Hacking security

Credit: Gone phishin’. Credit: www.shutterstock.com

Hacking is the invasion of an individual's privacy through a technological medium. Hacking security refers to being free from danger or threat of unauthorized intrusion into a computer or a network.^[1]

This invasion can expose important information about an individual's identity including financial, health, or personal data, bringing up serious privacy concerns. Hacking security has become easier as information technology advances and informational flows of technology increase. Information exposed online through hacking security, can have detrimental effects on an individuals personal and professional or academic lifestyles.

History

The term "hacking" originated at the Massachusetts Institute of Technology (MIT) in the mid-1950s with the original intent "to describe technology-based practical jokes played at the school [MIT]". At this time, there had existed only large mainframe computers with limited functions and long processing times. Programmers would design "hacks" as shortcuts to adjust and improve computer operating systems and applications. ^[2]

Blue Box at the Powerhouse Museum

In the 1960s and 1970s, engineers, such as Steve Wozniak and Ralph Barclay, developed a device that could "hack" the old analog telephone systems by creating a certain frequency of sound. The Blue Box produced a 2600-hertz frequency, which analog phone system were programmed to register in order to connect users to a line. Hackers used the Blue Box to access free long-distance calls. Wozniak, along with his friend and future business partner, Steve Jobs, began to produce larger quantities of the Blue Box and commercialize it, which was their first partnership that progressed towards the creation of Apple, Inc. ^[3]

As the computer industry started to become established in the 1980s and 1990s, many of the original hackers of academia started to apply their abilities to the manipulation of hardware and technology systems and became exceedingly innovative coders constantly searching for knowledge and information through computer programming. ^[4]

In the early 1980s, some hackers provided a dangerous threat but hackers did not have the negative connotation that they do today. Once hackers became more synonymous with "hacking" into unauthorized sites and the criminalization of hacking started evolving, the concept of hacking security emerged as counteraction. With the intelligence and skills that hackers possess, security hackers are able to retrieve information from many sites in cyberspace through bypassing the specific security measurements and protocols within an informational database.^[4]

The 414s Documentary

In 1979-1983, various groups of teenage hackers were apprehended by the Federal Bureau of Investigation (FBI) and tried on federal crimes of hacking into the computer systems of large companies and organizations. In 1983, a group of six Milwaukee teenagers, known as the "414s", were arrested by the FBI for hacking into over 60 computer systems, including those of Los Alamos National Laboratory, Sloan-Kettering Cancer Center, and the Security Pacific Bank. ^[5] That same year, a group of 15 hackers based all over the country, called "The Inner Circle," had their homes in California, New York, and Michigan raided by the FBI in a coordinated plan for hacking into computer networks. The Inner Circle hacked into the computer network system, GTE Telemail and Telenet, which hosted companies like Coca-Cola, Raytheon, Citibank, and NASA, as well as the Arpanet. The group would change administrator passwords, account names, and delete emails. Since there did not exist any comprehensive national hacking laws at the time, their arrest prompted a national initiative to better police cybercrime and computer hacking. ^[6]

In 1986, as a response to the computer hacking activities of 414s, the Inner Circle, and other hacking groups and individuals, Congress passed the Computer Fraud and Abuse Act and the Electronics Communications Privacy Act. These legislation criminalized the act of hacking, such as the unauthorized entry into computer systems and networks, and provided data privacy protections.

This kind of problem doesn't just exist in the U.S. It was found through a 1992 survey that, in the UK, the realistic level of total losses from computer fraud and misuse for the UK is around 1.1 billion a year.^[7]

Today, the use of computers to manage company systems is widespread. These computers contain tons of data related to commerce, healthcare, banking, defense, and people's personal information. While the infrastructure exists to easily share and transport this data allowing quicker communication and better efficiency, this data is a target. Increasing dependence on electronic systems by supply chain management has created a space for vulnerability of these systems to malicious attacks from both groups and individuals. To be smart, companies must now consistently evaluate the security aspects of their electronic commerce in the development stage as well as throughout their use.^[8]

Types of Attacks

Credit: "SQL Injection." Cloudflare.

