Five Hackers Indicted for Stealing 160 Million Identities
(Page 2 of 2)
As O'Brien sees it, if we assume that these were skilled hackers working to gain access to this data, it's safe to say that almost any technological security solution could have been bypassed at some point. What might have helped to prevent that from leading to a major breach would have been better separation of the high-value assets from the net-connected systems that were hacked.
"While this information is not yet -- and may never be -- known publicly, it's reasonable that there were one or more user accounts that were compromised, rather than poorly coded applications that were exploited," he said. "Unfortunately, if expectedly, human nature tends to dismiss these types of systemic weaknesses as 'lucky breaks' or 'unforeseeable accidents,' and as a result, attention and money in the security industry continues to be spent on solving those things that are easiest to address, rather than essential problems that would require substantive trade-offs to implement."