Information technology is now merged with every field of life from banking to medical. We have witnessed a lot of more advancement in IT sector in previous year 2015. Things in this sector are not just getting better but complicated as well. As the good guys busy building and developing new tools and services, bad boys a.k.a hackers are equally busy in finding new ways to hack these things. 2015 witnessed some major computer security hacks in hacks ranging from the data breaches to denial of services. Millions of users were affected in result of these hacks and breaches. Most amazing fact about the hacks of 2015 was that most of them were not targeted to financial organizations but people personal information and health industry was the main target of the hackers. This also provides a horizon for our cyber security priorities in coming years. Top 10 Computer Security Breaches of 2015 are following:
AshleyMadison.com is online since 2001 owned by a Canadian firm Avid Life Media claims to have 40 million users. This is a premier cheating site for married people seeking partners. Hackers broke into their system and leaked the 30 GB data including personal information of their users, chats, memos and even the website’s source code as well. This allowed more hackers to attack their system after knowing the vulnerabilities in their source code. While talking about the chats, user photos and employee emails with Motherboard, hacker said “1/3 of pictures are d**k pictures and we won’t dump,” they told Motherboard. “Not dumping most employee emails either. Maybe other executives.” It was also found from the hacked data that Ashley Madison is also cheating with their customers as well, most of the female account on the website were bots. This hack greatly impacted not only ALM’s business but other dating websites as well. Some script kiddies also established some sites to offer the services to find whether your name is in that breach or not but ALM’s did their best to block such websites. More at WIRED
Second most amazing hack encountered by the Internal Revenue Service. In this hack, hackers gained the access to the tax returns data of around 300,000 citizens. Hackers went through the multifactor authentication system using the information – social security number, date of birth and address etc. Hackers tried to attack 170,000 which was failed. The breach does not involve the main IRS computer system that handles tax filing submissions. "That system remains secure," the IRS said. The hackers were then able to use the information to file for bogus tax refunds, resulting in criminals obtaining $50 million in federal funds. IRS also faced several lawsuits against them due to their failure to handle the people’s information with proper security. This hack was due to an app on their website which the functionality of “Get transcript” but the IT team informed the corresponding authorities and people as well when they found some suspicious activity with their accounts.
This company makes the spyware which lets to spy over your employees, kids and partners by installing software in their iOS, Android or Windows based devices. You can then have the record of calls, texts, contacts, WhatsApp and more. This hack includes the data of their 400,000 users uploaded on tor – anonymous network. This data included the apple IDs, Passwords, Tracked locations, Photos and more. Company initially denied the hacked but then claimed it. This data was hundreds of gigabytes including corporative emails and private conversations as well. No clue found about the hack or any footprints about the hackers but company assured their customers that they will make sure to prevent such kind of breaches in the future. 40% of their users are parents who want to eavesdrop on their kids but unintentionally this let their kids to be the victim of predators and bullies.
Hackers turned their canons towards the easier targets like the health industry. CareFirst is one the biggest health agencies in the U.S. In 2015, they encountered a breach resulting the leakage of personal data of their 1.1 million accounts. CareFirst claimed that hackers got access to the names, phones numbers and email addresses but not the sensitive information like the social security numbers, medical histories and financial details. Federal offices of the United States referred this hack as the state-sponsored and maligned the China for it conventionally. In a statement, CareFirst said at the time it was believed they "had contained the attack and prevented any actual access to member information." To compensate the privacy espionage of their users, CareFirst offered two years of free credit monitoring and identity theft protection services for those members affected.
AdultFriendFinder.com is owned by the FriendFinder Network Inc. They claim to have the 700,000,000+ users on their different social networking portals. The hack was reported in May, 2015. This hack leaked the user data of around 3.9 million users of this network. Hackers not only hacked their system but also made their data available on the internet to free download. The data included the usernames, email addresses, sexual priorities and answers to many dirty question which are asked to complete the profiles. This hack created more stir when it also the email addresses of some corporate and government personnel. This information was a gold mine for the phishers, blackmailers and predators. Information also revealed. The company responded to this attack in no time and performed immediate steps like disabling the feature of “search by username”. Company also announced a team to investigate the footsteps of the hackers and vulnerability which causes that attack but didn’t released any details at least during the writing of this article.
June 2015, Hackers attacked the United States office of Personnel management. According to the federal agency, the sensitive data of more than 21 million people including their social security numbers were available on the darkweb for download. The stolen data also included the usernames, passwords and fingerprints of many federal employees as well. In response, the office accepted that they failed to protect their computers and offer proper security measures to their people. They said “we are going to send a package of guidance to the effected people”. Initially the hack was started in the 2014 but it was the incompetency of the security sector of that office that they failed to know about that for a whole year and until that millions of people were on stake. OPM announced the formation of a team of forensics specialists to get to know about the breach and possible attackers behind that attack.
Anthem is the second-largest health insurance company in the United States which encountered one of the biggest corporate data breaches of the history. During the hack the sensitive data of around 80 million people was stolen. Data stolen includes names, birthdates, email addresses, Social Security Numbers, and medical IDs. Company claims that there are no evidence that credit information and medical records of their users are stolen. The Company offers healthcare plans to 14 different states and the breach effected all of them. Investigation was started right after the attack and conventionally like all other attacks, China was blamed this time also. The investigation lead to no conclusion. Company offered two years of identity theft repair assistance, credit monitoring, identity theft insurance and fraud detection.
TalkTalk is one of the top Phone and BroadBand Service Providers in the United Kingdom. Hackers breached their systems and hacked the customer data of 4 million people around UK. This data included the names, email address, residence, TalkTalk account information and Bank details of their customers. Worst thing in that attack was, different affiliated companies and TalkTalk as well received messages from the hackers asking for ransom. The “Russian jihadists hackers” claimed the responsibility of that attack. Asked by the BBC whether customers’ bank details had been encrypted by TalkTalk, CEO of TalkTalk said: “The awful truth is, I don’t know”. Company hired some security professionals to figure out the vulnerability and verify the claim of Russian Jihadists group about that breach.
LoopPay is the subsidiary of Samsung Electronics, it’s a mobile payment system which was hacked in October 2015 and Chinese hackers blamed for this purpose. Hackers hacked into the corporate systems of the company but not the “Samsung Pay”. LoopPay actually bought by the Samsung to compete its competitor Apple Pay in February 2016.
Another critical vulnerability found in the famous smart series of Samsung – Galaxy. This flaw was found in all models between S3 to S6. Security researchers in the NowSecure security firm found them in their keyboard. This flaw could made the phone vulnerable to spying if it is connected to the public wifi. NowSecure advised the Samsung to patch their vulnerability and then made their findings public.
FBI have an information sharing portal to synchronize the information about criminals and on-going investigations with the local law enforcement agencies. Hacking group CWA alleged for hacking the AOL account of Chief CIA took responsibility for hacking this portal also. They dumped the information of 2400 national and international employees online and threatened the authorities to do more. In a tweet he said, “Just to clear this up, CWA did, indeed, have access to everybody in USA private information, now imagine if we was Russia or China.. “ While talking to the WIRED, one of them claimed that they accessed the data of 3000 data of employees working for this federal agency.