• Carl

Sum of a Breach

The Internet is becoming the epicenter of our society; as it connects individuals from around the globe in an instant and allows developers to turn their dreams into realities. It offers people the opportunity to expand their network and collaborate with individuals they would have not been in contact with otherwise.


Knowledge has never been as widespread as it is today. New information is being shared within seconds of it happening, theories are being discussed by minds that are hundreds of miles apart and technology is evolving at an ever-expanding rate.


As the release of progressive security techniques and technologies continue to rise, malicious hackers are becoming more and more innovative. They are taking advantage of those who are refusing to upgrade their tech and/or are not administering the proper security techniques.


Since the mid 2000s, the number of online attacks have hit record highs. The number of files stolen is in the trillions as well as the global annual cost of cyber attacks (in USD).


There are a few ways to combat the hackers, most cost an ample amount of money, but there is technology out there that is providing transparent, auditable security on a large scale. Before we get into that, let’s discuss some major cyber attacks that have occurred over the past few decades.


Many of the largest data grabs were caused by negligence. Weak passwords and security questions from within, as well as third party breaches are what lead to linked organizations and their members to fall victim.


For example


One of the most notorious cyber attacks to ever take place occurred in 2014, when eBay was breached. Hackers infiltrated eBay’s servers for an estimated 229 days; and during this time they gained access to the entire user database. There, the attackers, found information ranging from credit card numbers to encrypted passwords and everything in between. This attack affected all 145 million eBay customers and was detrimental to eBay’s brand. In the end, they believe that the hackers gained access by using the credentials of three corporate employees.


The biggest issue eBay users had with this attack wasn’t the hack itself, but how eBay went about the situation after learning their systems were compromised. The lack of communication with their members was the reason for the drop off in user activity. The public felt betrayed and as a result a percentage halted their use of the platform.


Another example...


Equifax was also exploited, this time, specifically affecting a large portion of U.S. citizens. The attack occurred in 2017 and an estimated 146 million consumers were left out to dry. This was extremely devastating because a substantial amount of personal information was stolen, ranging from social security numbers to credit card data. The main cause of the hack was due to the carelessness of a single employee. This individual failed to respond to multiple warnings and update the security software, which in turn granted the malicious hackers access without being hindered.


And another…


This time it wasn’t a breach from within the organization, but from a third party vendor. In 2013, Target stores had their point of sales system penetrated due to an outsourced vendor, who dealt with their systems, being hacked. Because of the initial attack, Target became a victim in the process. About 40 million customers had their credit and debit card numbers swiped and another 70 million had their personal information compromised. The total cost of the attack was over $162 million and as a result the CEO and CIO of Target resigned. Since then, Target stores claim that they have made significant improvements in their security systems.


And last, but not least


Amazon and their S3 cloud storage was infiltrated, becoming one of the most recent and widespread breaches. Amazon’s Simple Storage Service, or S3, is designed to benefit the public by allowing them to store and access their data from anywhere in the world. It is developed to be similar to their own global network. The only issue is that it can be breached in a variety of ways.

Many times, organizations are hacked because of poor security configurations or failure to properly set up the security features. Vendors claim that this process is confusing, while Amazon states that it is simple. Regardles, the servers have been breached on multiple occasions.


One example of a breach in Amazon’s network took place when a partner of Walmart, Limogés Jewelry, was exposed and the personal data of 1.3 million customers was made public. A misconfigured AWS S3 bucket was to blame.


The breach was discovered by a security company that called the situation careless and negligent, as a storage bucket was left open that contained personal information of millions of individuals.


With over 100 million subscribers, one would only assume that the protection and security of their members would be Amazon's number one concern.


According to SkyHigh Network Security Firm, 7% of all S3 buckets have unrestricted public access, while 35% are unencrypted, creating points of entry for hackers. The list of major breaches that took place within the Amazon network, because of misconfigured S3 buckets, contains millions of exposed files as well as millions of dollars in financial loss; creating a hole for those exposed to climb out of.


Some more statistics

  • 60,000 files were stolen from Booz Allen Hamilton.

  • A partner of Verizon was breached, contributing to a data leak of about 14 million customers.

