My Comments on the breach at [$COMPANY_NAME$]

Sheer genius. I wish I could take credit, but alas, I cannot.

</end editorial>

I heard about the breach at [$COMPANY_NAME$] and the [$BREACH_QUANTITY$] [$DATA_TYPE$ one of “credit card”, “patient record”, “social security number”, “user login”, “hashed passwords”, “national security secrets”, “Hollywood star’s ‘selfies'”] compromised. Of course this is a serious matter and is the largest since [$YESTERDAY_DATE$]

The people at [$COMPANY_NAME$] have not yet released details, which is appropriate given an incident response of this magnitude. I understand that they have the [$RESPONDER_NAME$ multiple of “FBI”, “NSA”, “CIA”, “Mandiant”, “army of consultants”, “Keystone Kops”] involved and have issued a press release.

My guess is that the attackers were able to initially breach the target using a [$ATTACK_TYPE$ one of “phishing attack”, “brilliantly clever targeted phishing attack”, “piece of custom malware”, “cat with a WiFi interface implanted in its head”, “SQL injection attack”, “basic website vulnerability”, “army of ninjas”, “variant of Stuxnet”] which is [$UNEXPECTED$ one of “totally unexpected”, “the way it usually happens”, “innovative”, “obscure as hell”, “bloody typical”] form of attack that is often used by [$USUAL_SUSPECTS$ multiple of “China”, “North Korea”, “CIA”, “NSA”, “Anonymous”, “brotherhood of blades”, “Bavarian Illuminati”, “Trilateral commission”, “hackers who have read ‘Hacking Exposed'”, “any complete newbie”] Until I know more about it, I can’t really guess about the details.

However, this illustrates the basic issues in information security, which is that organizations don’t appear to have effective responses to basic malware and/or phishing attacks, and have aggregated critical data into central locations on their networks where it is accessible. Once an attacker gets inside, it is pretty easy for them to escalate privileges, find out where the data is, and exfiltrate it. Organizations with critical data should segregate it off their network, perform regular vulnerability audits and remediation, maintain detailed system logs, and use two factor authentication for administrator access. If it’s a large organization, Big Data also helps, but I am not sure how.



2 thoughts on “My Comments on the breach at [$COMPANY_NAME$]

Comments are closed.