Computer Security Breach: VTech And JPMorgan Chase Hack Essay.

Problem Description

VTech is a Chinese company that deals in the manufacturing and production of electronic toys. The company became victim to a massive security breach in November 2015 in which millions of records were hacked by the attackers.

VTech witnessed a massive security breach in the year 2015 in which 4.8 million records of the parents and the children were acquired by the hacker. The details that were present in the records included the user credentials, security questions and answers, names, email details, IP addresses and gender of the children and the parents. It was reported that the information associated with the credit cards and other modes of payment was not hacked by the attackers (Carolina, 2015).

The mode of attack that was used in acquiring the records from VTech through unauthorized measures was SQL injection. It is a type of the security attack that is performed by making use of malicious SQL statements and queries to extract information from a particular database. The same form of attack was executed on the database of VTech and the information associated with the parents and children was acquired by injecting malicious SQL queries in the database. Structured Query Language (SQL ) is a query language that is used to perform operation such as insert, delete, update, search and many more on the databases and relational databases.

The attack that took place on the database of VTech was a data integrity and data confidentiality attack in which the property of the information that was stored was violated. The malicious SQL statements succeeded in the retrieval of information from the database. The primary reasons behind the occurrence of such an attack are the inadequate and insufficient security measures that are installed in the organization. The case was the same with VTech as there were security loopholes present in the database structure of VTech which allowed the attackers to gain unauthorized entry to the database.

There are various solutions that can be applied in order to put a check on the SQL injection attacks and other information security attacks that may violate the information properties.

Authentication and access control are the basic forms of security measures that must be implemented in order to prevent the security risks and attacks. Multi-step authentication along with enhanced form of access control should have been installed and set up at VTech to enhance the basic security architecture at the organization. Use of dynamic SQL shall also be avoided to minimize the risk of SQL injection attacks and the use of parameterized queries and stored procedures shall be encouraged (Tajpour, Ibrahim, & Masrom, 2011). There are newer forms of SQL injection attacks that are being developed by the attackers on a daily basis. It should therefore be ensured that updates and patches are applied on the database structure along with the installation of the same. Such practices will prevent the vulnerabilities and risks that are associated with a particular version of the database. The database of the organization such as VTech are accessible to a number of different users that may fall in to varied user categories such as customers, employees, stakeholders, partners and many others. The user privileges cannot be generalized and therefore user roles and privileges shall always be defined in the databases. Such privileges will put a check on the security attacks such as SQL injection as the information visible to a particular user type will be authorized in nature. Also, there are insider attacks that are generally observed in security breaches like the one at VTech which will also be reduced with such a practice. Reduction of the attack surface by reducing the size of the data packets along with reduction of the attack window are also some of the measures that prove to be extremely applicable in case of the SQL injection attacks (Dehariya, Kumar, & Ahirwar, 2016). Setting up of firewalls is another security measure that can be taken in order to prevent and control the security risk such as SQL injection attack. Firewalls help in filtering of the malicious content and also put a check on the malicious activities and therefore enhance the overall security of the system. Setting up of firewalls on the access to the database will also make sure that malicious SQL statements are not injected by the attacker (Kolhe & Adhikari, 2015).

Security Attack – Type

SQL injections and other forms of information security attacks can also be controlled with the help of authorized monitoring and auditing. The information will get recorded in the form of data logs and any deviation in the regular path will be generated in the form of alert which would allow the database administrators and security experts to enhance the security architecture (Zhang, 2011).

There have been many hack cases in the past and JPMorgan hack case that impacted the American bank along with eleven other U.S. banks and financial organizations from the year 2014 and mid 2015 is one of the massive occurrences in history.

JPMorgan Hack case occurred in the year 2014 in which 83 million records that covered 73 million households and over 8 million small businesses were impacted. It is considered to be one of the massive information security breaches in which the personal information of the users such as their names, email details, phone numbers and postal addresses were acquired by the hackers. However, the login information such as the user credentials and the social security numbers were not captured in the attack (Leyden, 2014).

Along with the JPMorgan Chase, there were several other banks and financial institutions that were affected by the hack case. The personal information of the users of the bank was stolen by the attackers along with the Fidelity Investments group. There were nine other banks and financial corporations that reported of the impacts of security breach and these organizations comprised of Citigroup, E*Trade, HSBC Holdings along with Regions Financial Corporation. It was also reported that the payroll-service firm Automatic Data Processing (ADP) was also affected by the case (Kitten, 2015).

