Discuss about the Security Breaches and JPMorgan Chase Bank Hack.
Some of the security breaches that occurs in the world are as results of the implications to the lives of different people. These breaches affects the confidentiality and the integrity of the data in various regions in the world. This case above occurred on December 7, 2015. What has really hurt the consumers’ confidence is due to the inability of the security vendors to keep their data secure. Exactly two months before the occurrence of this awful attack, one of the top security firm in Russia referred as Russian security Kaspersky Lab, announced the breach of its network. They believed that the individuals responsible for the attack were agents working for the nation state. This company is responsible for the manufacture of the popular antivirus that is widely used by a broad number of users across the globe (Elazari, 2015). According, to the report from the CEO of the company, it was very evident that these agents pulled off the breach with the help of series of advanced as well as the zero-day attack more so, to collect the information on the company’s advancement and the latest technology services they have in place. It was a malware which used up to three zero-day exploits and it does not write any files to the disk, but rather resides on the memory of the affected computer memory, making it very hard to detect. Kaspersky linked this attack to the unidentified creators off an early Trojan called Duqu, which had made headlines back in 2011 after being used in the attack in Iran, Ukraine and France (Elazari, 2015). This type of Malware was spread by use of the Microsoft Software Installer files that are mostly used by the IT staff to install programs to the remote computers.
Thankfully, on the attack it did not materialize. This is due to the existence of advanced and complex security measures that exists at the enterprise. In other words, it was possible to spot the attackers before they implemented harm to the company. In that period, the company safeguarded the customer information to maintain on its global reputation and confidentiality in them. Attacking such a diverse experienced enterprise firm just enables them to expound on their inventions as well as protection strategies. The company, improved their system to prevent any future occurrences which, may affect their performance. (Jardine, 2015) This was done through implementation of better detection devices that indicates any form of threat on the company’s information. This way ensures that the customer’s data is safe from replication from such a reputable company. Moreover, this attack was rarely a smart move. These attackers lost the most expensive technological advanced framework in which they had spent most of their time developing. This company technologies are available under the various acts like the licensing agreements. This ensured that any attacker could not get the privilege of tampering with such information. Moreover, the company included new attack vectors to their monitoring software. This will be a warning to any attacker who may plan to do such an act, and they would understand they are wasting time to attack such company that has no vulnerabilities.
If the attackers could have succeed there could be loss of data for both the customers and the enterprise. This may have led to poor management, since the company would have lacked the vital information for the operation. The most affected in this scenario were the attackers since their information existed on the company monitoring device. (McNamara, 2003) They stand a chance to be prosecuted and possible jail, or heavy compensation to the company term for their actions.
Kaspersky advised that to defend against the attacks on the information Technology infrasture that are critical, most of the large organizations should be able to vary on their operating systems. Some of the first that are usually attacked are the monoculture information technology. It is essential for the organizations to have backup that have different operating system. Moreover, it is important to have different backup network. (Jardine, 2015)It ought to be powerful as the main network, and is able to perform the most critical operations if the main network is essentially down. In addition, the critical infrasture systems must have extremely limited access to the internet, this is according to Kaspersky. The applications that are employed should be the trusted rather than the endpoints. The only exceptions are the applications that are installed by the trusted updater. The attack that occurred with the Kaspersky was an eye opener to employ more sosphicated tools for the monitoring process. (Liu, Sarabi, Zhang, Naghizadeh, Karir, Bailey & Liu, 2015)The attacker, nonetheless are coming with sosphicated tools to steal the data and technologies from the security firms. In the case of the Kaspersky Lab they detected attack early enough and prevented it.
JPMorgan Chase Bank Hack
The problem the bank had
The problem of the attack was as a result of the neglected servers in their operations. If the bank had installed a simple security fix, to their overload server to the vast of their network, there could be no breach. (Phys.org, November 10, 2015)The hackers exploited on this components of neglected servers and the hackers stole log in credentials for the employees of the JPMorgan employees. Most of the big bank uses double authentication scheme that are referred as two factor authentication, that requires a second 1 time password to gain the access to the protected system. The problem came as a result of the failure of the JPMorgan security team neglect of upgrading to one of their network servers with the use of this dual password scheme. This left the bank vulnerable to the intrusion of the attackers. This oversight is now the focus on the internal review at the JPMorgan in which they seek if there was any other loophole in the bank vast network that led to the attack of the customer information.
