Saturday, May 2, 2020

Information Security Russian Hackers

Question: Describe about the Information Security for Russian Hackers. Answer: A.1) Problems statement The article is related to the story published in Data breach about The New York Times targeted by Russian Hackers. This newspaper mainly covers news stories about antagonized countries like Russia, China. Therefore it is very much obvious that spies of these countries will keep check on the reporters of this newspaper (New York Times Reportedly Targeted by Russian Hackers, 2016). China has warned Time about the consequences they would face due to revolutionary actions. According to their sayings they have hacked the network of Times through adding malware to their server. In this incident all the data related to corporate passwords and user details were hacked through this attack. Almost email and passwords of 53 employees were hacked during this attack. After this scenario Russian hacker are also willing to attack their system according to the spies of Times. They have targeted dox NYT employees. In early 2016 this paper published an article about a sophisticated laboratory run by R ussian that was aimed to conceal Russian athletes use of banned substances (New York Times Reportedly Targeted by Russian Hackers, 2016). According to the chief editor of Times it was clear that these threatening emails are not signs of attack these are just a mare trick to know about those contacts with which Times was communicating and what their conversation was about. These aspects made Times think about security of their reporter as the previous attack has stolen most of their important data regarding Russia and china. In spite of these incidents reporter were constant to their decisions to find fraudulent among Russian events and they want to recognize Russian spies. A.2) Process of attack The New York Times was challenged by attacks initiated by Russian hackers so as to take revenge of the reports they have published against Russia. At the first of stage of the attack Times was assuming that those massive attacks was operated by China as in 2015 they have intended another attack for hacking their entire server (New York Times Reportedly Targeted by Russian Hackers, 2016). After several research and investigation done on attacks recognized in 2016 it was clear that Russian spies were keeping check on the reporter of Times and they were not only controlling their system, email Ids but also noting their positions and keeping check on their contacts. During attacks in between 2015 and 2016 it was rated the massive one among all. Around 53 employee email IDs and passwords were hacked by Russian hackers (Allam et al., 2014). The problematic situation rose that the Russian hackers was trying to track the reporters of Times that results into the cyber- attack on 2016. Accordi ng to the research done on this cyber- attack, it was found that hackers were utilizing special tracking system for noticing the instant position of reporters. In addition to this, not only the reporters were tracked but also their contacts were getting tracked by hackers. This incident impacted massively on reporter of Times, as a result of which they could not stop writing against Russian spies and hackers (New York Times Reportedly Targeted by Russian Hackers, 2016). This step was intentionally taken to attack Russian hackers by the power of media. A.3) Possible Solutions There may be several resolution techniques possible against these massive breaches. These are mainly related to the information security system (Cardenas et al., 2012). Following are the concerned techniques to resolve these cyber breaches: Improvisation of information security techniques: Every organization and individual should obey these rules to protect their data from hackers (Layton, 2016). In case of individuals they should create their own security questions that may protect their system in a better way. As a result of which the hacker may not be allowed to guess or track those security questions set by users. In case of organizations or in case industry specific applications, there may platform independent cloud services that will prevent these systems from hacking (Gordon et al., 2015). Cloud services provide better security than any other platform in real time applications. Use of modernized tracking systems: Modernized tracking systems will help Times to prevent further cyber- attacks (Posey et al., 2014). At the first stage of attacks Times was not clear about hackers. There specific location was not clear to Times. Lack of security measure and conventional tracking system made Times inefficient while recognizing hackers position. Improvised motoring techniques will not only make them perfect in case of preventing hacking but also assures their consumers and employees that their data registered with their organization is safe (New York Times Reportedly Targeted by Russian Hackers, 2016). This aspect will improve brand value of Times. Part B: 2015 Anthem Medical Data Breach Case Title: Health Insurer Anthem Hit by hackers (Source: Yadron, 2015) Referred to appendix 2 B.1) Problems statement The article elaborated about the information security issue happened with giant healthcare Anthem. Almost 80 million consumers have lost their data due to this data theft. This was noted as the largest data breach in the year of 2015 (Rhee et al., 2012). Spokesperson from Anthem said that the data breach revealed most of the customer information to the hackers, such as: names, birthdates, account details, social security numbers and medical information of consumers. This incident not only impacted upon the consumers of Anthem but also make changes upon trustworthy relationship between consumers and Anthem. There were several consumers those were suffering from critical identity theft only due to lack of information security system in Anthem. In addition to this, modern approach of hacker for making Anthem fall against them makes the hacking possible (Siponen Vance, 2014). The hackers used almost all financial and other consumer related data for their own profit in the black market ac cording to the researches done this matter. According to investigators involved in case of Anthem hacking said that, this attack was sophisticated and very advanced in nature, due to that the weak technological support of Anthem could not get the hackers (Yadron, 2016). FBI was investigating in this case for further results and to find the concerned hackers involved in this