DOCSLIB.ORG

Global Data Breaches Responsible for the Disclosure of Personal Information: 2015 & 2016 J

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Global Data Breaches Responsible for the Disclosure of Personal Information: 2015 & 2016 J. Botha1, 3, M.M. Grobler2, M.M. Eloff3 1Council for Scientific and Industrial Research (CSIR), Pretoria, South Africa 2Data61, Commonwealth Scientific and Industrial Organisation, Melbourne, Australia 3Institute for Corporate Citizenship, University of South Africa (UNISA), Pretoria, South Africa [email protected] [email protected] [email protected] Abstract: Data breaches have gained extensive coverage as businesses and organisations of all sizes become more dependent on digital data, cloud computing and workforce mobility. Companies store sensitive or confidential data on local machines, enterprise databases and cloud servers. To breach a company’s data one needs to gain access to restricted networks. Although this is a difficult task that requires specialised skills, hackers continuously identify vulnerabilities and loopholes to gain access and conduct data breaches. The Privacy Rights Clearinghouse1 recorded 901,010,077 data breaches since 2005, with only 5,220 data breaches made public. In 2015 some of the world’s largest recorded data breaches occurred; yet a total of only 266 data breaches were made public. 2016 still had a number of major data breaches and a total of 472 breaches were made public. When conducting business in the modern era, data protection and management of personal information have become an integral aspect for organisations and individuals. Despite increased focus on personal information and the existence of data protection legislation internationally, data breaches remain a common occurrence resulting in major cost implications. This paper investigates the most significant data breaches in 2015 and 2016 responsible for the leakage of personal information, with the aim of identifying a general trend in terms of data breaches and personal identifiable (PII) leakage. Keywords: Data Breaches, Data Leakage, Hack, PII, Privacy 1 Introduction An essential part of the digital economy today is security and privacy. Policies and legislations are being established world-wide to ensure that people around the world have an open and interconnected digital world (oecd.org 2013). However, even with comprehensive policies and privacy legislation already established in a number of countries across the world, data breaches are not only increasing in frequency, but also in breach size. It is possible to say that these breaches have now become a fact of digital life (Weise 2016). A data breach occur when personal identifiable information (PII) has been lost or maliciously stolen and therefore is at risk of being exposed (Romanosky, S. 2011). A data breach can result in large numbers of compromised records containing PII and could potentially lead to identity theft and other related crimes. PII can include an individual’s government issued identification; contact information; birth date and place; online account information; medical, employment or financial records; biometric information and geographical information (FreedomidDirect n.d.). Attackers continuously discover methods and ways to intrude networks and steal private or confidential information. As such, cybercrime is rated as the number one national security threat by the USA Director of National Intelligence (Experian Inc 2016). At the time of writing, the Privacy Rights Clearinghouse (Privacy Rights Clearinghouse n.d.), reporting data breaches since 2005, recorded 906,388,226 breaches, with only 5,285 made public. The Identity Theft Resource Center (ITRC), also reporting data breaches since 2005, has recorded 5,810 reported breaches in total. Some of the largest data breaches ever were recorded in 2015, hitting the healthcare, financial, higher-education and federal markets. In some instances it even hit the security industry itself (Kuranda 2015). Research indicates that the medical and healthcare industry are increasingly being targeted by cybercriminals (Davis 2015). This paper presents an overview, in Sections 2 and 3, of the most significant data breaches of 2015 and 2016, responsible for the disclosure of PII. The significance of a data breach is measured according to the type of data 1 https://www.privacyrights.org/data-breaches stolen as well as the number of records compromised and exposed, and not the cost or severity of the incident. Data is provided on the targeted company/agency; the country; the date of the data breach; the published date and the number of exposed records. Each data breach is categorised according to the sectors in which the targeted organisation operates. Other noteworthy security breaches that did not necessarily result in the exposure of PII are mentioned in Section 4. A comparative review on data breaches is provided, in Section 5, to identify whether the general trend in terms of targeted sector remains the same regardless of whether the data breach result in PII leakage. Data has been collected using existing literature, including governmental and private industry reports. 