SQL Injection

SQL injecting is a form of attack that takes advantage of SQL-based databases lacking proper input sanitization methods, which helps filter out only valid data inputs and reject code that is inputted into a data entry field on a user interface that has the ability to query or insert into a database. In this attack, the attacker inserts a snippet of SQL code into an input field, which then gets placed within the SQL code in the back-end side and executes that code, usually resulting in devastating behavior that was not foreseen or desired by the database administrator. Consequences include, but are not limited to: a complete wipe of the database, unintended data leakage, deletion of data, modification of data, and insertion of new data. Due to the difficulty of differentiating code from valid data input during input sanitization, it is incredibly difficult to create a defense system that is completely immune to an SQL injection attack^[9]. An example of this is would be given the SQL below where userName is received from a login form.

 SELECT * FROM users WHERE name = " + userName + "';

By submitting the input below for the userName, the code would execute some behavior different from what the developer intended.

' OR 1=1

Cross-Site Scripting (XSS)

Cross-site scripting is another tactic hackers use to take advantage of websites that fail to cleanse input to their site. Similar to an SQL Injection, hackers can enter code into search or login bars on a website which will then be executed as the servers interpret the data entered on their site as code which should be executed on their systems. Hackers can make use of this tactic in order to steal information from clients. Most notably, hackers are able to get the cookies of other users and impersonate them on certain websites.

Cross-Site Request Forgery (CSRF)

Cross Site Request Forgery attacks cause an end user to send forged state changing requests to websites/services without the user’s knowledge. Such state change requests are commonly used in financial transactions. The main method of interaction on the web between users and websites, is through requests. For example in a financial transaction, a user would fill out a form with sender and receiver bank information, and the amount of money to be transfered or received. Once the user submits this form, a request is sent to the financial institution's or website's server to transfer the money. The institution will then collect this request and make the necessary actions on their own servers to make the transaction. By forging such requests, hackers can use CSRF attacks to redirect financial transactions to different accounts, change the amount of money being sent in a transaction, or even create an entirely new transaction. Attackers often do not have authentication access, personal data or any credentials of the user, and hence require the user to perform specific actions. Hence CSRF attacks in most cases, use social engineering such as email phishing ^[10], or malicious links, to make users send an authenticated request unbeknown to them. Precautions can be taken to prevent CSRF attacks. ^[11]

Denial of Service (DoS)

The Denial of Service of attack aims to make a web service or resource unavailable for use by other users. A DoS attack can be performed by flooding the victim resource with network packets or requests to overload the network or server. This disrupts the resource from serving legitimate requests by users, thereby effectively rendering the resource unavailable.

Such attacks can usually be prevented with sufficient firewall configurations, and rerouting traffic appropriately with the help of Content Delivery Networks (CDN) such as CloudFlare or Akami.^[12].

Distributed Denial of Service (DDoS)

Distributed Denial of Service attacks are a specific type of denial of service attacks in which multiple servers and network connections are used to overload a web resource. Such attacks are often much more difficult to prevent, as they can easily be mistaken as legitimate requests. Moreover, it is difficult to identify and block requests for the malicious requests without interrupting service for all users.

With the increase in prevalence of Internet of Things (IOT) devices, a new vector of DDoS attacks using 'botnets'^[13] has been created, which takes control over millions of vulnerable IOT devices to carry out a DDoS attack.

Moreover, user friendly programs such as Low Orbit Ion Cannon (LOIC)^[14] exist where users can contribute to a botnet, to perform a DDoS attack. The ethical implications of such software is actively being explored and is the cause of much controversy in the security community.

By using forged UDP requests to servers using certain protocols such as NTP and DNS that reply with incredibly large responses to small short queries, an attacker can amplify the size of their traffic, causing a greater strain on the target server, and even the internet's infrastructure as well. The largest amplification seen in the wild was a memcached-amplified DDoS attack that had an amplification factor of around 51200. Meaning that for every byte in traffic the attacker controlled, almost 50kb of traffic would hit the target server.^[15]

To understand an amplified DDoS attack, imagine going to the library and telling the librarian that you would like to check out every book in the library, and then saying to call you and list every book you have checked out. Their reply to whatever phone number you gave was exponentially larger than the simple request you made, and would overwhelm the recipient of the call.

