Security Fridays: Week FourMichael Urgero 14/02/2020, Industry News
Moral, political or financial?
Hackers that leak data generally have some motive, usually it’s financial, followed by moral and then finally, political. Most of the time, these people get their hands on detailed lists or databases in a few different ways; either by hacking another system, being in the right place at the right time and being exposed to the data or finally, by cooperation of friends or colleagues that have access to it and share similar beliefs.
The leak known as the ‘Big Asian Leak’ appears to be an example of how these attacks can take multiple directions. The original attacker appears to have put the list on the public internet as a result of a moral issue with these ISP’s or because of failed financial negotiations with them for ransom. The original attacker likely gained access to these ISP’s directly, or through cooperation with internal resources. The fact that the original party that published the list has remained anonymous generally means that they were trying to extort some financial gain from this list or force the ISP’s to change their practices. One could assume that when none of the ISPs paid up, they published the list as a penalty.
Once the list is published, it gets found. Once found proper notification to the ISP hosting the file was made and actions were eventually taken to remove it. It’s important to remember people generally manually synchronize passwords across platforms – so your email password may also be your online banking password. Oops.
It is understood that this list was created from data gathered from several ISP’s. There is also a large number of records in this database that have usernames and passwords in clear text. It’s likely that these clear text records are from one or two of the several ISP’s that were attacked.
Why go through the trouble of attacking multiple ISP’s, collecting this data and then publishing it? Who’s the target here? The ISP’s? Likely not. Someone was trying to prove a point at how weak a series of systems were and it’s likely that this party was brushed aside and discounted, which created the animosity necessary to do such a thing.
The moral of the story here is that multi-factor authentication solutions, like ours could have prevented the unwanted access to these systems in the first place and our data leak prevention solutions would have prevented data like this from leaving the company.
It may have been the motivation of the attacker, exposing the weak internal processes of these ISP’s and demanding that they change their ways. Failure to do so resulted in exposure. Using the right tools to protect your data is a critical function that now has direct financial impacts to your business.
Read the article that was analysed here: https://www.infosecurity-magazine.com/news/one-billion-email-password-combos/