Top 10 Greatest Hacks on Million Dollar Organizations
Published on 20 July 15
James0
Possessing extensive programming and IT skills can be a bane or a boon. Being tech savvy allows you to hack through computer systems, such as your university's firewall protection or your neighbors PC, but bear in mind that there's a difference between a good hacker and a malicious hacker.
A good hacker is one who used his aptitude for good by elevating our technological advancements and the not so good hacker are those who intelligently break through security systems for reasons of greed and power.
1) The British Bank Heist
What Happened?
British banks lost millions of pounds within hours after Russian based hackers spent the last two years planning an unprecedented online hack on British soil.
As much as -£650 million were considered stolen after the gang inserted computer viruses that affected networks in more than 100 financial institutions worldwide, including banks from Japan and China.
Source: http://www.telegraph.co.uk/news/uknews/crime/11414191/Hackers-steal-650-million-in-worlds-biggest-bank-raid.html
When did it happen?
February 2015
How did it happen?
The hackers managed to penetrate through the bank's internal computer systems using malware through a process called spear phishing, which stayed in the networks for months, collecting vital information and sending the info back to the hackers.
The cybercriminals would then gain entry to an employee' system where they would then send an email which appeared to come from a staff member.
Once the email was opened, the malware would infect their system allowing the hacker to jump into the bank's network.
They would then gain access to an administrator's computer providing video surveillance of everything on in the office.
The illegal software the hackers used was deemed very sophisticated for its time as the hackers could view video feeds from secured offices which allowed them to steal.
2) The JP Morgan hack
What happened?
Hackers compromised the accounts of 76 million households and seven million small businesses under JP Morgan's system.
When did it happen?
July 2014
How did it happen?
What they did was they scoured through the company's vast computer systems which approximately contain 90 over servers
The hackers acquired a list of the applications and programs that run on JPMorgan's networks which they could crosscheck with known vulnerabilities in each program and web application, to access into JPMorgan's bank accounts.
It is known that the hackers executed their operations overseas, and was able to gain confidential information of JPMorgan's account holders including their names, addresses, phone numbers and emails.
Fortunately, JPMorgan reported that there was no evidence that other vital account information was accessed such as passwords or Social Security numbers.
3) The Ebay Hack
What Happened?
eBay had all 145 million of its users' personal data been accessed and compromised in one single hack attack. The hack was arguably one of the biggest breaches of our time.
That attack was reported to have impacted 110 million customers and left personal information -- including names, mailing addresses, phone numbers, email addresses, and debit and credit card data vulnerable to the hackers.
When did it happen?
May 2014
How did it happen?
Through encrypted passwords, eBay's corporate network was hacked, causing its database that contains hundreds of millions of users' passwords compromised.
Investigations found out that there were various employee login credentials stolen which were the cause of the unwarranted access.
4) The 7 years businesses hack
What happen?
In a span of seven years, five Russians and a Ukrainian utilized advanced hacking methods to loot more than 160 million credit and debit card numbers, infiltrated into more than 800,000 bank accounts and servers used by the Nasdaq stock exchange.
The lengthy organized attack spanned across the globe, causing at least $300 million in losses to companies and individuals.
The six accused hackers worked together to steal data, including credit card and debit card numbers, user names and passwords
Source: http://www.nydailynews.com/news/national/russians-ukrainian-charged-largest-hacking-spree-u-s-history-article-1.1408948
When did it happen?
Over a period of 7 years, from 2007 to 2014
How did it happen?
The six accused hackers ran a joint operation by first stealing data. Known by the hacker code names as Grig, G and Tempo, they hacked into the Nasdaq server and installed malicious software which gave them access to manipulate and steal data from banks such as Citibank and PNC Bank.
The hackers acquired data including credit card and debit card numbers, user names and password.
They then access the accounts to withdraw the stolen money or sold the account information onto online forums.
5) Massive data breach at Global Payments
What happen?
A data breach occurred in Global payments, a company that processes credit card transactions for major credit card companies including Visa. The data breach cost Global payments a whopping $93.9 million.
Not to mention, Visa and MasterCard were already alerting banks of a breach in Global payments database a year before Global Payments acknowledge the breach and took action.
The massive data breach compromises credit and debit card information for all major credit card companies.
The breach was so bad and the delay in action taken by Global payments was so horrendous that Visa spokeswoman, Sandra Chu, announced that Visa had removed Global Payments from its list of preferred credit-card processors.
When did it happen?
Started in June 2011, stretched till late March 2012
How did it happen?
Based on this hacking example, it apparently shows that the current Data Security Standard (PCI-DSS) for the payment card industry is inadequate.
It was revealed there was unauthorized access to servers that housed personal information collected from merchants who applied for Global's processing service.
In the end, the total $93.9 million breach expense is substantially less than what Global Payments originally projected.
Global gave this statement with regards to the aftermath of the breach, "We based our initial estimate of fraud losses, fines and other charges on our understanding of the rules and operating regulations published by the networks and preliminary communications with the networks.
