Page 10 - Cyber Warnings
P. 10
Like Attacks
This attack is not an anomaly. The security for the suppliers or vendors connecting to the
client’s network continues to be a problem.
Although this is known, the testing of this vulnerability is lightly applied. Prior incidences include
but are not limited to:
a. Target in 2013: An air conditioning supplier had been phished.
b. PA Consulting in 2008: Lost the data for 84,000 prisoners, which were placed on an
unencrypted thumb drive.
c. Goodwill Industries from February 2013 to August 2014: Malware on a third party
supplier’s system stole credit card and debit card ata from 330 stores in 19 states in the
US.
d. Home Depot in 2014: Suppliers username and password had been compromised,
leading to the credit card detail theft.
e. Wendy’s in 2016: Compromised third party credentials allowed malware to be introduced
into their enterprise which was coded to steal their client’s credit card details in 20% of
the US stores.
f. Lockheed Martin in 2011: Data stolen from RSA was utilized to attack Lockheed Martin.
Long-Term Effects
This will have a long-term effect on the sailors whose information has been compromised. The
Navy has stated these affected personnel will be taken care of. This would, at this point, would
take the form of client monitoring services. The sailors were also told they should monitor their
bank accounts, credit card accounts, and watch for phishing attempts. The credit monitoring
services would be also offered. There had been no evidence of misuse of the data.
Bearing this in mind, the Navy and many others have missed the long-term implications of this.
The SSN for the sailors will not change over time. This is permanent. There is no shelf life for
the data to be sold. The data may be sold in one or three years, and sold two or three times.
The sailors would need to monitor their personal credit for years.
About The Author
Charles Parker, II began coding in the 1980’s. Presently CP is an
Information Security Architect at a Tier One supplier to the automobile
industry. CP is presently completing the PhD (Information Assurance and
Security) with completing the dissertation. CP’s interests include
cryptography, SCADA, and securing communication channels.
He has presented at regional InfoSec conferences. Charles Parker, II can be
reached online at [email protected] and InfoSecPirate (Twitter).
10 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