  • An estimated 100 MB of data, that stored Verizon’s billing system, was exposed in a separate breach.

  • The private information of 3 million WWE registered fans were made public.

  • Over 198 million American voter files were disclosed because 3 data mining organizations were attacked.


The list goes on and on, these are just a few.


The reality of the situation


The outcome of sizable cyber attacks are financial loss and a decline in public trust. The cost to repair a network that has been compromised costs millions, and the bad apple usually spoils the bunch. Consequentially following a major hack, member activity and the value of an organization usually drops.


Ingenuity and Evolution!


The financial technology of the future will aid the people as they move away from a society where centralized entities dominate the markets. This technology will provide network security, while offering large scale data storage and same day data transfers.


Blockchain technology offers people the chance to control their own data. Every node in the network stores the distributed ledger, preventing centralized cyber attacks by dispersing the information. The decentralized network of nodes confirm each and every transaction that is processed. The more nodes on a network, the safer the chain will be. This is due to the fact that in order to attack a blockchain one must hack a majority, or 51%, of the nodes on the network. This means, the malicious attacker would have to hack the block they desire, the blocks that follow it, the block that are currently being verified by the network, as well as the blocks to come (which will make the nodes believe that the compromised block is true to the chain). For the most part, deterring attackers because it is extremely time consuming and often costs more to pursue the attack then the reward from accomplishing it.


The safety of the blockchain has been proven time and time again since its creation in 2009. Its distributed ledger technology and public key infrastructure are just a few of the security factors that appeal to the public. The tech doesn’t allow for a single point of entry or easy access into the network.


Blockchain is the security that the people deserve. That is why organizations, like HyperionX, are developing innovative technologies that will provide a scalable, secure, decentralized network.


HyperionX will utilize a unique Proof-of-Passion consensus algorithm to verify blocks and encourage users to stay honest and online. They intend to implement a blockchain identity rating system for members, assuring that the trust-less society will function without fear of deception.


The potential of Tree Blockchain is as high as the tallest tree in the world and beyond. The possibilities are endless and that is why Hyperion looks to evolve with and develop xenoeconomical, or forward thinking and efficient, technologies.


In this day and age the people should be able to control their own data for not only security reasons, but peace of mind. There is no reason to turn over private information to a centralized entity when there are alternative methods of storing, securing and transferring data. Always use a lengthy password that contains a variety of upper and lower case letters, numbers and symbols to add an extra layer of protection. Security and ownership should be the number one priority of the people that utilize the internet. Together we can construct a system that offers freedom and protection on a global scale.


Control your data and be free to grow! #WithRootForce


Sources:

Armerding, Taylor. “The 18 Biggest Data Breaches of the 21st Century.” CSO Online, CSO, 20 Dec. 2018, www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html.


Cimpanu, Catalin. “7% Of All Amazon S3 Servers Are Exposed, Explaining Recent Surge of Data Leaks.” BleepingComputer, BleepingComputer.com, 6 Nov. 2017, www.bleepingcomputer.com/news/security/7-percent-of-all-amazon-s3-servers-are-exposed-explaining-recent-surge-of-data-leaks/.

Finkle, Jim, and Deepa Seetharaman. “Cyber Thieves Took Data On 145 Million EBay Customers By Hacking 3 Corporate Employees.” Business Insider, Business Insider, 27 May 2014, www.businessinsider.com/cyber-thieves-took-data-on-145-million-ebay-customers-by-hacking-3-corporate-employees-2014-5.


O'Donnell, Lindsey. “Walmart Jewelry Partner Exposes Personal Data Of 1.3M Customers.” The First Stop for Security News | Threatpost, 15 Mar. 2018, threatpost.com/walmart-jewelry-partner-exposes-personal-data-of-1-3m-customers/130486/.


Data compiled by William Meurer Jr.

0 views

Copyright © 2020 by HyperionX

  • telegram
  • Discord-black-icon-1
  • icon-social-reddit-512
  • medium
  • btc-512
  • Black Twitter Icon
  • GitHub-Logo
  • Black Facebook Icon
  • Black Instagram Icon
  • Black LinkedIn Icon
  • Black YouTube Icon