2 Most Significant Data Breaches of 2015 The number of data breaches in 2015 decreased marginally from the number of data breaches in 2014; however, the number of exposed records doubled from 2014 to 2015. In 2015, some of the world’s largest data breaches occurred, but only 266 were made public (Privacy Rights Clearinghouse n.d.). The number of reported data breaches tracked by the ITRC in 2015 is 781, the second highest since 2005 (ITRC n.d.). Figure 1 indicates that 40% of the breaches originated from the business sector, nearly 36% from the health/medical sector, just over 9% from the banking/financial sector, about 8% from the government/military sector and over 7% from the education sector. The main motive for data breaches are financial gains. However, 2015 has seen a shift in motives towards obtaining personal information. The breached data is used to compel behaviour changes in breached individuals or groups, for social justice purposes and even to embarrass a nation (ITRC n.d.). 2015 Data Breach Sectors 7% Business 8% Health/Medical 9% 40% Banking/Financial Government/Military 36% Education Figure 1. 2015 Data Breach Sectors (Compiled from ITRC n.d.) Table 1 lists 23 of the most significant data breaches of 2015, sorted according to breached date. The following sections discuss the data breaches presented in Table 1 in more detail, grouped by sector. Where a breach is categorised in more than one sector, it will only be discussed once. Table 1. Largest Data Breaches of 2015 (Compiled from IdentityForce 2015; BLI n.d.) Sectors Records Breached Published Company / Agency [Country] Breached Date Date (Approx.) Military Business Education Government/ Health/Medical Banking/Financial Turkish Citizenship Database [Turkey] 2015.01.12 2016.04.04 49.6m+ Topface [Russia] 2015.01.20 2015.01.26 20m Anthem [USA] 2015.01.27 2015.02.04 78.8m JPMorgan Chase [USA] 2015.02.10 2015.11.## 100m+ TalkTalk [UK] 2015.02.27 2015.11.06 150k+ OOOwebhost/troyhunt.com [Global] 2015.03.30 2015.10.29 13.5m Sectors Records Breached Published Company / Agency [Country] Breached Date Date (Approx.) Military Business Education Government/ Health/Medical Banking/Financial Office of Personnel Management (OPM) [USA] 2015.04.01 2015.06.## 22m AdultFriendFinder.com [UK] 2015.05.21 2015.05.21 4m Internal Revenue Service (IRS) [USA] 2015.05.26 2016.02.29 700k+ Gaana.com [Pakistan] 2015.05.28 2015.05.28 10m Wattpad [USA] 2015.05.29 2015.08.07 40m Bharat Sanchar Nigam Limited (BSNL) [India] 2015.07.04 2015.07.05 30m Hacking Team [Italy] 2015.07.05 2015.07.29 1m UCLA Health System [USA] 2015.07.17 2015.07.17 4.5m Ashley Madison [Canada] 2015.07.20 2015.08.18 37m Korea Pharmaceutical Info. Center [Korea] 2015.07.26 2015.07.26 43m Experian/T-Mobile [USA] 2015.09.03 2015.10.01 15m 21st Century Oncology [USA] 2015.10.03 2016.03.10 2.2m TalkTalk [UK] 2015.10.22 2015.10.22 4m Nicchu Shinsei Corp [Japan] 2015.11.06 2016.03.26 18m VTech [Hong Kong + Global] 2015.11.14 2015..11.27 11.6m+ US Voters Database [USA] 2015.12.28 2015.12.28 191m UC Berkeley [USA] 2015.12.28 2016.02.29 80k+ Business Twelve major data breaches occurred in 2015 within the business sector. The Russian-based dating site, Topface, has been hacked in January 2015 exposing almost 20m logon credentials (BLI n.d.). AdultFriendFinder.com was hacked in May 2015. The site contains over 60m members worldwide of which 7m is based in the UK. Hackers have stolen millions of sensitive information records, of which almost 4m records were exposed. The type of data exposed includes users’ sexual preferences and orientation, as well as users looking for swingers parties and extramarital affairs (White 2015). The extramarital affairs website, Ashley Madison, was hacked by the Impact Team hacker group in July 2015. This breach revealed financial records as well as 37m users’ PII (Davis 2015). The largest theft of customer data from a USA financial institution occurred when JPMorgan was hacked in February 2015. Fifteen companies and more than 100m people were affected; more than 80% of the victims were from JPMorgan Chase. Three hackers involved have been charged (IdentityForce 2015). A hacker hacked into OOOwebhost, a free web hosting service, and dumped 13.5m records of PII, including passwords in plain text (BLI n.d.). Gaana.com suffered a massive data breach in May 2015 exposing over 10m users’ PII. The attack was discovered and published only hours after the breach. Within one hour after discovery the vulnerability was patched (BLI n.d.). Wattpad, the world’s largest readers and writer’s community, experienced a data breach where 40m people’s PII was compromised (BLI n.d.). In October 2015 a data breach on Experian, the world’s biggest consumer credit monitoring firm, was disclosed. Since Experian processes T-Mobile’s credit applications, T-Mobile was also affected.
Recommended publications
  • Hacking the Web