massive attack. B.2) Impacts on victims According to investigators there are three actors in this incident who were affected due to this incident: Anthem, Consumer and Hackers. All of the positive and negative impacts are described as follows: Impact on consumers: Anthem hack made the world shocked with the severity of the damages occurred due to this. Almost 80 million consumers and 40 million company related data were stolen (Yadron, 2016). Anthem was challenged by data theft, impact of that only making the consumers restless as they were facing identity crisis (Van Deursen et al., 2013).This aspect impacted on the social world as well as in technological world. Almost 37.5 million payment details were stolen by this attack. Impact on Anthem: Anthem was suffering from critical situation as all of their customers have lost faith on them due to data theft (Teymourlouei Jackson, 2016). Most important fact was that the organization was losing their position in the marketplace due to severity of damages due to data theft. This incident not only reduced their fame in the marketplace but also affected their future aspect (Syed Dhillon, 2015). According tothe CEO of Anthem, Anthem has yet to demonstrate a path towards restoring this trust. Impact on Hackers: Among all the actors of this incident, hackers were only one who never suffered from any challenges due to this attack, in spite of that they were gained profit by stealing those data (Van Deursen et al., 2013). Financial information stolen in this incident was sold in the black market to maximum profit from that. In addition to this, investigators were expecting that there may be another reason or this incident: hackers may be intended to make Anthem feel their fall in healthcare industry. B.3) Process of attack According to Mr. Miller, a spokesperson from Anthem said that the information security department recognized the attack when in last week database queries were running automatically without the administrator password (Yadron, 2016). In addition to this, the system administrator did not enter his identifier code but the system was being operated by some other server. This incident recognized the attack but the hackers were using so much of advanced technologies that security team of the Anthem did not locate their position while considering their sever location (Vance et al., 2012). Information security team of Anthem once located the server position of hackers but it was just an illusion that makes them confused with their real position and hackers got sufficient time for being moved to another location before the Anthem security team could reach them. The total incident happened in a short period of time that security team could not recognize the actual perspective and location of t hem (Yadron, 2016). Anthem faced massive challenges due lack of security back up and contingency plan at that moment with them. This impacted on their concerned market position as well as to their consumers. B.4) Preventive measures There may be several aspects that may suggest the recovery of problems identified in the Anthem attack. Anthem took some steps to prevent these attacks as well protected their system from further massive attack s like this. These steps are discussed as follows: Password Management: Anthem had reset the entire user and employee password with a single that can only be accessed by the authority (Allam et al., 2014). This aspect reduced the chances of further hacking over their network. Only one pass word was there by which all data would be accessible through Anthem server. Implement Server Based Platform: Anthem introduced a new web server based platform that was helping them to observe him problems their consumers were facing (Armerding, 2012). This step made their future risks reduced as they would be now getting all the tracking details from user server. Implement Firewall Method: They built a firewall with proper security method for their open server that will track the harmful operations that may harm their network, which helps them to recognize the hacking possibilities. References Allam, S., Flowerday, S. V., Flowerday, E. (2014). Smartphone information security awareness: A victim of operational pressures.Computers Security,42, 56-65. Armerding, T. (2012). The 15 worst data security breaches of the 21st Century.COS Security and Risk. Cardenas, J., Coronado, A., Donald, A., Parra, F., Mahmood, M. A. (2012). The economic impact of security breaches on publicly traded corporations: an empirical investigation. Gordon, L. A., Loeb, M. P., Lucyshyn, W., Zhou, L. (2015). The impact of information sharing on cybersecurity underinvestment: a real options perspective.Journal of Accounting and Public Policy,34(5), 509-519. Layton, T. P. (2016).Information Security: Design, implementation, measurement, and compliance. CRC Press. New York Times Reportedly Targeted by Russian Hackers. (2016).Databreachtoday.in. Retrieved 25 August 2016, fromhttps://www.databreachtoday.in/new-york-times-reportedly-targeted-by-russian-hackers-a-9357 Posey, C., Roberts, T. L., Lowry, P. B., Hightower, R. T. (2014).Bridging the divide: a qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders.Information management,51(5), 551-567. Rhee, H. S., Ryu, Y. U., Kim, C. T. (2012).Unrealistic optimism on information security management.computers security,31(2), 221-232. Siponen, M., Vance, A. (2014). Guidelines for improving the contextual relevance of field surveys: the case of information security policy violations.European Journal of Information Systems,23(3), 289-305. Syed, R., Dhillon, G. (2015). Dynamics of Data Breaches in Online Social Networks: Understanding Threats to Organizational Information Security Reputation. Teymourlouei, H., Jackson, L. (2016, January).Detecting and Preventing Information Security Breaches.InProceedings of the International Conference on Security and Management (SAM)(p. 304). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp). Van Deursen, N., Buchanan, W. J., Duff, A. (2013).Monitoring information security risks within health care.computers security,37, 31-45. Vance, A., Siponen, M., Pahnila, S. (2012). Motivating IS security compliance: insights from habit and protection motivation theory.Information Management,49(3), 190-198. Yadron, A., (2016).Health Insurer Anthem Hit by Hackers. [online] WSJ. Available at: https://www.wsj.com/articles/health-insurer-anthem-hit-by-hackers-1423103720 [Accessed 25 Aug. 2016].

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.