Research Report Task For River City Media: Discussion And Analysis Essay.

Discuss about the Research Report Task for River City Media.

In the month of March 6^th, 2017, a faction of spammers that operated by the given name River city Media accidentally discharged their confidential data into the cyberspace after its failed attempt to appropriately construct their backups (www.rivcitymedia.com., 2017). This leak was known as the ‘Spammergate’ which comprised the Hipchat logs, the records of domain registration, the accounting details, the planning of the infrastructure, invention notes, scripts, business affiliations and so on. The biggest innovation was the database of around 1.4 billion of the email accounts, IP addresses, full names and physical addresses. Chris Vickery who is the security researcher for Mackeeper found the information and reported the case to the authorities. The River City Media is the lawsuit service and support company that focuses on the multi-media aspects of the litigation support. From the discovery to the verdict, they offer a variety of services that help to aid their client in illustrating their case. They are focused to the provision of the personal and cost effective solutions for every one of their clients. The circumstances presented a tangible threat to the online confidentiality and security as it involved a database of 1.4 billion email accounts combined with the real names, user IP addresses and often the physical addresses.

The spam email operators’ faulty backup led to the leaks of 1.37 billion addresses. Chris Vickery said that there were chances are it is an individual or any known person of the individual is affected after one of the largest spam operations in the world’s database being rendered. This spam has exposed the entire operation to the public and leaked the email addresses due to the fault backup (Amoroso, 2012). The holy grail of the spam process, private information that included the actual names and the IP addresses have been disclosed through a smaller scale than the email information that made up the vastness of the dataset. The River City Media is the email-marketing firm that sends up around a billion messages a day to the spam filters across the world. Chris Vickery was not able to completely verify the leak that had occurred but had found the addresses he was aware of being exact in the database. The source of the data, the snapshot of the backup that was made at some point in the month of January 2017 was by coincidence published on the internet without the protection of the password, which added more reliability to the leak. The individuals who were well informed about the cyber leak did not choose to sign up for the massive advertisements over a billion times. According to Vickery, the most likely scenario is a combination of the various techniques. One them is referred to as the co-registration. This is the instance when the individual clicks on the button ‘Submit’ or the ‘I agree’ box that will be seen next to all the small text on the website. The anti- spam organization called as the Spamhaus that was working alongside Mackeeper and Vickery had used the information that was contained in the leak to add the River City Media’s features to the database and blacklisting the entire infrastructure of the firm. The breach was very large in nature (Amoroso, 2012). When Chris Vickery had primarily reported that he had access to the dataset that was leaked contained around 1.4 billion records. The government of India issued a statement where the government denied that it was the source for the country’s federal ID system being leaked. It was one of the few databases in the world, which contained more than a billion characters. The speculation ran out of control until Vickery released the actual information. The main reason for this cyber security breach was the careless setting up of the backup feature. The data was left exposed to anyone who had been poking around. Some of the documents showed that spamming could be profitable in nature. The one leaked text reference in a single day of the activity targeted the Gmail users with around 18 million emails and the AOL users with another 15 million. This was possible by the process of automation, years of exploration and a fair bit of the illegal hacking practices. It is also not very uncommon for the spammers to share their database or harvest the email addresses when the hackers tend to unload them online. This explains how the individuals end up on the mailing lists that try to sell everything. The IP addresses that were leaked helped Vickery, Ragan and Spamhaus that is the international organization (which maintains and distributes the anti-spam lists to email providers) for identifying the key components of the spammers’ infrastructure. The exposure in a short term showed a drop in the number of spam emails in the inbox of the individuals.

