Analysis of the ‘Capital One’ Data Breach

It seems that breaches, malware, phishing and more types of attacks are what we wake up to every morning. While most are benign attacks do not do much except for an occasional click of the mouse on the Internet or a raised eyebrow, it is the serious ones that cause personal and financial damages.

By now, everyone (or mostly everyone) has heard of the ‘Capital One Data Breach’ that was reported on July 29^th , 2019. While everyone in the US might understand what or who is ‘Capital One’ here is a brief note about “Capital One” for the rest of the world – “It is a bank holding firm specializing in auto loans, credit cards, banking and savings accounts”

The ‘Capital One’ Data breach unfortunately belonged to the very serious category since it involved huge loss of financial data. Here are the details of the Capital One data breach:

• The suspect is 33 year old ‘Paige Thompson’ who was a Software engineer in Seattle
• She had earlier worked for Amazon Web services which hosted the Capital One database(which was the one which was likely breached)
• The suspect was adept at hacking and did not keep her skills secret
• She was an organizer for a Meetup group called “Seattle Warez Kiddies” which was for individuals who were passionate about distributed systems, hacking and cracking
• The breach compromised the financial data of 100 million Americans and 6 million Canadians
• The breach compromised 140,000 social security numbers and 80,000 bank account numbers in the US along with 1 million Canadian social insurance numbers
• In addition, names, addresses, ZIP codes, phone numbers, email addresses, birth dates, self-reported income were also leaked because of stolen credit card numbers
• The sensitive information was accessed through a “misconfiguration” in the web application firewall. This enabled the suspect hacker to penetrate the firewall and access the Capital One server where the critical information was stored.
• The breach will likely cost $150 million for ‘Capital One’

What was being done after that?

The leak was contained and the information is assumed to have not been disseminated nor used for malicious purposes.  In spite of this, the breach showed the weaknesses of the defenses in the various information systems in an organization.

Given that most organizations need to work in tandem with each other for technology and business needs, it is really necessary to “up” the security measures in the wake of such a breach.

The company has since stated that it has sealed the “misconfiguration” vulnerability that caused the major breach.

So, why did the breach take place?

After reading and analyzing the ‘Capital One’ data breach and its consequences comes the question of “why” and the “threat factor” that lead to the data breach.

According to me, the “Why” of “Capital One” breach: I may be wrong – but the suspect had already boasted of hacking several organizations, government entities and educational institutions. The suspect seems to be a versatile hacker and the only reason seems to be for the “thrill” of it and boasting about it online.

The “threat factor” that led to the breach:

From the time I have been studying Information security, there has been one concept that has constantly been drilled into my head – “Human factor is always the weakest link in a security perimeter” which I think was the primary threat factor leading to this breach.

The suspect (an ex-employee – the weak link here) had already worked in Amazon web services till 2016 and knew the nitty gritty details of the security of the systems. She made use of firewall “misconfiguration”, and leaked precious data. The threat from the human factor ultimately lead to the “capital One” data breach.

How can this be prevented?

With everything moving online, it is inevitable that all our financial, personal, health and other records move to the cloud or servers in remote locations. In view of this we can take a few precautions:

• Keep different passwords for different accounts and change them frequently
• Sign up for identity theft monitoring
• Monitor all finance, personal accounts
• Report any unusual activity in your account statements

The “Capital One” data breach and other attacks have taught us to keep our eyes and ears open all the time and avoid being a victim!

Do you want to think like a hacker and learn how to prevent such attacks? Join our CEH v10 training from EC-Council and get certified today!!

AUTHOR
Jayanthi Manikandan ( )
Cyber Security Analyst

“ Jayanthi Manikandan has a Master’s degree in Information systems with a specialization in Information Assurance from Walsh college, Detroit, MI. She is passionate about Information security and has been writing about it for the past 6 years. She is currently ‘Security researcher at InfoSec train. “