CASE Study and social schiences PDF

Preview

Summary

just to help my fellow students in their studying...

Description

EBay Data Breach 1 CASE STUDY: EBAY DATA BREACH By

Name of the Class (Course) Professor (Tutor) Name of the University The City and State of University Date

EBay Data Breach 2 ABSTRACT The eBay attack is arguably one of the major data breaches of the 21 st century. It is said to have occurred due to leakage of employees’ credentials because of a breach method called spear phishing. The employee’s information was compromised using the method named above. This attack can be evaluated based on computer security principles. Such computer security that can be applied include authentication, and software protection. This is because such computer security principles were overlooked by the eBay cyber security experts and hence hackers exploited these loopholes. The consequences of the attack were heinous and rigorous since the attackers were able to access the employee’s information. This attack proves that computer security for any firm is inevitable. Introduction It is evident that attackers gained access to employees’ information sometime in February 2014 and made away with millions belonging to user accounts. Surprisingly this remained a secret until early May, 2014 when it was discovered that the breach had occurred. eBay utilizes the online platform to link businesses to consumers and also consumers to consumer’s sales and thus it is a multi-billion dollar industry. The payments are done through PayPal and thus everything is done online. This company is at the top when it comes to the shopping and auctioning industry. Since all transactions are made online, it is evident that eBay faces threats related to cyber security. Thus it is important to have to work cyber security to monitor such threats and counter them All the laid framework that can be used to counter cyber-attacks is referred to as cyber security. It entails the technology, systems, and design processes aimed at monitoring and

EBay Data Breach 3 countering attacks from hackers in the e-commerce sector. Losses can be incurred from a cyber attack and thus it is of utmost importance to hinder such an event of loss occurring by putting cyber security systems in an organization. Serial numbers and alarms can be used to protect computer hardware because they also can be susceptible to such kind of attacks. There are four main threats facing computer information. Viruses can destroy information on a computer. Information on a computer can also be exploited by frauds such as when bank employees make secret transactions to their private accounts. Personal information can be accessed on a computer leading to a breach of privacy. Computer information can be stolen by people who want to blackmail other people in the case of the military industry where information may be accessed and stolen for various political reasons. The user’s privacy was breached in the case of the eBay attack. Computer security should be a priority when setting up any organization to prevent such threats from occurring in this era. The organization’s information should always be monitored by computer security experts deployed by the organization. Computer security was started in the 1960s and has ever since been of great importance to any firm. The emergence and growth of people owning personal computers and laptops have led to organizations realizing the importance of cyber security since the 1980s. Malicious internet users have acquired private computers that they are using to access private networks. Millions of attackers are now targeting big companies with the growth of strong internet connections and knowledge on how to breach systems. This has led to increased threats on big companies and corporates in the world and it is never safe again to have an organization without installing proper computer security systems. There are various cyber-attacks that have occurred in this era the eBay attack is just one of them.

EBay Data Breach 4 This paper is going to analyze the computer security principles and what could have been in place to prevent the eBay attack. Literature Review The ebay attack was the worst cyberattack that hackers utilized for their own personal gain. To make it worse it was realized later than expected. We can explain what occurred during the attack using knowledge from computer security principles. We have to knowledge that will help us describe the vulnerabilities that were exploited by the attackers and the method used to execute the attack. Assessing the documented work related to computer security can be of help when understanding the specific areas that any organization deals with in the cyber space should put in place when creating a secure working environment. a.

Fundamental Concepts of Computer Security

According to Sutton (2017), computer security largely involves a combination of practices, tools, standards, policies, and strategies that can be taken to reduce or otherwise prevent cybercrime. Cyber threats generally refer to intellectual property threats, identity theft, fraud, terrorism, and espionage among other external and internal aspects related to technology. I.

Implications of Cyber Attacks/threats to Cyber security

Sutton acknowledged that the consequences of cybercrimes can be demystified according to the group in which the attack fits. General cybercrime can be used to classify crimes related to the loss of intellectual property. This is because such a crime leads to a reduction in the value of the lost or compromised information. There are other illegal acts such as stalking people online or bullying them, such acts can be classified as cyber harassment. There are other crimes that can result in a reduction in the competitive

EBay Data Breach 5 advantage of businesses and such crimes are usually perpetrated by politicians. They include cyber espionage and warfare and they are usually targeted at sprawling political inclination. II.

Realms of cyber security

The security constituents can be divided into several categories making it easier for companies to understand which component best works for them and therefore make a choice when creating their cyber security systems. Some of the categories include data, applications, software development and forensic analysis just to name a few. The component if data security provides a highlight of the things that should be prioritized to prevent data from being breached by unauthorized personnel. Other components such as application and network security come in handy when the integrity of software and putting up fine gran control for organizations and the consumers of given services. Another component that ensures that evidence associated with cyber-attacks is preserved is called forensic analysis. III.

