Short Answer Questions (short answers should generally be at least three to four sentences in length. However, it is important to be as concise as possible when responding.) or you may choose to Upload a Two-Minute Audio or Video recording to answer the following questions.
Listen to “Episode #86: The LinkedIn Incident of the DarkNet Diaries podcast which can be found at https://darknetdiaries.com/episode/86/
What were the motivations behind the attack and who was responsible for it?
The motivation behind the attack is that the hacker wanted to hack into LinkedIn and leak users’ personal information. The other motivation behind the attack was that the hacker wanted to sell database dumps from the breach on the black market. The person responsible for the LinkedIn incident was Yevgeniy Nikulin, who was from Moscow, Russia.
How did LinkedIn respond to the breach, and what measures did they take to prevent similar incidents from occurring in the future?
They have four steps when it comes to responding to the breach. First, they have to confirm that a hacker has breached their systems. Then, they have to remediate and try to fix the problem by determining whether the hacker is still in the system, how to block the hacker from getting back into the system, and whether the hacker stole any sensitive information. Then post mortem, where they report on the breach after the problem is fixed.
What specific vulnerabilities did the attackers exploit to gain access to LinkedIn’s database?
One of the vulnerabilities that the attacker exploited to gain access to the LinkedIn database is that one of the engineers hosted a website through their residential network, and the hacker managed to take control of that computer. Once the hacker took control of the computer, he managed to get a private key and as a result, he got access to user information such as emails, usernames, and passwords.
What were some of the challenges in investigating and attributing the LinkedIn Incident to identifying the responsible group or individual?
The struggle with investigating the LinkedIn incident is that the IP address that the FBI found was in Russia, which made it take a while to investigate further because they had to request subscriber records, which can take years. Then when the subscriber records came back, it showed two potential people, and they had to narrow it down to one person, which was Yevegniy Nikulin.
What lessons can be learned from this incident about the importance of strong password hygiene, and how can individuals and organizations better protect themselves against cyber-attacks?
The lesson that can be learned from this incident is not to reuse passwords and to make sure that you are using a strong password for each account. Another lesson that can be learned from this incident is to not open ports from your home network. Individuals and organizations can better protect themselves from cyberattacks by enabling two-factor authentication.