zlacker

[parent] [thread] 4 comments
1. TheBig+(OP)[view] [source] 2023-07-20 13:01:41
Any time a big hack makes the news it turns out that either some system had no security, they used social engineering, or a disgruntled former employee. Hackers aren't sitting there with a super computer in a Guy Fawkes mask trying to decrypt data. The scams are the same now as back then.
replies(2): >>defros+82 >>not_re+Pj1
2. defros+82[view] [source] 2023-07-20 13:13:31
>>TheBig+(OP)
Two of the most recent most high profile hacks required a large degree of preplanning, scoping out, custom coding etc to achieve the breadth and depth of penetration gained upon execution.

How would you classify supply-chain attacks?

Primary security was bypassed by breaking secondary security .. so there was security to be overcome, there was no social engineering aside from understanding procedures in play, and no disgruntled employees.

https://www.techtarget.com/whatis/feature/SolarWinds-hack-ex...

https://forensiccontrol.com/guides/unravelling-the-moveit-ha...

replies(1): >>felixh+oq
◧◩
3. felixh+oq[view] [source] [discussion] 2023-07-20 14:58:02
>>defros+82
let me blow your mind with "the lazarus heist" podcast: https://www.bbc.co.uk/programmes/w13xtvg9/episodes/downloads
replies(1): >>defros+9t
◧◩◪
4. defros+9t[view] [source] [discussion] 2023-07-20 15:09:07
>>felixh+oq
Another good example, thank you.

Over time they got more interesting and less like the "basic unsophisticated | opportunistic | social engineer | inside agent" description given above.

https://en.wikipedia.org/wiki/Lazarus_Group

5. not_re+Pj1[view] [source] 2023-07-20 18:46:21
>>TheBig+(OP)
> Any time a big hack makes the news it turns out that either some system had no security, they used social engineering, or a disgruntled former employee.

Back in 2003 or so, my boss showed up at my desk at work, and looked like he was about to blow a gasket. There was a hack that was on the news, and it was getting featured in news stories all over the world.

He basically said he was going to fire me if it turned out it was my fault. (I built the servers that held the data that was compromised.)

Within a day, it turned out that it wasn't all the data, it was just one person, who had a lot of famous friends.

What had happened was that someone had accessed her account. The way that they did it was by guessing her password. Her password was the same as her dog's name, and she was a celebrity known to be seen at events with her dog.

[go to top]