CLEARWATER, Fla. -- Security experts and investigators are assessing the damage of just one malicious email opened by an employee of the South Carolina Department of Revenue that lead to a massive data theft.
The incident discovered in August but not made public until October caused a massive cyberattack -- theft of 3.8 million tax returns, Social Security numbers of 1.9 million people, access to data on 699,900 business tax returns and 3.3 million bank accounts, according to NBC.com.
A hacker in another country sent a South Carolina Department of Revenue employees an email containing an embedded link to a website infected with malware. One employee was duped into clicking the link. From that one click, the cybercriminal stole the employee's user name and password. The technique is known as social engineering and uses an exploit known as phishing.
The cyber criminal began copying vast amounts of information and transferring them into zip files that were transferred outside of the system. The activity went on for weeks before it was discovered.
"The hacker literally got into the [South Carolina] system just by one single email that was clicked on," said Stu Sjouwerman, CEO and founder of KnowBe4, "We have been noticing that infrastructure companies and government organizations have not yet taken the necessary employee security awareness training to prevent cyberattacks."
Sjouwerman, CEO and founder of KnowBe4 in Clearwater, said such attacks can be prevented and millions of dollars, accounts, and identities can be safeguarded. KnowBe4 specializes in protecting governmental agencies against cybercrime.
KnowBe4 and Kevin Mitnick developed Kevin Mitnick Security Awareness Training. The training uses knowledge of the latest cybercrime tactics in real-time to train government employees from being duped by cyberattacks. The training is interactive and web-based, and includes case studies, live demonstration videos and short tests.
Mitnick gained international notoriety in 1995 with escapades that out the FBI on his trail for 2 1/2 years. He was finally cornered an arrested in his Raleigh, N.C. apartment in 1995.
The FBI was aided by Tsutomu Shimomura, a computer scientist at Los Alamos National Laboratory.
Mitnick's exploits were detailed in two books that explored the allegations:
The exploits were portrayed in a movie, Takedown.
Both Shimomura and Markhoff, a reporter for the New York Times,was present at Mitnicks's araingment in Raleigh. During the hearing Mitnick muttered that he respected Shimomura
Mitnick served five years in federal prison for wire fraud, computer fraud and intercepting a wire communication. During his prison stint, Mitnick underwent treatment for bipolar disorder and chronic depression.
Since then Mitnick has turned over a new leaf. He has gained fame as a security consultant instead of a cyber criminal.
"Just one click can cost an organization millions of dollars, or in this recent case, millions of stolen identities," Sjouwerman added. "Employee training is essential to prevent costly cyberattacks – [KnowBe4] has access to the world's foremost hacking expert to ensure the proper safety measures are taken."