Major Incidents You Will Learn About When Studying for a Cybersecurity Qualification.
If you are a budding cybersecurity expert, you’ll likely want to brush up on some famous historical cases. Students studying for a cybersecurity masters, doctorate, or post-doctorate need to become familiar with the techniques and motives of cybercriminals and hackers so that they can successfully develop security tactics and strategies.
Since the launch of the World Wide Web in 1991, cybercrime has been getting more sophisticated, more damaging, and more widespread. The more society relies upon digital information exchange, the more vulnerable it is to digital attack. Individuals of almost every social status use debit cards, order things online, use mobile devices and store valuable information online.
This increasing reliance upon the internet is the main reason why cybersecurity experts are so valued by organizations today. Bad cybersecurity practices can leave the door open, so to speak, allowing criminals to exploit weaknesses and steal money, information, and political leverage. Promising young cybersecurity graduates are being headhunted by fortune 500 businesses, governmental organizations, and militaries around the world. Your learning won’t end when your cybersecurity masters does: cybersecurity experts have to be ready to adapt to changes in the world of cybercrime constantly. Hackers are always trying to outsmart and outplay security systems, and security strategies have to be nimble in order to counter this. The development of agile security strategies is very high-priority work.
Here are some of the most infamous cybersecurity incidents that have taken place in the last ten years. You’ll come across some or all of these when studying for a cybersecurity masters, so get familiar with them!
The Yahoo Breach
Believe it or not, Yahoo was once an online giant with several billion users. One of the first kinds of attack you’ll learn about during the course of a cybersecurity masters is the data breach or leak. It was a data breach that befell the once-mighty Yahoo in 2013. It wasn’t just any old data breach either - it was reported that all 3 billion Yahoo accounts were compromised by the security failure.
Yahoo was initially very cagey about revealing the nature of the issue. It claimed that an ‘unauthorized 3rd party’ had managed to gain access to their databases. Spokespeople for the company toyed with the idea that the breach had been the result of a state-sponsored hack. Experts were unconvinced and theorized that Yahoo was hinting at a state-sponsored attack to try and draw attention away from some very serious flaws in their cybersecurity strategy.
The incident is considered the greatest data breach in history and seriously damaged Yahoo’s reputation and worth when the struggling company was trying to negotiate a buyout with telecommunications giant Verizon.
The Democratic National Committee Hack
Almost certainly the most notorious cybersecurity breach in the last ten years, the 2016 Democratic National Committee hacking was a catalyst for political upheaval and bought to light a murky, secretive layer present in international political affairs. Strap in because this is a tale of international espionage and dirty politics. It concerns the sowing of poisonous seeds and the exploitation of a fearful and polarized public.
Studying for a cybersecurity masters, you’ll need to become familiar with the political machinations that often drive cybersecurity breaches – be they against governments, political parties, NGOs, or businesses.
Let’s set the scene: Donald Trump has defeated Hilary Clinton to win the presidential elections of 2016. One of the reasons why so many people voted for him is suspicion of Hilary Clinton and the Democratic party. Part of that suspicion is fueled by a website – DC Leaks – on which leaked Democratic National Committee files are posted. So what exactly were DC Leaks? According to the FBI and numerous independent cybersecurity experts, the Russian State was trying to aid Trump in his bid for the presidency. More specifically, it was the work of the Internet Research Agency. The IRA is a shadow branch of the Russian military dedicated to using innovative tactics to influence foreign politics, slander enemies of the state, and exercise the political will of the Kremlin. The Internet Research Agency is infamous for its creation of thousands of fake Facebook and Twitter accounts in an effort to try and sway the US election and Brexit referendum. It is a pseudo-private enterprise that hires cybersecurity experts skimmed from Russia’s top military and civilian organizations.
The Russians were able to steal the information using a tried and tested hacking technique – spear phishing. Spear phishing involves the creation of bespoke messages aimed at specific targets. These messages trick an internet user into clicking onto a link, which can then install key trackers, malware, or ransomware onto their systems. In the case of the DNC hack, the Russian agents sent Clinton staffers emails purporting to be about ratings. The staffers clicked on the links, entered their details, and opened the door to the hackers from the shadowy ‘Internet Research Agency’ based in Russia. One of the things that you’ll quickly learn if you study for an online cybersecurity masters is that technical protection is not enough to stop sophisticated spear-phishing campaigns. Instead, technical measures have to be backed up with adequate staff training measures. If the Democratic National Committee staff members had been trained properly, they never would have clicked on an unverified link – no matter how official it looked.
This cybersecurity breach was the subject of huge political controversy and was a key feature in the Mueller investigation – which sought to understand if there was any provable collusion between the Russian Federation and the Trump campaign in achieving their joint aims. Whether or not there was collusion is irrelevant to the fact that this incident proved – cybersecurity breaches can change the course of history.
The Gonzalez Credit Card Hack
Most of the incidents on this list were carried out by governments or political organizations. However, the Gonzalez credit card attack was carried out by an informalized gang, and it was done for profit. For-profit cybercrime attacks are actually relatively common, as you’ll learn during a cybersecurity masters, but rarely are they carried out on such a massive scale as the Gonzalez credit card hack.
