The Worst Cyber-Attacks And Hacks Of 2015VTechAshley MadisonHacking TeamOPMT-MobileTalkTalk
VTech
The most recent attack on Hong Kong toy manufacturer, VTech at the end of November saw putting sensitive data about children in danger. Motherboard who first reported the hack was contacted by the hacker after the discovery was made by him. Not only millions of parents were affected but most importantly millions of kids were affected too. The hacking allowed the hacker to collect a total of 190GB data from VTech’s line of children’s tablets and its databases, which had pictures that children had taken of their parents and themselves, and audio recordings of them fooling around with the device. According to a researcher from Trend Micro, the most shocking part was that the toy company was not using SSL (Secure Sockets Layers) technology to keep the data safe, which is common standard practice, nor were the passwords encrypted satisfactorily. From the time breach was made public, VTech has been severely criticized by security professionals. The only saving grace for the company was the hacker, who did not go ahead and leak the data online but instead went to the press, saying “I just want issues made aware of and fixed.”
Ashley Madison
Easily the year’s most lecherous cybersecurity incident, a group called the Impact Team hacked Ashley Madison, the adultery site, during summer that allowed people to looked to have affairs with other users. Data of more than 30 million users was held to ransom and was leaked in the end. The large amount of personal data leakage that could actually disclose someone as a cheater provided enough news for tech and gossip blogs. The verification process of new accounts on the site was very poor, as examining through email addresses wasn’t exactly full proof that someone had been looking for an affair. A rather unconvincing Tony Blair email address was found in one case. However, there were some real life consequences, wherein reports of Ashley Madison users being blackmailed were coming in. Also, the leaked email reflected poor security practices at the company with even correspondences from the CEO indirectly indicating at hacking its competitors. In a recent case, New Jersey school superintendent David Browne was found to have an account on the site. His wife left him, he lost his job,and most surprisingly, was charged with arson after attempting to torch his garage, possibly in a fit of anger.
Hacking Team
Considered as a suspicious company for long, the Hacking Team is reported to be selling surveillance software to repressive governments and have little hesitation about doing so. It became quite a shocking story when a company in the field of hacking, cybersecurity, and surveillance was hacked this summer, whose leaked swathes of company data and emails giving us a sneak peak into how Hacking Team did business. The main product that Hacking Team, an Italian company, sold was its Remote Control System (RCS), a piece of software that would let the law enforcement agencies or government authorities to break or obstruct the communications of their targets. Data and leaked emails asserted that Hacking Team was selling software to, or in talks with, officials in Russia, Kazakhstan, Nigeria, Uzbekistan, Saudi Arabia, and Azerbaijan to name a few. The leak also showed that Hacking Team had found important susceptibilities in Flash that could be exploited, which led to Adobe hurriedly look for a patch. It has been several months since the hack has taken place, however, very little has been found out about the alleged perpetrator, nicknamed PhineasFisher, and what his/her/their purposes and reasons were.
OPM
This summer saw the US government’s Office of Personnel Management (OPM) become victims of alleged Chinese hackers, making it one of the largest politically motivated cyber-attacks of the year. Before the hack was made public in June of this year, up to 18 million government employees were affected and 21.5 million records were compromised from the time the hack had started in March 2014. The president of OPM, Katherine Archuleta, resigned in July. Hearings are ongoing to find out the cause of the hack, however, it has been constrained by some government agencies who are refusing to participate. Chinese hackers have been the prime suspects in the hack and since then both US and China have had discussions on the issue. Not so long ago, China had said that it had arrested a number of hackers with help from US intelligence, and placed the blame clearly on them for attacking OPM.
T-Mobile
Thanks to credit monitoring firm Experian, millions of T-Mobile customers were breached by them. While very little reasons have been known for the hack, it is in fact a hack at Experian that caused the issue, which in turn has left T-Mobile customers on the wrong end of the breach. However, this does not mean that T-Mobile is not to be blamed, as they went on to trust the third party firm with the data. Besides that, T-Mobile states that some of those affected were not even customers but people who may have signed up to use the services of T-Mobile but never used them. “I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” said CEO John Legere at the time. There are difficult times ahead for both T-Mobile and Experian who are facing lawsuits over the breach.
TalkTalk
TalkTalk announced a hack attack in October, 2015. Following a “significant and sustained cyberattack,” the company warned that names, addresses, account information and credit card/bank information may have been stolen. Subscribers have been told that they may be contacted by nefarious third-parties asking for personal information and to look out for any irregular activity on their online accounts. It’s worrying when something like this happens once, but for TalkTalk, this is the second big data scare in a year. The cyber-attack on TalkTalk could cost it up to £35m in one-off costs, the company has said.