However not all DDoS attacks are intentionally malicious and hence may not be preventable. Spikes in popularity of websites can cause a large amount of network traffic that may overload a server. Popular social media sites like Twitter have been affected by this.

GitHub DDOS Attack^[16]

Largest DDoS Attack to Date: GitHub

The biggest DDoS attack to date is credited to the February 28th, 2018 attack on GitHub, a hugely popular developer platform. The site was hit with 1.35 terabits per second of traffic, which was record-breaking at the time. GitHub had withstood DDoS attacks beforehand, and in March of 2015, the platform had faced a six-day long attack, which was thought to be orchestrated by Chinese state-sponsored hackers. Before the 2018 attack on GitHub, the late 2016 DDoS attack on the internet infrastructure company, Dyn, had reached a peak of 1.2 terabits per second and had resulted in connectivity issues across the United States. ^[17]

Control Hijacking

Control Hijacking is a form of hacking with the hacker's intent to gain full control over a target's system or network.

Malware: Examples of malware include software, spyware, viruses, bugs, worms, and ransomware. Malware is often able to permeate a network through links or email attachments that sometimes install dangerous software without the user’s knowledge. Malware can block access to the network, install additional software, transfer and send out secure data from the hard drive, change settings and fry the system. Malware can also often duplicate itself in order to further spread the malicious software and make it more difficult to remove from a users computer or network.

Man-in-the-Middle (MitM): These cyberattacks are categorized by a hacker sneaking into seemingly-two-party transactions. This type of attack relies on the user believing that they are connecting to their intended party, when in reality the information is going to the "man-in-the middle" and then to the final destination. Attackers are essentially eavesdropping in an effort to steal information. Advanced hackers can use man-in-the-middle attacks in order to change the information sent between two parties and redirect users to a potentially malicious site. Common points of entry for these types of cyberattacks are public Wi-Fi networks that are not secure, and after malware has gotten into a network.

Phishing: Phishing usually happens through email when a hacker sends a fraudulent message that seems to be from a legitimate source but is not. It generally uses "click-bait" titles in order to get users to visit the malicious site due to their curiosity. Usually, the goal is to get credit card information or website login credentials or to have them open a file or link that will install malware on their computer. To accomplish this, the attacker makes a fake webpage that looks very similar to the original page, so that an internet user would not easily tell they were lead to the wrong site. Anti-phishing efforts exist, however there are limitations. Two major limitations include a need for a high detection rate, as well as fast access time for real-time environments. Some Anti-phishing approaches are strong in one area, but not the other.^[18] Worldwide, 123,972 phishing attacks occurred in 2014 between July and December.^[19]

Doxxing: When a user researches or obtains someone's private information and posts it publicly online. Information can be harvested using malware, publicly available social media, or online metadata such as an IP address.

Zero-Day Exploit: When a network’s vulnerability is announced publicly allowing for attackers to find an exploit. Hackers using this method launch an attack before the owner of the network has the chance to create a solution or fix whatever created the vulnerability. This attack is referred to as "zero-day" since it gives the victim zero days to patch up the vulnerability.

Targets and Attacks

Government Services

Postal Service

Credit: "US Postal Service Exposed 60 Million Users' Data." The Silicon Review.

In 2018, sixty million users were affected due to the unsubstantial security measures on the USPS website. This security vulnerability exposed the USPS database that consisted of emails to phone numbers, mailing campaign data, social security numbers, possible credit card numbers, access to street addresses, and access to personal data of everyone who lived in the same household as who logged onto the site through the main user's account. This vulnerability also allowed requests to be made by the user's to change other user's account information such as email addresses and phone numbers. Although these issues were known, the organization took a year to resolve this data breach.^[20]

Voting Machines

With the rise in electronic voting machines for the purpose of United States elections, it is important that these systems are secure and are unable to hack into. Unfortunately, there are several studies and reports that have shown have easily these electronic voting machines can be hacked. At a hacker conference in 2018, a group of hackers was able to get into an electronic voting machine in 15 minutes. Although the concerns about the reliability of these machines continue to rise, states continue to rely on these machines for their election needs. There have not been any confirmed successful hacking of an electronic voting machine to alter results of an election, but it is important to see how vulnerable these systems are and to take appropriate measures before it does happen. Government officials state that for someone to hack into a machine, the people working the election would need to be acting with malicious intent and that it is not much different than using a pen and paper for the election ^[21]. The future of these systems will be an interesting dilemma and how the government deals with their will be important for the trust of the public in the United State's election process.

