Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
LinkedIn Data Breach 2012 Case Study
Cecy C.
November 30, 2021
Technology
0
930
LinkedIn Data Breach 2012 Case Study
Case Study presented for Beyond the Code: Cybersecurity in Context, UC Berkeley, MICS Fall 2021
Cecy C.
November 30, 2021
Tweet
Share
More Decks by Cecy C.
See All by Cecy C.
Surviving Code Reviews & Tech Interviews
cecyc
0
66
Vulnerability True: Surviving Brutal Code Reviews and Tech Interviews
cecyc
0
120
The Joy of CSS: RailsConf 2019
cecyc
0
110
RubyConf 2018 Psychology of Fake News
cecyc
0
71
A Retro of Retros: How Sprint Retrospectives Can Be Both Fun and Productive
cecyc
0
58
MONKTOBERFEST 2018: Psychology of Fake News
cecyc
0
41
From Monolith to Microservice: Building APIs with gRPC & golang
cecyc
3
1.4k
Building APIs with GRPC, PHP, and Golang
cecyc
1
390
The Psychology of Fake News (And What Tech Can Do About It)
cecyc
1
37
Other Decks in Technology
See All in Technology
Trusted Web プロトタイプ
finengine
0
330
ふりかえりの技術 / retrospectives
soudai
3
170
DevelopersIO 2022 俺のTerraform Pipeline
takakuni
0
440
SPAとWebアプリケーションでCognitoの使い方はどう変わるのか? / How do we use cognito with SPA and web applications?
kitano_yuichi
0
390
Djangoで組織とユーザーの権限管理をやってみよう #devio2022
seiichi1101
0
390
データをコネコネ!メール配信用データ生成の仕組み
kappezoro
0
120
金融スタートアップの上場準備で大事にしたマインドセット / 2022-08-04-the-mindset-in-preparing-for-ipo
stajima
0
320
DMMプラットフォーム ゼロから始めるKubernetes運用 課題と改善
pospome
0
400
塩漬けにしているMySQL 8.0.xxをバージョンアップしたくなる、ここ数年でのMySQL 8.0の改善点 / MySQL Update 202208
yoshiakiyamasaki
1
680
GCCP Creator @ COSCUP 2022
line_developers_tw
PRO
0
1.4k
テクニカルライティングの検定を受けてみた話 / "My Story About Taking the Technical Writing Exam
line_developers
PRO
1
210
金融領域のマルチプロダクトを効率よく開発・運用するためのシステム基盤と組織設計について / 2022-07-28-multi-product-platform
stajima
0
150
Featured
See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
106
5.7k
The Pragmatic Product Professional
lauravandoore
19
3.1k
Code Reviewing Like a Champion
maltzj
506
37k
Making the Leap to Tech Lead
cromwellryan
113
7.4k
Producing Creativity
orderedlist
PRO
334
37k
Rails Girls Zürich Keynote
gr2m
87
12k
jQuery: Nuts, Bolts and Bling
dougneiner
56
6.4k
10 Git Anti Patterns You Should be Aware of
lemiorhan
638
52k
Designing for Performance
lara
597
64k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.3k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
37
3.3k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
213
11k
Transcript
Cecy Correa // UC Berkeley MICS 2021 LINKEDIN 2012 DATA
BREACH CASE STUDY
1. The Hack How it happened Tracing & attribution 2.
Impact LinkedIn class action suit United States v. Nikulin 3. Current day Agenda
Using LinkedIn to Hack LinkedIn A little social engineering
4
5 (dramatic re-enactment of hacking into a server)
3 months later... Hack is uncovered on a message forum
7
Food for Thought A look back at Conficker
Hackers always leave a trace Tracing & Attribution
None
Assessing impact Legal repercussions
6.5 million accounts
100+ million accounts
LinkedIn Class Action Lawsuit Lawsuit cites LinkedIn’s inability to: •
Use strong encryption • Salt their passwords LinkedIn settles for over 1 million USD
1. Secure configuration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
1. Secure configuration of hardware and software 2. Controlled use
of admin privileges Mitigation & CIS Controls
17
Food for Thought What do you think of the verdict?
Current day Where are they now?
20
21
22
Food for Thought Hack or no hack?
Read more at: cecy.dev Thank you!
cecyc
finengine
soudai
takakuni
kitano_yuichi
seiichi1101
kappezoro
stajima
pospome
yoshiakiyamasaki
line_developers_tw
line_developers
jponch
lauravandoore
maltzj
cromwellryan
orderedlist
gr2m
dougneiner
lemiorhan
lara
kastner
reverentgeek
jensimmons
