Lately, the scandals associated with data breaches and hacker attacks occur on a regular basis. For example, one of the latest cases related to hacking networks around the world and accusations of the G.U. of Russia made by the US, Netherlands, and Great Britain governments.
The indictment includes the names of seven people who used computer hacks to obtain non-public, private medical and other sensitive information. Doping agencies and sports federation around the work, hacking the databases of which revealed personal information of 250 athletes from 30 countries, as well as the Organisation for the Prohibition of Chemical Weapons and the energy company, Westinghouse Electric, which engineers nuclear power plants.
However, this is not about the goals of these attacks, but about the methods used. The hackers used long-known and simple methods: technical reconnaissance of IP addresses, domains, and network ports, and registration of fake domains and websites that copied official websites, as well as sending phishing emails to illegally obtain identifying information (logins and passwords) after forwarding users to these sites. Successful data breaches were not the result of outstanding skills of hackers, but the result of unprotected computer networks and the use of outdated user identification methods.
Despite the fact that the MiTM attack (the man in the middle) is quite insidious, it could have been avoided by using EmerSSL as an additional defense. It is a passwordless user authentication system that uses Emercoin blockchain for storing of hash sums of SSL certificate. The Authorizer service, created on the basis of EmerSSL, would have done an excellent job. The use of EmerSSL is also inexpensive and for 1 EMC you can get 2500 SSL keys for web authorization for 5 years.
