Page 107 - Data Science class 11
P. 107
The attackers compromised the credentials of two Marriott employees to have an access to one of the third party
applications used by the hotel chain. Marriott cybersecurity systems did not pay attention to the suspicious activity of
these employees’ profiles for two months. With third-party vendor monitoring and user and entity behavior analytics,
Marriott could have detected the breach before hackers gained clients’ data.
1.6.3 case #3: gaining a Business advantage by
general Electric (gE) Employees
This was a case of stealing trade secrets of GE. As reported, two employees of General Electric (GE) stole data on
advanced computer models for calibrating turbines the company manufactured. They also stole marketing and pricing
information for promoting this service.
Thereafter, one of the employees started a new company which started taking tenders in that particular field. This
resulted in losing several tenders to the newly founded company. The case was reported by GE to FBI. After several
years of investigation in 2020, the insiders were convicted of their crime and sentenced to prison time and $1.4 million
in restitution to General Electric.
GE employees downloaded thousands of files with trade secrets from company servers and sent them to private email
addresses or uploaded them to the cloud. One employee also convinced a system administrator to grant him access
to data he wasn’t supposed to have access to.
On the top of it, none of these malicious actions generated a response from the GE cybersecurity system. Deploying
access management and user activity monitoring solutions could have helped GE detect intellectual property theft in
time and accelerate the investigation by gathering proof.
1.6.4 case #4: case of Purposely Damaging cloud
infrastructure of cisco by its Former Employee
WebEx by Cisco is the leading enterprise solution for video conferencing, online meetings, screen share, and webinars.
One of the former Cisco employee illegitimately gained access to company’s cloud infrastructure. He generated a
malicious code, by virtue of which 456 virtual machines were distorted. Due to this, 16000 users of WebEx could not
access their accounts for two weeks continuously.
The company had to spend approximately 1.4 million dollars in employee time for auditing as a consequence of
this event. The company audited their infrastructure and fixed the damage but the company had to pay a total of
$1,000,000 as compensation to the affected users.
The incident happened back in September 2018. The case has not yet been resolved in court (as of December 2020).
The attacker may face up to five years in prison and a fine of $250,000.
1.6.5 case #5: scamming of viP Users by Phished twitter Employees
In July 2020, some profound hackers gained access to 130 private and corporate Twitter accounts. The account had
more than a million followers each. They were indulged in 45 different accounts to promote Bitcoin business. The list
of hacked accounts included some of the personalities of international repute— like Barack Obama, Bill Gates, Jeff
Bezos, Elon Musk, Michael Bloomberg, Apple, Uber.
As a consequence of this, Twitter’s stock price fell by 4%. The company no longer released its new API in order to
update security protocols and spread employee awareness on social engineering attacks.
Twitter employees suffered due to a chain of spear phishing attacks. Hackers contacted Twitter employees working
from home and introduced themselves as Twitter IT administrators. They even asked for user credentials and this
is how they gathered information on company employees. Using these compromised accounts, the attackers then
gained access to administrator tools. With these tools, they reset the accounts of famous Twitter users, changed their
credentials, and tweeted scam messages.
Ethics in Data Science 105

