ch 17 Flashcards
(19 cards)
Equifax Breach
monitors creditworthiness of US citizens
got 143 M customer’s data
* also hit UK and Canadians
* vulnerability in Apache Struts (failed to patch it in 2 months)
* most $$$ breach (Billions)
Target Breach
Installed malware in payment system FireEye security system used by Target notified of sw but ignored (feature to auto delete malware disabled) * hackers from Odessa and Moscow * ID in mid-Dec * probably entered through 3rd party vendor * hid under "BladeLogic" sw 40 M cards and 70 M customers 90 lawsuits
average cost of data reach
$11.7 M
Avg time to ID breach
201 Days
Avg time to contain breach
70 Days
bad guy motivations
- acct theft
- steal data
- compromise assets for other crimes
- extortion
- IP theft
- espionage
- terrorism
- prank
- protest (Hacktivism)
- revenge (disgruntled employee)
data harvesters
criminals that infiltrate systems and collect data for illegal resale
cash-out fraudsters
criminals who buy assets from data harvesters for illegal financial gain
* use credit card #s to buy goods, create fake accts for fraud
Botnets
hordes of infiltrated computers, linked and controlled remotely (zombie networks)
- do DDoS attacks
- can send 100 B spam msg a day
ransomware
total costs 8 Billion
* City of Atlanta fell to SamSam ransomware
Gary Min
Scientist at DuPont
* tried to sell info at $400 B of Co.
stuxnet
most known act of cyberwarfare
- worm infiltrated Iran nuclear facilities and reprogrammed to spring devices to destroy themselves
- attack would report normal readings so operators didn’t know
- e/copy could infect 3 other machines
- self-destructed at future date
pranksters
aka griefers or trolls
Edward Snowden
- CIA employee and NSA contractor
- leaked 1.7 M digital docs from US, British, and Australian agencies to press
- revealed gov NSA & FBI stalking on ppl through Google, Fb, Yahoo!, Microsoft, and Apple
- unlim. access to phone records from Verizon’s customers
hacker
1) someone who breaks into computer systems
2) clever programmer
hack
1) breaking into a computer system
2) clever solution
white hat hackers
uncovers computer weaknesses w/o exploiting them
improves system sec
black hat hackers
computer criminal
Phishing
Con that uses tech
tries to get sensitive info or tricking
