Dyson College of Arts and Sciences

special characters (!, ≤, ≥ &, etc…), the hashes that these hybrid passwords create are more difficult to solve. Since 2005, many collaborative hacking groups share the hashes they generate in support of each other group's nefarious activities. In June 2012, anonymous users posted the hashes of millions of website credentials from the popular web sites LinkedIn and eHarmony. Shortly thereafter, another online collaborative group cracked, then posted the users' clear text passwords online. According to referential sources, the breaches were caused by poor configuration of the hashing mechanism in Windows (no 'salts' were used in the encryption processes that generated the hashes). Relevant CSC Control (4): Continuous Vulnerability Assessment and Remediation Company: Google 12, 13 , Attacked: June 2009 Information Security concerns itself with the disclosure, alteration and destruction of a firm's information which is universally acknowledged as the C-I-A triad of information security. In brief, the triad sums up three characteristics of data that makeup the three primary objectives of information security—Confidentiality, Integrity and Availability. By focusing on these three objectives information security practitioners can almost assuredly provide information assurance. The first component—confidentiality—deals with the prevention, deterrence, and detection of unauthorized disclosure of data (someone getting access data that shouldn't have access to it, for example). The second component—integrity—is concerned with the prevention deterrence, and detection of the unauthorized alteration of information (someone trying to modify data or its integrity, for example). Finally, the third component—availability—deals with the prevention, detection, and deterrence of the unauthorized destruction or denial of access to data (making sure people have access to info where and when they need it.) 14, 15 Tech-savvy firm Google is one of the most admired information access provider companies in the world, and is famous, for example, of being a 'green firm'—the company gets much of its energy from its famed solar arrays, which powers some of the thousands of servers used to drive the firm's massive computing facilities in their Mountain View, California campus. At this location, Google derives more than 1.9 MegaWatts of energy—enough electricity to power 30% of the peak load of the buildings on which it sits. 16 Held in such high regard, it is generally widely accepted that Google, accidentally or otherwise, engaged in gross negligence when in 2009 it became victimized as a result of using a version of Internet Explorer that exhibited zero-day exploit (undiscovered flaw) in IE version 6 SP (service pack) 1, which led to a breach wherein unprotected code opened a system flaw that allowed attackers to get a beach-head that was subsequently used as a pivot point by culprits, likely the Chinese government. Now famously known as Operation Aurora, the hackers, seeking source code from Google, Adobe and dozens of other high-profile companies, used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer. "We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack," said Dmitri Alperovitch, vice president of threat research for McAfee. "It's totally changing the threat model." Subsequent to being victimized by the attack, Google announced that it had been the target of a "highly sophisticated" and coordinated hack attack against its corporate network. It said the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists. The attack originated from China, the company said. 17 66

• Cover