Niharika Sherigar
Jan 22, 2017
Information Security in Public & Private Sectors – Lab 1
Current Event 1: 3 Lessons from The Yahoo Breach
Link:
http://www.darkreading.com/endpoint/3-lessons-from-the-yahoo-breach/a/d-id/1327916?_mc=RSS_DR_EDT
Summary
Yahoo, a multinational technology company, becomes a victim of data breach, despite having perimeter defenses to secure their network.
Confidentiality
Over 1 billion user accounts were affected by the data breach that was reported in December of 2016. Data like the customer’s names, email addresses, phone numbers, security questions and answers, date of births and passwords were exposed to the hackers.
Integrity
No breaches in integrity were reported. But the hacker had been collecting user data for some time and had been selling this data since 2015. Also, this incident could have had worse consequences in that the hackers could’ve misused financial and account data of the users.
Availability
Availability of the system was not directly affected. The hackers managed to stay in the system for a very long time and they communicated in the normal flow of network traffic. The affected users were informed and they were asked to change their passwords immediately. They were also asked to change their security questions and answers.
Resolution
There was a lack of automated threat detection mechanisms. Even though Yahoo! had perimeter defenses in place, since they were not automated, they were unable to make point-in-time decisions to block malicious content. Threat detection intelligence needs to be updated frequently in order to detect attacks early.
References
http://www.darkreading.com/attacks-breaches/1-billion-users-exposed-in-another-record-breach-from-yahoo-/d/d-id/1327730
Current Event 2: JPMorgan Hack: One More Pleads Guilty For Operating Bitcoin Exchange
Link: http://www.darkreading.com/careers-and-people/jpmorgan-hack-one-more-pleads-guilty-for-operating-bitcoin-exchange-/d/d-id/1327937?_mc=RSS_DR_EDT
Summary
JPMorgan Hack was disclosed in September 2014, which affected over 83 million user accounts. The hacker operated an unlicensed bitcoin exchange company and was able to exchange millions of dollars into bitcoins. There were other offenses including security frauds, wire frauds and identity theft.
Confidentiality
The hackers were able to obtain information of 76 million households and 7 million small businesses. This information included names, addresses, phone numbers and email addresses of the customers. The hacker used the unlicensed bitcoin exchange company, coin.mx, to process payments using the victim’s identity, and he pocketed 7.5% of the transaction fee.
Integrity
The hackers stole the identities of the customers to set up trading accounts around the world to launder money. Though there was no direct breach of data integrity, the hackers could have manipulated the customer data, which in turn would have affected the availability of the system.
Availability
Availability of the system was not directly affected. JPMorgan was able to halt the issue in the middle of August. There was no evidence that the customer data was compromised, so the bank did not ask its users to change their passwords.
Resolution
The company should regulate the laws that govern third party used of the customer data and how they store it. Security is generally not full proof. But customers can also play a part in monitoring the security of their accounts. They should check their accounts and statements regularly and immediately report any abnormal transactions that they observe.
Current Event 3: White House Announces Retaliatory Measures For Russian Election-Related Hacking
Link: http://www.darkreading.com/threat-intelligence/white-house-announces-retaliatory-measures-for-russian-election-related-hacking/d/d-id/1327809?_mc=RSS_DR_EDT
Summary
The US government made a public announcement in October stating that they were confident Russia stage-managed the hacking of the Democratic National Committee and other political organizations of the Democratic Party. The CIA stated that these attacks were aimed at damaging the chances of the Democratic Party in the presidential race.
Confidentiality
The hackers were able to obtain the contents of emails of the members of the Democratic Party. The hack resulted in a public release of these emails, which exposed damaging truths about the Party and its then presidential nominee, Hillary Clinton, thus aiming to hurt her chances in the race.
Integrity
There was no report of a direct breach of integrity. It is possible that the hackers could’ve altered the content of the emails and then released it to the media to mislead the public, but no evidence was reported to support the same.
Availability
Since only emails of the members of the Party were compromised, the availability of the system was not affected. It is possible that the members may have changed their passwords or created new email addressed and continued their activities.
Resolution
President Obama signed an Executive Order which would permit the Attorney General and Secretary of State to issue sanctions against attackers behind any cyber-crime or cyber-espionage.
References
http://www.cnn.com/2016/12/12/politics/russian-hack-donald-trump-2016-election/
Current Event 4: Dangerous New Gmail Phishing Attack Gaining Steam
Link: http://www.darkreading.com/attacks-breaches/dangerous-new-gmail-phishing-attack-gaining-steam/d/d-id/1327914?_mc=RSS_DR_EDT
Summary
Gmail became susceptible to a new phishing scam that is so effective, even tech savvy users are being tricked into becoming victims of this kind of scam.
Confidentiality
The phishing technique used by hackers enables the creation of a fully-functional login page for signing into Gmail that looks exactly like the Google’s sign-in page. Once the user signs in on the phishing page, the account gets compromised. The users account information (anything that he/she shares like date of birth, address, etc.), linked accounts and passwords are exposed to the hackers.
Integrity
Once the hackers get the user account information, they have full access to the users emails that were sent and received. The hackers can then change the content of emails or compose emails with fake information and send it out to the users contact list, thus victimizing them. They can also steal the identity of the user to commit other frauds/crimes.
Availability
The availability of the system is not directly compromised. The hacker can change the password of the user, whose details were obtained, hence, keeping the user from accessing his/her account.
Resolution
Companies and households need to be proactive and train themselves to recognize a scam or phishing attempt when it appears. Gmail also has the feature, two factor authentication, which can prevent the attacker from gaining access to the users account unless they know both the factors that unlock the users account.
References
http://www.forbes.com/sites/leemathews/2017/01/16/gmail-phishing-attack-targets-your-contacts/#1b1884251f9d
Current Event 5: Unauthorized Access Breach Raises Many Questions
Link: http://www.databreachtoday.com/unauthorized-access-breach-raises-many-questions-a-9645
Summary
In 2015, CoPilot was involved in an incident that compromised the customer database that stores information about insurance eligibility to receive certain medical care.
Confidentiality
The CoPilot database, which contains insurance eligibility information about patients was compromised. This breach exposed information such as patient name, date of birth, address, phone number, SSN and insurance information of over 220000 patients.
Integrity
There were no reports of an integrity violation of the obtained data. Based on the investigation conducted by the company, it was reported that no financial or medical information was accessed by the hackers for identity theft or any other fraud. The attackers could have misused this data for financial gain.
Availability
Since the attackers did not actually steal the patient information, the system was available to the physicians to figure out whether the patient is eligible for insurance coverage or not. The hackers could have changed the database credentials and prevented the physicians from accessing patient information.
Resolution
CoPilot was proactive and provided guidance to their patients and physicians as to how they can protect themselves from further attacks like these. They also implemented K2 Intelligence technologies to monitor their databases and prevent further attacks. The company should also invest in automated fraud detection mechanisms that can help make point-in-time decisions to stop attacks.