Safety Ethics

High vulnerability should not be expected from certain government informational systems, considering that USPS has access to personal data points which can lead to identity theft. This leads to concerns in ethics regarding safety in governmental measures within other branches of the government because it is possible for “hackers” to gain access to other branches of the government that may have a similar vulnerability. Most people wouldn’t have considered this being a potential situation as sending and retrieving mail is such a common day to day task. With USPS the most common concern would be worrying about important packages or mail sent to the wrong address and one will open that information. However, this rarely occurs and it's taken seriously as its a federal offense to open someone’s mail or packages as it’s a matter of privacy. In other words, it was least expected that this situation would occur and the lack of timing and care for handling this situation. Contrasty, using USPS alone is a higher security threat, since it is possible for security hackers to break in and retrieve personal information from the database.

Healthcare

Healthcare companies are easy targets for hacking because its maximized vulnerability stemming from a lack of IT investment and training is information systems and the value of the data. Since companies only spend 3% of their IT budget on security and a majority of security breaches come from internal organization intrusion, it can easily take weeks or months before an organization realizes there is a data breach although there are security measures that are put in place to alleviate the effects of internal threats. This gives hackers a large time frame to access as much information as they want or need. The type of information contained in medical documents, such as a PHI or PII, is highly accurate and valuable data containing social security numbers and dates of birth which can be sold on the black market for upwards of $20,000.^[22]

One would assume that healthcare companies would contribute more funds towards security as there is so much prevalent information that both medical professionals and clients receive and share. It makes one wonder why these companies are still vulnerable and not respecting the idea of anonymity and keeping information discreet. Most people wouldn’t want their medical conditions or health-related information exposed the public as they may be embarrassed or are hiding it for professional or personal reasons. Example, one may not want their job to know they are battling cancer in fear of losing their job and not having financial security for the medical treatments.

It’s best for people to be aware and concerned that healthcare companies are easy targets. So many people rely on healthcare regardless if services are obtained at a clinic or hospitals or local medical centers, these attract a large population, especially in the United States. People are vulnerable and not only will their medical information be exposed it is also their unpaid or extensive healthcare bills may be shown as well. This can look bad on the person financially in terms of current or potential employment.

Personal Accounts

Yahoo

In 2013, there was a data breach that affected all three billion Yahoo! users around the world, leaving the users' data in a vulnerable state. Two additional attacks occurred in 2014 and 2016. This caused users' personal information, including names, email addresses, telephone numbers, birth dates, and some encrypted security questions and answers to be exposed and unsecured as they were promised that it would be by yahoo.^[23] This caused multiple lawsuits to be filed against Yahoo! from multiple different users from multiple different countries.

Facebook and Amazon

In 2019, hundreds of millions of users were affected by a Facebook data breach involving Amazon's cloud service. This was caused by two third-party app developers using the software for their applications, and users' account names, passwords, friends, photos, and other information were exposed. Facebook is now under investigation regarding its deals with other electronic companies that could be involved in the data breach. ^[24]

PlayStation

In 2011, Sony's Playstation Network (PSN), that offers services dedicated to their online marketplace, was hacked affecting at the time the PlayStation 3 and the PlayStation portable. The hack accessed the personal details of over 77 million users. After the PlayStation network was hacked, servers were down for 3 weeks leaving players without online access. Sony soon announced that customers information had been compromised, meaning users' names, home addresses, email addresses, birth dates, PSN passwords, usernames, PSN profile data, purchase history, billing address, security question answers, and credit card data had been stolen. ^[25] This in the long term damaged Sonys' relationship with their customers since it broke their trust. Sony responded to the hack by apologizing and making a PSN relaunch announcement.

