Computer breaches occur frequently now-a-days. The security breach taken here is the security breach that took place at Internal Revenue System (IRS) in the year 2015. IRS is a government organization, which is a tier of the department of treasury, and the commissioner of revenue governs it directly. In numerical, 720,000 records were affected in this hack. It was a financial hack where many taxpayers were affected (Lambert, 2015). The hack was 7 times more fatal as estimated. 390,000 additional taxpayers were estimated to be affected by the hack. The report discusses the various aspects of the breach. The second hack taken into account is the LinkedIn hack where hackers stole the passwords of users and kept it on sale.
Background of the problem
The breach was done on revenue system was hacked and the hackers stole the records of 720,000 people from the internal records. In numbers, around 114,000 taxpayers accounts were accesses by the hackers and these accounts were accessed through the “Get Transcript” application of the IRS (Loy, Brown & Tabibzadeh, 2014). The application was supposed to increase the ease of the users.
What the problem was
The internal revenue system was hacked and the hackers stole the records of 720,000 people from the internal records. In numerical figures, 114,000 taxpayers accounts were accesses by the hackers illegally and these accounts were accessed through the “Get Transcript” application of the IRS. This application was introduced in order to provide the tax return related informations to the public. This application asked for personal details of trey client such as date of birth, name and social security numbers (Gray & Ehoff Jr, 2015). The hackers gained access of the whole system, which proves that the hackers had accessed the private information of all the clients. The hackers got the access of all the accounts of the taxpayers and the system was hacked. According to the organization, in numerical value, 114,000 individuals were affected by the hack. These individuals were those whose accounts were affected and hacked. They had to suffer with the amount of their tax (Sarabi et al., 2016). The “get transcript” app was shut by the government. The organization promised to offer free credit monitoring services to those whose tax was affected in the scam. As stated by the organization, the organization was trying its best to protect the accounts of the taxpayers.
How and why did the problem occur
The cybertheives got the access of the data of the taxpayers through the “get transcript information”. The persona information of the taxpayers was accessed by the hackers and their accounts were hacked. The social security numbers of the clients were used by the criminals to log in to the account. Then the hackers viewed the prior tax return of the customers. The theft was not detected because the peak season of taxpayers in the country. Hackers attempted 200,000 attempts to get into the system and half of them was successful. The hackers downloaded 26 million tax transcripts since the app was lunched (Radziwill et al., 2015). The core business of the company remained secure but the taxpayers were affected on a very huge basis.
The PIN system was considered as the major reason behind the hack that took place. The system was not secure and thus it leads to this huge breach. The E-file PIN was a two digit authentication for the customers which was meant to protect the accounts of the customers from hacks and frauds. The PIN system was meant to protect the people from theft but it lead to the hack. the applicants had to answer a few question related to their daily and regular life in order to safeguard their account but the hackers got the access to their accounts through the PIN which was set for their security (Pang & Tanriverdi, 2017). Various people all across tem nation were affected by the hack.
The IRS could have been prevented if certain measures were taken by the organization in order to safeguard the account of the users. Once the identification verification layer if the account is broken, the last defense layer for the protection of the account is the behavioral analytics. IRS should have used the behavioral analytics for safeguarding the accounts of the users (Walters, 2014). The organization relied on the static verification which caused fatal effects to the firm. Earlier investigation could have been done by the firm such as geo-location, location or questionable email domains and IP address verification.
The employees must have been informed about various security breaches that could occur. Employees must have been made aware of the fatal effects that sharing information with any individual could pose to the company.
The persona information of the clients must not have been shared to anyone who was a outsider. The personal information of the clients would have been kept private. This can prevent the hacks and breaches as the personal information is very confidential and the client detail depends on the information.
What was the problem
The breach was dated 5th June 2012 though the hack was being continued form several previous days but it came into consideration on 5th of June. Russian hackers were blamed for the hack. the website which was hacked is the social site of LinkedIn. The official blog of the site was hacked by the attackers. The passwords of LinkedIn users were stolen by the hackers and the hackers had put the passwords in plain texts all over the internet. The passwords along with the username were put on the forum of Russia the day after the hack occurred. The hackers had put the passwords for sale on the forum. The passwords of users from all over the internet were stolen by the hackers and thus while site of LinkedIn was hacked. The hackers got the passwords and displayed all over the internet leading in the degradation of brand image of the company. The users of the social site were very upset with the hack and the company was blamed for ill safeguarding of its users. After the breach the company promised to provide safety measures to all the users through email in order to keep their profile safe from the hackers and frauds all over the internet.
