Identity Theft and Database Hacking
The recent breach of a UCLA database indicates the level of sophistication attackers are now reaching. The LA Times is reporting that “Jim Davis, UCLA's associate vice chancellor for information technology, described the attack as sophisticated, saying it used a program designed to exploit a flaw in a single software application among the many hundreds used throughout the Westwood campus.' An attacker found one small vulnerability and was able to exploit it, and then cover their tracks,' Davis said.” The purpose of the attack, which included the theft of social security numbers, was likely identity theft.
Another LA Times article reports a former student “discovered problems with her credit file in October when she tried to apply for a federal student loan. She found that someone had taken out a $24,500 car loan and made other purchases in her name using identifying details about her, including an old address from her student days at UCLA.”
There was a time when identity thieves depended more on dumpster diving than hacking but that is history. In addition to broad-spectrum security measures, like anti-malware and firewalls, individual applications need detailed security reviews and remediation measures.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
