Upgrade to Pro — share decks privately, control downloads, hide ads and more …

LinkedIn Data Breach 2012 Case Study

045d790f605ea8d482380c5075d802d5?s=47 Cecy C.
November 30, 2021

LinkedIn Data Breach 2012 Case Study

Case Study presented for Beyond the Code: Cybersecurity in Context, UC Berkeley, MICS Fall 2021

045d790f605ea8d482380c5075d802d5?s=128

Cecy C.

November 30, 2021
Tweet

Transcript

  1. Cecy Correa // UC Berkeley MICS 2021 LINKEDIN 2012 DATA

    BREACH CASE STUDY
  2. 1. The Hack How it happened Tracing & attribution 2.

    Impact LinkedIn class action suit United States v. Nikulin 3. Current day Agenda
  3. Using LinkedIn to Hack LinkedIn A little social engineering

  4. 4

  5. 5 (dramatic re-enactment of hacking into a server)

  6. 3 months later... Hack is uncovered on a message forum

  7. 7

  8. Food for Thought A look back at Conficker

  9. Hackers always leave a trace Tracing & Attribution

  10. None
  11. Assessing impact Legal repercussions

  12. 6.5 million accounts

  13. 100+ million accounts

  14. LinkedIn Class Action Lawsuit Lawsuit cites LinkedIn’s inability to: •

    Use strong encryption • Salt their passwords LinkedIn settles for over 1 million USD
  15. 1. Secure configuration of hardware and software 2. Controlled use

    of admin privileges Mitigation & CIS Controls
  16. 1. Secure configuration of hardware and software 2. Controlled use

    of admin privileges Mitigation & CIS Controls
  17. 17

  18. Food for Thought What do you think of the verdict?

  19. Current day Where are they now?

  20. 20

  21. 21

  22. 22

  23. Food for Thought Hack or no hack?

  24. Read more at: cecy.dev Thank you!