Anthem, Target, and government agencies are all major organizations that have been hit by major data breaches in the past couple of years. 2015 brought us many high-profile data breaches that shed light on how detrimental a hack can be on a business. In the information age, cybercriminals are looking to cash in on valuable sensible data that can be stolen from an organization through a data breach.
Hacking Team, an IT company based in Milan, Italy sells surveillance software to governments, law enforcement, and corporations which allow companies or organizations to essentially spy on their employees or others. The surveillance software monitors communications of internet users, can decipher encrypted email, and record video calls and VoIP communications. Although intrusive and a moral gray area – the intrusion software allows organizations to collect pertinent data for security purposes.
The Hacking Team Breach
The Hacking Team was made aware of their data breach by their hackers! The attackers took control over the Hacking Team’s Twitter account and changed the name to “Hacked Team.” The company then investigated and discovered that over 400GB of data was compromised. Among the gigabytes of data stolen were internal files that included zero day exploits the company planned to sell, proprietary source code, a list of the Hacking Team’s customers and emails.
The worst part of all of this is how the Hacking Team got hacked. The attackers gained access to a computer that belonged to one of the company’s engineers as it was logged into the network. Whether it was done via a brute force attack or by trial and error, the hackers gained access to the computer and network due to the engineer’s very thin password. His password was “Passw0rd.”
The Takeaway
Unlike the Office of Personnel Management hack which we mentioned in our previous article, malware wasn’t involved in this data breach (at least to public knowledge). What the Hacking Team and the Office of Personnel Management do have in common are their lax rules on user credentials. All employees should be trained on how to create strong passwords. In addition to ensuring that the passwords don’t contain obvious information like last names or birthdates, passwords cannot be obvious choices such as “password,” “guest,” or “12345.” Because the engineer at Hacking Team was too lazy to create a complex password that he or she would need to remember, they chose the easy way out and as a result, compromised the company’s and its customers’ data.
Moving to a managed IT provider is one way to make sure your IT infrastructure is secured. Roan Solutions offers managed IT services that monitor networks, ensure systems are updated regularly, and can create and enforce policies that lead to more secure user credentials.