Target

In 2013, discount retailer, Target, was hacked and the CEO wrote to his customers explaining what had happened and greatly apologizing for the breach that Target went through. This data breach occurred during the holiday season, one of the busiest times of the year for Target ^[26]. A lot of the attacking occurred during Black Friday as well. The hackers stole data, specifically credit card information, of roughly 70 million customers. These hackers were able to access customer’s names, credit card numbers, expiration dates, and card verification value. Target lost millions of dollars through this and their share values have decreased significantly ^[27].

Steam

Steam is a video game distribution platform for PC created by Valve and is used by millions of people around the world. Steam has a had almost a monopoly on video game distribution outside of console and their distribution spread across PC, Linux, and Mac. Other distributors such as Origin have tried to compete with Steam in the past but have not been able the distribution powerhouse that is Steam. Since millions upon millions of people use steam in order to buy games and have a good amount of their financial information within Steam, it would need very good security. However, this was put asunder in 2011 when hackers hacked into Steam and put 35 million users at risk.^[28] The hackers were able to get into a database containing millions of credit card numbers, billing addresses, passwords and more personal information regarding the users of Steam. This hacking turned out to be more of a threat rather than practical use, as there were little to no reports of credit cards being used out of the ordinary and Valve issued all users to change their passwords for extra security, as Valve themselves buckled down on security. Although nothing disastrous came from this hacking, it could have been very bad for the users of Steam and it has since made some people lose trust for Steam and go on to look for other video game distributors. Since then, Steam has introduced two-factor identification to its security and has been making other security improvements and has seen little to no hacking since this event.

Equifax

In 2017 Equifax, one of the major credit reporting agencies in the United States, revealed that they had been hacked and data pertaining to roughly 143 million US consumers, roughly 44% of the US population, had been potentially exposed. Unlike other major hacks, this data was not limited to emails and passwords which could be easily changed. Included were full names, Social Security numbers, birth dates, addresses and some driver license numbers. The information leaked is much more permanent and can be used to open bank accounts, take out insurance policies, and other activities that require proof of identity. While Equifax has audited their systems and offered one year of free credit monitoring to customers with exposed data, their poor handling of the incident and their response has caused concern over another breech.^{[29] [30]}

Ethical Issues

Anonymity

Anonymity, defined as the inability to coordinate some known trait(s) with other traits of the individual such that the person can’t be identified. Many people in the US do not have the flexibility of online anonymity. Many of the cyber attacks are examples that reflect that people are no longer anonymous or have a minimum amount of other individuals who can gain access to their personal information. Because of the lack of, or limited security measures across many organizations and companies, this has led to the vulnerability and exposure of personal information more prevalent.

It is clear based on data breaches that occurred for the US Postal Services and Healthcare companies reflect how rare anonymity is. Exposure of social security numbers will potentially lead to many identity thefts which often take a long time to recover from. Due to the exposure from the data breach, it’s possible that more than one person will have that identity which makes it that much harder to track down the person who actually “stole” one’s identity.

Privacy

Alessandro Acquisti shares how there is no such thing as hiding your secrets or being anonymous because of our online era ^[31].The truth is; from having an image of a person using facial recognition, finding a name and public information about that name and person can form into non-publicly available information even the more sensitive information. Example, using one’s image found on their Facebook account or an app that uses phone’s internal camera taking images of the user and the information shared on Facebook led to more help for determining their social security number. With these tools, there is a 27% chance of determining their first five SSN digits within four attempts. This is just one of his many experiments in regards to anonymous and how to gather information to uncover their information.

Evidently, this tool is clever and innovative yet alarming. This is something that should concern many people as it allows people to use simplified information to their advantage. This is beyond unethical and one would think that people would spend more time and effort into improving online security. One may wonder should people not post anything at all whereas others wonder what is even allowed to post online. Some may wonder if social security numbering policy may need to change so there is barely any “margin” to guess its number after multiple tries. It may need to get more complicated by having a combination of numbers, letters, and characters to limit these unethical issues.

Based on Acquisti’s claims in regards to how it’s becoming easier to discover more personal information about people. However, these data breaches don’t help considering we are already vulnerable to these security concerns. These data breaches along with the online presence of people make it that much harder for people to remain anonymous or limit their anonymity from the least amount of people as possible. One can only hope that online security will improve so that people remain anonymous if any at all.

