Q&A: How has hacking evolved, and how much is consumer data worth?

July 11, 2018

Macy’s has announced a data breach involving thousands of Macys.com and Bloomingdales.com customer credit card numbers, expiration dates, names and other information.

Adam Doupé, assistant professor of engineering and associate director of ASU’s Center for Cybersecurity and Digital Forensics, spoke with ASU Now to discuss the history and evolution of hacking. Image of a keyboard lit with green light Download Full Image

Question: How has hacking evolved over time?

Answer: In the late 1990s and early 2000s, when the internet was just growing, hackers would break into a computer system, hack in, and deface popular websites, like the New York Times, for example. You would do this to prove how awesome you were and how great your hacking skills were. Sometimes hackers would advocate for certain causes this way. This was the origin of hacking. It was similar to digital graffiti. People had handles and they would leave their mark.  

Q: How did hacking move from tagging websites to stealing consumer information?

A: In the mid- to late-90s, so much of our credit card and financial information began moving online. Social security numbers were online. In the early days, there were very few websites out there with the volume of personal information that we see today stored on websites and servers. So, while our data has increased on these websites, we have seen a corresponding rise in hackers who now have a financial incentive to break into these systems, steal this information, and sell it.

Q: How much money can a hacker make?

A: A lot of money. One of the stories I really like to share with my students is about Albert Gonzales, an American hacker who masterminded Shadowcrew, a hacking group. He led this group and they were responsible for breaking into Dave & Buster’s, T.J. Maxx and Heartland Payment Systems. They claimed that they caused around $200 million worth of damages.

What’s interesting about their case is that there’s a Rolling Stone article about them, and it goes into a story about how the people involved were living this rock ‘n’ roll lifestyle where they would travel the country, blow money on hotels and drugs, have parties and hack into sites to sell credit card numbers for more money. With T.J. Maxx for example, they stole more than 45 million credit and debit numbers, which is insane. And Heartland Payment Systems, one of their targets, was interesting because HPS is a credit card processor. So, once they got in, the group could see information about all of the cards going in through that system.

Q: How much work goes into making money from consumer data?

A: The easiest way to think about this is through the sale of credit cards on the underground economy. What’s fascinating about the underground economy is that people have different roles and specialize in different things. There are people whose specialty is getting money out of credit cards. They need a list of credit cards, the names attached to them, and then they will manufacture credit cards and people will physically go to stores to purchase things with those cards.

What might be shocking is that a credit card number is only worth maybe $1 in this economy. So, not much money alone, and that is because of the difficulty of taking it and turning it into actual cash or purchases. So, you’ll also have people who specialize in breaking into companies to get huge volumes of this information. Usually they’ll go through a web application to do this.

Q: Are good hackers always playing catch-up or is there an even playing field?

A: There are “black hat” hackers who are hacking to cause damage. They are typically involved in illegal and unethical activity, and they use hacking to further their personal gain. Then, there are “white hat” hackers who are trying to defend and protect systems. To play defense, you need to know offense, and you need to know what your offense is capable of and what they’re going to do.

Fundamentally, cyber security has this asymmetry between hacker and defender.

A defender’s job is fundamentally harder because all an attacker needs is one possible way in, just one loose brick, so to speak. Building stronger defensive techniques is a very difficult and always evolving challenge. 

Q: How complex are major consumer data hacks?

A: If someone is incredibly good at hacking, we may never hear about their breaches. If you are thinking of something like a nation state’s hacking, they aren’t interested in stealing credit card numbers. They may infiltrate systems and be stealthy and quiet about the hack and what they gather.

In cases like T.J. Maxx and Shadowcrew, they had incredibly sophisticated hackers. One way they would steal information was by doing what is called war driving, which is actually driving around near a company to find an insecure Wi-Fi network. By getting onto those networks, they were able to then get into the back end of company systems and exploit them.

In the case of the Equifax hack, a public vulnerability was disclosed in March 2017 and Equifax did not patch their systems to fix that vulnerability. That’s a big risk. You don’t need to be very sophisticated to exploit that.

Leslie Minton

Carnegie-Knight News21 wins second consecutive Student Murrow Award

July 11, 2018

Carnegie-Knight News21, the multi-university in-depth journalism collaborative based at Arizona State University’s Walter Cronkite School of Journalism and Mass Communication, won the Student Edward R. Murrow Award for Excellence in Digital Reporting for a second consecutive year.

This is the Cronkite School’s fourth Student Murrow Award, more than any school in the country. Elizabeth Sims, an Ethics and Excellence in Journalism Foundation Fellow, films at Scott Mills Falls in Scott Mills, Oregon, for Carnegie-Knight News21's investigation into drinking water. Photo by Agnel Philip/News21 Download Full Image

The 2018 winners will be recognized at the Edward R. Murrow Awards Gala on Oct. 22 in New York.

