The Art of Breach Detection
Table of Contents
My latest online session is brought to your attention by TechTarget & BrightTalk. Register now for a free session. Below are the details:
Hackers will not stop their attacks, so organizations need to be aware that they could be breached at any moment. This presentation will help you learn: * How to best prepare for those attacks?* What tools can be used?* How can you detect the latest, more sophisticated adversaries and, most importantly, how to respond to them?
Dr. Erdal is the corporate CISO of Comodo and president, Global CISO Forum. He will share his insights on how to master breach detection from real-life examples.
Date: May 19,
Click here to see Breach Detection-related blog posts
Data breaches from 1984 to today: The history
While the methods and sophistication of attacks on computers may have changed, one thing that hasn’t changed is the reason behind the breaches–data. All hackers, past and present, have always seen data as the center of their attention.
1984 – The TRW data breach
One cannot overlook the 1984 data breach that exposed financial and personal information for about 90 million people. TRW (now known as Experian) was at that time hosting one of the most extensive databases of confidential records, with approximately 90 million users. It also had their credit history.
TRW was responsible to provide information about users’ credit history and employment details. They also provided details about loan and banking details and, most importantly, their social security numbers. These were sent over a telephone line, to their many subscribers who were mostly banks and departmental stores located in remote areas. Below is an example of some online news coverage about this incident:
The history of data breaches. Figure : Washington Post and NY Times coverage in 1984. It is interesting to note that subscribers were able to log in to the TRW database to query the necessary information about users. These details were confidential and could only be accessed by bank employees or department store managers. Even though the data was only accessible for reading and could not be modified, it could still be misused.
The password and the manual for accessing the TRW database and operating the TRW system were leaked from a department shop in one location. Once the login and access information was obtained, the adversaries posted it on bulletin boards (an equivalent to today’s social media). The attackers had not only the login information but also a complete profile of all those who were connected to the bulletin board.
Surprisingly the incident was not discovered by TRW officials for several months (it’s unclear how long). An external party reported the breach to TRW. According to the investigation reports, the database was accessed via the store phone line. TRW did not know how many times it had already been accessed.
Experts at the time suggested that proper monitoring and detection could have flagged the activity. This is true even in today’s environment. Investigators suggested that TRW could have prevented the attack by implementing a system that called back the telephone number used to request access. This could have been verified before the information was transmitted.
When comparing 1984’s attack scenarios with today’s, the most important points to focus on are the attack vectors, methods and mitigation that could have prevented this.