How Faulty Access Control Policies Have Contributed to Famous Data Leaks

Tuesday, September 11, 2018

Data breach continues to be a BIG problem facing organizations who manage sensitive, customer, and financial data. 

Often the first action hackers take when evaluating a potential target, is attempting to find vulnerabilities in their victim’s system security. An organization’s network that currently appears to be secure may actually contain well-hidden weaknesses. This is especially true with one of the most critical security components; access control systems. A small logical error or misassignment in their access control policies could give cyber-attackers precisely what they need to access an organization’s sensitive online assets. Some of the most renown data leaks over the past five years may have been prevented had vulnerabilities in their access control systems and policies been known before the attack. Keep reading below to learn about the three most significant data leaks in which flawed access control policies played a contributing role in the breach.




One of the most notorious data leaks in U.S. history occurred when Edward Snowden stole and released thousands of sensitive National Security Agency (NSA) documents. The confidential documents publicly revealed top-secret NSA surveillance program information leaving U.S. security procedures vulnerable to exploitation. As time has gone on, the NSA and external security experts have analyzed the causes of the leak and explained how it could have been avoided. One of the critical enablers of Snowden’s plan was flawed access control policy design. At the time of the attack, the controls were defined on a “need to know” basis. These definitions gave Snowden the ability to exploit this weakness by giving himself the privileges needed to steal otherwise confidential information. When the NSA access control policies were designed, they contained this hidden “need to know” logic flaw without realization that it could easily be exploited.



A cyber-attack still currently in the news is the Democratic National Committee (DNC) system hack which occurred during the 2016 Presidential Elections. Considered one of the most highly publicized political incidents in recent history, attackers targeted DNC servers and gained access to their email database. The attackers would then go onto leak sensitive emails exchanged between Democratic Presidential Nominee, Hillary Clinton, and other top DNC staffers during the peak of the 2016 U.S. Election. The attackers used a combination of phishing and malware to obtain DNC staffers login credentials to which they would use to access the staffer’s email accounts and then leak private conversations.



In November 2013 retail giant, Target made headline news for announcing they had identified a company-wide data breach in which attackers had gained access to customer credit card information. In the aftermath of the breach, it was estimated that over 60 million customer accounts were affected by the attack. The attackers were able to execute their plan by exploiting weaknesses in Target’s access control security. It was found that the company “did not apply proper access control on verities of accounts and groups, especially the ones from third-party partners” (Shu et al., 2017). This, in turn, further enabled the attackers to gain access to Target’s online systems and ultimately steal sensitive customer information.



One solution to preventing these access control vulnerabilities could have been systematically modeling, testing, and verifying their access control policies. In doing so, these organizations would’ve have been able to analyze the effectiveness of their access control security and potentially identified these vulnerabilities before the cyber-attackers did.

Had the NSA systematically modeled, tested, and verified their access control policies they may have seen in their verification results that this “need to know” logic was highly exploitable. The DNC attack may have been prevented had the DNC systematically tested their access control policies and identified that their current access control logic to be weak, in that adding a Condition for two-factor authentication (e.g., location, code verification, etc.) would fortify their security. In the event of the Target leak, access control policy verification may have provided the logic visualization they needed to realize their access controls for third-party partners were much too frail.


Security Policy Tool is the one-of-a-kind solution that gives this power to organizations. It delivers robust access control policy modeling, testing and verification features that help organizations prevent access leaks due to misconfigured policies. Security Policy Tool is not directly located within the typical access control framework; it is a standalone tool for verifying that access control policies are free of errors. Security Policy Tool provides key value in empowering enterprises to bolster their access control security while also saving them time and cost in the process. After verifying their modeled policies are secure, organizations can export (via XACML) their newly verified policies to deploy into the access control system they use. Also included in Security Policy Tool is an advanced and intuitive XACML Editor.

Sign up for an account at and download the Lite Version, free to today! Close the door to Access Control Leaks with Security Policy Tool.


Shu, X., Ciambrone, A., Tian, K. and Yao, D. (2017). Breaking the Target: An Analysis of Target Data Breach and Lessons Learned. [online] Available at: [Accessed 29 Aug. 2018].