Who were affected and how
The users of the site as well as the company itself were affected by the hack. The hack affected more than 6.5 million user accounts of the network and the passwords were displayed globally. The Hack affected the users as the account contained many useful and confidential related to the personal and private life of users which was exposed on the internet globally and thus their personal information remained personal no more. The passwords must have been misused by other people around which resulted in heavy loss in their personal and private life as well.
The company brand image had to suffer heavy downfall as the company had to face many upset users. The hack remained in history and thus the company will have to suffer the hack tag for ever in the future. The company had to make many promises to its users to make sure that such activity will never occur again in the near or far future. The network had to face ma ny difficulties to get the trust of the client back and get loyal clients. The company had to ensure safeguarding of all the activities taking place on the website. It was difficult for both the firm and the users to cope up with the situation.
How was the hack carried out
The main reason behind the occurrence if the LinkedIn hack was that the passwords of the users were not scrambled. Scrambled passwords were not encouraged by the users and thus the users too did not pay much attention to this fact. This factor made it easy for the hackers to hack the accounts and get the passwords of the users. The hackers sat back and waited for the implementation of their strategy. According to some of the experts, the passwords were not hashed by the site while saving them which made it more easy for the hackers (Walters, 2014). Thus, the hackers could reverse the scrambling process within no time and the existing rainbow was used by the hackers. Another reason for the hack was the IOS app which was introduced by LinkedIn for its users (Huh et al., 2017). The name, personal notes, emails and other personal information of the users was grabbed by this app without asking any permission and without any approval. The data was collected by the application and sent to the website of the company. These are the reasons which helped the hackers to result such as massive hack on such a popular network (Gune, 2017). The loose security on the website gave the ease to the hackers and helped them to grab the passwords of the users and make it public.
What could have been done to prevent the hack
Various measures would have been taken by the company to prevent the breaches and safeguard the accounts of the users.
All the employees of the firm must have been educated and given proper knowledge about various attacks that could take place in the firm because of leakage of personal information of the clients (Din, 2015).
The users must have been encouraged to use scrambled passwords for their accounts and change their passwords frequently (McNeal, 2014). Changing of passwords frequently helps the user to protect their passwords and scrambled passwords help the user to safeguard their passwords from any guess (Dzomira, 2016).
Measures gad to be taken from the website to safeguard the passwords of the users and security should have been maintained in the network.
Hence, from the above discussion, it can be concluded that Computer breaches occur frequently now-a-days. The IRS could have been prevented if certain measures were taken by the organization in order to safeguard the account of the users. Once the identification verification layer if the account is broken, the last defense layer for the protection of the account is the behavioral analytics. IRS should have used the behavioral analytics for safeguarding the accounts of the users. Various measures must have been taken by LinkedIn as well to prevent the attack.
Din, M. F. (2015). Breaching and Entering: When Data Scraping Should Be a Federal Computer Hacking Crime. Brook. L. Rev., 81, 405.
Dzomira, S. (2016). ONLINE & ELECTRONIC FRAUD PREVENTION & SAFETY TIPS COGNIZANCE IN SOUTH AFRICAN BANKS.
Gray, D., & Ehoff Jr, C. (2015). Sarbanes-Oxley And Dodd Frank: Then There Was Fraud. Journal of Business & Economics Research (Online), 13(1), 19.
Gune, A. (2017). The Cryptographic Implications of the LinkedIn Data Breach. arXiv preprint arXiv:1703.06586.
Huh, J. H., Kim, H., Rayala, S. S. V., Bobba, R., & Beznosov, K. (2017). I’m too busy to reset my LinkedIn password: On the effectiveness of password reset emails.
Lambert, E. E. (2015). The Internal Revenue Service and Bitcoin: A Taxing Relationship. Va. Tax Rev., 35, 88.
Loy, S. L., Brown, S., & Tabibzadeh, K. (2014). South Carolina Department of Revenue: Mother of Government Dysfunction. Journal of the International Academy for Case Studies, 20(1), 83.
McNeal, M. (2014). Hacking health care. Marketing health services, 34(3), 16-21.
Pang, M. S., & Tanriverdi, H. (2017). Security Breaches in the US Federal Government.
Radziwill, N., Romano, J., Shorter, D., & Benton, M. (2015). The Ethics of Hacking: Should It Be Taught?. arXiv preprint arXiv:1512.02707.
Sarabi, A., Naghizadeh, P., Liu, Y., & Liu, M. (2016). Risky business: Fine-grained data breach prediction using business profiles. Journal of Cybersecurity, 2(1), 15-28.
Walters, R. (2014). Cyber attacks on US companies in 2014. Heritage Foundation Issue Brief, 4289.