Categories
information technology

How do data breaches occur? Explaining infosec concepts.

As one of many people whose personal data has been involved in multiple corporate and governmental data breaches, I get tired of finding out my data’s been stolen again. But I understand how difficult it can be to keep data secure in an environment where just about everything is connected.

If someone has data on their unencrypted laptop, and that laptop gets stolen or hacked, that’s one way data breaches occur. Someone else has physical access to your unencrypted computer. They now have access to everything on your computer AND everything online that your computer knows how to access.

But generally, criminals don’t need to get physical access. All they need is virtual access, and they get that through social engineering. Forget most of the movie hacking you’ve seen. It’s not that exciting.

Social engineering means manipulating people’s trust so that they volunteer the information the criminal needs. Social engineering is the same as a con, short for confidence game.

The Target data breach from 2013 happened when criminals gained access to Target’s systems by sending phishing emails to a third-party contractor. The contractor had access to Target’s heating, ventilation, and air conditioning (HVAC) systems. An employee of the contractor fell for the phishing email, clicked on a link that installed malware, and that was the only opening the criminals needed. The malware on the contractor’s systems then revealed logins and passwords to Target’s HVAC system.

“That’s just their HVAC system. What’s the big deal? Are they going to crank up the heat?”

Almost every system is connected to other systems now. Access to one system can lead to accessing all the systems, if they’re connected and vulnerable. The perpetrators eventually were able to access the point-of-sale terminals, allowing them to steal credit card data.

For more details on the Target breach, check out this article: Anatomy of the Target data breach: Missed opportunities and lessons learned | ZDNet.

Other times there’s no social engineering involved. If there’s a vulnerability discovered either by researchers or criminals, and system administrators (sysadmin) either can’t or don’t patch the vulnerability fast enough, criminals can continue to take advantage of it with no one the wiser. Exploits like this can go on for months until someone happens to notice what’s going on.

The truth is, the odds are in favor of a breach, rather than against, because there are so many ways for a breach to happen. Whereas those defending against breaches only need one weak link to leave their data vulnerable.

Categories
About Me

Rainforest Mind (i.e., Scanner, “Gifted & Talented,” Multipotentialite)

I have a “Rainforest Mind,” a term coined by Paula Prober (the link goes to her Twitter account). People with rainforest minds like to learn about many different things. You might also have heard the term “Gifted and Talented.”

Rainforest minds perceive and think about the world differently. If you’d like to find out more about this trait, please investigate some of these sources below.

  • Your Rainforest Mind: A Guide to the Well-Being of Gifted Adults and Youth Indiebound
  • Multipotentialism
  • Refuse to Choose!: A Revolutionary Program for Doing Everything That You Love Indiebound
  • Even though it was an advertisement for The Discovery Channel, their “Boom De Yada” video sums up my interests nicely.
Categories
About Me

Gretchen Rubin’s “Four Tendencies”

I happen to be a Questioner. I’ve found this framework to be a useful way to think about my own behavior and the behavior of others. The other three tendencies are upholder, obliger, and rebel. This framework takes into account how each person reacts to expectations, both from within and without.

Categories
film

Library of Congress Packard Campus Tour

On Columbus Day, 2017, I was able to go on a tour during the open house at the Packard Campus of the Library of Congress. This is where they process and store many audio-visual objects. For a film and media geek like me, it was a dream come true.

Film editing table
film editing table
rows and rows of sound recordings
rows and rows of sound recordings
file digitization
file digitization
image processing and cleanup
image processing and cleanup
automated video transfer
automated video transfer
film editing station
film editing station
audio equipment
audio equipment
nitrate film storage vault
nitrate film storage vault
film strip
nitrate film strip with damage

The Nuclear Bunker Preserving Movie History

Categories
About Me

Welcome

I’m Laurie Robey, and this is my online home. I’ll be posting some information about things that I’m interested in, like preserving, conserving, and restoring cultural artifacts, the natural world, technology, arts & humanities, and science.

If you want to see my resume, I suggest you go to my LinkedIn profile.