Occurrence of the attack and the possible solutions

The ransomware cyber attack took place in May 2017. It was a universal cyber attack by the Wannacry ransomware cryptoworm. This virus attacked the computers that were running on the Microsoft windows operating system through encrypting the data and demanding the ransom payments in Bitcoin cryptocurrency. The attack began on Friday, 12^th of May 201, and in a day infected more than 230,000 computers. The parts of U.K.’s National Health Services were contaminated that caused it to run some of its services on an urgent situation basis only throughout the attack.  Then Spain's Telefónica, FedEx and Deutsche Bahn were also hit, alongside with many other countries and companies wide-reaching. Wannacry propagates the use of the EternalBlue that is an exploit of the Window’s Server Message Block protocol. Microsoft for Windows 7 and Windows 8 used the emergency security patches. Nearly all the victims of the cyber attack were running on Windows 7, which prompted a security researcher to argue that its effects on Windows XP users were insignificant. The software contained a URL, on its discovery by the security researcher the designated kill switch to shut down the respective software before it executed the payload, and stopped the spread of the virus (O'Gorman & McDonald, 2012). The Cyber security companies as the  Kaspersky Lab and Symantechave said that the code had some similarities with preceding being used by the Lazarus Group that believed to had carried out the cyber attack on 2014 and 2016 which was linked to North Korea. Wannacry began to affect the companies worldwide. The virus execution had a main program that used the vulnerability to spread itself. It would encrypt the file and the ransom interface would display the ransom information and decrypt the samples. When an individual is decrypting a file, the mugger decrypts the sub-private key referred to as "00000000.eky" and then saves the file as "00000000.dky" for decryption of the folder after getting the decrypted file. The trial itself has an additional pair of primary RSA public keys and private keys. These are used to decrypt the display files. Each one of the encrypted file uses a special AES key. If one wants to decrypt the file, the individual needs to obtain the RSA sub-private input, decryption of the AES key of the file header, and then use the AES key to decrypt files (Mercaldo et al., 2016). If there is no RSA sub-private key, the AES input cannot be decrypted and the file cannot be decrypted.

The problem and its occurrence

This attack could be prevented if a few measures had been followed. The backups should have been made safe and secure in nature. Once the files have been encrypted the options that one has is limited in nature. The recovery from the backups is one of them. The backups are usually out of date and lack critical information. The patch systems have also to be updated. There was a high hazardous protection hole in the Microsoft Windows. The consumers who did not apply to the Microsoft’s March software fix. The malware that was designed to increase the commerce and government networks. The ransomware virus sends an email to the users address. Then when the individual on a machine belonging to the target organization’s network opens the email, the virus affects the machine with ransomware. The virus spreads across all the machines that are connected to the network (Tsagourias, 2012). The computer is then locked and exhibits a message, which demands payment to restore the access. The updated patch system would have avoided this. There should be use of anti-virus software that will protect the individual from the most fundamental and well-known viruses through scanning the system being used against the known fingerprints. The workforce should be educated. The basic protocol that is the workers should not click on the problematic links or open the doubtful attachments. The system administrators should guarantee that the employees do not have access to parts of their work that are not important for their work. This would help to reduce the extend of ransomware if the hackers get into the system of a human being. The shutting down of a network can avert the continued encryption and the probable loss. The hackers at times encourage an individual to keep the computer switched on and connected to the network. The individual should not be fooled by the hackers. If a person is facing a ransom claim and has locked out the important files, law enforcement and the cyber security experts discourage the payment of the ransom as it gives reasons to the hackers and pays for their upcoming attacks. 

References

Amoroso, E. G. (2012). Cyber attacks: protecting national infrastructure. Elsevier.

Mercaldo, F., Nardone, V., Santone, A., & Visaggio, C. A. (2016, June). Ransomware steals your phone. formal methods rescue it. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems (pp. 212-221). Springer, Cham.

O'Gorman, G., & McDonald, G. (2012). Ransomware: A growing menace. Symantec Corporation.

Tsagourias, N. (2012). Cyber attacks, self-defence and the problem of attribution. Journal of Conflict and Security Law, 17(2), 229-244.

www.rivcitymedia.com. (2017). River City Media. Rivcitymedia.com. Retrieved 23 August 2017, from https://www.rivcitymedia.com/#about