    Hacking the Web

    Hacking the Web (C) 2009-2020 Arun Viswanathan Ellis Horowitz Marco Papa 1 Table of Contents } General Introduction } Authentication Attacks } Client-Side Attacks } Injection Attacks } Recent Attacks } Privacy Tools 2 (C) 2009-2020 Arun Viswanathan Ellis Horowitz Marco Papa Why secure the Web? } The Web has evolved into an ubiquitous entity providing a rich and common platform for connecting people and doing business. } BUT, the Web also offers a cheap, effective, convenient and anonymous platform for crime. } To get an idea, the Web has been used for the following types of criminal activities (source: The Web Hacking Incidents Database (WHID) http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database) } Chaos (Attack on Russian nuclear power websites amid accident rumors (5Jan09) } Deceit (SAMY XSS Worm – Nov 2005) } Extortion (David Aireys domain hijacked due to a CSRF (cross site request forgery) flaw in Gmail – 30Dec2007) } Identity Theft (XSS on Yahoo! Hot jobs – Oct 2008) } Information Warfare (Israeli Gaza War - Jan 2009 / Balkan Wars – Apr 2008 ) } Monetary Loss (eBay fraud using XSS) } Physical Pain (Hackers post on epilepsy forum causes migraines and seizures – May 2008) } Political Defacements (Hacker changes news release on Sheriffs website – Jul 2008) (Obama, Oreilly and Britneys Twitter accounts hacked and malicious comments posted – Jan 09) } Chinese Gaming sites hacked (Dec. 2011) 3 Copyright(C) 2009 (c) -20092020- 2019Arun Arun Viswanathan Viswanathan Ellis HorowitzEllis Horowitz Marco Marco Papa Papa
  • Securing Information in a Mobile World