In illegal hacking terms, Albert Gonzalez is a mastermind. He led a small band of cybercriminals in illicit activities that resulted in the theft of over 90 million credit and debit card numbers. At the time of Gonzalez's sentencing, his was the largest computer crime ever prosecuted. During the prosecution, it was alleged that the operation caused around 200 million dollars in financial loss. Fascinatingly, Gonzalez was working as a government informer during his most lucrative hacking years. He earned around 75 thousand dollars a year from the secret service, all whilst earning millions using stolen card details.
Gonzalez and his accomplices gained access to credit card details in a way many hackers still do – through unsecured wireless networks. They found that by logging into an unsecured network in a store, they could hack their way into the corporate databases that contained customer card details. You’ll come across many instances of hackers using this tactic during your studies as part of a cybersecurity masters.
The case bought against Gonzalez was complicated. It involved the use of data obtained during the arrests of accomplices in eastern Europe, including a millionaire thief who was arrested during a holiday in Turkey. Many of the details of the hacking were completely unknown to authorities until they were revealed by the chief conspirator – Gonzalez himself. The case proves how a talented hacker using relatively simple methods can extort millions of dollars in cash if the right cybersecurity countermeasures are not in place.
The North Korean Extortion Hack
In February 2021, 3 North Korean hackers were indited by the US Department of Justice for trying to use hacking tactics to extort over 1.3 billion US dollars. The cash-strapped Democratic People’s Republic of Korea has long been suspected of using cybercrime to generate funds, and this thwarted scheme would have been one of their biggest scores yet. Cybercrime is one of North Korea’s most profitable shadow industries. When their economy falters or is struck with sanctions, the government turns to weapons smuggling, the drug trade, and cybercrime to get by. Unlike other countries that use hacking to support their clandestine operations, North Korean hackers are unique in that their aims are usually very similar to that of traditional cybercriminals. While countries like Iran, China, Russia, and the USA use hacking to further political aims, North Korean hackers just need to get their digital mitts on some cash.
The three hackers that were charged by the US Department of Justice had allegedly taken part in a huge variety of illicit activities. The North Korean Government had hacked the UK’s National Health Service, set up and marketed a fake cryptocurrency blockchain, ran spear-phishing campaigns, and hijacked ATMs. The Koreans used ransomware, a kind of malware that cybersecurity masters students need to become aware of. The charges laid bare the extent to which the North Korean government was using cybercrime to line its pockets.
Depending on who you talk to, PRISM will be described as either an essential national security apparatus or an unconstitutional state-sponsored hacking program. The truth probably lies somewhere in between the two interpretations of this controversial NSA program. PRISM – a surveillance operation led by the US National Security Agency – is an umbrella or interconnected interned snooping program. Using decryption technology, PRISM allows agents to intercept, decrypt and analyze information sent over the internet.
PRISM is, at its core, a government-led hacking operation on a huge scale – monitoring phone calls, emails, and bank transfers without the consent of internet or phone service users. It has been reported that information received by PRISM constituted a huge quantity of the evidence used by the NSA in prosecutions and investigations. The NSA has been accused of using PRISM to further its own expansion and dominance as part of the national security apparatus: seeking to cement itself as an essential service to a government worried about dissent and extremism.
The program drew huge amounts of criticism from around the world. Philosopher and commentator Noam Chomsky claimed that PRISM was evidence of the state’s extreme contempt for its own people. Commentators from both sides of the political spectrum bemoaned the degradation of privacy that PRISM seemed to represent.
There were, however, some prominent supporters of the operation. They argued that mass data sweeps were necessary for the government to keep track of extremist groups that were increasingly mobilizing and communicating over the internet. The NSA is one of the organizations that are very keen to headhunt cybersecurity masters graduates. They regularly poach talented cybersecurity operators.
While it might sound like a James Bond film title, Heartbleed was very real – and very serious indeed. Some investigators have speculated that it was the biggest cybersecurity breach in history in terms of sites affected – up to 17 percent of all websites online were compromised between 2012 and 2014.
Heartbleed isn’t technically the name of the incident itself. Instead, it is the name of a bug that was mistakenly written into the OpenSSL code that was used to create websites. At one point, 66 percent of all websites used Open SSL. This bug was discovered by hackers, who could use it to completely compromise the security of a website: seeing private conversations, stealing money, and taking identification data. During a cybersecurity masters, you’ll be trained in practices related to identifying exploitable bugs in code.
Heartbleed was a gold mine for hackers, and it went completely undiscovered by authorities and webmasters until 2014, by which time a huge amount of damage had been done. A member of Google’s security team notified Open SSL of the vulnerability to their code on the 1st of April 2014. The large-scale abandonment of Open SSL coding was considered the only permanent solution to the vulnerability, although there were fixes such as the ‘NO HEARTBEAT’ code alteration that could plug the bug retroactively. One issue was that the dissemination of information to webmasters was relatively slow, and webmasters, therefore, delayed the patching of their codes – allowing for more exploitation by cybercriminals.