Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
LinkedIn Data Breach 2012 Case Study
Search
Cecy C.
November 30, 2021
Technology
0
5.1k
LinkedIn Data Breach 2012 Case Study
Case Study presented for Beyond the Code: Cybersecurity in Context, UC Berkeley, MICS Fall 2021
Cecy C.
November 30, 2021
Tweet
Share
More Decks by Cecy C.
See All by Cecy C.
Surviving Code Reviews & Tech Interviews
cecyc
0
96
Vulnerability True: Surviving Brutal Code Reviews and Tech Interviews
cecyc
0
160
The Joy of CSS: RailsConf 2019
cecyc
0
170
RubyConf 2018 Psychology of Fake News
cecyc
0
89
A Retro of Retros: How Sprint Retrospectives Can Be Both Fun and Productive
cecyc
0
160
MONKTOBERFEST 2018: Psychology of Fake News
cecyc
0
110
From Monolith to Microservice: Building APIs with gRPC & golang
cecyc
3
1.8k
Building APIs with GRPC, PHP, and Golang
cecyc
1
580
The Psychology of Fake News (And What Tech Can Do About It)
cecyc
1
62
Other Decks in Technology
See All in Technology
DataOpsNight#8_Terragruntを用いたスケーラブルなSnowflakeインフラ管理
roki18d
1
340
AI時代だからこそ考える、僕らが本当につくりたいスクラムチーム / A Scrum Team we really want to create in this AI era
takaking22
6
3.4k
"複雑なデータ処理 × 静的サイト" を両立させる、楽をするRails運用 / A low-effort Rails workflow that combines “Complex Data Processing × Static Sites”
hogelog
3
1.9k
Pure Goで体験するWasmの未来
askua
1
180
自作LLM Native GORM Pluginで実現する AI Agentバックテスト基盤構築
po3rin
2
250
英語は話せません!それでも海外チームと信頼関係を作るため、対話を重ねた2ヶ月間のまなび
niioka_97
0
110
後進育成のしくじり〜任せるスキルとリーダーシップの両立〜
matsu0228
6
2.3k
Trust as Infrastructure
bcantrill
0
330
GC25 Recap+: Advancing Go Garbage Collection with Green Tea
logica0419
1
400
Why React!?? Next.jsそしてReactを改めてイチから選ぶ
ypresto
10
4.4k
実装で解き明かす並行処理の歴史
zozotech
PRO
1
320
Azure Well-Architected Framework入門
tomokusaba
1
290
Featured
See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.7k
Navigating Team Friction
lara
189
15k
Visualization
eitanlees
148
16k
Speed Design
sergeychernyshev
32
1.1k
How to train your dragon (web standard)
notwaldorf
96
6.3k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
960
Building Better People: How to give real-time feedback that sticks.
wjessup
368
20k
For a Future-Friendly Web
brad_frost
180
9.9k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Transcript
Cecy Correa // UC Berkeley MICS 2021 LINKEDIN 2012 DATA
BREACH CASE STUDY
1. The Hack How it happened Tracing & attribution 2.
Impact LinkedIn class action suit United States v. Nikulin 3. Current day Agenda
Using LinkedIn to Hack LinkedIn A little social engineering
4
5 (dramatic re-enactment of hacking into a server)
3 months later... Hack is uncovered on a message forum
7
Food for Thought A look back at Conficker
Hackers always leave a trace Tracing & Attribution
None
Assessing impact Legal repercussions
6.5 million accounts
100+ million accounts
LinkedIn Class Action Lawsuit Lawsuit cites LinkedIn’s inability to: •
Use strong encryption • Salt their passwords LinkedIn settles for over 1 million USD
1. Secure configuration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
1. Secure configuration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
17
Food for Thought What do you think of the verdict?
Current day Where are they now?
20
21
22
Food for Thought Hack or no hack?
Read more at: cecy.dev Thank you!