Slide 1
Slide 1 text
Cecy Correa // UC Berkeley MICS 2021
LINKEDIN 2012
DATA BREACH
CASE STUDY
Slide 2
Slide 2 text
1. The Hack
How it happened
Tracing & attribution
2. Impact
LinkedIn class action suit
United States v. Nikulin
3. Current day
Agenda
Slide 3
Slide 3 text
Using LinkedIn to Hack LinkedIn
A little social
engineering
Slide 4
Slide 4 text
4
Slide 5
Slide 5 text
5
(dramatic re-enactment of hacking into a server)
Slide 6
Slide 6 text
3 months later...
Hack is uncovered on a message forum
Slide 7
Slide 7 text
7
Slide 8
Slide 8 text
Food for Thought
A look back at
Conficker
Slide 9
Slide 9 text
Hackers always leave a trace
Tracing &
Attribution
Slide 10
Slide 10 text
No content
Slide 11
Slide 11 text
Assessing
impact
Legal repercussions
Slide 12
Slide 12 text
6.5 million
accounts
Slide 13
Slide 13 text
100+ million
accounts
Slide 14
Slide 14 text
LinkedIn Class Action Lawsuit
Lawsuit cites LinkedIn’s inability to:
● Use strong encryption
● Salt their passwords
LinkedIn settles for over 1 million USD
Slide 15
Slide 15 text
1. Secure configuration of hardware
and software
2. Controlled use of admin privileges
Mitigation & CIS Controls
Slide 16
Slide 16 text
1. Secure configuration of hardware
and software
2. Controlled use of admin privileges
Mitigation & CIS Controls
Slide 17
Slide 17 text
17
Slide 18
Slide 18 text
Food for Thought
What do you think of
the verdict?
Slide 19
Slide 19 text
Current day
Where are they now?
Slide 20
Slide 20 text
20
Slide 21
Slide 21 text
21
Slide 22
Slide 22 text
22
Slide 23
Slide 23 text
Food for Thought
Hack or no hack?
Slide 24
Slide 24 text
Read more at:
cecy.dev
Thank you!