Identity at the Center Identity At The Center #5: What Just Left Your Wallet?
9 snips
Aug 2, 2019 Jim and Jeff dive into the Capital One data breach, exploring the staggering number of records affected and the possible motivations behind the attack. They discuss the misconfiguration that allowed hackers to exploit vulnerabilities. The hosts investigate the background of the alleged perpetrator and ponder whether the attack was driven by financial gain or notoriety. They also shed light on how hackers operate, the importance of breach notifications, and caution listeners against potential phishing scams that could exploit the situation.
AI Snips
Chapters
Transcript
Episode notes
Scope Vs Sensitive Fields
- The Capital One breach exposed 106 million U.S. records but far fewer SSNs and bank numbers were taken.
- Much of the data was encrypted or non-SSN fields like credit card applications and account numbers.
Timing And Root Cause Clarified
- The breach was discovered months after it occurred and reported after an arrest, which complicates timing explanations.
- Capital One cites a misconfigured web application firewall, not an AWS infrastructure failure.
Operational Sloppiness Exposed The Attacker
- The attacker did not aggressively hide tracks and linked GitHub posts to access IPs, revealing poor operational security.
- Use of a VPN that kept logs allowed investigators to connect activity to the alleged hacker.