In this Play by Play, we talk through a number of real world hacking incidents that align to courses within the Ethical Hacking series. We don't just talk, we take these incidents and explore the mechanics of how the underlying risks are exploited.
Attacks against information systems have become the established norm for online assets these days. Hacktivists, career criminals, and nation states are all actively compromising our systems with unprecedented regularity, but for many technology professionals, the risks to them remain hypothetical; they hear about these incidents on the news but don't get exposure to how the attacks are actually executed. In this Play by Play, we talk through a number of real world hacking incidents that align to courses within the Ethical Hacking series. But we don't just talk, we take these incidents and explore the mechanics of how the underlying risks are actually exploited. It's a real world, very practical look at the state of online security as we deconstruct the hacks.
Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.
Course Overview Welcome to this Play by Play with Pluralsight. A Play by Play is a course where we sit down with an expert and take on a technical challenge in real time. In this Play by Play, we sit down with security expert, Troy Hunt to discuss some of the highest profile hacks in recent history, including TalkTalk, Ashley Madison, Sony Pictures, and Nissan. We discuss the hacks, we explore the mechanics of how these exploits happened, and discuss ways that we as security professionals, developers, and admins can mitigate these risks in our own environments. This course is the perfect supplement to Pluralsight's Ethical Hacking series where you can dive deeper into each of the topics we discuss. Whether it be criminal, in capital gains, or hacktivism, our apps, networks, and data are under attack. Join us as we learn from the misfortunes of others to help improve our own safety in this digital world.
Distributed Denial of Services (DDoS): Nissan We've got one more hack here today and I know, as a car guy, this one's got a little special, for you because it is Nissan. Yeah, or as we would say Nissan. So let's have a little talk about what happened with Nissan earlier on in 2016. So the situation with Nissan and we might talk about a couple of Nissan related security things, now that I think about it. The one I wanted to start with here was around Nissan getting a distributed denial of service attack by Anonymous earlier on in the year. You know Anonymous is this sort of, it's a very loose term these days, because anyone can say, "Hey, we're Anonymous. " So who knows who it really was. But this group that was allegedly Anonymous, decided to DDoS Nissan in January 2016. And in fact, I'll ask you, this is sort of an interesting question and it speaks to the motives of hacktivists sometimes, why do you think hacktivists would want to DDoS Nissan? That's a great question. What does Nissan do that is so wrong, that is so recalcitrant that you would want to DDoS them? Someone had a bad experience at their local dealer? I don't know. Well this is Anonymous right? It's a collective of people. So they DDoS:ed Nissan because of the whales. Okay. (Laughing) Bear with me, so Nissan is Japanese, alright. And Japan still has whaling, which many of us would like to see ended. Obviously Anonymous in particular would like to see ended and they thought, "The way we're a going to do that, "is we are going to DDoS a Japanese company "and that will stop the whaling. " The only thing that has stopped since the DDoS, is the DDoS itself, which didn't go on for very long. Because ultimately a DDoS does tend to be a little bit of a short term thing. It's this attack that comes on, defenses are laid over and then everyone moves on and gets on with their jobs and there's some amount of traffic that's lost in the interim.