Investigating the Biggest Security Leaks and the Weaknesses They Exposed

 Every year, we hear about a major corporation being hacked. No matter the size of the business, weak links can always be identified in a network’s security. Let’s investigate some of the biggest security leaks and how they could’ve been avoided. In one case, it was as easy as implementing two-factor authentication.

The Victims: Target Corp. and its Customers

2013 was a rough year for Target Corp. Not only was their network hacked, resulting in multi-million dollar settlements, but this data breach affected the credit card information of 40 million customers. This attack occurred around Thanksgiving, and was the result of malware being installed on Target’s security and payments system.

This malware was specifically designed to steal information from every credit card used at the company’s 1,797 U.S. locations. As cashiers asked customers to swipe their cards at the check-out counter, the malware captured their credit card numbers, where it was stored on a Target server that had been hijacked.

What was the Weak Link?

Six months before the breach, Target spent $1.6 million on a malware detection tool designed by FireEye, a computer security firm. Teams of security specialists in Bangalore were stationed to monitor Target’s computers at all hours of the day. If the specialists in Bangalore noticed any malicious activity, they were to notify Target’s security operations center in Minneapolis.

It turns out that the first part of this security structure worked as intended. When the hackers uploaded the exfiltration malware to move the stolen credit card numbers to other computers, it was discovered by FireEye. The specialists in Bangalore received an alert and quickly notified the team in Minneapolis. For whatever reason, the security operations center completely dropped the ball and nothing else was done to stop the attack. When asked about this negligence, Target said that investigations would be held but refused to point any fingers or even acknowledge a flaw in their system.

What can we learn from this? For one, never dismiss alerts about malicious activity on your network. It may sound simple, but vigilance needs to be paired with action. As of 2015, Target also moved their store credit and debit cards over to chip and PIN cards. Chip-enabled cards create unique codes for each transaction, thanks to the micro-chip inside of them. Standard credit cards hold their payment data on their magnetic strip, making it easy for people to steal and duplicate.

The Victims: Sony Pictures and its Employees

In November of 2014, a hacker group calling themselves Guardians of Peace leaked personal information obtained from the computers of employees at Sony Pictures. As you may remember, this hack occurred because of the planned release of The Interview, a comedy starring Seth Rogen and James Franco. North Korean hackers carried out the attack because of the movie’s plot, which centered around the assassination of North Korea’s leader, Kim Jong-un.

The breach exposed private information and messages from Sony employees, destroyed company data, and even led to the cancellation of The Interview’s theatrical release. Ultimately, Sony agreed to pay as much as $8 million in settlement claims to its employees.

What was the Weak Link?

Stuart McClure, CEO of the computer security firm Cylance, reviewed a database of Sony emails and found a pattern of phishing attempts. McClure discovered that Sony executives, including the CEO of Sony Pictures, received fake Apple ID verification emails. When these executives clicked a link that redirected them to a page that looked similar to an Apple ID login one, they entered their account information into a fake form. From there, the hackers used the Apple ID information to access Linkedin accounts and Sony network login information. The problem was that these employees were using the same password for all of their accounts.

Not only is it important to be vigilant and look for misspellings, and weird looking URLs for login pages that you’ve been linked to from an email, but you should also encourage everyone you know to set up different passwords for every account. Passwords should be unique to every account that you have.

The Victims: JP Morgan Chase and its Customers

In that same year, 2014, JP Morgan Chase experienced the largest intrusion of an American bank. As with the cases of Target and Sony, the breach could have been easily prevented. Despite spending $250 million on computer security each year, JP Morgan Chase only needed to install a simple security fix to an overlooked server on its network.

In the spring of 2014, the login credentials for a JP Morgan employee were stolen by hackers, resulting in the account information of 83 million households being compromised. But even with those stolen login credentials, JP Morgan Chase still could have prevented this breach.

What was the Weak Link?

Most large banks use a double-authentication scheme, or two-factor authentication. This means that in addition to entering your password for an account, you are also required to enter a second, one-time password to successfully gain access to the system. JP Morgan Chase’s security team’s failed to upgrade the aforementioned, overlooked server with this dual password scheme, creating a weakness in the system.

The reason why this server was overlooked leads us to another issue with JP Morgan Chase’s network. Security experts who reviewed this breach noted how difficult it is for a bank of JP Morgan Chase’s size to secure its network. When JP Morgan Chase acquires a new company, they integrate that acquisition’s network in with their own. This might be an easy way for JP Morgan Chase to take on new businesses, but this network setup elicits images of a jungle gym.

We can see the results of a network that is patched together and how easy it is to neglect one of many servers. We can also understand how someone might have a lapse in judgement and click on a phishing scam. Weak links exist in every network’s security system, but often the simplest solutions can either limit the damage or prevent a breach entirely.