    Securing Information in a Mobile World

    Securing Information in a Mobile World Thu, Jan 21 | 2:00 p.m. – 3:30 p.m. PRESENTED BY: Charlie LeBlanc, William Figures, and Blad Slavens Schedulers & Dispatchers Conference | Tampa, FL | January 19 – 22, 2016 A Brief History of Computing and Software for Schedulers and Dispatchers Systems in the 80’s and early 90’s were computer- centric and pretty secure…. Why ????? And then came the Internet !!!! Highly technical description of the Internet “The Internet is a data network that connects “everything” together” (kind of like the phone system !) - William Figures 2007 The ‘Net(work) as a computing platform- Using WEB Services WEB SERVICES=FARS Is it safe to use public Wi-Fi? 6 Security challenges when using public Wi-Fi Some things to know about public Wi-Fi hotspots • Unlike your home Wi-Fi access point, most public Wi-Fi hotspots at hotels, restaurants, coffee shops, airports, etc. do not use encrypted communication. • This means that all your data may be sent in clear-text across the wireless network. Anyone with a “sniffer” could then snoop on your connection. • In order to secure their Wi-Fi properly, a business owner would have to issue a password to connect to the hotspot. To be truly secure, this password would be unique to a single person. • Since this isn’t feasible, you need to take other precautions to secure your data when using a public hotspot. Sources: http://www.networkworld.com/article/2904439/wi-fi/is-it-safe-to-use-public-wi-fi-networks.html 7 Case Study: Firesheep browser extension Coder exposed risk to Facebook users at public hotspots • To call attention to glaring security vulnerabilities with both Facebook – and other sites – and public Wi-Fi, a “white hat” hacker developed a Firefox extension that allowed a user to hijack the Facebook account of anyone logged into the same Wi-Fi hotspot.
  • The Top 10 Biggest Data Breaches of 2015 | Digital Guardian Page 1 of 8

    The Top 10 Biggest Data Breaches of 2015 | Digital Guardian Page 1 of 8

    The Top 10 Biggest Data Breaches of 2015 | Digital Guardian Page 1 of 8 CONTACT US • SUPPORT • BLOG • PARTNERS PRODUCTS SOLUTIONS SERVICES RESOURCES ABOUT HOME BLOG The Top 10 Biggest Data Breaches of 2015 Wednesday January 13, 2016 By Nate Lord 64 Here’s a look back at the top ten biggest data FOLLOW US: breaches in 2015. 17 2015 was yet another year of massive data breaches, with an increase of 193149 reported incidents from 2014’s total. If these numbers are any indication, 2015 could surpass 2014’s record of 1 billion records exposed from data breaches. While the smoke clears and the dust settles, here’s a New 2016 roundup1 of the ten biggest data breaches last year, by total records lost. Gartner DLP Share Magic Quadrant Digital Guardian is a 10. Excellus BlueCross BlueShield Discovers Leader in the 2016 Magic Two-Year-Old Compromise that Exposed Quadrant for Data Loss Prevention. Read the Information on 10 Million Customers report to to understand how DLP solutions have evolved to provide advanced data protection. Download the report RELATED ARTICLES Stand By Me The Court has turned the Remijas v. Neiman Image via Mike Greenlar. Marcus Group, LLC. case into gold with its ruling; In August, healthcare provider Excellus uncovered a series of successful cyber attacks dating back as far as December 2013. The attacks were read this blog post to detected in a forensic investigation conducted in response to the number learn what the Court has of recent breaches and attacks that targeted other healthcare companies done to do so.
  • Anatomy of Data Breaches and Its Impact on Security

    Anatomy of Data Breaches and Its Impact on Security

    International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Index Copernicus Value (2013): 6.14 | Impact Factor (2013): 4.438 Anatomy of Data Breaches and Its Impact on Security Anshu1, Monika Sharma2 1M.Tech Scholar, Computer Science Department, TIT & S, Bhiwani, India 2Assistant Professor, Information Technology Department, TIT & S, Bhiwani, India Abstract: In cloud computing, the word cloud is used as a metaphor for "the Internet," so the phrase cloud computing means "a type of Internet-based computing," where different services - such as servers, storage and applications -- are delivered to an organization's computers and devices through the Internet [14]. Every user access cloud services through internet without knowing the security aspects. Today security threats are increasing rapidly and data breach is top of them. Breach in the security of any component in the cloud can be both disaster for the organization and the provider. In this research paper we focus on main security issue in cloud like data breach, different forms of data breaches and how it occurs in cloud. It also explore where major breaches occur in cloud in past years. Keywords: cloud, data breaches, security 1. Data Breaches two categories i.e. accidental breach or intentional breach The term data breach means when an unauthorized user or a) Accidental breach: also called as employee error when hacker or an attacker attacks an authorized data, access or an employee by mistake sends data to wrong receipts, retrieves it by an individual or service without the and by not understanding security protocols and permission. A data breach results in loss of sensitive, procedures.
  • Darpa Starts Sleuthing out Disloyal Troops