Confidentiality, Integrity, and availability company’s Security policy is built on these core values since they are critical in the

architecture of the cyber security systems that a company chooses to work with. Data should be confidential that is why the component of confidentiality is of importance in cyber security, once the confidentiality is breached, security is as breached. Confidentiality makes sure that data does not fall into the hands of unauthorized individuals. Establishing a strong security policy ensures that confidentiality is not breached at any point. There is a concept of data integrity that ensures accuracy in data transfer in that it ensures that all transactions made are correct and reliable.

EBay Data Breach 6 Confidentiality is often unintentionally breached in most instances. Tracking every activity in an organization may help in ensuring there is data integrity. It is always convenient to provide data whenever needed by relevant stakeholders and that’s why the concept of availability is key when developing cyber security policies. This can be achieved by creating highly available architecture in the security policy to ensure availability. b.

Identity, Authentication and Access control

To adequately and efficiently prevent a cyber-attack such as that of eBay breach it is essential to understand the methods of verifying the identity of individuals in a company, both users and gadgets before including them into the company’s network. According to research, it is imperative to know how the techniques can be applied to hinder access levels for users. Cyber attackers always utilize every level that they gain access to and that is why it is important to ensure level restrictions in the network are in place. Identity and trust as some considerations that an organization should put into place when recruiting a user into their network. This can be done by creating a system that prompts users to validate their credentials every time they access the organization’s network. The company should also ensure that users’ information is safeguarded to gain the trust of the users that their credentials are safe. The process of validating the user’s information before allowing them into the network is called authentication. It is done to ensure that the network is only accessed by authorized individuals. A company should use multifactor authentication rather than a single intrinsic factor for the user. By using full-proof authentication, a company’s authentication is safer.

This full-proof authentication requires that an organization

EBay Data Breach 7 prompts the user to use a password and maybe their fingerprints when trying to access the network. Establishing authentication methods that are ownership-based and knowledgebased ensure that the firm is able to identify every user successfully and hinder unauthorized personnel. Access control methods can be employed to further strengthen the company’s security since they help limit the devices and users that can be used to access information regarding everything in the company. We have discretion access control that permits the owners of resources to limit or dictate which people can gain entry into the network and those that cannot. Role-based Access Control (RBAC) makes it easy to control access based on a user's role or function that you may be assigned to perform. Based on the law and compulsory access control other access control strategies may allow access tools of the predefined rules and user approval levels respectively. c.

Cryptography

The needs of individuals in the company can be met by encrypting and decrypting data to suit what each person needs in the organization. This process is called cryptography and it is the basis of cyber security in this modern era. Encryption and decryption are revolutionary in cyber security since they allow the organization to store information in a manner that is difficult for third parties or malicious individuals to understand the content if the information. Rather than transmitting information in written texts, this concept allows for data to be transmitted in formats that are almost impossible to understand by third parties. These formats include hidden formats and ciphertexts. Substitution ciphers were established in the 1960s. This algorithm allows both parties to swap plain text information into discrete formats only accepted by parties involved. This method was used by Caesar Cipher and Vigenere Cipher in transmitting information

EBay Data Breach 8 between themselves. This method was adopted and reinvented into a developed and more effective transposition ciphers. d.

Encryption, Digital Signatures, and Digital Certificates.

These are the components used in technology that allow data to be encrypted and decrypted. These components make it easier to carry out cryptography. Their symmetric and asymmetric keys can be applied in digital encryption. In symmetric encryption, a similar key is utilized in encrypting and decrypting data. This ensures that the speed at which encryption or decryption of data is high and efficient for any company that uses it because it can manage larger volumes of data at a go. This component is of help because it also allows for confidentiality to be maintained. Asymmetric key encryption utilizes two keys in cryptography. One key requires the other key in transmitting data in an encrypted or decrypted form in that when one key encrypts the other key decrypts. The keys of asymmetric key encryption are private and public. Asymmetric key encryption has the benefit of ensuring proper security and removal of the keys from a compromised environment in case of an attack. There are examples of data encryption algorithms that exist in the modern era such as data encryption standards and advanced encryption standards. Asymmetric algorithms include Rivest-Shamir Adelman and message digest also referred to as MD4. e.

Network security, viruses, and malware.

