Further
information: List of cyber-attacks and List of data breaches
Some illustrative examples
of different types of computer security breaches are given below.
Robert
Morris and the first computer worm
Main
article: Morris worm
In 1988, only 60,000
computers were connected to the Internet, and most were mainframes,
minicomputers and professional workstations. On November 2, 1988, many started
to slow down, because they were running a malicious code that demanded
processor time and that spread itself to other computers – the first internet
"computer worm".The software was traced back to 23-year-old Cornell
University graduate student Robert Tappan Morris, Jr. who said 'he wanted to
count how many machines were connected to the Internet'.
Rome
Laboratory
In 1994, over a hundred
intrusions were made by unidentified crackers into the Rome Laboratory, the US
Air Force's main command and research facility. Using trojan horses, hackers
were able to obtain unrestricted access to Rome's networking systems and remove
traces of their activities. The intruders were able to obtain classified files,
such as air tasking order systems data and furthermore able to penetrate
connected networks of National Aeronautics and Space Administration's Goddard
Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors,
and other private sector organizations, by posing as a trusted Rome center
user.
TJX
customer credit card details
In early 2007, American
apparel and home goods company TJX announced that it was the victim of an unauthorized
computer systems intrusion and that the hackers had accessed a system that
stored data on credit card, debit card, check, and merchandise return
transactions.
Stuxnet
attack
The computer worm known as Stuxnet
reportedly ruined almost one-fifth of Iran's nuclear centrifuges by
disrupting industrial programmable logic controllers (PLCs) in a targeted
attack generally believed to have been launched by Israel and the United States
although neither has publicly acknowledged this.
Global
surveillance disclosures
Main
article: Global surveillance disclosures (2013–present)
In early 2013, massive
breaches of computer security by the NSA were revealed, including deliberately
inserting a backdoor in a NIST standard for encryption and tapping
the links between Google's data centres. These were disclosed by NSA contractor
Edward Snowden.
Target
and Home Depot breaches
In 2013 and 2014, a Russian/Ukrainian
hacking ring known as "Rescator" broke into Target Corporation computers
in 2013, stealing roughly 40 million credit cards, and then Home Depot
computers in 2014, stealing between 53 and 56 million credit card numbers.
Warnings were delivered at both corporations, but ignored; physical security
breaches using self checkout machines are believed to have played a large role.
"The malware utilized is absolutely unsophisticated and
uninteresting," says Jim Walter, director of threat intelligence
operations at security technology company McAfee – meaning that the heists could
have easily been stopped by existing antivirus software had administrators
responded to the warnings. The size of the thefts has resulted in major
attention from state and Federal United States authorities and the
investigation is ongoing.
Ashley
Madison breach
Main
article: Ashley Madison Data Breach
In July 2015, a hacker group known as "The Impact Team" successfully breached the extramarital relationship website Ashley Madison. The group claimed that they had taken not only company data but user data as well. After the breach, The Impact Team dumped emails from the company's CEO, to prove their point, and threatened to dump customer data unless the website was taken down permanently. With this initial data release, the group stated "Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online." When Avid Life Media, the parent company that created the Ashley Madison website, did not take the site offline, The Impact Group released two more compressed files, one 9.7GB and the second 20GB. After the second data dump, Avid Life Media CEO Noel Biderman resigned, but the website remained functional.
0 commentaires:
Enregistrer un commentaire