    Darpa Starts Sleuthing out Disloyal Troops

    UNCLASSIFIED (U) FBI Tampa Division CI Strategic Partnership Newsletter JANUARY 2012 (U) Administrative Note: This product reflects the views of the FBI- Tampa Division and has not been vetted by FBI Headquarters. (U) Handling notice: Although UNCLASSIFIED, this information is property of the FBI and may be distributed only to members of organizations receiving this bulletin, or to cleared defense contractors. Precautions should be taken to ensure this information is stored and/or destroyed in a manner that precludes unauthorized access. 10 JAN 2012 (U) The FBI Tampa Division Counterintelligence Strategic Partnership Newsletter provides a summary of previously reported US government press releases, publications, and news articles from wire services and news organizations relating to counterintelligence, cyber and terrorism threats. The information in this bulletin represents the views and opinions of the cited sources for each article, and the analyst comment is intended only to highlight items of interest to organizations in Florida. This bulletin is provided solely to inform our Domain partners of news items of interest, and does not represent FBI information. In the JANUARY 2012 Issue: Article Title Page NATIONAL SECURITY THREAT NEWS FROM GOVERNMENT AGENCIES: American Jihadist Terrorism: Combating a Complex Threat p. 2 Authorities Uncover Increasing Number of United States-Based Terror Plots p. 3 Chinese Counterfeit COTS Create Chaos For The DoD p. 4 DHS Releases Cyber Strategy Framework p. 6 COUNTERINTELLIGENCE/ECONOMIC ESPIONAGE THREAT ITEMS FROM THE PRESS: United States Homes In on China Spying p. 6 Opinion: China‟s Spies Are Catching Up p. 8 Canadian Politician‟s Chinese Crush Likely „Sexpionage,‟ Former Spies Say p.
  • NAVIGATING the CYBERSECURITY STORM

    NAVIGATING the CYBERSECURITY STORM

    NAVIGATING the CYBERSECURITY STORM A Guide for Directors and Officers BY PAUL A. FERRILLO EDITED BY BILL BROWN published by sponsored by sponsored by 1 © 2015 by Paul A. Ferrillo. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any other information storage or retrieval system without prior written permission. To use the information contained in this book for a greater purpose or application, contact Paul A. Ferrillo via [email protected] 2 Is your company protected from the Internet of RiskSM? With CyberEdge® cyber insurance solutions you can enjoy the Business Opportunity of Things. 20 billion objects are connected to the Internet, what everyone is calling the Internet of Things. This hyperconnectivity opens the door both to the future of things, and to greater network vulnerabilities. CyberEdge end-to-end cyber risk management solutions are designed to protect your company from this new level of risk. So that you can turn the Internet of Things into the next big business opportunity. To learn more and download the free CyberEdge Mobile App, visit www.AIG.com/CyberEdge Insurance, products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Insurance and services may not be available in all jurisdictions, and coverage is subject to actual policy language. For additional information, please visit our website at www.AIG.com. ABOUT PAUL A. FERRILLO Paul Ferrillo is counsel in Weil’s Litigation Department, where he focuses on complex securities and business litigation, and internal investigations.
  • Ethical Hacking