One of the essential components of cyber security is network security. According to Humayun, a firm’s network is the element that attracts a lot of work when it comes to securing systems from cyberattacks since it forms its basis. Open system interconnection layer framework should be studied to understand both software and hardware elements

EBay Data Breach 9 since its key in planning and strengthening network security. There are layers at every point in communication within any network. Any vulnerability in these systems can be exploited by the cyber attackers to their benefit. BGP hijacking for example can be utilized by hackers because it has a vulnerability of not carrying out verification of the legitimacy of autonomous systems. DNS exploits are usually utilized when there are vulnerabilities in the DNS that is why it is essential to understand the concept used by OSI model. Malicious software can be transmitted over insecure networks to steal or explore the systems in relation to the needs of the hacker. This malicious software are called malware. This malware is in different forms such as Botnets and Ransomware. Malware such as Adware cannot be classified properly such as malware. A great example if of Web tracking cookies. They are considered to be legitimate when a user voluntarily signs into them. Sometimes these web tracking cookies can be used on a user without their knowledge and consent. DDoS is mainly utilized by Botnets to cause denial of service attacks on users. There are other attacks where hackers use Ransomware and get hold of information of a firm until their demands are met. f.

Intrusion Detection and Defense measures

Defensive measures are key when creating a cyber-security system in an organization since cyber attacks are an imminent threat to any company. There have to be systems that monitor the network and detect threats that can translate into attacks if not dealt with. Attackers normally have to get access to a network through a number of phases according to Kenkre. They start by finding potential entry points into the system and then the vulnerabilities that can be put into use for their gain in the system. This is

EBay Data Breach 10 done by reconnaissance study which can be internal or external. External reconnaissance is done using social media or any method of surveying the security of a company to identify vulnerabilities in the systems. Internal reconnaissance of the other hand involves using malware and other scanning tools to detect vulnerabilities in the company’s systems of the target. The attackers then go a notch higher in ensuring that they gain control of the system. What follows next is data exfiltration meaning that the attackers have gained full control of the systems and can now decide to conduct their activities and then leave with no trail or just bring down the system. Proactive cyber security ensures that there is intrusion detection so that such kind of threats are dealt with before they cause any harm to the organization. A proper intrusion detection system should be able to detect threats and notify the owners of the organization or cyber security experts before any attack can materialize. g.

The eBay attack.

A post published by The Washington Post detailed a report on the breach at eBay that happened between February and March 2014 and remained unknown until May 2014. The cyber attackers managed to get access to the credentials of employees and then used them in conducting their attack on eBay’s network. They also gained access to the user’s databases. 145 million user accounts were exploited in total according to a report done by eBay. There was a delay of about 2 weeks between the time eBay learned about the attack and the time when they notified their users to change their passwords. Research done by Sidhu and sakhuja & Zhou cyber researchers claims that eBay notified their users about the issue via marketing platforms, emails, and its site communication platforms. This delay in communication stirred an uproar from different stakeholders.

EBay Data Breach 11 The user credentials compromised during the attack includes the customer names, dates of birth, phone numbers, and email addresses including mailing credentials. The attackers also gained access to the user’s passwords but they were in an encrypted format. No information regarding the financial condition of eBay was accessed from the database since it did not contain any financial information that could help the attackers. The PayPal information of users was compromised at the time eBay notified their users of the attack. The information in relation to PayPal included both financial and personal information. It is fortunate that information related to PayPal gets stored in an encrypted format and in more secure database. The managers of eBay had confidence since their customers trust them. DISCUSSION AND ANALYSIS Tyler Shields, a security analyst at Forrester Research, stated that the amount of time attackers spent on eBay's network was frightening (www.databreachtoday.com, n.d). The attack was found in early May, as previously stated. Despite the fact that the attack lasted from February to the beginning of March of 2014, that is shocking. Attackers have been in a corporation's network for a long period, which raises a lot of problems. The methods they used to obtain access, the vulnerabilities they exploited, their intents, and what they did were all revealed. a.

Methods cyber attackers used to Breach eBay Hackers have their playbooks when it comes to carrying out cyber attacks just

the same way other people in different industries have their own strategies used in their daily activities. Cyber-attacks have re-invented their methods of conducting cyber-attacks because there are technologies in this era that make it hard to them to

EBay Data Breach 12 easily get away with their attacks. The techniques used by cyber attackers are more sophisticated nowadays but they are built around the basics such as the use of malware and social engineering. These basic hacking methods have been proven to be successful. Cyber attackers often use a combination of several hacking methods to successfully carry out a cyberattack like the case of the eBay attack where I believe the attacker used both social engineering and phishing to fully execute their attack. The attackers behind the eBay breach did not opt for other conventional hacking methods such as DDoS and malware attacks. There are common hacking methods that attackers often use in their attack and they include application on malware when trying to gain control of a firm’s network/systems and then further goahead to establish control and carry a successful attack. malware is often used as the starting point of any attack as already discussed. The malware conduct a lot of actions such as monitoring keystrokes to secretly gaining access to sensitive information and stealing the information and giving the attackers an upper hand. The malware is often attached to computers and when the users mistakenly click such attachments, the hackers began monitoring the system. The malware may be attached to downloaded content or emails. DDoS often have a way in which they transmit too much traffic to a system so that the ...