Big Breaches: Cybersecurity Lessons for Everyone

Huge savings for students

Each student receives a 50% discount off of most books in the HSG Book Store. During class, please ask the instructor about purchase details.
List Price: $27.99
Price: $14.00
You Save: $14.00
2

Part I: The Biggest Breaches

The goal of this part is to explain, in plain English, the biggest breaches in recent years, focusing on what has resulted in everything from exposure of the majority of American consumers' financial identities to a foreign power more than significantly "influencing" the election of our most recent President. The breaches will be covered in reverse chronological order of the years in which the breaches were made public (even though some of them occurred prior), and in the summary section, I'll also comment on the relevance and implications of the actual years in which the breaches took place.

Chapter 1: The Five Key Root Causes

This chapter reviews the five basic root causes that we'll see in all the mega-breaches that will be reviewed in subsequent chapters.

  1. Phishing
  2. Malware
  3. Third-party compromise (suppliers, customers, and partners, as well as acquisitions)
  4. Software Vulnerabilities (application security as well as third-party vulnerabilities)
  5. Inadvertent employee mistakes

Chapter 2: The Capital One Breach in 2019

On July 29, 2019, court documents were released regarding a security breach at Capital One that exposed data for over 105 million people. A lone hacker gained access to highly sensitive data including names, social security numbers, addresses, and dates of birth. This hack is just one example in which over a hundred million customer records have been exposed to the entire Internet.

  1. The Modern Day Datacenter: The Cloud and Hybrid Clouds
  2. Erratic: Former Amazon Web Services employee
  3. The Firewall Hack
  4. The Ex-Filtration
  5. The Simple Mistakes
  6. The Charges & The Fallout

Chapter 3: Cambridge Analytica & Facebook

The goal of this chapter is to cover two issues that both involved Facebook. The first issue is how Cambridge Analytica, a data analytics firm that assisted President Trump's presidential campaign, abused Facebook to harvest data on 70 million U.S. consumers to create psychographic profiles of them and target ads to influence voting. The second issue is how a vulnerability in Facebook's "View As" feature (that allows users to see how their profiles look to the public) was exploited to allow for the take over of approximately 50 million Facebook accounts. The sections in this chapter will also set the groundwork for the Facebook hacking of the 2016 election by the Russians.

  1. How Facebook Works
  2. How Facebook Makes Money Through Ads
  3. Political Ads
  4. Security Challenges with Ads: Abusive Targeting, Bad Ads, Malvertising, and Click Fraud
  5. Facebook's Third-Party Apps and APIs
  6. Cambridge Analytica Harvesting
  7. Bungled Remediation of Harvested Data
  8. The "View As..." Vulnerability
  9. Remediation of the "View As..." Vulnerability

Chapter 4: The Marriott Hack in 2018

The Marriott hack disclosed in 2018 has been the second largest breach of all time as it involved 383 million records, and is only second to Yahoo's hack of 3 billion email accounts which we'll describe in see Chapter 8. Passport numbers, and the location history of hundreds of millions of people was amongst the data stolen in the breach. Combined with stolen data from the US Government's Office of Personnel Management breach (described in Chapter 7), one can even derive the location histories or potentially even impersonate some CIA agents and spies.

  1. Marriott and Starwood
  2. DBA Account Takeover
  3. Malware: Remote Access Trojan and Mimikatz
  4. Starwood Guest Reservation Database Exfiltration

Chapter 5: The Equifax

Apress