What makes a ‘worst’ data breach? Is it the number of people effected, the severity of the effects, or the importance of the system that is breached?

Whatever the case, we’ve chosen Data Privacy Day (Jan 28) as the perfect time to remind you of ten of the most serious examples of breached security in network history. Whether its national governments, international finances, or simply millions of account details exposed, any of these qualify for the unauthorized access Hall of Fame.

1.  Albert Gonzales and TJX (2005 – 2007) — During an 18-month period, 45.6 million credit and debit card numbers were stolen from TJX systems in Miami, hacking into wireless networks at TJ Maxx, Sports Authority, Barnes & Noble, Office Max, Marshalls, and other merchants. During this time, Gonzales was working with the US Secret Service, providing information about a previous credit card scam in order to avoid jail time.

2.  AOL (2006) — Security breaches aren’t all caused by hackers. In 2006, an in-house team at AOL publicly posted data about 20 million Web searches, from over 600,000 users. AOL was trying to aid academic research on Internet traffic, but the data was found to contain personal information, such as Social Security numbers — and the New York Times quickly showed how individuals could be quickly and easily traced from the supposedly ‘anonymous’ data.

3.  Monster.com (2007) — Hackers used a Trojan to make off with names, phone numbers, email addresses and Social Security numbers of job-seekers on Monster.com — many of which were then used for a further phishing scam. The numbers still haven’t been nailed down; anywhere from 46,000 to 1.6 million people may have been compromised, including Federal applicants on USAJobs.gov.

4.  Alberto Gonzales and 7-Eleven (2007) — yes, him again. Along with ‘unnamed Russian conspirators’, Gonzales managed to get into the Heartland Payment Systems/ Citibank ATM network via SQL injection at a 7-Eleven — and make off with 130 million credit and debit cards (about a year later, authorities finally arrested Gonzales — concerning yet another major breach, of Dave & Buster’s).

5.  Operation Aurora/ Operation Shady RAT (2009 – 2011) — Although taking place at distinctly different times (with distinct snappy code names), both Operations are the epitome of 21st Century cyberwarfare — originating in China (probably, maybe?), these Operations use a combination of spear phishing and RAT (“remote access tool”) attacks versus some people you may have heard of — such as Gmail, Yahoo, Adobe, Morgan Stanley, Dow Chemical, the US government, US military, US defense contractors, the United Nations, the International Olympic Committee..

6.  Sony (2011) — Between April and June of 2011, Sony suffered what could be the largest security breach ever. Over 77 million accounts on the PlayStation Network, another 24.6 million on Sony Online Entertainment, and an indeterminate number of Sony Pictures accounts were compromised. Before it was over, we saw credit card fraud, the involvement of the US and Japanese governments, and wideapread criticism of Sony’s security and response to the crisis.

7.  TriCare/SAIC (2011) — 5.1 million people (mainly current and retired members of the armed services, as well as their families) had personal medical and financial data exposed when unencrypted backup tapes containing data were stolen from a Tricare employee’s car. But wait — back in 2007, SAIC suffered a breach where unencrypted data for more than 800,000 U.S. service members and their families was access. And still that wasn’t the first — in 2005, thieves had broken into SAIC offices and stolen unencrypted personal data. What does it take to teach SAIC to encrypt their data?

8.  HBGary Federal (2011) — This Federal contractor and hacker-taunting security firm was left red-faced when members of Anonymous accessed the web site, phone system, and 68,000+ emails — via some very simple exploits. Among the files exposed by the hacktivists: PowerPoint proposals and presentations to prospective clients by HBGary and other security firms, and a long-term strategy of intimidation and disinformation against the WikiLeaks organization.

9.  RSA Security /SecureID (2011) — It’s bad enough when you’re a respected security firm that gets breached by hackers, but then to have your flagship encryption software stolen? 25,000 SecureID clients (including top-secret defense contractors Northrop Grumman, L-3 Communications, and Lockheed Martin) had some extremely nervous days over the spring and summer of 2011, thanks to a successful phishing-based attack. In all, over 40 million “tokens” (encrypted user accounts) were made accessible in the breach.

10.  Epsilon (2011) — This Dallas-based marketing service was breached, exposing customer data (chiefly email addresses — Epsilon sends around 40 billion emails each year!) from over 2,200 Epsilon clients such as Best Buy, Target, Marriott, Hilton Hotels, JPMorgan Chase, Citigroup, Capital One, Walgreens, TiVo, and HSN. Epsilon’s parent company, Alliance Data, had also acquired Heartland Systems at about the same time that Albert Gonzales was arrested).

About the Author: Greg Buckskin is a tech guru and writer at CableTV.com.

Warning: Before we start the hack let me remind you to take a backup of your registry as we are going to edit the registry to get this work.

1. To open the registry click on Start>Run type in Regedit to launch the registry.
2. Then go to HKEY_CURRENT_USER\Control Panel\Mouse
3. Now right click on the MouseHoverTime key and say Modify.
4. Then change the value to 100 or 150 from 400. ( 400 is in milliseconds)

5. Finally restart the computer to see the changes.

Was it helpful? Let us know your feedback!

Symantec says the spelling mistakes in the email are intentional, so that the massage can evade content-based antispam filters. But, in this case, they can also lend a certain amount of credibility to the sender, since the name of the “hack project” sounds Slavic in origin. Perfect knowledge of the English language would, in this case, probably raise more suspicion.

Near a million Orkut user accounts hacked by eluring users for free mobile recharge. Hackers this time used the psychology of human behaviour of getting free money. Thousand of users were targeted with this technique and since it plays delicate with exploiting the greed for money for users.

Mode Of attack:

Users were given a link which has title saying recharge you mobile for free and get a free credit of 500.When a user clicks the link ,it lands up in Hacker (Spoof page) where user is again asked to put relevant details which include Orkut username and password. Once the user completes the process the information will be passed to hackers. Once got access of user account, hacker emulates the same messages and sends to all other users who is linked with them and the chain carries on.

Steps to get protected from hackers/phish:

Never use any Java code which says copy paste in browser even if it’s from your friends or known ones. Unknowing you may be doing a hack for the hackers (Pasting the codes in browsers is also know as Code Injection as form of Hacking and its illegal too)

• Never give away your personal details to any such sites which offer free things, nothing in this world is free, if some one offers ask first to yourself then the giver about the reason behind the act.
• Check your login page/login address. Hackers can show you fraud pages with as same as original pages but if you give a little time to verify you can very well know ,its not a rocket science.
• Never give you personal details (Account names, email ,financial details) to any sites without checking their “Privacy Policy”

http://www.hackerwatch.org/probe/