The affect individual and business
The cyber-attack occurred at the summer and it presented a significant impact to the JPMorgan Chase Bank. The affected individuals were 83 million entities of which, 76 million were the households and 7 million were small business. The attack comprised of the information and the data used for the connection with providing or the offering services. (Jardine, 2015) Moreover, the impact was on the accounts that experienced the consequences, thus leading to large amount of loss in terms of money. The figure just present an overestimate of 100million accounts information and might be higher in the meantime. These individuals and business were affected in that their information was compromised by the hackers, from their postal codes, their names and emails. The good thing their social security numbers was not compromised. Its wrongful if the confidentiality and privacy of the customer information is stolen from a trusted entity like this bank.
How the attack was carried out
The details of the breach emerge at the time when the consumer confidence at the digital operations off the corporate America had already been shaken. There had been target, home depot and other retailers which has sustained on the data breaches. (McNamara, 2003)At target, there was compromise of 40 million cardholders and 70million on their information, but unlike other retailers the financial information at the JPMorgan in its computer system goes beyond the credit card details and involves more sensitive data. Therefore how did this attack take place?
An employee personal computer was infected with a Malware that resulted to the stealing of log in credential. When the employee remotely connected to the corporate network through VPN, the hackers were able to gain access to the internal network. They obtained a list of the applications and software that are run on the JPMorgan computers and saw their vulnerabilities in each of the programs and the web application, in search for an entry on the system. (Liu, Sarabi, Zhang, Naghizadeh, Karir, Bailey & Liu, 2015) It is when they discovered on the network there was no double authentication on the network. Operating at the overseas, the hackers penetrated the network and gained access to the names, the addresses, emails and contact of the JPMorgan customer’s account. However, in the regulatory filing the bank highlighted that there was no evidence that the information off the account, that includes the passwords and the social security numbers were stolen. Moreover, they also noted that there was no fraud activities that was reported involving the customer information. Until the JPMorgan breach the banks were usually regarded as a safe from the online assaults because they relied on the investment in the defence and the trained staff personnel. (Elazari, 2015) These hackers drilled through the bank vast system computers, and reached more than 90 servers, and obtained dozen of administrative privilege to the dozen these servers and steal the information. It was also noted by the investigating individuals that it would take months for the JPMorgan to swap out the programs and the applications and renegotiate on the licensing deals with the technology suppliers. This may give time again for the hackers to mine on the system off the bank for undiscovered, vulnerability that may allow them to re-enter on the systems of the JPMorgan.
What could have been done to prevent the attack?
This could been avoided if the bank had installed a simple security fix to the overlooked sever on their network. The weak spot for the bank was that they did not use the double authentication scheme that is called two factor authentication. The security team, had neglected on the upgrade on one of their network servers with this dual scheme password protector. (Liu, Sarabi, Zhang, Naghizadeh, Karir, Bailey & Liu, 2015) The hackers found this vulnerability and exploited on it. Moreover, the bank need to deploy the host based intrusion prevention system. (Liu, Sarabi, Zhang, Naghizadeh, Karir, Bailey & Liu, 2015)The hack for the bank was through a VPN from infection of an employee computer with a Malware and stealing their credentials for login. The use of this software has a fighting chance to catching and stopping that Malware, since it works on the concept off identifying and stopping the attack. There was also need for the employee education, in regards to the security measures. There are some individuals who would blindly click on the links or on phishing email since they do not know what they contain. By developing on the security policies, training of the employees about the various vulnerabilities and method of social engineering detention would go a long way to prevent this attacks.
Elazari, K. (2015). How to Survive Cyber war . Scientific American, 312(4), 66-69.
Jardine, E. (2015). Global cyberspace is safer than you think: real trends in cybercrime. Available at SSRN 2634590.
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M., & Liu, M. (2015). Cloudy with a chance of breach: Forecasting cyber security incidents. In 24th USENIX Security Symposium, 1009-1024.
McNamara, J. (2003). Secrets off computer espionage: Tactics and countermeasures. Indianapolis, IN: Wiley.
Phys.org. (November 10, 2015). Four indicated in massive hack of JP Morgan Chase, others. Phys.org-Science and Technology News, 2015-11.