Data Breach At University Of Oklahoma And Global WannaCry Ransomware Attack Essay.

Search the web for news on computer security breaches that occurred during April-August 2017. Research one such reported incident (Excluding the May 2017 ransomware cyber-attack) . Prepare a report focusing on what the problem was, how and why it occurred and what are the possible solutions.

Research the May 2017 ransomware cyber-attack on the web and prepare a report focusing on the following questions:

• What was the problem?
• Who were affected and how?
• How was the attack carried out?
• What could have been done to prevent the attack?

Overview of University of Oklahoma Data Breach

The Oklahoma Daily of the University of Oklahoma had discovered that there is a data breach to the university’s document sharing system in June 2017. The newspaper exposed that many educational old records were unintentionally exposed public and there were more than 29000 examples of such incidents. In these incidents, private information was exposed publically to the users of OU’s email system (Ablon et al., 2016). This sensitive information included financial information, grades and Social Security numbers.

Lax security measures, as that allowed users of OU email to access the educational records in more depth including private information, which they should not be allowed to access. Thirty out of hundred documents were made public and discoverable on Microsoft Office Delve. All of these incidents make violation of the Family Education Rights and Privacy (FERPA), which states “students have complete control over who can access their records related to education (Zeide, 2015). LeRoy Rooker (FERPA expert) commented, “This isn’t even gray. It’s very clear in FERPA- you’ve got to have signed consent to do this or meet one of the exceptions to signed consent.” Anyone with OU email services within OU’s 365 Office system uses Delve; it is a Microsoft Office Service, which aims to learn about an individual and the people. With whom they are working with in order to show the documents on which the current work is going on, including other’s documents of work. Another aim of this service is to be intelligent by showing the information it thinks and individual would be interested in that topic. The files and information saved in the Microsoft Office Services shows them like One Drive and Share Point assuring the saved data is secure by a comment, “Yes, your documents are safe Delve never changes any permissions” (Qaisar, 2012). Only you can see your private documents in Delve.” During the breach, any user could have access to private files of any user with an additional option to download it.

All the students of the institutions that comes under OU were affected by this data breach, as every student in the OU uses OU’s email service, Microsoft Office Service and Delve, whether an individual know or does not know about Delve, everyone was using it. This data breach put all the very personal files and information on the shake of all individual student of OU or might be several had become prey of this because there was download option as discussed earlier. This data breach also put the federal funding at the shake offered by the government, which may lead to several serious damages to the University’s management system (Watch, 2017). Without proper funding the university would not be able to provide students all the extra benefits including scholarship. This also led serious damage to the IT team managing these services as experienced person of FERPA said this mainly happened due to human errors, they had to do a lot of extra work in securing those files almost six days continuously.

Lax Security Measures and FERPA Violation

As reported by the Daily of OU, IT of OU had reported that any outsider did not do this, whereas someone from inside had breached the server’s security and made all the sensitive information and data of students public to every users of OU email service (Branham, 2017). According to the IT department of OU, the files and information were save at the university’s server which could be accessed only by correct credentials used by any user using unique id. Delve was the medium for the hacker to enter the server, as earlier OU was using share point then it changed their server to Cloud Servers. This new implementation was completely secured, but there are possibilities of some human errors, which were neglected by the IT team of OU that led this situation happen. Using Cloud Server no doubt gave all users more facility to interact with the needed information but also open a window for such unauthorized hackers to enter the server and manipulate the data and information kept secure on that server. IT team had also not properly audit the whole system on regular basis, even the IT was seems to be involved in the situation after the news get published in the Daily newspaper of DU (Branham, 2017).

Following preventive measures can be taken in order to stop such data breaches in future or can be applied in the system of OU, which could have stopped such unwanted incident:

1. Provide proper training to the IT team.
2. Encrypting the files saved in the server.
3. There should be system that can detect if any intrusion happens or any unauthorized user is trying to access the server (Vacca, 2012).
4. Data breaching can also be reduced by using techniques of content filtering on the files that are being saved in the server.
5. Regular audit to the vulnerability that may cause damage to the data saved in the servers should be done in regular basis.
6. Human error should be minimized at the extent level, as it cannot be extent completely (Xiao & Xiao, 2013).
7. A monitoring system should be implemented in the system to monitor the activities of the insiders.
8. Proper training to the users should be provided to aware them about how to keep personal credentials safe and not expose to anyone who can misuse that information.
9. Creating an effective risk plan management can also help in eliminating such unwanted accident that can affect private or privacy risk of any user.
10. Proper penalty should be introduced to the organization, which is not capable of securing collected data (Cismpa, 2012).

