With the majority of information now stored online, corporate hacks have become ever frequent, and it seems that larger companies are failing to fulfil their security duties. But is it possible to beat the ever advancing techniques of hackers? Here are some of the largest corporate hacks of all time and how they could have been prevented.
Around 77 million users of Sony’s Playstation network could have had their information stolen by hackers in April 2011, and the company failed to realise that other parts of the business had also been affected. Sony took days to respond to the situation and their evident unawareness of the extent of the breach did nothing to reconcile customer concerns.
If Sony had employed a Chief Information Security Officer to manage IT security, it is likely that the hack could have been prevented. However, Sony had also settled a high-profile case with hacker Geohot a few days prior to the breach, suggesting hacking groups such as Anonymous have started to follow a policy of retribution, meaning companies lose either way.
In March 2011, RSA Security was hacked when a spoof email containing an infected Excel spread sheet tricked employees into allowing hackers to access the system. Employees were not trained to recognise these potentially dangerous emails, and company executives rarely know what information is stored online.
RSA should have stored information behind a network of strict segmentation where it’s more difficult to access, or kept it offline. Training of staff is essential to prevent hackers entering the server by social engineering. Companies could also segment the network, meaning if one part of the business was hacked not all aspects would be affected.
Citigroup have been hacked once before in the early 2000s by the infamous Adrian Lamo, who now works as a threat analyst identifying the weaknesses in companies systems. In June 2011, Citigroup’s website had a well-known vulnerability which allowed hackers to steal account details for 200,000 customers.
If Citigroup’s website had been regularly audited to highlight any application flaws, it is likely this basic mistake could have been avoided, especially as this was not the first time the company had been hacked.
As an FBI partner, you would imagine InfraGard Atlanta to have the most up-to-date Internet security available. However, in June 2011 the company was hacked and 180 usernames and passwords were stolen. The FBI had been victims of hacking before in 2004, when a series of cyber-attacks on American military associates were traced back to China.
Although the passwords were encrypted, many were easy to guess and users often reused the same ones, which is a huge mistake. To increase password security, it should be at least ten characters in length with a mixture of letters and numbers, and you should try to use different passwords for different accounts otherwise all your online information could be at risk.
In the wake of the original conflict between America and China over hacking, the Gmail scandal was heightened, especially as it occurred on such a massive scale. The email accounts of Chinese human activists were hacked, suggesting that the Chinese government masterminded this attack, especially because of the widespread restrictions within the country.
The hack was a mixture of complex encryption, programming and locating of an unidentified hole in Internet Explorer which enabled the hackers to access the required information. The perpetrators have never been identified, and it’s difficult to determine how this could have been prevented.
Many hacks are due to basic flaws which could be easily avoided if the right security checks and methods are implemented, such as regularly updating server support, changing passwords frequently and being cautious over information stored online. Companies can often easily protect their data, but the Gmail scandal proves that hackers are ahead of security technology. Do you think your information is safe from hackers?
Sarah McLaughlin is a keen advocate of creating complex Internet passwords and regularly deletes all spam e-mails, unless they look genuine. She writes for Arc IT Solutions.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.