How bad can Web vulnerabilities be—case study on a 50 million personal records breach

From OWASP
Jump to: navigation, search

How bad can Web vulnerabilities be—case study on a 50 million personal records breach, PK (Taiwan Criminal Investigation Bureau) (40 min)

In August of this year, Taiwan's Criminal Investigation Bureau (CIB) busted a hacking ring that held 50 million personal records (see http://blogs.zdnet.com/security/?p=1814), including information about President Ma Ying-jeou, his predecessor Chen Shui-bian and police chief Wang Cho-chiun. The criminals then offered to sell the information for 300 Taiwan dollars (10 US) per entry. They were based in Taiwan and China, and they swindled victims out of millions of Taiwan dollars through their online bank accounts. The CIB believes it is the largest Taiwan data breach ever. The criminals used primarily Web-based attacking techniques. Being involved in the investigation, PK will explain techniques used for the breach, how criminals are making use of Web-based vulnerabilities, and measures that organizations can take during such a security incident.