Cybersecurity Breaches that Rocked the World
By Arijit Banerjee
Cybersecurity breaches came into the limelight due to WikiLeaks. As every day secure information is proving to be not as secure anymore, cybersecurity is of the utmost importance to any individual or company.
WikiLeaks has persisted over the years in exposing security breaches. It returned with an installment earlier this year, exposing the first cache of 7818 partly redacted web pages and 943 attachments that make up some of the Central Intelligence Agency’s most precious software riddles. This is WikiLeaks’ first part of the series of leaks on the CIA’s ‘Vault 7’, and to quote the introduction on the WikiLeaks page:
"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.
This statement itself draws attention to multiple things, the CIA can hack most things, secure messaging apps are still safe, for now, leaks are everybody’s problem and most importantly even the CIA cannot secure itself from security breaches.
With that being said, some of the biggest names in different industries have been hit hard and many of them are worth noting:
Hackers embarrassed Yahoo not once, but twice by causing the biggest data security breaches ever known. With over 500 million user accounts compromised in 2013, it gave hackers access to names, email addresses, phone numbers and encrypted passwords. This was followed up with an even bigger hack of 1.2 billion user accounts being compromised in a bigger breach of security which came to light only in 2016, thus giving the hackers access to data for years.
Within hours of the announcement of the hacking incident, Yahoo’s stock fell by 2.5% and put in jeopardy, its deal with Verizon. After careful deliberation for months, Verizon finally acquired Yahoo at a discount of 350 million USD due to the security breaches, which caused damage to brand and user retention.
2. The US Office of Personnel Management
As the human resources department of the US Federal Government, it does not scream glamour. However, it is the organization that manages the benefits, pensions, legal information, which include fingerprints, federal security clearance details comprising of personal finances, past substance abuse, psychiatric care of everyone from contractors to federal judges.
Initially the number of records stolen was estimated at 4 million, but within a month the count rose to 21.6 million stolen records. A tremendous amount of sensitive data was stolen, but the intent behind the attack is yet to be known. The breach led to the resignation of a number of top government officials.
3. Sony Pictures
Dubbed as the ‘Cyber-attack on Hollywood’, Sony pictures was attacked by a group called the ‘Guardians of Peace’ that released embarrassing emails and personal details of some of the world’s biggest movie stars. The hack was a result of Sony Pictures intention to release a movie called ‘The Interview’, despite being warned with threats of attacks on the theatres which choose to screen the movie.
The movie’s plot involves the assassination of the North Korean leader Kim Jong-un. Five Sony films were leaked as a result of the hack, in addition to thwarting the release plans of ‘The Interview’. The hackers also released private information of the company, including Social security numbers, salaries and confidential embarrassing emails. Whether the North Korean government actually had a role to play in this hack is still under speculation, although its government denied any participation in this cyber-attack.
4. Donald Trump’s campaign website
During the all-powerful US elections, Donald Trump’s campaign website was hacked leaving the following message:
“Hacked By Pro_Mast3r ~
Nothing Is Impossible
Peace From Iraq”
In another instance, the hack left behind a bug on the website, which displayed a ‘poop emoji’ and furthermore allowed anyone to vandalize the official website by editing the URL. Although this was rectified quickly, it was definitely an embarrassment to the current US President’s team.
5. Bangladesh Bank
Bangladesh Bank is infamously known for one of the most expensive cybersecurity breaches in history. Hackers gained access to the SWIFT credentials of an operator at the bank and used their system to install a variety of malware.
The hackers then used the system and sent requests to Federal Bank of New York to send money to accounts in Sri Lanka and Philippines. To cover their tracks they made these requests over the weekend and also tampered with the printing system to ensure that these fraudulent transactions could not be tracked by bank employees. A total of 81 million USD was lost to the hackers.
6. Indian Debit Cards
Ranking 4th in Online Security Breaches, a case close to home was the Debit Card debacle in October 2016. With malware installed in bank ATMs, over 3.25 million debit cards were affected along with a long list of parties involved, which include Hitachi Payment Systems, Visa, Mastercard and RuPay. The fraudulent transactions during this breach caused a loss of over Rs.1.3 crores.
With every passing year, there is a rise in the number of cybersecurity scams with little to no protection to those affected. Better regulatory measures and informed awareness amongst the masses will help curtail the breach to personal data. There is a severe dearth in the number of professionals needed to build a legal and regulatory framework for our nation’s online resources. With rising losses as a result of cybersecurity, now more than ever, there is a need for cybersecurity professionals to secure digital India.
In line with this, Manipal Global has signed an MOU with Deakin University. Both the leading education providers will be coming together to set up a Data Science and Cybersecurity Centre of Excellence in India. It will offer courses to combat cybercrimes and cyber-attacks, and will be backed by Deakin University’s strong cybersecurity department. The ultimate objective of the collaboration is to provide solutions to both corporate and societal problems caused by cybersecurity issues.