As users of modern technology, we are (or should be) conscious of the threat of cyber crime; however, most of us aren’t aware of just how frequently this happens. The Office of National Statistics reported that last year there were 5.1 million incidents of fraud and 2.5 million cases of computer crime. More and more corporations are falling victim to a flourishing breed of digital criminal, and here are four severe examples in recent years.
In May of last year, eBay confirmed their corporate network was the victim of a cyber attack, compromising the passwords and financial information of their 145 million active users. According to an article on Forbes, ‘eBay reported that cyber criminals were able to compromise [the site] through the theft of employee credentials…which then provided access to the corporate network.’ It isn’t clear exactly how the credentials were obtained, but an article on The Hacker News demonstrates how alarmingly easy it is (or used to be) to break into an eBay account.
One of the most publicised cyber crimes in recent history, Sony Pictures Entertainment was attacked by a group calling themselves the Guardians of Peace. The group locked employees out of their computer network and left a menacing skeleton image with the text “Hacked By #GOP” and a ransom note threatening to release stolen internal data should their needs not be met.
What followed were tense relations not only between Sony and the hackers, but the US and North Korea. It was confirmed by the FBI almost one month after the initial breach that North Korea were behind the attack, thought to be motivated by Sony Pictures’ release of the film ‘The Interview’ – a political satire comedy about an attempted assassination of Kim Jong-un.
It would take some serious effort to not have heard of the Ashley Madison hack: it has remained a constant fixture in the news for the last 5 months, and the repercussions are continuing to spread. In July, a team of hackers called the Impact Group broke into the extramarital affair website, publicly releasing millions of user’s names, phone numbers, email addresses and credit card details in two separate data dumps.
In a lengthy manifesto posted by the Impact Team, they say that they decided to publish the information to prove the company’s ‘full delete feature’ was a lie. For a $19 fee, Ashley Madison said they would remove the user’s complete usage history – like messages, photos and profiles – and personal financial information. In terms of the specifics of the breach, it’s unclear whether the job was initiated by someone from within the organisation.
Major telecommunication company TalkTalk announced just last month that around 157,000 of its customers’ personal details were accessed, and over 15,000 bank account numbers and sort codes were stolen in October of this year. In an interview on the BBC, TalkTalk CEO Dido Harding said: “The estimated one-off costs are between £30m and £35m – that’s covering the response to the incident, the incremental calls into our call centres, obviously the additional IT and technology costs, and then the fact that over the last three weeks until yesterday our online sales sites have been down, so there will be lost revenue as a result.”
More details on who is responsible and how this was pulled off are coming to light every week. It’s estimated that TalkTalk stored information in Structured Query Language (SQL) databases – a very common online structure, which has therefore been targeted by hackers for its widespread use. An article on Engadget writes: ‘Reports suggest that TalkTalk was subjected to a distributed denial-of-service (DDoS) attack that enabled the attackers to utilise SQL injection techniques. SQL injection allows an attacker to feed commands to a database (that shouldn’t normally be accessible) via a poorly-designed website form or input box.’
Based on the above cases, it can seem that we’re at the mercy of these cyber hackers, but there is now collective awareness and everyone – including the US Navy – are beefing up their security systems. Especially for big corporations like banks, hospitals and online retailers with massive amounts of sensitive data at stake, storing and encrypting your information offsite with flash storage is just the beginning. The full scale of these attacks were often not realised at first, so it’s important for businesses and individuals alike to stay vigilant and have measures already put in place before it’s too late.