    Ethical Hacking

    Ethical Hacking Alana Maurushat University of Ottawa Press ETHICAL HACKING ETHICAL HACKING Alana Maurushat University of Ottawa Press 2019 The University of Ottawa Press (UOP) is proud to be the oldest of the francophone university presses in Canada and the only bilingual university publisher in North America. Since 1936, UOP has been “enriching intellectual and cultural discourse” by producing peer-reviewed and award-winning books in the humanities and social sciences, in French or in English. Library and Archives Canada Cataloguing in Publication Title: Ethical hacking / Alana Maurushat. Names: Maurushat, Alana, author. Description: Includes bibliographical references. Identifiers: Canadiana (print) 20190087447 | Canadiana (ebook) 2019008748X | ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Subjects: LCSH: Hacking—Moral and ethical aspects—Case studies. | LCGFT: Case studies. Classification: LCC HV6773 .M38 2019 | DDC 364.16/8—dc23 Legal Deposit: First Quarter 2019 Library and Archives Canada © Alana Maurushat, 2019, under Creative Commons License Attribution— NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) https://creativecommons.org/licenses/by-nc-sa/4.0/ Printed and bound in Canada by Gauvin Press Copy editing Robbie McCaw Proofreading Robert Ferguson Typesetting CS Cover design Édiscript enr. and Elizabeth Schwaiger Cover image Fragmented Memory by Phillip David Stearns, n.d., Personal Data, Software, Jacquard Woven Cotton. Image © Phillip David Stearns, reproduced with kind permission from the artist. The University of Ottawa Press gratefully acknowledges the support extended to its publishing list by Canadian Heritage through the Canada Book Fund, by the Canada Council for the Arts, by the Ontario Arts Council, by the Federation for the Humanities and Social Sciences through the Awards to Scholarly Publications Program, and by the University of Ottawa.
  • Dragnet Surveillance Nation How Data Brokers Sold out America

    Dragnet Surveillance Nation How Data Brokers Sold out America

    Dragnet Surveillance Nation How Data Brokers Sold Out America January 2017 Author: James Scott (Senior Fellow – Institute for Critical Infrastructure Technology) 1 Contents Introduction - Corporate Dragnet Surveillance Has Brought Adversaries “Home to Roost” ................... 3 Information is Power ................................................................................................................................ 5 The Next-Generation of Hybrid Information Warfare Is Here .................................................................. 9 The Product is “You” ............................................................................................................................... 11 Americans Are Targeted More Successfully because America Lags Behind Global Privacy Initiatives .. 12 Who Are Data Brokers? .......................................................................................................................... 15 Problem 1: Data Brokers Operate in the Shadows ................................................................................. 19 Where Do Brokers Acquire Data? ....................................................................................................... 21 Problem 2: Fact: Data Brokers are Historically Negligent ....................................................................... 29 ChoicePoint (2004, 2006) .................................................................................................................... 29 Dun & Bradstreet, LexisNexis , and Kroll Background
  • Download Global Data Leakage Report, H1 2016

    Download Global Data Leakage Report, H1 2016

    InfoWatch Analytical Center www.infowatch.ru/analytics Global Data Leakage Report, H1 2016 © InfoWatch Analytical Center, 2016 InfoWatch Analytical Center Global Data Leakage Report, H1 2016 Table of contents Table of contents .............................................................................................................. 2 In figures .......................................................................................................................... 3 Summary .......................................................................................................................... 4 Methodology ..................................................................................................................... 4 Report findings ................................................................................................................. 7 Leak channels ................................................................................................................ 13 Industry map .................................................................................................................. 16 Regional specifics .......................................................................................................... 19 Conclusion and findings ................................................................................................. 21 Leakage monitoring on InfoWatch's website .................................................................. 22 Glossary ........................................................................................................................
  • Lecture 2 Attacks from the Real World