As technology advances and more inventions are brought up, more threats of privacy invasion arise. Technology created to advance subjects such as health or education can hold the risk of hackers invading three of the four levels of privacy of the technology's users; mental, decisional, and informational ^[32]. The mental privacy of a user is invaded by hackers if there is a manipulation of a user's personal details that can affect their lives in the real world. Decisional privacy can be affected if there is an intrusion of private documents, like healthcare for example, and alteration of a user's data affecting very personal decisions. Last, a user's informational privacy can be affected by a hacker as there can be a breach to personal and sensitive information on the user.

In addition, hackers disregard a user’s ability to have control over the presentation of their information ^[33]. This is consequential for a person’s right to their autonomy. Regardless of the information exposed from a data breach, a person’s ownership over their information is undermined, which is detrimental to their privacy. Even in cases where hackers uncover information that is not meant to be secret or protected, they are still exposing information that was not shared by its informational owner, and therefore it is just as invasive. Self-determination is a fundamental value that hackers take advantage of ^[33]. Every person should have the right to the portrayal of their own self-identity ^[33].

Transparency

Regulation for entities in the aftermath of a data breach is unclear, thus leading to gaps in consumer knowledge about whether, when, and how intensely their data has been breached. All states require entities to notify consumers when a data breach occurs. However, aggregated information on those data breaches is much more difficult to obtain. Currently, only 14 state Attorneys, along with the US Department of Health and Human Services, report the occurrence of a data breach to the general public. As a result of this documentation of data breaches is messy and standardized. This makes studying data breaches a difficult task, and consumers are therefore further unable to protect their privacy and their identities.^[34]

