Upgrade to Pro — share decks privately, control downloads, hide ads and more …

LinkedIn Data Breach 2012 Case Study

Cecy C.
November 30, 2021
Technology
0
4.7k

LinkedIn Data Breach 2012 Case Study

Case Study presented for Beyond the Code: Cybersecurity in Context, UC Berkeley, MICS Fall 2021

Cecy C.

November 30, 2021
Tweet

More Decks by Cecy C.

See All by Cecy C.
Surviving Code Reviews & Tech Interviews
cecyc
0
80
Vulnerability True: Surviving Brutal Code Reviews and Tech Interviews
cecyc
0
140
The Joy of CSS: RailsConf 2019
cecyc
0
160
RubyConf 2018 Psychology of Fake News
cecyc
0
78
A Retro of Retros: How Sprint Retrospectives Can Be Both Fun and Productive
cecyc
0
140
MONKTOBERFEST 2018: Psychology of Fake News
cecyc
0
55
From Monolith to Microservice: Building APIs with gRPC & golang
cecyc
3
1.7k
Building APIs with GRPC, PHP, and Golang
cecyc
1
500
The Psychology of Fake News (And What Tech Can Do About It)
cecyc
1
55

Other Decks in Technology

See All in Technology
組織成長を加速させるオンボーディングの取り組み
sudoakiy
2
220
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
180
AWS Lambdaと歩んだ“サーバーレス”と今後 #lambda_10years
yoshidashingo
1
180
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
140
iOSチームとAndroidチームでブランチ運用が違ったので整理してます
sansantech
PRO
0
150
TypeScript、上達の瞬間
sadnessojisan
46
13k
誰も全体を知らない ~ ロールの垣根を超えて引き上げる開発生産性 / Boosting Development Productivity Across Roles
kakehashi
2
230
オープンソースAIとは何か? --「オープンソースAIの定義 v1.0」詳細解説
shujisado
10
1.3k
Adopting Jetpack Compose in Your Existing Project - GDG DevFest Bangkok 2024
akexorcist
0
110
100 名超が参加した日経グループ横断の競技型 AWS 学習イベント「Nikkei Group AWS GameDay」の紹介/mediajaws202411
nikkei_engineer_recruiting
1
170
Lambdaと地方とコミュニティ
miu_crescent
2
370
複雑なState管理からの脱却
sansantech
PRO
1
160

Featured

See All Featured
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
It's Worth the Effort
3n
183
27k
Site-Speed That Sticks
csswizardry
0
31
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
How STYLIGHT went responsive
nonsquared
95
5.2k
Being A Developer After 40
akosma
87
590k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
Optimizing for Happiness
mojombo
376
70k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
The Pragmatic Product Professional
lauravandoore
31
6.3k
BBQ
matthewcrist
85
9.3k

Transcript

  1. Cecy Correa // UC Berkeley MICS 2021 LINKEDIN 2012 DATA

    BREACH CASE STUDY

  2. 1. The Hack How it happened Tracing & attribution 2.

    Impact LinkedIn class action suit United States v. Nikulin 3. Current day Agenda

  3. Using LinkedIn to Hack LinkedIn A little social engineering

  4. 4

  5. 5 (dramatic re-enactment of hacking into a server)

  6. 3 months later... Hack is uncovered on a message forum

  7. 7

  8. Food for Thought A look back at Conficker

  9. Hackers always leave a trace Tracing & Attribution

  10. None

  11. Assessing impact Legal repercussions

  12. 6.5 million accounts

  13. 100+ million accounts

  14. LinkedIn Class Action Lawsuit Lawsuit cites LinkedIn’s inability to: •

    Use strong encryption • Salt their passwords LinkedIn settles for over 1 million USD

  15. 1. Secure configuration of hardware and software 2. Controlled use

    of admin privileges Mitigation & CIS Controls

  16. 1. Secure configuration of hardware and software 2. Controlled use

    of admin privileges Mitigation & CIS Controls

  17. 17

  18. Food for Thought What do you think of the verdict?

  19. Current day Where are they now?

  20. 20

  21. 21

  22. 22

  23. Food for Thought Hack or no hack?

  24. Read more at: cecy.dev Thank you!