Lessons from a quarter of a billion breached records

Cite

Norwegian Developers Conference (NDC)

Hunt, Troy

Formal Metadata

Title

Lessons from a quarter of a billion breached records

Title of Series

NDC Oslo 2016

Number of Parts

Author

Hunt, Troy

License

CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this

Identifiers

10.5446/51729 (DOI)

Publisher

Norwegian Developers Conference (NDC)

Release Date

2016

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

What motivates attackers to dump data publicly? How is it sold, traded and redistributed and for that matter, what even causes adversaries to go public with it? These are all questions I’ve dealt with over the years running the ethical data breach search service “Have I been pwned”. It’s also given me the opportunity to interact with everyone from the attackers breaching these systems to the impacted organisations to law enforcement agencies. In this talk, I’ll share the lessons learned from working with more than a quarter of a billion publicly dumped records as a result of major data breaches. The talk sheds light on how this class of adversary operates and the weaknesses within organisations they continually manage to exploit. It’s a unique inside look at security from a very real world and very actionable perspective.