead of good server protection. It seemed like a legit idea until 8 May, when 122 000 customers’ personal data was breached. The unsuspecting online customer may now wonder what the world has become if you have to fear the consequences of buying treats for the kids but it is not such a bad situation if you have a working solution against hacking.

 

Hack me I’m famous

With the technological boom new professions have become available on the job market. Besides the well-spread concept of an IT-supporter, there are some less-known positions available that may shock us at first sight. I would count being a professional hacker as one of these.

Governments and large and influential firms around the world like to hire “good hackers” to try getting into their servers before the bad ones do. In this way weak points or security leaks can be discovered just in time to be fixed.

 

Fasten your seatbelts

Charlie Miller and Chris Valasek are two highly skilled hackers who were hired by Chrysler to detect any vulnerability regarding their new smart-car series including the model Jeep adored by modern-age cowboys of city traffic. These two guys had been working on getting into the built-in computer system of the cars. The results have shocked everyone.

A real-life video demonstration shows how complete control can be gained over one’s vehicle having taken over certain functions – one by one. From being able to adjust the fan a list of activities could be controlled by activating a single code. A breeze of cold air in would not put you in the grave but have you assumed that disabling the breaks or steering the wheel from a distance would be no hard job for any skilled-enough technician?

 

War is on

“Bad hackers” do not spare even their “good” colleagues when on duty. Hacking Team Italy was not an exception from 2015 “breach storm” that swept through a significant part of the online world. Poor team got knowledge of the matter on their own twitter page with the header having been defaced shedding light on their own incredibility – or what the bad guys’ aim was. This issue was indeed unpleasant because Hacking Team database breach led to the discovery of several major security flaws in key products like Adobe Flash. Wiki Leaks did not help the situation either by publishing the leaked internal emails in an easily searchable database.

Ashley Madison breach was not long after the really huge OPM hacking case. According to wired.com, this was the biggest hack of the year with super-secret government data breached. The number victims count up to 21 million – including basically everyone who applied for a security clearance in 2000 or later in the USA.

 

“Wickedness has been laid bare”

Federal Office of Personal management database has been exposed after stealth presence of hackers from China – in the servers for almost a year. Background investigation database for evaluating people who sought classified clearances from the government were then made public. Data ranged from drug and criminal history, sexual orientation to fingerprints. The records contained interviews with the applicants’ neighbors, friends, family members and thorough data were stored regarding personal info on their spouses.

 

Stealth mode level 99

Another great hack can be related to the exploit of government data as well. Larger tech companies had been feeling the push of US officials to install system backdoors to let the government access protected communication for criminal/terrorist investigations. A so-called encryption backdoor would allow them to by-pass normal login and skip filters that users would otherwise have to the level of data access.

At Juniper Networks no one noticed for 3 years that someone had installed backdoors to NetScreen Firewalls, one of their products. An unauthorized code embedded in the firewall operating system would allow attackers to take complete control over Juniper NetScreen Firewalls and see everything users click on any characters they type when surfing the net. The company immediately released patches to solve this leak but I guess this was not enough to soothe angry stock marketers.


Share your ideas with us about this article

Previous posts

5 Signs That Your Server Has Been Compromised
There are many ways your server can be compromised. In this article, I try to sum up the top 5 signs, which show your server has been compromised through your website. Your website is a very vulnerable part of your server, so many attacks targeting this interface. Not only big enterprises, like Sony or Apple, can be the target of hackers. SMEs are now being pinpointed by digital attackers as well. Only in the UK, nearly three-quarters (74%) of small organisations reported a security breach in the last year. However, the majority of cyber breaches could be prevented by adopting some o...
Save the date for WHD.global
Do you like going to conferences? We really do! Not just because of the fizzing atmosphere, hot topics and mind-blowing technologies. It’s you guys, who we like to meet in person at an exhibition. BitNinja users are from all over the world now from the US to Singapore. And these events provide such a great space to get to know you better. The next one we are attending as exhibitors is WHD.global (March 15-17 – Europa-Park, Rust). Let’s meet at Booth Z29 or just have a coffee together after the exhibition days. Just ping us by email and we’ll discuss the details. Click here to...