Summertime is almost over, and back-to-school season is upon us. Beginning now, students all across the globe are beginning to register for their classes, purchase their school supplies, and start working on assignments for the upcoming year. But among these students, there are some who will get up to no good – hacking into the school systems to alter records, to disrupt the school’s normal operations, and to see just how much damage they can do. Let’s take a closer look at some of the reasons why kids are hacking their schools:
Hackers all over the internet today are slowly adapting to the changes in the attack marketplace. Many notorious DDoS groups like Lizard Squad, New World Hackers and others have already entered the DDoS as a Service business, monetizing their capabilities in peace-time by renting out their powerful stresser services. But it’s not just DDoS. It’s all attack services including application-based attacks. These marketed services are now allowing novice hackers with little know-how to launch attacks via affordable tools that are available on the Clearnet. This growth is healthy for any market but has forced vendors to take on more of a traditional marketing strategy.
It’s late July and the ‘boys of summer’ are in full swing, if you’ll pardon the pun. I’m a huge baseball fan and love most everything about the sport, including the mystique surrounding many of its unwritten rules. These rules, as their name suggests, cannot be found in any official rule book issued by Major League Baseball or other governing bodies. Nonetheless, they are firmly planted in players’ and coaches’ minds, and have their own system of self-policing administered mostly on the field. Typically penalties come in the form of a high-inside fastball for those that break them. Among the most established of these unwritten rules is the stealing of signs, a practice with many infamous examples throughout the game’s history. My personal favorite sign-stealing story surrounds the Chicago White Sox, who reportedly used a single light bulb in the centerfield scoreboard, turning it on-or-off to signal pitches to the home team batter.
Currently, the game and Major League Baseball is dealing with an entirely different type of stealing, with the recent case and sentencing of Chris Correa, a former executive with the St. Louis Cardinals. Last week, Correa received some ‘chin music’ of his own, being sentenced to nearly four years in prison by a U.S. District Court in Texas for masterminding a hack of the Houston Astros personnel database in search of insights into their player scouting. What’s particularly interesting here is that Correa wasn’t after any pitching or base-running signs, future lineups or other form of in-game strategic insight. Rather, he was after a pool of data that most every Major League Baseball team (and indeed professional teams in other sports) has come to view as highly valuable intellectual property, player analytics.
You might also like: A View from the Corner Offices: New Research on C-Suite Security Mindset
The Digitization of Baseball
In much the same way businesses in all industries have undergone a digital transformation over the past twenty years, baseball too has undergone its own transformation. This isn’t about Major League Baseball teams selling tickets or memorabilia through a website. The digitization of baseball has to do with the current fascination around in-depth player statistical performance as an indicator of future success. Baseball has always been big on statistics, of course. Few if any games lend themselves to an analysis of numbers the way baseball does. However, in recent years this has taken on a whole new level through the work of what’s often referred to as Sabermetrics, popularized by the book Moneyball by Michael Lewis. In the same way the hyper-statistically driven online advertising industry transformed marketing, Sabermetrics and its followers have turned the long-standing ideas of player scouting on their head. The creation of new statistics found to hold strong correlation to individual and team success have a wave of young math nerds turning their attention to our national pastime. Heck, there’s even an annual conference hosted by MIT Sloan School of Business on the topic of advanced sports analytics.
No one is immune
Perhaps the biggest takeaway beyond the implications of baseball is how this hack reinforces the fact that ‘no one is immune’ from today’s cyber-security threats. As with any business, as more value gets put around proprietary data, more and more attackers will seek to steal that data and/or disrupt operations by tying that data up. The competitively motivated attack is another interesting and important dynamic for organizations to consider. We’ve seen situations with customers where attacks against applications seemed primarily focused on interrupting ecommerce and other transactions, potentially to the benefit of other competing companies more immediately able to satisfy demand. In one particularly unique case, a major U.S.-based airline became the target of cyber-attacks that used bots programmed to “scrape” their site, looking for certain flights, routes and classes of tickets. With the bots acting as faux buyers—continuously creating but never completing reservations on those tickets—the airline was unable to sell the seats to real customers. In essence, the airline’s inventory was held hostage, and a growing number of flights were taking off with empty seats that could have been sold. Additionally, the bots could have been gathering valuable competitive pricing information, including information on the complex formulas that adjust pricing based on current demand.
What should by now be obvious to all is that any business has a wealth of valuable data within its systems. Baseball, just as any ecommerce or financial services organization, has a responsibility to protect that data in order to maintain its value. So the next time you watch a baseball game, consider all the data behind the moves you see on the field. And appreciate the importance to its owners of keeping that data as secure as consumer credit cards or personal health records.
Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.
School networks are increasingly becoming victims of cyber-attacks. They are presented with unique threats and challenges that most organizations do not have to deal with. Every year schools see thousands of new students that bring with them an arsenal of potentially vulnerable devices. To add to this growing complexity, most college campuses have migrated to digital platforms like Blackboard and Moodle. These online web portals are prime targets for denial of service attacks.
Over the last several weeks, we have all become conditioned to mega leaks. 117 million from LinkedIn, 360 million from MySpace, 68 million from Tumblr and 127 million from Badoo. That’s over a half a billion emails and usernames up for grabs! This is a gold mine for hackers. Researchers are not the only ones that obtain and analyze leaked databases. Often times, hackers will keep databases for themselves so they can conduct malicious activity with the credentials.
There once was a big, big, company who had many powerful subsidiary companies, some of which were acquired and some of which were part of the big, big company’s heritage product lines.
This big, big company made many meaningful products and services which were both adored and deeply needed by their many customers, and whose name was known to nearly all in the land.
It didn’t take long for a big name celebrity to be compromised in one of the recent data dumps due to password reuse. I never thought it would be the man that runs the biggest online social network in the world. Mark Zuckerberg had his personal accounts compromised via the LinkedIn leak that was sold on the Darknet marketplace, The Real Deal, by a vendor named Peace of Mind.
Over the last month there have been numerous TeamViewer users reporting unauthorized access into their computers that resulted in financial loss and stolen credentials. TeamViewer is a software package used by both personal and enterprise users for remote control, desktop sharing, file transfers and more. TeamViewer also uses end-to-end encryption to prevent a number of different potential attack vectors such as Man in The Middle (MITM) and brute-force attacks.
Many of us are familiar with Secure Hypertext Transfer Protocol (HTTPS) that uses a cryptographic protocol commonly referred to as Transport Layer Security (TLS) to secure our communication on the Internet. The benefit of securing our communication is obvious; however, the encrypted communication does have its downside.
Over the last year, hacktivists driven by ideological differences have targeted government data around the world at a persistent rate. The lines are blurred with most of these attacks as there are multiple motives behind them. However, one common theme to these attacks is the simplicity in which they are carried out. Hacktivists use an attack method known as an SQL injection to extract information from SQL databases that are vulnerable and exposed online.