What we were taught by the 5 largest hacker attacks of 2014
Summing up last year, it would not be superfluous to mention the most ambitious hacker attacks, which affected tens of millions of network users. We will now review a brief history of each of the hacks and find out what they taught us.
Last summer, hackers seized the data of 83 million customers of a large American bank JPMorgan Chase. The hacking blamed two Russian hackers who were rumored to have links with the country's government. Despite the fact that hackers did not get the most valuable - passwords and account numbers, in theory they had the opportunity to identify the person as a bank customer. According to experts, the attack was carried out in order to sell confidential data to third parties who could later use it for difficult-to-recognize forms of phishing attacks.
')
What this attack taught us:
At the end of May 2014, the well-known Internet auction site eBay announced that several months earlier, attackers had gained access to the company's corporate network and had stolen email addresses and user passwords. All passwords were encrypted, but fearing that encryption keys could also be stolen, eBay asked users to change their credentials.
On September 10, a database of 5 million Gmail mailboxes appeared on the Internet. As it turned out later, the Gmail service itself was not cracked: it was only a database of passwords from other services was created. As stated by users, most of the passwords were either old or they never used them. A similar situation happened with the Dropbox service. This time, the hackers claimed that they had stolen more than 7 million passwords, although in fact it turned out again that no one had cracked the service, and they had received passwords from third-party resources as a result of phishing attacks. This time, there were a lot more active passwords, so it's just difficult to call it simple fun, because many users have bank details attached to hacked services.
What this attack taught us:
Last year, the popular instant messenger Snapchat immediately suffered three hacker attacks. The first attack took place on the eve of 2014, then millions of mobile phones and user addresses were posted on the Internet. Shortly before the company Gibson Security announced a possible vulnerability to Snapchat, but the messenger did not take the necessary measures to eliminate this problem. According to hackers, the attack was made in order to indicate to the service that they are vulnerable.
The second Snapchat attack occurred in mid-February 2014. The hackers staged a mass mailing of fruit smoothie recipes from the accounts of friends of users, while gaining access to a variety of combinations of passwords and postal addresses. Fortunately, the hack turned out to be harmless, and it was quickly forgotten, however, only until October of the same year. Then about 100 thousand user photos got to the Internet, which should have been automatically deleted by the application. The blame for this was the SnapSaved web client, which allowed users to save photos, but actually saved them to their own server.
What this attack taught us:
DDoS attacks that could disable large services were frequent in 2014. But, perhaps, the most memorable was the case when hackers from 11 to 13 June froze the popular Evernote service of notes and the news aggregator Feedly, demanding from the latter also a large ransom for the DDoS to stop its effect. The developers did not agree on the condition, and after a few days the services started working again.
What this attack taught us:
November 24, North Korean group of hackers Guardians of Peace posted on the Internet data on the staff of the Sony Pictures Entertainment studio. Their postal correspondence, the salaries of directors and top managers, as well as secret information about officially unannounced films were displayed for all to see. After that, the hackers even threatened the film studio with a terrorist attack if the scandalous American comedy “Interview” appears on the screen, which tells about the attempt on the DPRK head Kim Jong-un. US President Barack Obama blamed the hacking of the North Korean authorities, who themselves denied this fact. And the attack would really succeed; Sony Pictures even temporarily canceled the premiere of the film. That's only after the statement of the American president that the shooting of the film was a mistake, he still came out on big screens, however, so far only in 200 independent theaters in the country.
What this attack taught us:
The largest theft of data from the bank
Last summer, hackers seized the data of 83 million customers of a large American bank JPMorgan Chase. The hacking blamed two Russian hackers who were rumored to have links with the country's government. Despite the fact that hackers did not get the most valuable - passwords and account numbers, in theory they had the opportunity to identify the person as a bank customer. According to experts, the attack was carried out in order to sell confidential data to third parties who could later use it for difficult-to-recognize forms of phishing attacks.
')
What this attack taught us:
- even the most secure bank cannot provide 100% security of personal data.
Stealing passwords from Gmail, eBay and Dropbox
At the end of May 2014, the well-known Internet auction site eBay announced that several months earlier, attackers had gained access to the company's corporate network and had stolen email addresses and user passwords. All passwords were encrypted, but fearing that encryption keys could also be stolen, eBay asked users to change their credentials.
On September 10, a database of 5 million Gmail mailboxes appeared on the Internet. As it turned out later, the Gmail service itself was not cracked: it was only a database of passwords from other services was created. As stated by users, most of the passwords were either old or they never used them. A similar situation happened with the Dropbox service. This time, the hackers claimed that they had stolen more than 7 million passwords, although in fact it turned out again that no one had cracked the service, and they had received passwords from third-party resources as a result of phishing attacks. This time, there were a lot more active passwords, so it's just difficult to call it simple fun, because many users have bank details attached to hacked services.
What this attack taught us:
- you cannot use the same password for different services;
- if possible, do not bind bank details to accounts on sites;
- periodically change passwords.
Three hacking Snapchat for the year
Last year, the popular instant messenger Snapchat immediately suffered three hacker attacks. The first attack took place on the eve of 2014, then millions of mobile phones and user addresses were posted on the Internet. Shortly before the company Gibson Security announced a possible vulnerability to Snapchat, but the messenger did not take the necessary measures to eliminate this problem. According to hackers, the attack was made in order to indicate to the service that they are vulnerable.
The second Snapchat attack occurred in mid-February 2014. The hackers staged a mass mailing of fruit smoothie recipes from the accounts of friends of users, while gaining access to a variety of combinations of passwords and postal addresses. Fortunately, the hack turned out to be harmless, and it was quickly forgotten, however, only until October of the same year. Then about 100 thousand user photos got to the Internet, which should have been automatically deleted by the application. The blame for this was the SnapSaved web client, which allowed users to save photos, but actually saved them to their own server.
What this attack taught us:
- Do not use hacked applications, if this happened once, it will surely happen in another;
- Do not use third-party applications that require binding to your accounts on services with personal data;
- nothing disappears on the Internet without a trace, the disappeared photos and other files are just an illusion;
- change the password from time to time.
DDoS attacks on Evernote and Feedly
DDoS attacks that could disable large services were frequent in 2014. But, perhaps, the most memorable was the case when hackers from 11 to 13 June froze the popular Evernote service of notes and the news aggregator Feedly, demanding from the latter also a large ransom for the DDoS to stop its effect. The developers did not agree on the condition, and after a few days the services started working again.
What this attack taught us:
- do not use only one online service, it can fail at any time;
- even the largest and most secure service is not insured against DDoS attacks.
Hackers attack from North Korea on Sony Pictures Entertaiment
November 24, North Korean group of hackers Guardians of Peace posted on the Internet data on the staff of the Sony Pictures Entertainment studio. Their postal correspondence, the salaries of directors and top managers, as well as secret information about officially unannounced films were displayed for all to see. After that, the hackers even threatened the film studio with a terrorist attack if the scandalous American comedy “Interview” appears on the screen, which tells about the attempt on the DPRK head Kim Jong-un. US President Barack Obama blamed the hacking of the North Korean authorities, who themselves denied this fact. And the attack would really succeed; Sony Pictures even temporarily canceled the premiere of the film. That's only after the statement of the American president that the shooting of the film was a mistake, he still came out on big screens, however, so far only in 200 independent theaters in the country.
What this attack taught us:
- take seriously the threats of terrorist attacks and hacker attacks of any countries.
Source: https://habr.com/ru/post/250289/
All Articles