It is time to continue with the review of the biggest cyber-attacks and data breaches of the 21st Century and what could have been done to prevent them. You will find more cases of the worst security breaches of 21st century in the part 1 of this article.
6. NASA & US Defense Department Hacked
In 1999, Jonathan James, a 15 year old boy managed to become a legend in the world of hacking when he successfully penetrated the computers of the US Defense department and installed a ‘backdoor’ into their system. He was able to intercept thousands of emails from several government organizations, including passwords and emails of military computers. Using that information, he was able to steal a piece of NASA software which cost the NASA more than $40000 when the system was shut down for three weeks. James was later caught but received a lighter sentence due to his young age.
How it could be prevented:
NASA & US Defense departments are renowned for the protection of their systems as they assign a heavy budget to keep their systems resilient and updated. Yet a 15 year old was able to breach their systems and caused 1.5 millions of dollars in damages because, as per Jonathan, ‘the code itself sucked, as it was not worth $1.7 million’.
7. Sony PlayStation Network
In 2011, a nightmarish situation unfolded for Sony gamers, when a group of hackers managed to infiltrate Sony PlayStation’s network and stole the clients’ credit card information and personal data. It is estimated that the damage the hackers caused were around $1 to $2 billion dollars.
How it could be prevented:
The security breach at Sony happened simply because of carelessness. Cyber-attack was so successful because Sony was using plain text passwords and their customers’ data was completely unencrypted. Security measures should always be stringent, and especially when it comes to handling sensitive information it should be encrypted as a matter of practice.
8. Security data breach at Epsilon
Epsilon is the world’s largest marketing email service provider to several retail giants. In 2011, Epsilon was attacked through a spear phishing attack which targeted the email addresses and compromised information worth ranged from $225 million to $ 4 billion. It is known as one of the costliest cyber-attack in history.
How it could be prevented:
Epsilon’s breach could have been avoided if necessary security controls and defenses were implemented in the first place. Hackers were able to steal a large amount of data because all the data was placed in a centralized location, hence it’s always the best strategy to segment the data and put them in different locations.
9. Stuxnet
Stuxnet is one recent example of how war can go digital. Stuxnet is believed to be created jointly by the American and Israeli governments to target Iran’s nuclear program. It’s a malicious worm that spread through machines running Microsoft Windows and targeted industrial control systems used to monitor large scale industrial facilities. Stuxnet is hailed as the world’s first digital weapon as it successfully changed the code in the hardware systems it targeted.
How it could be prevented:
Stuxnet is a very sophisticated worm created by an expert team after exhaustive research, and as such it was very hard to defend against. Unfortunately, there was no anti-virus to detect Stuxnet once it entered the network. The best strategy is to prevent it from entering your system by setting up a layered defense that addresses security throughout the entire network. This could be done by including security policies, training, component isolation, strict employee control, and enforced methods and procedures.
10. TJX Companies Inc
TJX is a Massachusetts based retailing company that was one the many companies hit by a group of hackers. It was masterminded by Albert Gonzales and they were able to steal information of over 45 million debit and credit cards. This information was used to fund their million dollar shopping spree of electronic goods from Wal-Mart. Hackers caused damage of over $250 million. They were later caught, convicted and sentenced to 40 years of jail.
How it could be prevented:
They were able to pull off this heist because they were able to take advantage of a weak data encryption system and stole credit information during a wireless transfer between two Marshall’s stores in Miami. If the TJX network was protected by encryption then it wouldn’t be that easy to steal the credit card information.