Thursday, 2 April 2015

Cyber-Attacks Continue: GitHub and BA Latest Victims

With every cyber-attack that makes the news, we are reminded just how vulnerable datacoms are.  The latest round of attacks has targeted a number of big names, including British Airways and software developer site GitHub.  Although the recent attacks hit as many as five organisations, officials do not believe that these are in any way related.  That is of no comfort to those affected.

The BA attack involved limited customer information and rewards accounts.  According to the BBC, one affected customer claimed that his points account was used to book hotel accommodations in Spain while another had his entire balance wiped out through multiple deduction transactions.  Some of the illegitimate transactions occurred two weeks before the attack was identified.

Officials from BA say the attack may have compromised email addresses, phone numbers and passwords however they say that most of the illegitimate activity centred on using frequent flyer accounts to access benefits.  BA says that it is not aware of any attempt to obtain credit card information or travel histories.

As for GitHub, the attack they suffered appears to be political rather than monetary.  GitHub is a website used by millions of software developers to share and test their code.  They were hit with a distributed denial of service attack (DDoS) that officials say was the worst in the organisation's history.  An investigation suggested the perpetrators were targeting software developers providing tools that Chinese internet users could use to circumvent government censorship.  Security consultant Alan Woodward told the BBC that China might be responsible for the service interruption.

Of these two attacks, the one launched against GitHub should raise the most concern.  Where thieves targeting BA might be individuals or members of an organised crime network, a government specifically targeting a website and software service it does not approve of has serious ramifications for the future of worldwide networking.  We should be as worried about government interference as we are about infrastructure vulnerabilities.

All Part of the Game

There is no denying that cyber-attacks are a part of the game that we will never be able to eliminate therefore, while each attack reminds us of our vulnerability, those same attacks should be further motivation to develop better protections.  We can confidently say that is exactly what is happening.

We can guarantee that the IT teams at both British Airways and GitHub are already at work to develop strategies to prevent future attacks.  Some of those strategies will involve hardware implementation at the local level while others will relate to security strategies and software deployments.  Nevertheless, rest assured that security specialists will never rest in their ongoing war against cyber-crime.

From the local web hosting company to the enterprise data centre, all must remain diligent to protect sensitive data from those who would attempt to steal it, yet we must also remain diligent against those who would seek to silence others whose opinions and ideas they do not agree with otherwise cyber security is only half-complete.

No comments:

Post a comment