VTech Security Breach: Countermeasures For SQL Injection Attacks Essay.

The 2015 VTech security breach

Questions:

1.Search the web for news on computer security breaches that occurred during September-December 2015. Research one such reported incident. Prepare a report focusing on what the problem was, how and why it occurred and what are the possible solutions?

2.Research about hack case on the web which happened between 2012 and 2016 (For example, one very popular hack case is JPMorgan chase hack case (2015)) and prepare a report focusing on What was the problem,Who were affected and how and  How was the attack carried out?

VTech is a company that is based out of china and provides its customers with the electronic toys. It manufactures and produces these products. The company had to experience security breach in November’ 2015 and in this attack, a lot of customer information was hacked by the security attackers. 

VTech had to face a severe breach of its information security in 2015 that led to the unauthorized acquiring of 4.8 million records associated with its customers. The records that were hacked belonged to the information of the parents and the children with their details such as login information, parent names, children names, respective email addresses, account security questions and likewise. However, the hackers failed to get their hands on the credit card and payment information of the users (Carolina, 2015).

There are numerous security attacks that have been created that lead to the risk to the information and data. In case of VTech, attackers acquired the organization records by making use of SQL injection as the attack type. SQL injection is an information security attack that is performed with the aid of malevolent SQL queries and statements. These statements are written in such a manner that they lead to the extraction of information from a particular database on which these are targeted. The attackers used this attack to extract the information of the records of the parents and the children that had their accounts on the database of VTech. There are numerous operations that can be executed on the database with the help of a query language such as SQL.

SQL injection attack that could successfully be executed violated the confidentiality and integrity of the information that was present in the database of VTech. There are various reasons that are associated with the successful execution of any of the security attacks. One of the major reasons that is normally observed is the presence of loopholes in the security infrastructure of the organization. Due to the inadequate security measures that were associated with VTech, the attackers could succeed in obtaining the unauthorized entry in to the company’s database.

With the invention of numerous security risks, there are various countermeasures that have also been developed in order to put a check on these risks. The case is the same with SQL injection attacks as well as these can also be detected, prevented and controlled with the use of adequate measures.  

It is necessary to enhance the basic security of the organization before moving on to the advanced security measures. Some of the basic security measures that could have prevented the attack on VTech include the access control management along with the multi-step authentication. Increased authentication would have led to the verification of the identity of the user at various steps which could have prevented the illegal entry to the database. Dynamic SQL statements also increase the risk of SQL injection attacks and should be avoided to prevent the same. It should be made sure that the queries are often parameterized in nature and there is an increase use of stored procedures (Tajpour, Ibrahim, & Masrom, 2011). Some of the SQL injection attacks can only be applied to certain versions and releases. These specific attacks can be prevented with the use of patches and upgrades. Database administrators should therefore ascertain that timely patching is done to avoid the attacks associated with specific versions. Another significant step that should have been taken is the definition of user roles, user privileges and user access. The database of a particular company is accessible to huge number of users. It is not recommended to make a generalized access for all the users. However, user types shall be defined and the access and privileges should be provided as per the type of the user. Many of the security threats and risks will be avoided with this practice including SQL injection attacks. It is also observed that the employees of an organization pass on the information to the other parties which use the information in an incorrect manner which may cause severe adverse impacts. Defining the user roles will also reduce the frequency of the insider attacks. Another major step that may be taken is reducing the attack window and the attack surface to not leave any scope for the security attack to take place (Dehariya, Kumar, & Ahirwar, 2016). Firewalls can also be installed to avoid the entry of the malicious SQL statements in the database. Installation of firewalls is one of the basic security steps that shall be taken by every organization (Kolhe & Adhikari, 2015).

Details of the hacked data

There are various tools that have been developed by the technocrats to monitor the networks and carry out reviews and audits in an automated manner. These tools record all the activities that take place over the database or a network. The records and the logs can be reviewed by the database administrators and experts to get an idea of the malevolent activities (Zhang, 2011).

Hack cases are common in the world of technology and there have been numerous such cases in history. JPMorgan case is one such case that had an impact on the bank itself along with a total of eleven other entities comprising other American banks and financial corporations. The case took place in 2014 and went on till 2015 and has been recorded as one of the most severe cases in the past.

The hack case that took place at JPMorgan happened in 2014 which had an impact on over 83 million records. These records covered 73 million households along with 8 million small-scale businesses. The case took place in 2014 and went on till 2015 and has been recorded as one of the most severe cases in the past. The information that was hacked comprised of the name of the customers, email addresses of the customers, phone numbers of the customers and many other details. The hackers could not succeed in acquiring login details associated with the users (Leyden, 2014).

The hack case that took place at JPMorgan has an impact on the bank along with eleven other U.S. banks and financial organizations. The information that was hacked comprised of the name of the customers, email addresses of the customers, phone numbers of the customers and many other details. Some of the organizations and parties that were affected included Fidelity Investments group, Citigroup, Regions Financial Corporations, HSBC Holdings and many more (Kitten, 2015).

These parties had many projects and dealings with JPMorgan and there were various information sharing activities that continued between these parties and JPMorgan. Personal details and information of millions of users was impacted in a negative manner because of the hack case that took place.

Multi-step authentication is a necessary step to make sure that the security of the system is maintained. JPMorgan also attempted to enhance their security framework by incorporating multi-step authentication in their security mechanisms. There were certain errors that were associated with the step as the network engineers failed to complete the process and left an open-ended server. It led to the enhancement of security vulnerabilities and acted as a threat agent for the attack. The attackers took advantage of the security loophole and did not go through the latest authentication system that was installed at the organization.

With the invention of numerous security risks, there are various countermeasures that have also been developed in order to put a check on these risks. The case is the same with hack case at JPMorgan as it could also have been detected, prevented and controlled with the use of adequate measures.  

Understanding SQL injection attacks

The primary cause behind the security attack that took place at JPMorgan was the carelessness and operational error made by the networking team of the project. It should have been made mandatory at the organization to include the auditing processes, review sessions and testing activities in order to validate and verify the errors in the project activities. The network server that was left open-ended by the networking team then would have been identified by the review team and the error in the network server would have been rectified in a timely manner.

It is extremely important to control the user access and privileges that are associated with a particular system. It is not recommended to make a generalized access for all the users. However, user types shall be defined and the access and privileges should be provided as per the type of the user. Many of the security threats and risks will be avoided with this practice including the one that took place at JPMorgan. Firewalls should have also been installed to avoid the entry of the malicious entities in the system of the organization. Installation of firewalls is one of the basic security steps that shall be taken by every organization (Bella, & Bistarelli, 2005).

There are various tools that have been developed by the technocrats to monitor the networks and carry out reviews and audits in an automated manner. These tools record all the activities that take place over the database or a network. The records and the logs can be reviewed by the database administrators and experts to get an idea of the malevolent activities. These network monitoring tools along with Intrusion detection and prevention systems should have been used at JPMorgan as they would have created alerts for the system experts and would have provided them with an idea of the deviations the attackers had attempted on the system to acquire information.

Security of the system along with the associated components such as front end and back end is extremely important. The information that is present in the system of the organization is critical in nature and its exposure to the unauthorized entities can be extremely negative for the organization. Every organization should therefore make sure that the steps are taken to avoid the security risks by enhancing their security architecture.

References

Bella, G., & Bistarelli, S. (2005). Information Assurance for security protocols. Computers & Security, 24(4), 322-333. https://dx.doi.org/10.1016/j.cose.2004.10.004

Carolina,. (2015). Hackers Steal Parents, Kids Data in a Massive Data Breach on Toy Manufacture. HackRead. Retrieved 03 April 2017, from https://www.hackread.com/hackers-steal-toy-store-parents-kids-data/

Dehariya, H., Kumar, P., & Ahirwar, M. (2016). A Survey on Detection and Prevention Techniques of SQL Injection Attacks. International Journal Of Computer Applications, 137(5), 9-15. https://dx.doi.org/10.5120/ijca2016908672

Kitten, T. (2015). Charges Announced in JPMorgan Chase Hack. Bankinfosecurity.com. Retrieved 03 April 2017, from https://www.bankinfosecurity.com/chase-hackers-indicted-a-8673

Kolhe, A., & Adhikari, P. (2014). Injection, Detection, Prevention of SQL Injection Attacks. International Journal Of Computer Applications, 87(7), 40-43. https://dx.doi.org/10.5120/15224-3739

Leyden, J. (2014). JPMorgan Chase mega-hack was a simple two-factor auth fail. Theregister.co.uk. Retrieved 03 April 2017, from https://www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/

Tajpour, A., Ibrahim, S., & Masrom, M. (2011). SQL Injection Detection and Prevention Techniques. International Journal Of Advancements In Computing Technology, 3(7), 82-91. https://dx.doi.org/10.4156/ijact.vol3.issue7.11

Zhang, X. (2011). Discussion on the Detection and Prevention of SQL Injection. Advanced Materials Research, 287-290, 3047-3050. https://dx.doi.org/10.4028/www.scientific.net/amr.287-290.3047