What we can learn from the biggest hacks in history
Neil Rowney, Director of Red Mosquito, takes a look at three of the most catastrophic cyber attacks in history, and the lessons we must learn to avoid them happening again.
Cyber-attack — the words alone can be enough to incite panic. Between a lack of understanding and media sensationalism, any mention of a cyber-attack brings to mind catastrophic levels of damage. Recently, Labour leader Jeremy Corbyn came under scrutiny for claiming his party had been the victim of a “very serious” cyber-attack attempt — only for industry experts to review the incident as being comparatively low-level and commonplace.
Like the difference between a cold and pneumonia, there are varying levels of severity when it comes to cyber-attacks. A DDoS (distributed denial of service) attack, for instance, is a very common cyber-attack that can be used for something as petty as forcing a fellow video gamer to disconnect from an online server. On the other side of the spectrum, a sophisticated ransomware attack can cripple a whole conglomerate.
These high-level hacks are rarer by comparison to the average DDoS attack but can do a lot more damage. In this article, we’re taking a look at some of the truly “very serious” cyber attacks that have occurred in history, and the lessons we must learn from them.
Yahoo! data breach
Date of breach: 2013
Date breach was reported: 2016
Type of cyber attack: Yahoo! described the attack as an exploit of the Company’s account management tool. Expert analysis suggested that the hack was achieved through forging cookies, which allowed the attackers to access user accounts without entering a password.
Yahoo! originally reported the hack in 2016, three years after the breach took place, and noted one billion user accounts were affected.
Yahoo! then updated their assessment of the matter in 2017, saying that every single account held by Yahoo! at the time had been breached. This included extended companies of Yahoo!, such as Tumblr. The total number of Yahoo! accounts active in 2013 topped three billion.
It cost the company $16mn in forensic and lawyer costs.
As far as cyber attacks go, having every single user account on your servers compromised is certainly a worst-case scenario. But this is the exact scenario Yahoo! faced in 2013 when a large-scale hack saw all of its live accounts compromised, spilling email addresses, dates of birth, names, security questions, and security answers to be sold off to cyber-criminals.
But more damaging than the attack itself was Yahoo!’s response. The company did not report the breach until 2016, three years after the attack took place. The initial report outlined that a billion accounts had been compromised, which already made it the biggest data breach in history at the time. Worse yet, the discovery of this breach only occurred as Yahoo! was investigating a separate attack dating back to 2014, in which 500mn users were affected. The investigation led to a tip-off from law enforcement which shone a light on this larger breach from 2013.
Yahoo! was slammed by media outlets for how long it took for the company to notice the breach, its hesitation in reporting the problem, and its overall lax security features. This is certainly a stark lesson for businesses big and small to take its cyber security seriously, as well as the importance of reporting any and all data breaches quickly and accurately.
Marriott hotel data breach
Date of breach: 2014
Date breach was reported: 2018
Type of cyber attack: Reported to be a combination of a Remote Access Trojan and MimiKatz, which allows the user to find username and passwords. With this, the hacker was able to access an administrator account and access the wider database. The Remote Access Trojan (RAT) may have been placed in the server from a simple download link clicked in a phishing email.
Up to 500mn customer records accessed, with encrypted payment card information and possibly the key to decrypt it stolen.
Personal information, such as names, addresses, email addresses, passport numbers, and more were exposed.
Hackers had access to the network since 2014.
In 2018, the largest hotel chain in the world reported that up to 500mn user accounts had been compromised on its servers. If the high number of users affected wasn’t enough, an internal investigation revealed that the hacker had had unchallenged access for four years.
Upon reporting the breach, the Marriott set up a dedicated website to provide affected customers with information, as well as a year-long subscription to a fraud-detecting service.
The hack was caused by a RAT , which is a piece of malware that gives the hacker a “backdoor” into a network or server. RATs are usually downloaded from malicious websites or phishing emails — they have to be “allowed in” from the inside, such as an employee falling for a phishing email and downloading an attachment from it, for example. With a backdoor created, a hacker can get into the network and use another program, such as MiniKatz, to gain access to usernames and passwords and be treated as an administrator.
