Cyber Security Breaches That Rocked the World
Cyber Security breaches were brought into the limelight by Wikileaks, which made waves world over. With secure information that is used everyday, proving to be not as secure anymore, cybersecurity has become of utmost importance to any individual or company.
Wikileaks has persisted over the years in exposing security breaches and they returned with an installment earlier this year, following Edward Snowden, exposing the first cache of 7818 partly redacted web pages and 943 attachments that make up some of the Central Intelligence Agency’s most precious software riddles. This is Wikileaks’ first part of the series of leaks on the CIA’s ‘Vault 7’, and to quote the introduction on the Wikileaks page:
"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.
This statement itself draws attention to multiple things, the CIA can hack most things, secure messaging apps are still secure, for now, leaks are everybody’s problem and most importantly even the CIA cannot secure itself from security breaches.
With that being said, some of the biggest names in different industries have been hit hard and many of them are worth noting:
1. Yahoo – Hackers embarrassed Yahoo not once but twice by causing the biggest data security breaches ever known. With over 500 million user accounts compromised in 2013, it gave hackers access to names, email addresses, phone numbers and encrypted passwords. This was followed up with an even bigger hack of 1.2 billion user accounts being compromised in a bigger breach of security which came to light only in 2016, thus giving the hackers access to data for years. Within hours of the announcement of the hack, Yahoo’s stock fell by 2.5% and put in jeopardy, its deal with Verizon. After careful deliberation for months, Verizon finally acquired Yahoo at a discount of 350 million USD lost due to the security breaches which caused damage to brand and user retention.
2. The US Office of Personnel Management – As the human resources department of the US Federal Government, it does not scream glamour. However, it is the organization that manages the benefits, pensions, legal details which include fingerprints, federal security clearance details comprising of personal finances, past substance abuse, psychiatric care of everyone from contractors to federal judges. Initially the number of records stolen was estimated at 4 million but within a month the count to rose to 21.6 million stolen records. A tremendous amount of sensitive data has been stolen, but the intent behind the attack is yet to be known. The breach led to a number of top government officials having to resign.
3. Sony Pictures - Dubbed as the ‘Cyber attack on Hollywood’, Sony pictures was attacked by a group called the ‘Guardians of Peace’ that released embarrassing emails and personal details of some of the world’s biggest movie stars. The hack was a result of Sony Pictures intention to release a movie called ‘The Interview’, despite being warned with threats of terrorist attacks on the theatres which choose to screen the movie. The movie’s plot involves the assassination of the North Korean leader Kim Jong-un. Five Sony films were leaked as a result of the hack, in addition to thwarting the release plans of ‘The Interview’. It also released private information of the company, including Social security numbers, salaries and confidential embarrassing emails. Whether the North Korean government actually had a role to play in this hack is still under speculation, although its government denied any participation in this cyber attack.
4. Donald Trump’s campaign website – During the all-powerful US elections, Donald Trump’s campaign website was hacked leaving the following message:
“Hacked By Pro_Mast3r ~
Nothing Is Impossible
Peace From Iraq”
In another instance, the hack left behind a bug on the website which displayed a ‘poop emoji’ and furthermore allowed anyone to vandalise the official website by editing the URL. Although this was rectified quickly, it was definitely an embarrassment to the current US President’s team.
5. Bangladesh Bank – Bangladesh Bank is infamously known for one of the most expensive cybersecurity breaches in history. Hackers gained access to the SWIFT credentials of an operator at the bank and used their system to install a variety of malware. The hackers then used the system and sent requests to Federal Bank of New York to send money to accounts in Sri Lanka and Philippines. To cover their tracks they made these requests in the weekend and also tampered with the printing system to ensure that these fraudulent transactions could not be tracked by bank employees. A total of 81 million USD was lost to the hackers.
6. Indian Debit Cards – Ranking 4th in Online Security Breaches, a case close to home was the Debit Card debacle in October 2016. With malware installed in bank ATMs, over 3.25 million debit cards were affected and has a long list of parties involved which include Hitachi Payment Systems, Visa, Mastercard and RuPay. The fraudulent transactions during this breach caused a loss of over Rs.1.3 crores.
With every passing year there are a growing number of cybersecurity scams with no protection to those affected. Better regulatory measures and informed awareness amongst the masses are required to curtail the breach to personal data. There is a severe dearth in the number of professionals needed to build a legal and regulatory framework for our nation’s online resources. With rising losses as a result of cybersecurity, now more than ever, there is a need for cybersecurity professionals to secure digital India.