My Comments on the breach at [$COMPANY_NAME$]
I heard about the breach at [$COMPANY_NAME$] and the
[$BREACH_QUANTITY$] [$DATA_TYPE$ one of "credit card", "patient
record", "social security number", "user login", "hashed passwords",
"national security secrets", "Hollywood star's 'selfies'"]
compromised. Of course this is a serious matter and is the largest
since [$YESTERDAY_DATE$]
The people at [$COMPANY_NAME$] have not yet released details, which is
appropriate given an incident response of this magnitude. I understand
that they have the [$RESPONDER_NAME$ multiple of "FBI", "NSA", "CIA",
"Mandiant", "army of consultants", "Keystone Kops"] involved and have
issued a press release.
My guess is that the attackers were able to initially breach the target
using a [$ATTACK_TYPE$ one of "phishing attack", "brilliantly clever
targeted phishing attack", "piece of custom malware", "cat with a WiFi
interface implanted in its head", "SQL injection attack", "basic
website vulnerability", "army of ninjas", "variant of Stuxnet"] which
is [$UNEXPECTED$ one of "totally unexpected", "the way it usually
happens", "innovative", "obscure as hell", "bloody typical"] form of
attack that is often used by [$USUAL_SUSPECTS$ multiple of "China",
"North Korea", "CIA", "NSA", "Anonymous", "brotherhood of blades",
"Bavarian Illuminati", "Trilateral commission", "hackers who have read
'Hacking Exposed'", "any complete newbie"] Until I know more about
it, I can't really guess about the details.
However, this illustrates the basic issues in information security,
which is that organizations don't appear to have effective responses to
basic malware and/or phishing attacks, and have aggregated critical
data into central locations on their networks where it is accessible.
Once an attacker gets inside, it is pretty easy for them to escalate
privileges, find out where the data is, and exfiltrate it.
Organizations with critical data should segregate it off their network,
perform regular vulnerability audits and remediation, maintain detailed
system logs, and use two factor authentication for administrator
access. If it's a large organization, Big Data also helps, but I am
not sure how.