There was an initiation of global cyber-attack between the duration 12^th may to 15^th may which was targeting the computers which were based on windows operating systems under the name Wanna-Cry ransomware. The mode of payment was asked by the Bit Coin Crypto currency (Young & Young, 2017). This attack was at global level that was affecting a mass number of computers, as reported first attack infected more than 230,000 computers in 150 countries. Many organizations suffered and blackmailed by this attack, which makes it a global concern (Swenson, 2017).

This attack was generally initiated and taking place for money by the mode of blackmailing the users. In actual the malicious malware, which was attacking the system, generally encrypt the files saved in the system and ask for money in exchange for decrypting those files. At the starting, some Web security researchers found that the speed of attack could be reduced by registering a domain name, which was found out during research about the virus. After this slowing down process, updates of virus started being uploaded on the systems and again attack process was on (Kuner et al., 2017). Many of them found the way to decrypt the file without paying any ransom to the hackers but several were suffered a lot by this attack. However, the organization and individual operating old version of windows like, window XP and server 2003 were the first who were being affected by this ransomware attack. However, Microsoft launches new security patches for the users of system, which were running on Window 7 and Window 8 into the market including some emergency patches. The virus was introduced as network worm by the global ITs, which has the ability to transform and transport itself (Renaud, 2017).

Impact on OU Students and Federal Funding

There were many victims of this attack including hospitals, federals and many more, which cannot be listed in a page, but the highly affected organizations can be listed as:

The attack was started at London on 12^th may 2017 by injecting this virus into a system. This virus was in the form of compressed zip file, which needed some housekeeping on its part to be performed before it could be replicated over the network. A step included in the kill switch was the initiation by injecting it with a host computer and then a coding command to connect with obscure website. These steps were unnoticeable in the starting hours but were found out after some research in the form of coding, which was enough time for the virus to infect other computers connected to the same network. After rooting virus in the system, a command is executed to check the file sharing system of the computers that were infected. A software stolen by the Agency of US named ‘EternalBlue’ was the biggest tool for the hackers as it was stolen and sold out at black market which was almost leaked all over the internet. Several researcher ITs reported that virus was using ‘Ethernal Blue’ being exploited in the window system in order to gain access to the files and the system. After receiving the ransom amount, hackers used to install ‘DoublePulsar’ in the system and eliminate the copy of virus, which led the users again gain the access to their systems (Ehrenfeld, 2017).

Following steps can be taken to be safeguard from such ransomware virus attacks:

• By using updated original Operating systems.
• Updating the existed Operating System or keeping the system in auto update mode.
• Ware blocker software can be a better option, which will resist any of such viruses or malware to be installed in the system (Swenson, 2017).
• Operating System security patches should have been pre-installed in the system.
• User that started this event should not have installed the virus.

References

Ablon, L., Heaton, P., Lavery, D., & Romanosky, S. (2016). Data Theft Victims, and Their Response to Breach Notifications.

Branham, D. (2017). OU shuts down file sharing service after failing to protect thousands of students' records. [online] OU Daily. Available at: https://www.oudaily.com/news/ou-shuts-down-file-sharing-service-after-failing-to-protect/article_4f9a5e2c-50a2-11e7-a807-2f591e6c54f0.html [Accessed 22 Aug. 2017].

Ciampa, M. (2012). Security+ guide to network security fundamentals. Cengage Learning.

Ehrenfeld, J. M. (2017). WannaCry, Cybersecurity and Health Information Technology: A Time to Act. Journal of Medical Systems, 41(7), 104.

Kuner, C., Svantesson, D. J. B., H Cate, F., Lynskey, O., & Millard, C. (2017). The rise of cybersecurity and its impact on data protection. International Data Privacy Law, 7(2), 73-75.

Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5).

Qaisar, E. J. (2012, March). Introduction to cloud computing for developers: Key concepts, the players and their offerings. In Information Technology Professional Conference (TCF Pro IT), 2012 IEEE TCF (pp. 1-6). IEEE.

Renaud, K. (2017). It makes you Wanna Cry.

Swenson, G. (2017). Bolstering Government Cybersecurity Lessons Learned from WannaCry.

Vacca, J. R. (2012). Computer and information security handbook. Newnes.

Watch, O. (2017). Security Breach at OU Exposes Thousands of Students’ Data. [online] Oklahoma Watch. Available at: https://oklahomawatch.org/2017/06/14/security-breach-at-ou-exposes-thousands-of-students-data/ [Accessed 22 Aug. 2017].

Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials, 15(2), 843-859.

Young, A. L., & Yung, M. (2017). Cryptovirology: The birth, neglect, and explosion of ransomware. Communications of the ACM, 60(7), 24-26.

Zeide, E. (2015). Student Privacy Principles for the Age of Big Data: Moving Beyond FERPA and FIPPs. Drexel L. Rev., 8, 339.