It sounds so simple, but ensuring your staff are trained and aware of simple cyber attack attempts such as phishing emails can avert larger-scale attacks. Ensure that your employees know how to recognise a phishing email. They should not trust an email just because it claims to be from a reputable brand or known name. Phishing emails will usually use panic-inducing language, threatening account closures or worse. Staff should be taught to contact the sender to establish the legitimacy of a claim before cooperating. Most importantly, they should not click internal links in an email, or download attachments, unless they are 100 per cent certain of its legitimacy.
LinkedIn data breach
Date of breach: 2012
Date breach was reported: 2012
Type of cyber attack: Initial attack method not disclosed, but the collected passwords were cracked quickly due to reliance on very basic security measures by LinkedIn.
LinkedIn reported a hack in 2012 that had exposed its users’ passwords. To start with, the company thought the breach had affected 6.5 million users. However, in 2016, LinkedIn announced that this initial estimate was inaccurate — over 110 million user accounts had been compromised, and their passwords were found listed on a forum for people to crack.
The passwords had been stolen from the LinkedIn severs as “hashed” passwords. A hashed password is a scrambled version of itself, formed from the password itself and a key that only the website knows. “Salt” data is also added, which is essentially random data added to each individual password to further scramble the hashed password and make it harder to decipher. However, in this case, experts noted that LinkedIn had failed to use salting, meaning that once one password was cracked, the rest followed the same method to crack as they were all scrambled the same way. After cracking a few passwords, hackers noticed a large number of the passwords had a variation of the phrase “linkedin” within them. With this obvious choice of phrase used to scramble so many passwords, the rest were cracked easily.
LinkedIn learned its lesson quickly, and so must all businesses — basic security measures are not enough. LinkedIn now uses salting, along with other enhanced security measures, to protect its passwords now. It is important for businesses to remain up to date with all the latest security measures and defences available, especially if it is handling user data. If the company doesn’t have the know-how to do this, consulting with a third-party IT security provider is vital to ensure data is protected.
SAS: Improving the British Army’s decision making with data
SAS’ long-standing relationship with the British Army is built on mutual respect and grounded by a reciprocal understanding of each others’ capabilities, strengths, and weaknesses. Roderick Crawford, VP and Country GM for SAS UKI, states that the company’s thorough grasp of the defence sector makes it an ideal partner for the Army as it undergoes its own digital transformation.
“Major General Jon Cole told us that he wanted to enable better, faster decision-making in order to improve operational efficiency,” he explains. Therefore, SAS’ task was to help the British Army realise the “significant potential” of data through the use of artificial intelligence (AI) to automate tasks and conduct complex analysis.
In 2020, the Army invested in the SAS ‘Viya platform’ as an overture to embarking on its new digital roadmap. The goal was to deliver a new way of working that enabled agility, flexibility, faster deployment, and reduced risk and cost: “SAS put a commercial framework in place to free the Army of limits in terms of their access to our tech capabilities.”
Doing so was important not just in terms of facilitating faster innovation but also, in Crawford’s words, to “connect the unconnected.” This means structuring data in a simultaneously secure and accessible manner for all skill levels, from analysts to data engineers and military commanders. The result is that analytics and decision-making that drives innovation and increases collaboration.
Crawford also highlights the importance of the SAS platform’s open nature, “General Cole was very clear that the Army wanted a way to work with other data and analytics tools such as Python. We allow them to do that, but with improved governance and faster delivery capabilities.”
SAS realises that collaboration is at the heart of a strong partnership and has been closely developing a long-term roadmap with the Army. “Although we're separate organisations, we come together to work effectively as one,” says Crawford. “Companies usually find it very easy to partner with SAS because we're a very open, honest, and people-based business by nature.”
With digital technology itself changing with great regularity, it’s safe to imagine that SAS’ own relationship with the Army will become even closer and more diverse. As SAS assists it in enhancing its operational readiness and providing its commanders with a secure view of key data points, Crawford is certain that the company will have a continually valuable role to play.
“As warfare moves into what we might call ‘the grey-zone’, the need to understand, decide, and act on complex information streams and diverse sources has never been more important. AI, computer vision and natural language processing are technologies that we hope to exploit over the next three to five years in conjunction with the Army.”
Fundamentally, data analytics is a tool for gaining valuable insights and expediting the delivery of outcomes. The goal of the two parties’ partnership, concludes Crawford, will be to reach the point where both access to data and decision-making can be performed qualitatively and in real-time.
“SAS is absolutely delighted to have this relationship with the British Army, and across the MOD. It’s a great privilege to be part of the armed forces covenant.”