3wlink Blog » Blog Archive » Is Your Website Hackable? Why You Need To Worry

Is Your Website Hackable? Why You Need To Worry - Part II

October 11th, 2007 By admin Internet

SC Magazine reports that hackers used data from the breach to purchase goods in a number of states in the US, in Hong Kong and in Sweden.

A digest of the latest developments follows:

* According to 3WCAX-TV Website, the attack is expected to cost consumers one-point-five (M) million dollars. This article was published before law suits started sprouting.
* Brian Fraga, Standard-Times, reports that a class action lawsuit filed this week in U.S. District Court (Boston) against TJX. The amount of damages sought is undisclosed. According to SC Magazine, yesterday a West Virginia resident slapped another lawsuit and is suing TJX for $5 million.
* U.S. Rep. Ed Markey, D-Mass., chairman of the House Subcommittee on Telecommunications and the Internet, has called for the Federal Trade Commission to investigate the hacking, according to a eport today in the Boston Globe.
* Today, the Government of Canada, stated that it is launching an investigation into TJX and the data breach.
* Of note is that the hacking may have started in May 2006 and the breach was discovered only in December 2006 (and publicized in January 2007).

Universities

University systems are usually highly decentralized which makes it hard to ensure tight security. To the extent that one department may have deployed a hardened security infrastructure while others loll in lax measures making the whole system weak.

The following are some of the recent university hacks due to web application vulnerabilities:

* Last month, a hacker infiltrated a massive database from the University of California, Los Angeles, containing personal information (including social security numbers, dates of birth, home addresses and contact information) on 800,000 people in one of the worst computer breaches ever at a US university.
* In January 2007, the University of Arizona reported a breach happening November and December last year that effected several services according to the Privacy Clearing House. The number of effected records is as yet undisclosed.
* In December 2006, University of Colorado – Boulder experienced a hack attack that resulted in the theft of thousands of names and social security numbers – a total of 17,500 records were compromised.
* University of Texas, Dallas, reported in December 2006 that the data of 35,000 individuals (current students and alumni) was compromised. Social security numbers were exposed, according to the Privacy Clearing House.

Changing Trends in What Motivates Hackers

According to Zone-H, the top 50 attackers defaced a total of approximately 2.5 million websites all over the globe. According to the CSI/FBI Computer Crime and Security Survey 2005, one of the most dramatic findings was the exponential increase in website defacement experienced by their respondents: in 2004, 5% of the respondents experienced defacement while in 2005 that figure went up to 95%. Recent trends over the past 12 months show that there is a shift from such disruptive vandalism that gains notoriety towards theft of data that translates into profit. The report on 2006 is still to be published.

Bookmark to: