country
$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

Questions:

1.Search the web for news on computer security breaches that occurred during September-December 2015. Research one such reported incident. Prepare a report focusing on what the problem was, how and why it occurred and what are the possible solutions?
 
2.Research about hack case on the web which happened between 2012 and 2016 (For example, one very popular hack case is JPMorgan chase hack case (2015)) and prepare a report focusing on What was the problem,Who were affected and how and  How was the attack carried out?
 
 

Answers:

1.Computer Security Breach

VTech is a company that is based out of china and provides its customers with the electronic toys. It manufactures and produces these products. The company had to experience security breach in November’ 2015 and in this attack, a lot of customer information was hacked by the security attackers. 

Description of the Problem

VTech had to face a severe breach of its information security in 2015 that led to the unauthorized acquiring of 4.8 million records associated with its customers. The records that were hacked belonged to the information of the parents and the children with their details such as login information, parent names, children names, respective email addresses, account security questions and likewise. However, the hackers failed to get their hands on the credit card and payment information of the users (Carolina, 2015).

Mode of Attack

There are numerous security attacks that have been created that lead to the risk to the information and data. In case of VTech, attackers acquired the organization records by making use of SQL injection as the attack type. SQL injection is an information security attack that is performed with the aid of malevolent SQL queries and statements. These statements are written in such a manner that they lead to the extraction of information from a particular database on which these are targeted. The attackers used this attack to extract the information of the records of the parents and the children that had their accounts on the database of VTech. There are numerous operations that can be executed on the database with the help of a query language such as SQL.

SQL injection attack that could successfully be executed violated the confidentiality and integrity of the information that was present in the database of VTech. There are various reasons that are associated with the successful execution of any of the security attacks. One of the major reasons that is normally observed is the presence of loopholes in the security infrastructure of the organization. Due to the inadequate security measures that were associated with VTech, the attackers could succeed in obtaining the unauthorized entry in to the company’s database.

 

Proposed Solutions

With the invention of numerous security risks, there are various countermeasures that have also been developed in order to put a check on these risks. The case is the same with SQL injection attacks as well as these can also be detected, prevented and controlled with the use of adequate measures.  

It is necessary to enhance the basic security of the organization before moving on to the advanced security measures. Some of the basic security measures that could have prevented the attack on VTech include the access control management along with the multi-step authentication. Increased authentication would have led to the verification of the identity of the user at various steps which could have prevented the illegal entry to the database. Dynamic SQL statements also increase the risk of SQL injection attacks and should be avoided to prevent the same. It should be made sure that the queries are often parameterized in nature and there is an increase use of stored procedures (Tajpour, Ibrahim, & Masrom, 2011). Some of the SQL injection attacks can only be applied to certain versions and releases. These specific attacks can be prevented with the use of patches and upgrades. Database administrators should therefore ascertain that timely patching is done to avoid the attacks associated with specific versions. Another significant step that should have been taken is the definition of user roles, user privileges and user access. The database of a particular company is accessible to huge number of users. It is not recommended to make a generalized access for all the users. However, user types shall be defined and the access and privileges should be provided as per the type of the user. Many of the security threats and risks will be avoided with this practice including SQL injection attacks. It is also observed that the employees of an organization pass on the information to the other parties which use the information in an incorrect manner which may cause severe adverse impacts. Defining the user roles will also reduce the frequency of the insider attacks. Another major step that may be taken is reducing the attack window and the attack surface to not leave any scope for the security attack to take place (Dehariya, Kumar, & Ahirwar, 2016). Firewalls can also be installed to avoid the entry of the malicious SQL statements in the database. Installation of firewalls is one of the basic security steps that shall be taken by every organization (Kolhe & Adhikari, 2015).

There are various tools that have been developed by the technocrats to monitor the networks and carry out reviews and audits in an automated manner. These tools record all the activities that take place over the database or a network. The records and the logs can be reviewed by the database administrators and experts to get an idea of the malevolent activities (Zhang, 2011).

 

2. JPMorgan Chase Hack Case

Hack cases are common in the world of technology and there have been numerous such cases in history. JPMorgan case is one such case that had an impact on the bank itself along with a total of eleven other entities comprising other American banks and financial corporations. The case took place in 2014 and went on till 2015 and has been recorded as one of the most severe cases in the past.

Definition of the Problem

The hack case that took place at JPMorgan happened in 2014 which had an impact on over 83 million records. These records covered 73 million households along with 8 million small-scale businesses. The case took place in 2014 and went on till 2015 and has been recorded as one of the most severe cases in the past. The information that was hacked comprised of the name of the customers, email addresses of the customers, phone numbers of the customers and many other details. The hackers could not succeed in acquiring login details associated with the users (Leyden, 2014).

Parties that were affected

The hack case that took place at JPMorgan has an impact on the bank along with eleven other U.S. banks and financial organizations. The information that was hacked comprised of the name of the customers, email addresses of the customers, phone numbers of the customers and many other details. Some of the organizations and parties that were affected included Fidelity Investments group, Citigroup, Regions Financial Corporations, HSBC Holdings and many more (Kitten, 2015).

These parties had many projects and dealings with JPMorgan and there were various information sharing activities that continued between these parties and JPMorgan. Personal details and information of millions of users was impacted in a negative manner because of the hack case that took place.

 

Mode of Attack

Multi-step authentication is a necessary step to make sure that the security of the system is maintained. JPMorgan also attempted to enhance their security framework by incorporating multi-step authentication in their security mechanisms. There were certain errors that were associated with the step as the network engineers failed to complete the process and left an open-ended server. It led to the enhancement of security vulnerabilities and acted as a threat agent for the attack. The attackers took advantage of the security loophole and did not go through the latest authentication system that was installed at the organization.

Possible Countermeasures

With the invention of numerous security risks, there are various countermeasures that have also been developed in order to put a check on these risks. The case is the same with hack case at JPMorgan as it could also have been detected, prevented and controlled with the use of adequate measures.  

The primary cause behind the security attack that took place at JPMorgan was the carelessness and operational error made by the networking team of the project. It should have been made mandatory at the organization to include the auditing processes, review sessions and testing activities in order to validate and verify the errors in the project activities. The network server that was left open-ended by the networking team then would have been identified by the review team and the error in the network server would have been rectified in a timely manner.

 


It is extremely important to control the user access and privileges that are associated with a particular system. It is not recommended to make a generalized access for all the users. However, user types shall be defined and the access and privileges should be provided as per the type of the user. Many of the security threats and risks will be avoided with this practice including the one that took place at JPMorgan. Firewalls should have also been installed to avoid the entry of the malicious entities in the system of the organization. Installation of firewalls is one of the basic security steps that shall be taken by every organization (Bella, & Bistarelli, 2005).

There are various tools that have been developed by the technocrats to monitor the networks and carry out reviews and audits in an automated manner. These tools record all the activities that take place over the database or a network. The records and the logs can be reviewed by the database administrators and experts to get an idea of the malevolent activities. These network monitoring tools along with Intrusion detection and prevention systems should have been used at JPMorgan as they would have created alerts for the system experts and would have provided them with an idea of the deviations the attackers had attempted on the system to acquire information.

Security of the system along with the associated components such as front end and back end is extremely important. The information that is present in the system of the organization is critical in nature and its exposure to the unauthorized entities can be extremely negative for the organization. Every organization should therefore make sure that the steps are taken to avoid the security risks by enhancing their security architecture.

 

References

Bella, G., & Bistarelli, S. (2005). Information Assurance for security protocols. Computers & Security, 24(4), 322-333. https://dx.doi.org/10.1016/j.cose.2004.10.004

Carolina,. (2015). Hackers Steal Parents, Kids Data in a Massive Data Breach on Toy Manufacture. HackRead. Retrieved 03 April 2017, from https://www.hackread.com/hackers-steal-toy-store-parents-kids-data/

Dehariya, H., Kumar, P., & Ahirwar, M. (2016). A Survey on Detection and Prevention Techniques of SQL Injection Attacks. International Journal Of Computer Applications, 137(5), 9-15. https://dx.doi.org/10.5120/ijca2016908672

Kitten, T. (2015). Charges Announced in JPMorgan Chase Hack. Bankinfosecurity.com. Retrieved 03 April 2017, from https://www.bankinfosecurity.com/chase-hackers-indicted-a-8673

Kolhe, A., & Adhikari, P. (2014). Injection, Detection, Prevention of SQL Injection Attacks. International Journal Of Computer Applications, 87(7), 40-43. https://dx.doi.org/10.5120/15224-3739

Leyden, J. (2014). JPMorgan Chase mega-hack was a simple two-factor auth fail. Theregister.co.uk. Retrieved 03 April 2017, from https://www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/

Tajpour, A., Ibrahim, S., & Masrom, M. (2011). SQL Injection Detection and Prevention Techniques. International Journal Of Advancements In Computing Technology, 3(7), 82-91. https://dx.doi.org/10.4156/ijact.vol3.issue7.11

Zhang, X. (2011). Discussion on the Detection and Prevention of SQL Injection. Advanced Materials Research, 287-290, 3047-3050. https://dx.doi.org/10.4028/www.scientific.net/amr.287-290.3047

OR

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2018). Computer Security Breaches VTech. Retrieved from https://myassignmenthelp.com/free-samples/computer-security-breaches-vtech.

"Computer Security Breaches VTech." My Assignment Help, 2018, https://myassignmenthelp.com/free-samples/computer-security-breaches-vtech.

My Assignment Help (2018) Computer Security Breaches VTech [Online]. Available from: https://myassignmenthelp.com/free-samples/computer-security-breaches-vtech
[Accessed 02 April 2020].

My Assignment Help. 'Computer Security Breaches VTech' (My Assignment Help, 2018) <https://myassignmenthelp.com/free-samples/computer-security-breaches-vtech> accessed 02 April 2020.

My Assignment Help. Computer Security Breaches VTech [Internet]. My Assignment Help. 2018 [cited 02 April 2020]. Available from: https://myassignmenthelp.com/free-samples/computer-security-breaches-vtech.


MyAssignmenthelp.com strives towards providing exceptional essay help at an affordable price. Students, from various parts of Australia, prefer our servicers because we provide high-quality essay assistance at a pocket-friendly price. We receive numerous requests 'help me do my essay' or 'can someone write my essay' from students every day. We efficiently fulfill those requests and provide students needed essay writing help art an affordable price.

Latest It Write Up Samples

MNG03218 Managing Information Systems 11

Download : 0 | Pages : 17

Answer: Introduction: ERP or the Enterprise Resource Planning generally refers to the system which acts as a silver bullet for each and every problem that are faced by various organizations. the implementation of the ERP system is generally associated with providing the organizations with offers related to the chances of re-engineering the business process along with helping in coordination of the systems that are located in different geographi...

Read More arrow

SIT763 Cyber Security Management

Download : 0 | Pages : 5

Answer: Security Risk Assessment Security Risks, Threats and Vulnerabilities The assessment of security risks would be based on the identification, assessment and implementation of the key controls of security within the various applications used by the industry. With the carrying out of the risk assessment within the organisation, it would be beneficial for performing a risk assessment [1]. This form of risk assessment would be able to supp...

Read More arrow

HI5019 Strategic Information System And Business Report

Download : 0 | Pages : 18

Answer: Introduction: Australian Plastic Fabricators is one of the dynamic plastic fabrication company which is located in Sydney’s city fringe and is one of the Greater West supplying acrylic shop fittings to Sydney retail and shop fitting businesses. The organization is also considered to be the one stop shop for meeting all the needs related to Acrylic. Without any kind of doubt this organization can be considered to be the market le...

Read More arrow

SIT182 Real World Practices For Cybersecurity Assignment

Download : 0 | Pages : 7

Answer: Introduction The main aim of this project to develop the crack some passwords on different levels of a website. The implementing the project we can used for the ten levels that are includes are cryptography, directory traversal, sql injection, malicious redirects, Burp suites, Nmap, session management, information gathering, reporting.Postings are refreshed day by day and are utilized to spread and encourage further web hacking. Pract...

Read More arrow

ISY3001 E-Business Fundamentals And Systems Management

Download : 0 | Pages : 14
  • Course Code: ISY3001
  • University: Australian Institute Of Higher Education
  • Country: Australia

Answer: Task A: The Concept of Business-To-Business (B2B) Model In this assignment, the Business-to-Business (B2B) model of e-commerce have been chosen. The B2B model of e-commerce business can be defined as the collaboration of more than two different business organisations based on performing several forms of business transactions. This scenario also depicts the involvement of businesses based within wholesalers, retailers or different manu...

Read More arrow
Next
watch

Save Time & improve Grades

Just share your requirements and get customized solutions on time.

question
We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits

1,240,264

Orders

4.9/5

Overall Rating

5,067

Experts

Our Amazing Features

delivery

On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.

work

Plagiarism Free Work

Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.

time

24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat.

subject

Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.

price

Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 5/5

234 Order Completed

100% Response Time

Samantha Ji

PhD in Chemistry with Specialization in Organic

Singapore, Singapore

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

154 Order Completed

97% Response Time

Harold Alderete

PhD in Economics

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

453 Order Completed

98% Response Time

Howard Asuncion

LLM in Criminal Law

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

134 Order Completed

95% Response Time

Thomas Nelson

MS in Information Systems Technology with Specialization in Database Administration

New Jersey, United States

Hire Me

FREE Tools

plagiarism

Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.

essay

Essay Typer

Get different kinds of essays typed in minutes with clicks.

edit

GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.

referencing

Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.

calculator

Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability

1

1

1

Your Approx Earning

Live Review

Our Mission Client Satisfaction

expert working good with ratio analysis i got full marks for ratio but overall good presentation.

flag

User Id: 207116 - 02 Apr 2020

Australia

student rating student rating student rating student rating student rating

excellent work by tutor and quality of good work excellent work by tutor and quality of good work excellent work by tutor and quality of good work excellent work by tutor and quality of good work excellent work by tutor and quality of good work

flag

User Id: 264013 - 02 Apr 2020

Australia

student rating student rating student rating student rating student rating

Brilliant work, paid attention to every details, And submitted on time for review.

flag

User Id: 338016 - 02 Apr 2020

Australia

student rating student rating student rating student rating student rating

The report was exceptional. Thank you for helping me with this assignment, and I am very satisfied with the result. The content was exceptional and my grade was exactly what I needed, the writer was very on point and finished my report in a timely ma...

flag

User Id: 262907 - 02 Apr 2020

Australia

student rating student rating student rating student rating student rating
callback request mobile
Have any Query?