See Also

References

1. ↑ "What is Hacking?" Technopedia. https://www.techopedia.com/definition/26361/hacking.
2. ↑ Devitt, Michael, "A Brief History of Computer Hacking," Dynamic Chiropractor. https://www.dynamicchiropractic.com/mpacms/dc/article.php?id=18078
3. ↑ Hackett, Stephen, "Concerning Steve Wozniak's Blue Boxes," 512 Pixels. https://512pixels.net/2018/03/woz-blue-box/
4. ↑ ^{4.0 4.1} "A Brief History of Hacker Culture." Cyber Security Masters Degree.org. https://www.cybersecuritymastersdegree.org/a-brief-history-of-hacker-culture/
5. ↑ Stori, Will, "The kid hackers who starred in a real-life WarGames," Telegraph. https://www.telegraph.co.uk/film/the-414s/hackers-wargames-true-story/
6. ↑ Novak, Matt, "The Untold Story of the Teen Hackers Who Transformed the Early Internet," April 14, 2016. Gizmodo. https://paleofuture.gizmodo.com/the-untold-story-of-the-teen-hackers-who-transformed-th-1770977586
7. ↑ " Matthew Warren, William Hutchinson, (2000) "Cyber attacks against supply chain management systems: a short note", International Journal of Physical Distribution & Logistics Management, Vol. 30 Issue: 7/8, pp.710-716, https://doi.org/10.1108/09600030010346521"
8. ↑ " Matthew Warren, William Hutchinson, (2000) "Cyber attacks against supply chain management systems: a short note", International Journal of Physical Distribution & Logistics Management, Vol. 30 Issue: 7/8, pp.710-716, https://doi.org/10.1108/09600030010346521"
9. ↑ Owasp, “OWASP/CheatSheetSeries.” GitHub. github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.md.
10. ↑ Imperva, "Phishing attacks" https://www.imperva.com/learn/application-security/phishing-attack-scam/?utm_campaign=Incapsula-moved
11. ↑ Owasp, “OWASP/CheatSheetSeries.” CSRF prevention. https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
12. ↑ CloudFlare, "What is a CDN?" https://www.cloudflare.com/learning/cdn/what-is-a-cdn/
13. ↑ Rouse, Margaret, "IoT Botnets" https://internetofthingsagenda.techtarget.com/definition/IoT-botnet-Internet-of-Things-botnet
14. ↑ CloudFlare, "What is LOIC?" https://www.cloudflare.com/learning/ddos/ddos-attack-tools/low-orbit-ion-cannon-loic/
15. ↑ Memcached DDoS Attack, Cloudflare https://www.cloudflare.com/learning/ddos/memcached-ddos-attack/
16. ↑ https://www.a10networks.com/resources/articles/5-most-famous-ddos-attacks
17. ↑ Newman, L. H. (2018). GitHub Survived the Biggest DDoS Attack Ever Recorded. Retrieved from https://www.wired.com/story/github-ddos-memcached/
18. ↑ "Jain, A.K. & Gupta, B.B. EURASIP J. on Info. Security (2016) 2016: 9. https://doi.org/10.1186/s13635-016-0034-3"
19. ↑ "Aaron, Greg, and Rod Rasmussen. “Global Phishing Survey: Trends and Domain Name Use in 2H2014.” APWG: Unifying the Global Response To Cybercrime, May 2015, p. 1–38."
20. ↑ Liao, Shannon, "USPS took a year to fix a vulnerability that exposed all 60 million users' data." November, 2018. The Verge. https://www.theverge.com/2018/11/22/18107945/usps-postal-service-data-vulnerability-security-patch-60-million-users
21. ↑ Patterson, Dan. “Why Voting Machines in the U.S. Are Easy Targets for Hackers.” CBS News, CBS Interactive, 19 Sept. 2018, cbsnews.com/.
22. ↑ Alford, Allan, "Why Hackers Love Healthcare." April 26, 2018. DARKReading. https://www.darkreading.com/endpoint/why-hackers-love-healthcare/a/d-id/1331537
23. ↑ Brodkin, Jon, "Yahoo tries to settle 3-billion-account data breach with $118 million payouts." April 10, 2019. Ars Technica. https://arstechnica.com/tech-policy/2019/04/yahoo-tries-to-settle-3-billion-account-data-breach-with-118-million-payout/.
24. ↑ Silverstein, Jason, "Hundred of millions of Facebook user records were exposed on Amazon cloud server." April 4, 2019. CBS News. https://www.cbsnews.com/news/millions-facebook-user-records-exposed-amazon-cloud-server/.
25. ↑ Philips, Tom, "Five years ago today, Sony admitted the great PSN hack" April 24, 2016. EUROGAMER. https://www.eurogamer.net/articles/2016-04-26-sony-admitted-the-great-psn-hack-five-years-ago-today
26. ↑ Pigni, Frederico, "Targeting Target with a 100 million dollar data breach," May 1, 2018. Journal of Information Technology Teaching Cases. https://journals.sagepub.com/doi/abs/10.1057/s41266-017-0028-0
27. ↑ McGrath, Maggie, "Target Data Breach Spilled Info On As Many As 70 Million Customers," January 10, 2014. Forbes. https://www.forbes.com/sites/maggiemcgrath/2014/01/10/target-data-breach-spilled-info-on-as-many-as-70-million-customers/#73502a97e795
28. ↑ Love, Dylan "This Online Gaming Service Got Hacked And 35 Million People Are Affected", https://www.businessinsider.com/steam-hacked-2011-11
29. ↑ 2017 Cybersecurity Incident & Important Consumer Information, Equifax https://www.equifaxsecurity2017.com/
30. ↑ Equifax website hack exposes data for ~143 million US consumers, Ars Technica https://arstechnica.com/information-technology/2017/09/equifax-website-hack-exposes-data-for-143-million-us-consumers/
31. ↑ Acquisti, Alessandro, "What will a future without secrets look like?" June, 2013. TED. https://www.ted.com/talks/alessandro_acquisti_why_privacy_matters/up-next
32. ↑ Floridi, Luciano. Ethics after the Information Revolution. pp 102-103. 2014.
33. ↑ ^{33.0 33.1 33.2} Shoemaker, David W. “Self-Exposure and Exposure of the Self: Informational Privacy and the Presentation of Identity.” Ethics and Information Technology, vol. 12, no. 1, 2009, pp. 3–15., doi:10.1007/s10676-009-9186-x.
34. ↑ , Privacyrights.org. (2018). Data Breach Notification in the United States and Territories. Retrieved from https://www.privacyrights.org/sites/default/files/Data%20Breach%20Notification%20in%20the%20United%20States%20and%20Territories_0.pdf