    Lecture 2 Attacks from the Real World

    ENEE 457: Computer Systems Security 8/29/18 Lecture 2 Attacks from the Real World Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland, College Park Attacks in the real world Dropbox data loss • Problem: Not sufficient back-ups • How can you prevent this? • ERROR CORRECTING CODES Error correcting codes • Given blocks b1,b2,…,bn, we want to store them with redundancy • If we just duplicate them and store copies c1,c2,…,cn, it is no good. The attacker can just delete 2 blocks (e.g., b1 and c1) and cause damage • Alternatively, consider the polynomial p(x) = (x – b1 )(x – b2 )…(x – bn) • Store b1,b2,…,bn and p(r1),p(r2),…,p(rn) for random r1,r2,…,rn • Now even if the attacker deletes any n – 1 out of 2n blocks that we have stored, we can always recover our initial data • How? Polynomial interpolation! • As long as n + 1 out of 2n points are stored intact, we can always recover the initial data LinkedIn passwords leaked • In June 2012, it was announced that almost 6.5 million LinkedIn passwords were leaked and posted on a hacker site • http://www.huffingtonpost.com/2012/06/07/linkedin-password-hack- check_n_1577184.html • Problem: Linkedin did not use salt when hashing the passwords! • http://www.stormpath.com/blog/how-linkedin-could-have-secured-hacked-passwords • How can you prevent this? • ALWAYS USE SALT (when using salting, one cannot use preexisting tables to crack passwords easily) Teaser question about passwords • Can you log into Google without sending your password over? • Zero-knowledge
  • Studio Ed Analisi Dell'information Security Nelle Organizzazioni: Casi A

    Studio Ed Analisi Dell'information Security Nelle Organizzazioni: Casi A

    Dipartimento di Impresa e Management Cattedra: Organizzazione dei sistemi informativi aziendali Studio ed analisi dell’information security nelle organizzazioni: casi a confronto RELATORE CANDIDATO Prof. Paolo Spagnoletti Giuseppe Catone 177161 ANNO ACCADEMICO 2014/2015 1 2 Sommario Abstract ............................................................................................................................................... 5 1. La sicurezza nelle organizzazioni. Aspetti generali. .............................................................. 7 2. Background teorico .................................................................................................................... 13 2.1 Incident risk analysis. ................................................................................................................ 13 2.2 TFI model. ................................................................................................................................... 16 2.3 Bilanciamento strategico tra prevenzione e risposta. ............................................................ 19 3. Analisi dei casi. ............................................................................................................................ 26 3.1 Metodi e finalità di ricerca ....................................................................................................... 26 3.2 Caso uno: TJX Companies, Inc. ............................................................................................... 27 3.3 Caso due: Target
  • Network Flow 2012: Year in Review Industry @Geowarnagiris Miscellaneous Gwarnagi@Cert.Org

    Network Flow 2012: Year in Review Industry @Geowarnagiris Miscellaneous [email protected]

    Attacks Government Network Flow 2012: Year in Review Industry @GeoWarnagiris Miscellaneous [email protected] 6/7 1/17 2/4 4/1 Last.fm Justin Beiber’s web site 403 NASA Utah Dept. of Heath warns 40M hacked 200 accts 2/26 8/3 usernames and 500K personal records users to 8/9 dumped 2/10 UN (UNEP) Mat passwds posted 4/16 change pass Utah cia.gov DB leaked Honan’s 1/15 2/3 US Gov & LE computerized taken 3/31 digital life zappos.com customer Conf call re: Anon DDoS 6/6 1.5M 7/19 signs hacked 9/21 12/4 12/21 down 2/26 PBS hacked 4/29 destroyed details accessed between FBI and eHarmony $80K in Nike 8/21 USDA Swiss National Council on Wikileaks publishes 4/12 Yahoo and 5/28 9/18 10/25 Scotland Yard leaked passwd merchandise 8/9 Moscow defaced security agency Foreign 1/12 2/8 Stratfor emails 3/30 Another AOL email Flame 8/2 US Bank Israeli National 11/23 hashes stolen via Battle.net Court web warns of large Relations AlienVault releases Westboro Baptist 3/12 GlobalPayments FBI/MI6 breached announced MLB DDoSes network Some 2/2 dumped web site bug hacked site hacked 9/4 secret data leak poisoned details of Sykipot trojan taken down BBC announce call Facebook begin 9/26 disconnects GoDaddy Susan G. Komen for 5/26 Bitfloor 11/8 variant targeting 2/14 Persian breach 50k - leaked - 2 6/5 hijacked by Telvent 10/11 from civilian DNS hijacked 12/3 the Cure hacked U.