There are perhaps four major cybersecurity incidents in my mind which are world-changing. The first is the OPM data breach which allowed China to get the most intimate secrets of virtually all federal employees – tens of millions of them. As I’ve described – this information, which is super top-secret and consists of sexual history could be used to blackmail U.S. workers.
The next is the hack of the DNC. In addition, many of us expect a release of information before the 2016 election of Hillary Clinton’s homebrew server which consisted of top secret and classified documents. WikiLeak’s Julian Assange hinted at this – we’ll see what comes of it in the next month or so.
Finally, almost as important as the above is the news of this past week – two major incidents caught my eye. Yahoo’s data breach of 500 million records set a record as the largest data breach in history – so far. The breach happened some time back and has already ensnared the company in a ton of lawsuits and its acquisition by Verizon is feeling the strain. If this wasn’t bad enough, a historic denial of service attack was unleashed via the Akamai network to Krebs on Security – a popular security blog. 665Gbps is the amount of sustained traffic the site had to deal with before Akamai shut it down. What is amazing about the hack is that many of the nodes sending the traffic were IoT based – cameras and the like.
The one thing we know for sure is the growth of IoT devices is not slowing down and billions – tens of billions, hundreds of billions of these devices will be in use over the next decade or so. Your shirt, pants, virtually everything worth more than a few dollars could potentially produce web traffic and be taken over.
Because of the news of this past week, two things are certain. People who use the same user name and password for many of their accounts are in a great deal of trouble – if they have a Yahoo account. Hackers are no doubt trying to login to banks using the stolen Yahoo credentials. And on the DDoS front we know for sure that hackers have the ability to shut just about any site down at will using hijacked IoT devices.
The state of cyber-in-security has never been worse and we wish we could predict this terrible, horrible, no good, very bad week wasn’t part of an accelerating trend but we can’t.