May 11, 2018

Preventability in the Cybersecurity Domain


Ever since the dawn of computational and networking capability, there have existed groups of
people with the sole intention of exploiting and misusing them. These groups, known as Hackers (also
known as Black Hats or Crackers), have crippled infrastructures, stolen heaps of information, and have
caused billions of users to panic worldwide. They have attacked networks used for entertainments such
as television broadcasting, gaming, and online streaming, and have breached databases as deep as IBM,
Adobe, and Samsung. These attacks are usually credited to witty coders with a seemingly infinite word
per minute (WPM) rate. Which is rightfully placed, given the sheer difficulty and time it takes to go
through with most attacks. What is frequently left out is the preventable causes that are usually at fault
to human error. The number one way to prevent a cyber attack is to focus on human error. Today, I will
discuss 5 major networking attacks that could have been completely prevented if a human error had not

The first attack is of the 2013 Adobe Systems data breach. Adobe is a huge bearer of personal
information and quite frankly, one of the most experienced companies in the tech world to date. That’s
why their fairly recent 2013 data breach left a lot of people scratching their heads. Generally, this attack
increased paranoia in the tech world with more than 38 million active users being affected. A 3.8 Gb file
was uploaded for the public containing stolen reversibly encrypted passwords and general unencrypted
user information. The most alarming fact of the breach is, the discovery of how Adobe managed
encrypted passwords prior to the attack. First off, the passwords were stored in an easily accessible
database that contained very few authentications layers. This made it fairly easy for attackers to gain
access. Secondly, the passwords were stored without proper encryption methods. Industry professionals
have known for years that passwords should never be stored in plain text(unhashed) and without a
unique SALT attached to them(to further the irreversibility to the hash). While the attack was a result of
sneaky planning and flawless execution, it is commonly agreed that the attack was highly preventable if
Adobe had given more attention to the integrity of their data encryption protocol.

In 2003 a perhaps more terrifying attack took place called the SQL Slammer. This attack was not
limited to one company but to anyone using a windows SQL servers. The attackers were able to
propagate the worm on more than 75,000 systems within the first 10 minutes of launch. The worm
simply generated random IP addresses and sent itself out to those addresses, it would then continue the
process on the infected system expediting the effect. The worm took advantage of a buffer overflow
vulnerability that was resolved by Microsoft 6 months prior to its launch. However, many users grew
wary of recent Microsoft updates and decided not to go through with the update, leaving them wide
open to attack. Initially, the attack was of little concern, it’s the domino effect it caused that shook up
the cybersecurity world. The worm propagated so fast that it overloaded routers and slowed
connectivity speeds dramatically worldwide. This was due to the fact that the routers couldn’t handle
the high volumes of traffic they were receiving. Some routers even shut down altogether, forcing
neighboring routers to remove them from the routing table effectively furthering the damage. It came
to a point that so many routing table removal requests were being sent that internet connectivity halted
for many users internationally. The notoriety of the issue comes from the fact that SQL Slammer could
have simply been prevented if more users updated their systems and/or Microsoft released more
informative and trustworthy updates.

2017 saw no decline in breaches, even within some of the biggest companies such as Amazon.
Well, let me clear that up. In 2017 there were 3 major breaches that took place on Amazon’s Web
Services clouds, affecting Uber, Accenture, and Time Warner Cable. These breaches were due to human
error not on Amazon’s part, but on the companies Amazon outsources their cloud too. Both Accenture
and Time Warner saw the possibilities of a complete database management disaster when it was
discovered that their S3 buckets containing customer passwords (in plain text… in 2017) and personal
information, were configured to be accessible to the public. In the case of Time Warner, this was an
error on a third party that failed to properly configure the S3 bucket. Again, human error was the main
cause, and in these 2 cases, extremely preventable. Fortunately, no information was accessed with
malicious intent and the issues have been since rectified.

However, the same cannot be said for the transportation tech giant, Uber. Uber’s 2017 data
breach saw more than 50 million customers compromised and again this breach was completely
preventable. Attackers infiltrated Uber’s AWS account by gaining access to their private GitHub which
held the credentials needed to get into their AWS account. This was completely preventable on Uber’s
hands, Amazon offers multi-factor authentications that were entirely ignored by the database managers
at Uber. On top of that, the credentials to gain access to their database should never have been
accessible through GitHub. To make matters worse, instead of notifying the 57 million compromised
customers, they attempted to bribe the hackers with $100,000 to keep silent. In this case Uber did
everything wrong as a company, the worst thing a company can do after being breached is lie to the
users that are affected by it. It was due to the error on Uber’s part that the breach even took place,
hiding it will not remedy the issue.

When most people hear of big network vulnerabilities they think about teams of well-equipped
hackers coding thousands of lines of code. While that can sometimes be the case, usually these issues
stem internally due to errors made in part by the attacked. These vulnerabilities can affect millions of
users worldwide or cripple a small concentration of specially targeted companies (which can, in turn,
affect millions). While industry standards start to shift, we can see a decline in network related attacks.
But in order to truly prevent attacks on databases and other systems, a company should look closely at
the people they employ and should rely heavily on the ability to double check work. Because one little
error can cause catastrophic consequences.