Big Four accounting firm Deloitte, with $37B in annual revenues, found out that it had been hacked in March, and the hackers appear to have been inside its systems (supplied by Microsoft through its Azure cloud) since the previous October or March.
The hackers had access to up to 5 million sensitive company emails and documents from across all the sectors in which Deloitte operates, "the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies."
Deloitte kept the hack internally secret, only informing "a handful" of senior partners and lawyers, as well as six clients.
The Guardian has been told the internal inquiry into how this happened has been codenamed “Windham”. It has involved specialists trying to map out exactly where the hackers went by analysing the electronic trail of the searches that were made.
The team investigating the hack is understood to have been working out of the firm’s offices in Rosslyn, Virginia, where analysts have been reviewing potentially compromised documents for six months.
It has yet to establish whether a lone wolf, business rivals or state-sponsored hackers were responsible.
Sources said if the hackers had been unable to cover their tracks, it should be possible to see where they went and what they compromised by regenerating their queries. This kind of reverse-engineering is not foolproof, however.
A measure of Deloitte’s concern came on 27 April when it hired the US law firm Hogan Lovells on “special assignment” to review what it called “a possible cybersecurity incident”.
Deloitte hit by cyber-attack revealing clients’ secret emails
[Nick Hopkins/The Guardian]
Ricardo Palacios, a 74-year old rancher, had gotten used to Customs and Border Protection officials tromping across his south Texas ranch lands without permission over the years. But finding a wireless surveillance camera set up in one of his trees? Not OK. Upon discovering the device, Palacios removed it immediately. It wasn’t long after that […]
Connecting voting machines to the internet is a terrible idea: the machines are already notoriously insecure, and once they're online, anyone, anywhere in the world becomes a potential attacker.
The only thing worse than driving a car with defective brakes is unknowingly driving a car with defective brakes -- and learning about them the hard way.
The web is vast, and while there’s room for everyone, competition is stiff when it comes to landing on that first page of a Google search. That’s why developers aren’t afraid to spend exorbitant amounts of time and money on search engine optimization (SEO) to ensure their sites rank higher than others. However, not all […]
Many of us enjoy the aesthetic of vintage electronics, but trying to use most hardware from the 1950’s isn’t necessarily practical. This is especially true where speakers are concerned. While most of us can appreciate the old-school feel of retro speakers, they have a hard time matching the convenience and power delivered by today’s Bluetooth speakers. […]
Python is one of the most popular and versatile programming languages used by developers today, making it an ideal first choice for those looking to kickstart a career in programming. While you could go back to school or sign up for a pricey coding bootcamp, you can learn the essentials of coding with Python at […]