2014 marked a sad year for cyber security. The number of hacking attacks that took place this year is worrying, and the damage caused by the hack attacks is shocking. Hardly any of the hackers were caught and they still remain at large – which means that there is a good chance that they will strike again. Here is a rundown of what they did, and a sample of what you should stay prepared for in the future.
Countless Twitter accounts got hacked this year.
Yahoo’s official Twitter account was hacked this August. The hacking became public news when a fabricated tweet about the Ebola virus was posted by the hackers on the official Yahoo News Twitter feed. Yahoo was able to regain control of the account and was able to take the post down.
Yahoo immediately posted a Tweet to clarify that the situation was under control and there was nothing to worry about.
Justin Bieber’s Twitter account got hacked in March this year and was able to post spammy Tweets for fifteen minutes before Twitter authorities intervened directly and Justin Bieber’s account’s security was restored.
The hacker was able to post malicious links by posting through Justin Bieber’s account. Justin Bieber’s account has 50 million followers, and there is no knowing how many innocent internet users clicked on the malicious link during those 15 minutes.
70 Million Target Customers’ Personal Info Stolen
Target got hacked and its customers suffered the consequences when the credit card details of 40 million Target customers were stolen.
This was only the tip of the ice berg, as the personal details (mailing addresses, email addresses, shopping histories, etc.) of over 70 million target customers (nationwide) were also stolen as part of the heist.
Target’s security system failed. The worrying part is that Target uses the same anti-hacker security system (called FireEye) that is used by the Pentagon, the CIA and other intelligence agencies around the world.
Hackers were able to penetrate through FireEye by starting with an HVAC company that worked for Target. This allowed the hackers to camouflage the malware and get it inside Target’s software architecture. The ironic part is that McAfee Director Jim Walter stated that the malware was ‘unsophisticated and uninteresting’.
If this is what a group of hackers can achieve with an unsophisticated program then there is no knowing what they will be able to do once they bring out the big guns.
Reports have alleged that the hacker may be a 22 year old Ukrainian who put together the team of hackers and led the hack attack. The hacking group led by the expert hacker has developed a strong reputation for data theft by carrying out successful hack attacks in the last two years.
The damage caused to Target customers will unravel with the passage of time as their information makes it way down the darker parts of the internet and changes hands until some hacker decides to go medieval on the unfortunate Target customer. Target itself has lost over $60 million in attempts to recover from the damage caused by the hack attack.
US Office of Personnel Management hacked Twice
Chinese hackers hacked into the servers of the United States Office of Personnel Management this March. The hack attack was extremely sophisticated and awareness about the successful server penetration did not spread until a few months later.
The US government (like any other government would do) denied that the hack was successful and assured the public that no personally identifiable data had been stolen by the hackers.
However, the hacktivist group called Anonymous published evidence which shows that a considerable amount of data was stolen by Anonymous if not by the Chinese hackers. Apparently Anonymous managed to hack into the servers much before the Chinese hackers, and made off with personally identifiable information.
This places the entire US government workforce at risk, since Anonymous is in the habit of storing sensitive information and then using it on opportune moments when it is strategically advantageous.
Hack Attack of the Year: Russian Hackers Steal 2.9 Billion Account Credentials
A group of Russian hackers managed to steal around 1.2 billion accounts’ login details. There are around 2.9 billion internet users in the world, which makes this one of the most worrying cybercrimes of the century.
There are a number of reasons because of which there should be a world-wide ‘change-your-password’ campaign in response to this hack attack. Firstly, the high number of stolen account credentials means that the damage caused by the hack attack may be global in scale. Secondly, accessing the victims’ accounts will yield the personal information stored in their email accounts and allow may cause a chain reaction of damage.
The Russian cyber gang comprises of no more than a dozen young boys in their 20s who managed to hack multiple websites in the massive hack attack. The names of the websites remain unknown at the time but it is clear that the hack attack was international in scope.
Hold Security is the cyber-security firm that exposed the hack attack and confirmed that countless companies’ (some of which are listed in the Fortune 500) websites were targeted and they still remain vulnerable.
The websites that were targeted know that they were penetrated because the hackers used an SQL injection technique to clone the websites’ databases. The victims whose accounts’ credentials were stolen won’t find out until it is too late – unless they change their passwords before the hackers sell the information to seasoned cybercriminals online.
So far it is clear that the cybercriminals plan on making money off the heist. They are giving out the stolen email addresses to social network spammers and then collecting a fee from them for the buyers.
These hack attacks prove that you cannot trust any third party with your data. If they don’t manage to steal your credit card info, you will end up losing all your data when they hit a database where your data is stored. Here are a few things you can do to protect yourself.
- Do not share your credit card information unless absolutely necessary
- Avoid ‘saving’ your personal information in any form of database
- Do not join any customer loyalty programs – they save your data
- Use a VPN to encrypt your data – so that hackers can’t use it even if they manage to steal it
- Constantly check your system for malware and viruses