We sure do bang on about cybersecurity these days, but it’s for good reason: the consequences of your information, or your business’s information, falling into hackers’ hands can be devastating.
It can be used for any number of things, from impersonation to secure loans or credit cards, to revealing information about you to your competitors, or, in the case of government, to foreign governments and/or terrorist organisations.
And that is why using the best cybersecurity approaches is so important – in the information age, data is power.
To further illustrate exactly why protecting yourself and your business is so important, here are 3 times hackers got the better of their targets.
Hackers use social engineering to target top US officials
Our first incident happened in February 2016, when a hacker group calling themselves “Crackas With Attitude” (CWA) successfully breached the personal email accounts of high-ranking US government officials. If you’ve ever fallen prey to a similar scam, don’t feel too bad – CWA’s victims included the CIA Director at the time, John Brennan (someone you’d expect to know better!).
By tricking people into giving out sensitive personal information, a tactic known as social engineering, the hackers were able to manipulate service providers and government employees into giving out information that was used to guess the answers to security questions. You know, those things that supposedly protect accounts from unauthorised access if you ever forget your password.
Side note: This is also very much why you should never, ever answer those stupid Facebook quizzes that ask you for things like who your favourite teacher was, your favourite pet’s name, etc., supposedly as a bit of fun to share with your friends.
Posing as telecom employees, they manipulated their way into resetting passwords to various accounts belonging to their targets. Their efforts gave them access to heaps of sensitive information, including classified government data, email exchanges, contacts, and documents. CWA took responsibility and published stolen documents online, triggering a swift response from US law enforcement, including the FBI and the Secret Service. Multiple arrests followed, including British teenager Kane Gamble, who received a two-year sentence for his role.
This incident showed that even government officials are vulnerable to social engineering attacks. The silver lining here was that the incident also cast light on the need for greater cybersecurity awareness and for implementing multi-factor authentication and other protective measures wherever possible.
Just like you’ve done with all of your business IT systems.
Please Like and Subscribe
In 2019, a hacker calling himself “Thehackergiraffe” used an automated script to find and gain access to more than 50,000 unsecured but internet-connected wireless printers. He used his power to make those printers print out messages encouraging people to subscribe to YouTuber PewDiePie’s channel, which he later said was to “humanise” him and the hack rather than scare people with scary “you have been hacked” messages.
At the time, PewDiePie was in fierce competition with a rival channel called T-Series to claim the top spot as the most-subscribed YouTube channel, and Thehackergiraffe, a big self-proclaimed PewDiePie fan thought he’d try giving “Pewds” the edge with his lighthearted hack.
Still, he raised another important issue – that of wireless printers being vulnerable to similar actions if they are not properly secured. And with many businesses using wireless printers that aren’t treated as carefully as other network devices when it comes to security, Thehackergiraffe certainly made a great point.
But that will never happen to you because YOUR wireless printers are secured properly, right?
Casino Hacked with a Fish Tank (no really)
On the one hand, the Internet of Things (IoT) is an exciting technology that has the potential to change the world for the better, by using internet-connected devices and sensors to do all kinds of cool things. On the other, IoT is also a massive security vulnerability because it’s literally impossible to properly secure every one of the billions of new IoT devices expected to come online before 2030.
There is no better example of this, than an incident where hackers used a fish tank to hack a casino in Las Vegas in 2017. Yes, a fish tank. The tank had a collection of sensors in it that were connected to an internet-connected PC to monitor the temperature, algae levels, and food in the tank, which hackers were able to exploit. They used the connected but not secured sensors as their entry point into the casino’s network, where they poked around until they found what they wanted – 10GB of sensitive data which they then sent to Finland. Neither the casino’s name nor the content of the stolen data was ever revealed publicly.
As funny as it sounds that the casino was hacked with the help of a fish tank, the point made is incredibly pertinent – the simplest IoT devices can and will be used in cyberattacks of the future, making it incredibly important that businesses prioritise securing them properly.
So yes, we bang on about cybersecurity a lot, but it’s because we care, and we want your business infrastructure to be as safe and secure as possible. As fun as it is to read about hacks happening to other people, it’s much less fun being hacked yourself.
So maybe use this article as a reminder to chat to your IT people about doing a quick sweep of your current security measures. Just a thought.