All of these banks and organizations had the business connections with JPMorgan and the information was frequently exchanged between one organization to the other. The hack case that took place at JPMorgan also exposed the information that was associated with these organizations and the personal information of their clients was put at risk. The data was stolen by the attackers which negatively affected the information confidentiality, privacy and security.

JPMorgan was working towards upgrading of the authentication system that was followed at the organization by converting it in to two-fold authentication. However, there were security loopholes that were left during the process on an overlooked server. The network engineers failed to upgrade one of the network servers of the organization. Such a security loophole led to the unauthorized access to the hackers in the system without the requirement of a multi-step authentication in the form of password and a one-time security code.

Hackers made used of the security loophole and compromised access in order to gain entry in to the insecure server.  Once the initial entry is acquired to the systems, it becomes easier to gain access to the further components of the system which was done in this case as well. 

There are a number of countermeasures that could have been applied in order to control the damage that resulted out of the security breach of JPMorgan.

Possible Solutions

The major cause of the hack was the security loophole that was present due to the error made by the network engineers. All of the activities that were carried out at the organization should have been backed by a review and inspection process to make sure that there were no defects or deviations present. Such a practice would have highlighted the presence of an unsecure network server and would have also prevented the attackers from gaining entry to the system.

Multi-step authentication is an enhanced form of security that was being applied at JPMorgan to control the access of the users. Identity and access management are therefore essential tools and processes that shall be used across all the access points of the organization as well as the system to make sure that any form of unauthorized access is prevented. Setting up of firewalls is another security measure that could have been taken in order to prevent and control the security hack such as the one that took place at JPMorgan. Firewalls help in filtering of the malicious content and also put a check on the malicious activities and therefore enhance the overall security of the system. Setting up of firewalls on the access to the system would have made sure that malicious entry was not made by the attacker (Bella, & Bistarelli, 2005).

Intrusion detection and prevention along with network monitoring tools have been created by the developers and technocrats to put a check on the information security attacks. These are the automated tools that get installed on a particular system and keep an account of all the activities that are executed on that system. Any form of deviation or a malicious activity is immediately informed to the system administrators and network engineers in the form of alerts. These tools could have been used by JPMorgan as these would have created alerts for the system administrators of the organization. As soon as the unauthorized entry was gained by the hackers, it would have been recorded in the logs and the information would have also reflected on the monitoring tools. It would have therefore provided the system administrators with the ability to understand that there was a deviation attempted.

It is necessary for the organization like JPMorgan to make sure that the information that is stored in their database and present on their systems is kept secured at all times with the use and application of basic and advanced security measures. The information that these organizations deal with is extremely private and confidential in nature and therefore attempts shall be made to avoid any of the security risks and threats.

References

Bella, G., & Bistarelli, S. (2005). Information Assurance for security protocols. Computers & Security, 24(4), 322-333. https://dx.doi.org/10.1016/j.cose.2004.10.004

Carolina,. (2015). Hackers Steal Parents, Kids Data in a Massive Data Breach on Toy Manufacture. HackRead. Retrieved 30 March 2017, from https://www.hackread.com/hackers-steal-toy-store-parents-kids-data/

Dehariya, H., Kumar, P., & Ahirwar, M. (2016). A Survey on Detection and Prevention Techniques of SQL Injection Attacks. International Journal Of Computer Applications, 137(5), 9-15. https://dx.doi.org/10.5120/ijca2016908672

Kitten, T. (2015). Charges Announced in JPMorgan Chase Hack. Bankinfosecurity.com. Retrieved 30 March 2017, from https://www.bankinfosecurity.com/chase-hackers-indicted-a-8673

Kolhe, A., & Adhikari, P. (2014). Injection, Detection, Prevention of SQL Injection Attacks. International Journal Of Computer Applications, 87(7), 40-43. https://dx.doi.org/10.5120/15224-3739

Leyden, J. (2014). JPMorgan Chase mega-hack was a simple two-factor auth fail. Theregister.co.uk. Retrieved 30 March 2017, from https://www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/

Tajpour, A., Ibrahim, S., & Masrom, M. (2011). SQL Injection Detection and Prevention Techniques. International Journal Of Advancements In Computing Technology, 3(7), 82-91. https://dx.doi.org/10.4156/ijact.vol3.issue7.11

Zhang, X. (2011). Discussion on the Detection and Prevention of SQL Injection. Advanced Materials Research, 287-290, 3047-3050. https://dx.doi.org/10.4028/www.scientific.net/amr.287-290.3047