Close Search Box
Top Tech News
Weekend of Internet Hack Attacks Underlines Vulnerability
Posted March 30, 2015
Weekend of Internet Hack Attacks Underlines Vulnerability
Next Story
Google Loses Safari Privacy Ruling Over Customer Data
Weekend of Internet Hack Attacks Underlines Vulnerability
Next Story
Apple and IBM Launch More Enterprise iOS Apps

By Shirley Siluk. Updated March 30, 2015 1:21PM



The recent spate of hack attacks on the IT systems of British Airways, GitHub, Slack and Rutgers University are all signs of the fast-changing nature of the Internet -- and the growing number of people who are capable of launching attacks on it. And cybersecurity professionals worry that such incidents are only likely to become more common in years to come.

A large distributed denial of service (DDoS) attack, apparently launched by Chinese hackers, on the coding collaboration site GitHub began last Thursday. A similar attack -- linked to China and Ukraine -- began Friday afternoon on the systems of Rutgers University.

At the moment, those attacks do not appear to be connected to other hacks involving British Airways, the workplace team chat site Slack or, reportedly, the person-to-person taxi service Uber. Slack confirmed that hackers were able to access information in its user database -- although not, it believes, including encrypted passwords -- over a four-day period in February, while complaints about stolen frequent-flier points from British Airway's Executive Club members began emerging a couple of weeks ago. A number of Uber users have also reported apparent hacks into their accounts.

Cluster Likely Coincidental

"As far as I know, there are no links between these hacks, and some (GitHub) are DDoS attacks while others (like Slack) are proper breaches," said Patrick Nielsen, senior security researcher at Kaspersky Lab. "Also, it appears Slack was actually compromised in February. There are some theories that actors in China are behind the DDoS attack on GitHub because GitHub hosts anti-censorship tools, but early attribution, and indeed attribution in general, is very difficult no matter what kind of attack we’re talking about."

Nielsen told us: "I would say that this clustering of releases is just a coincidence, but they highlight an ever-increasing number of targeted hacks, and the need for companies to take information security and incident response seriously. The best thing you can do for your company from a risk perspective is to figure out what you’re going to do when something like this happens to you, and how you’re going to let your customers know. Keeping a hack secret can be far more damaging to your reputation than the hack itself."

According to a survey of IT professionals by Kaspersky Lab and B2B International, 94 percent of organizations around the world have encountered at least one cybersecurity incident over the past 12 months. Of those, 12 percent reported they were the victims of at least one targeted attack, up from the 9 percent reported by Kaspersky in 2012 and 2013.

'Consequence-Free Environment'

We also reached out to Jon Miller, vice president of strategy for the Irvine, California-based cybersecurity firm Cylance, to learn more about what the recent series of hacking attacks might mean for individuals and organizations dependent on online communications.

"The amount of people that can perpetrate these types of hacks are greater than 10 or 15 years ago," Miller said. In addition to the rising skills of hackers around the world, he added, "everyone is starting to realize that it's a consequence-free environment."

Nation-state actors like North Korea, for example, can use hacking attacks to send a message if they are displeased with their portrayal by media companies, as the country is believed to have done following the run-up to Sony Pictures' release of "The Interview," a comedy involving a plot to kill Supreme Leader Kim Jong-un. And hackers from countries like China and Russia have long been known to target victims to gain access to either data or money.

'A More Hostile Internet'

As hackers with a variety of goals around the world continue to hone their skills, they find they can usually act with impunity because there are few ways to hold them accountable. As most legislators generally do not fully understand the intricacies of Internet technology, laws are unlikely to solve that problem, Miller said.

Rather, he said, "a lot is going to be driven by private companies in the short term." While cybersecurity firms and security-minded companies are constantly getting better at identifying and fixing vulnerabilities, though, individuals -- the end-users whose data and money are ultimately at stake in many of these hacks -- will need to put more pressure on the companies they do business with, Miller said.

Meanwhile, Miller said, he believes the number of incidents of multiple, large-scale hack attacks will continue rising.

"I think it's going to become a lot more commonplace," he said. "The Internet is going to become a lot more hostile place."

Tell Us What You Think


Zaid Sparrow:
Posted: 2015-03-31 @ 1:23pm PT
Just heard about GitHub and China hacks :D really laughed LOL...

Posted: 2015-03-31 @ 1:25am PT
DDoS is not hacking. It involves very little interaction with the target server(s) other than specifying their addresses to the botnet carrying out the attack. There is really no way to defend against it, as you can't tell which incoming IP addresses are attackers to filter them beforehand. The only real way to end the attack is to disable the attacking bot network.

Old Infosec Unix guy:
Posted: 2015-03-30 @ 7:56pm PT
The current set of cyber defense technology is failing at a rapidly increasing rate. The bottom line is that the hackers are criminals and nationstates with huge budgets and they are doing the research and development to work around these defenses. If it's signature-based or it's perimeter and point, it's just not going to hold up. Time to go back to the good old honey pot or something equivalent.

Posted: 2015-03-30 @ 1:44pm PT
I roll my eyes when I hear of startups putting their business processes in central depositories. To me, this is the height of irresponsibility and unprofessionalism.

When will people learn? Cloud-based, centralized, "fit for all", social products like Slack, Dropbox, and Github will never be more secure than home-grown business solutions built for the same purpose.


Next Article >