“This national recognition is more than an honor. It's an important testament to the quality of the next generation of journalists at a time when public accountability is more important than ever,” said Jacquee Petchel, Carnegie-Knight News21 Executive Editor.

Troubled Water,” a 2017 multimedia investigation inspired by the lead crisis in Flint, Michigan, and produced by the Carnegie-Knight News21 program, featured 29 student journalists from 18 universities.

Student journalists traveled across the country to conduct hundreds of interviews, review thousands of documents, build databases and document the scope of water contamination nationwide. The team also produced a 30-minute documentary.

Among its findings:

• As many as 63 million people were exposed to potentially unsafe water more than once in the past decade.

• American taxpayers have spent $21 billion in cleanup and oversight costs of properties damaged by waste.

• Manufacturing, mining and waste disposal companies were among the country’s worst polluters.

• The most prolific water contamination problems persist in small towns, low-income communities and Native American tribal lands.

• Drinking water for millions of Americans was contaminated by nitrates and coliform bacteria found in fertilizers.

The Carnegie-Knight News21 program is an initiative that brings top journalism students from across the country to the Cronkite School to report on an issue of national significance.

In 2017, the Cronkite School was the only journalism program in the country to win multiple Edward R. Murrow Awards, capturing the Student Murrow Award for Excellence in Video Newscast as well as for digital reporting with “Voting Wars,” a News21 exploration of voting rights in America.

Previous Carnegie-Knight News21 projects have spotlighted issues ranging from food safety and gun rights and regulations to veterans’ issues and marijuana legalization. The student work is published at news21.com and by dozens of news organizations, including The Washington Post, USA Today, NBCnews.com and the Center for Public Integrity.

"These projects could not be done without the generosity of our many News21 donors, which allows us to investigate critical issues that many newsrooms can no longer afford to do," Petchel said.

Established in 2015 by the Radio Television Digital News Association, the Student Murrow Awards celebrate overall excellence in student journalism at the collegiate and high school levels. Unlike the professional Edward R. Murrow Awards, which are presented to a news organization, the Student Murrows are awarded to individuals in one of five categories — audio newscast, audio reporting, video newscast, video reporting and digital reporting.

The RTDNA has been honoring outstanding achievements in professional journalism with the Edward R. Murrow Awards since 1971. Murrow Award recipients demonstrate the excellence that Edward R. Murrow made a standard for the electronic news profession. The RTDNA is the world’s largest professional organization exclusively serving the electronic news profession. Members include local and network news executives, news directors, producers, reporters and digital news professionals as well as educators and students.

2018 Cronkite School/News21 Fellows

Fraser Allen Best, Arizona State University, Hearst Foundations Fellow

Bryan Anderson, Elon University

Macee Beheler, University of Oklahoma, Ethics and Excellence in Journalism Foundation Fellow

Bryn Caswell, University of Alabama

Claire Caulfield, Arizona State University, Louis A. “Chip” Weil Fellow

Marie Esquinca, Arizona State University, Ethics and Excellent in Journalism Foundation Fellow

Jordan Houston, American University, Knight Foundation Fellow

Andrea Jaramillo, Arizona State University, Hearst Fellow

Lauren Kaljur, University of British Columbia

Brandon Kitchin, Texas Christian University

Rachel Konieczny, St. Bonaventure University

Jenna Miller, Arizona State University, Donald W. Reynolds Foundation Fellow

Amy Malloy, Dublin City University, Veronica Green Independent News & Media Fellow

Elissa Nunez, George Washington University

Fionnuala O’Leary, Dublin City University, Veronica Guerin Dublin City University Fellow

Agnel Phillip, Arizona State University, Don Bolles/Arizona Republic Fellow

William Taylor Potter, Louisiana State University

Alexis Reese, University of North Texas, Dallas Morning News Fellow

Corinne Roels, Arizona State University, Donald W. Reynolds Foundation Fellow

Michael Santiago, Syracuse University

Karl Schneider, Kent State University

Elizabeth Sims, University of Oklahoma, Ethics and Excellence in Journalism Foundation Fellow

Briana Smith, Lawrence Herbert School of Communication, Hofstra University

Jasmine Spearing-Bowen, Arizona State University, Donald W. Reynolds Foundation Fellow

Adrienne St. Clair, Arizona State University, Donald W. Reynolds Foundation Fellow

Nicole Tyau, Arizona State University, Hearst Foundations Fellow

Jackie Wang, University of Texas

Chelsea Rae Ybanez, Arizona State University, Hearst Foundations Fellow

Bliss Zechman, University of Tennessee, John and Patty Williams Fellow

Past Cronkite School/News21 Student Murrow Winners

2017:  Excellence in Digital Reporting: Arizona State University/News21: “Voting Wars

2017:  Excellence in Video Newscast:  Windsor Smith and Madison Romine: Cronkite News: Feb. 17, 2016

2015:  Excellence in Video:  Erin Patrick O’Connor/News21: “Gun Wars

Assistant editor, Walter Cronkite School of Journalism and Mass Communication