How all those cyber hacks happen and how they get so massive

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

HUNTSVILLE, Ala. (WHNT) – We’ve seen some huge hacks in recent years; cyber crimes that impacted federal workers, hospital patients and shoppers alike.

Millions and millions of people have had sensitive personal information stolen.

If you’re like us, you may have asked yourself “How do these massive hacks keep happening?” and “How can they get so big?”

To find out, WHNT News 19 technology correspondent Michelle Stark talked with local cyber security experts; people working daily to prevent hacks in the private and public sector.

First, a quick reminder on how bad the problem has become. Here are just a few of the more recent enormous hacks to capture the public eye: Target, where 40 million people had debit and credit card data exposed, Anthem, where personal health data for 80 million people may have been compromised and, of course, the U.S. Office of Personnel Management. That massive hack exposed security clearance data including fingerprints and social security numbers for millions of government workers.

So, how do these hacks happen?

Rick Fernandez, Cyber Security Engineer with LogRhythm, broke down the mechanics for us. “They set up command and control. That is a way for them to communicate back to the mothership, right?”

All it takes is one slip and the bad guys are in; a weak password or a compromised device. In Target’s breach, Fernandez explained, an HVAC vendor was the link.

Once they’re in, Fernandez said, “They start doing lateral movements and looking for the targets they want to attain.”

They’re going for the valuable stuff. In Target, it was credit card numbers. In Anthem, customer account profiles. What’s really shocking though is how much time hackers had in these cases to work.  “They were there for hundreds of days,” Fernandez said.

Fernandez points out that nearly all the recent high-profile hacks do have one thing in common: the initial breach went undetected. That slowed response time and made the damage a lot worse.

If you’re shocked, consider for a minute how much activity an IT security team has to watch; all the computers, smartphones, log-ins, passwords and networks in your workplace alone.

“It’s so much noise for a security analyst to look through. That’s what we call user analytics,” Fernandez explained, “It’s so hard for [security analysts] to pull through and connect the dots in that investigation.”

Fernandez’s employer, LogRhythm, uses machine analytics to spot anything out of the ordinary and shut down hacks quickly. Fernandez notes that, just as in medicine, that kind of early detection will be key to preventing hacks in the future.


For more on this subject, check out these related reports from WHNT News 19 technology correspondent Michelle Stark:

Where your personal information goes after a massive hack

How changing your approach to technology can protect you from major hacks