We have now reached resolution with and made payments to certain networks, resulting in charges that were less than our initial estimates."
6) Living Social
What happen?
LivingSocial, the daily deals site, had its database breached, which compromised 50 million users' accounts.
When did it happen?
April 2013
How did it happen?
Through various encryption methods, the cyber criminals gained access to user names, e-mail addresses and dates of birth for some users and encrypted passwords for 50 million people.
Fortunately, the company's databases that store user and merchant credit card and banking information were not compromised in the attack.
With regards to Living social's system security, they claimed to protect their passwords by mixing up the users' passwords with mathematical algorithms and arranged them in random digits to the end of each password to make it extremely difficult to hack.
7) Playstation Network hack
What happened?
These days, its not just computers whom are susceptible to hacks. If your devices do have online functions, your security can be compromised.
That's what Sony Playstation learned in 2011, when an incursion to their PlayStation Network (PSN) service resulted in the loss of data from approximately 77 million user accounts, including personal identifiable information. The company was forced to take their entire network down for 20 days while they dealt with the fallout, at a cost of $171 million.
Source: http://www.theguardian.com/technology/2011/apr/26/playstation-network-hackers-data
When did it happened?
April 2011
How did it happened?
It was discovered that between 17 and 19 April of 2011 an unauthorised hacker gain access to people's names, addresses, email address, birthdates, usernames, passwords, logins, security questions and more.
According to Sony, accounts on the PSN are free to start, and users only need to provide credit card details if they decide to purchase games. But after the attack, it was revealed that Sony store their customers' credit card information in a weak unencrypted form allowing hackers to easily retrieve it.
8) Comodo hack
What happen?
A security certificate is issued to confirm that the site you're looking at is what it claims to be. One company that provides such certificates is Comodo. However, back in 2011, an Iranian hacker illegally accessed into Comodo's system and generated a number of certificates for major sites like Google and Yahoo.
You see by getting these certificates, the hacker is able to make any computer from any part of the globe think that they were on those sites, which allow the hacker to eavesdrop on your any users' secured e-mail or sensitive information while they unknowingly used any of the web services.
When did it happen?
March 2011
How did it happen?
What the hacker did was simply duping the certification authority of Comodo into seizing digital certificates from a few unauthorized parties. He then compromised a site which contain a hard-coded login name and password, and then generate certificates for several well-known sites, including Google, Live.com, Skype, and Yahoo.
9) Chinese hackers compromised U.S Weapons system
What happened?
Chinese hackers breached the Pentagon's design files which consist of over two dozen critical weapons systems, including the United States critical missile defense program.
When did it happen?
May- June 2013
How did it happen?
A partial list of compromised designs including the F-35 fifth generation fighter jet, the V-22 Osprey, THAAD missile defense and the Patriot missile defense.
The hackers also accessed Personally Identifiable Information, including vast quantities of military email addresses, SSN, credit card numbers, and passwords.
The method of hacking apparently used is what Information Security experts call "human engineering" when manipulative emails or clever online con-men actually get victims to divulge information on their own.
10) TJX
What happen?
The TJX hack, dubbed as one of the most expensive hacks in history. The hack occurred in 2007 when an attack on American firm TJX was through an insecure Wi-Fi network in one of the company's TJ Maxx shops. The attack caused massive amount of credit card details stolen, and the figure ranged between 45 million to 94 million.
Source: http://www.computerweekly.com/news/2240080607/TJX-hack-the-biggest-in-history
When did it happen?
2005-2008
How did it happen?
It was through this hack that intrusions involving the decryption of PIN code came to light.
The hack done by one Albert Gonzalez who programmed blank cards with debit card magstripe data and then used them with the stolen PINs to siphon money from the ATM.
Subsequently, Gonzalez has a packet sniffer installed on the TJX network to siphon transaction data in real time, including the magstripe data on the credit and debit cards.
The stolen magstripe data was routed to servers Gonzalez leased in Latvia and Ukraine, and ultimately passed to master Ukrainian card seller Maksym Maksik Yastremskiy, who peddled them to other carders in the underground, accepting payment through web currencies, such as E-Gold and Web Money, or direct bank-account deposits to Eastern Europe. Maksik's customers then programmed the magstripe data onto counterfeit credit cards.
Conclusion
Jamie Dimon, JPMorgan's chairman and chief executive, has acknowledged the growing digital threat from cybercriminals and in his annual letter to shareholders, Mr. Dimon said, We're making good progress on these and other efforts, but cyber attacks are growing every day in strength and velocity across the globe.
This is true as there are plenty of hackers out there who are trying to make a quick buck (in millions), or who are planning to access into highly confidential information. As such, many companies are constantly beefing up their cyber securities.
To end off, here's one small security tip for you:
The same password should never be used across multiple sites or accounts.:)
This blog is listed under
Development & Implementations
, Data & Information Management
, IT Security & Architecture
and Quality Assurance & Testing
Community
Related Posts:
Post a Comment
