Security Of Information That Is Stored Into Computer

1.Search the Web for news on Computer Security Breaches that Occurred during September-December 2015. Research one such Reported Incident. Prepare a Report Focusing on what the Problem was, how and why it occurred and what are the Possible Solutions.

2.Prepare a report focusing on the following questions:

• What was the problem?
• Who were affected and how?
• How was the attack carried out?
• What could have been done to prevent the attack?

 

 

The computer security breach is most vulnerable thing for security of information that is stored into computer. The computer security breach is carried out in form of different attacks such as virus attack, DDoS attack, hacking and phishing attack etc. The main objective to make this report is to discuss computer security breach that were popular in news in 2015. Besides this, a popular case of hacking will also be discussed here that was happened between 2012 and 2016.

1.Discussion

In 2015, the popular news was about computer security breach of OPM i.e. Office of Personnel Management. OPM serves as Human Resource department of federal government and by this agency, records are submitted to all federal government employees. Besides this, security clearances are also issued by OPM to federal government.

Problem

A massive security breach was carried out by hackers in December for targeting records of workers of OPM. These hackers were working for Chinese military unit. According to US officials this hack-attacked was launched from China, but Beijing considered this irresponsible claim.  The OPM officials discovered that this computer security breach was an aggressive effort to upgrade the cyber security of OPM by using new tools. The information that is leaked in this security breach consists of records of training and performance reviews and job assignments of the employees. But in this stolen information, background checks and clearance investigations were not included. This computer security breach was biggest breach of US government employee data and it is also second big intrusion of OPM by China in 2015. In the report of iSight partners, it was mentioned that this breach can be linked to the same cyber-spying that was responsible for security breach of Anthem Company. On another side, FBI has its own views about this attack and according to them it is work of Chinese state-sponsored hackers. According to investigators’ report of this case, near about 21 million records were breached in this security breach and besides this, fingerprints of 5.6 million employees were also stolen (HackRead, 2017).

Reason of Occurrence

This problem was occurred by hack-attacked on OPM’s database to collect its confidential information. According to different information sources, China is considered responsible for this breaching act and it is not first time that US officials are blaming China for this type of computer security breaches (Greene, 2017). The main purpose of hackers to get essential information of OPM officials and to use this hacked data for conducting spear-phishing emails to silly recipients who clicked on affected links or attachments and hackers can easily access their information from targeted computers through this action of those recipients. The effect of this hack-attacked was so much vulnerable and due to this, most of the OPM workers were affected. It was a matter of trust of OPM workers on this agency. So it is responsibility of management of OPM to implement possible solutions to protect its database and computers (Forbes.com, 2017).

Potential Solutions for OPM Security Breach

It is stated by officials of OPM agency that they are making plans to contact all the affected workers to provide them offer for free credit monitoring and identity theft insurance for 18 months. Besides this, following possible solutions can be implemented to get protection from above discussed security issue (SearchSecurity, 2017).

1. On the behalf of above collected information, first of all it is necessary for OPM to enhance its database security. If database will be secured properly then there will be very less chances that hacking problems will occur.
2. The periodic scanning of database by using database scanning software such as McAfee, Oscanner etc. These software solutions are helpful enough to identify errors, bugs and entry of an unknown entity can be vulnerable for database. OPM security consultants should be aware about these solutions (com, 2017).
3. The use of anti-virus in computer systems is also an effective way to control issues of security breaches. Anti-virus is useful for identifying virus into system and to fix it.
4. The information that is stored into database should also be in encrypted format. Through encryption technique information can be stored into database in unreadable format that is harder for hackers to understand (Dark Reading, 2017).
5. The database access should restricted for all employees or workers of OPM. Only authorized worker and administrator can access database if required (microsoft.com, 2017).

In this way, if OPM will be careful about maintenance and security of computer systems and databases, then computer security breaches can be controlled.

2.Hacking is common word for every computer user and everybody knows about its impacts on their system, databases and networks. Several cases of hacking have encountered by IT users. Among these several cases, some cases have become so much popular. Now in this segment of report, we will discuss a popular hacking case that was carried out between 2012 and 2016. The selected case of hacking was happened in Domino’s Pizza in 2014.

Problem

A hacking group of Rex Mundi held this hacking attack in Domino’s Pizza to exchange over Belgian and French customer records. The total number records were 600,000. In this exchange of personal data of customers such as their names, addresses, emails, phone numbers and even information about their favorite Pizza toppings, Mundi demanded $40,000 from the fast-food chain. If this exchange was not met, then it is threatened by hackers to publish this information online. Domino’s refused this exchange and also assured to its customers that their financial and backing information is still saved. The hacking group Rex Mundi had its Twitter account that is now suspended and data was also never revealed by hackers online. But it is hard to say that Domino’s accepted deal of hackers or not (Inquirer, suspension, Latest, & read, 2017).

affected

The customers of Domino’s Pizza whose information was stored into database were highly affected due to this hacking attack. The personal information of customers was so confidential and they had given that to Domino’s with trust. The most worried thing was that when hacking group threatened to company about online publishing of customers’ information. If information would have been leaked over internet then it could be misused by anyone. Besides customers, employees of company were also affected because some of their official information was also stored in company’s database. This hacking attack was also vulnerable for reputation of company in market because after hack of huge amount of information, it was difficult for customers to trust Dominos’ again (Munson, 2017).

the attack carried out

This attack was carried by Rex Mundi hacking group by accessing database of Dominos’ Pizza in unauthorized way (Mail Online, 2017). To carry out this attack, hackers cracked database of Dominos’ Pizza and downloaded more than 600,000 records of dough-loving customers. The hacking group successfully cracked database of Domino’s, it means there is lack of security in database system of this company (Curtis, 2017).

The things that could have been done to prevent the attack

After this hacking attack, Domino’s suggested to its customers to change passwords after getting alert from company’s side in a particular period of time (Motherboard, 2017). Even it is also better that always different password should be used by users while accessing any new website. The reason for this is, hackers always try same combination of username and password from one site to another to track your activities. If users will use unique password then it will be difficult for them to access website easily. Other possible solutions that could have been used by Domino’s are listed as below (Moore, 2017):

• Prefer to use Database Scanning Tools
• Anti-Virus Installation into System
• Restricted and Authorized Access to Database (Healthcare IT News, 2017)

Prefer to use Database Scanning Tools

In appropriate monitoring of database, scanning tools help a lot. To identify any inappropriate action in database, Dominos’ could have been used database scanning tools such as Oscanner, Kaspersky, McAfee etc. Through these tools, whole scanning of database could be done to identify issue and to resolve those issues. The periodic database scanning helps to prevent database from virus and malware attacks.

Anti-Virus Installation into System

There is no doubt that anti-virus is a good solution to identify virus from database or computer system. It also performs complete scanning of database and computer and provide result in total number of virus exist into computer. Once we got to know about total number of viruses and their locations, we can make appropriate action to remove these viruses. So, this is also an effective way that could have been adapt by Domino’s to get rid of problem of database cracking by hackers.

Restricted and Authorized Access to Database

The access of database should be very restricted, especially in cases where huge amount of data is stored into database like Domino’s. It is responsibility of administrator to set authorized access for users and without permission no one should be allowed to access database. The reason for this is, sometimes an employee of company steals confidential information and can pass it to hackers or can help hackers to hack company’s confidential information. In this case, tracking of every activity of every authorized person should be conducted by administrator and if in any case doubt occurs then must take strict action accordingly.

The main problem in hacking case of Domino’s Pizza is that security parameters and policies were not implemented properly. If above listed solutions will be implemented by this company then chances of hacking attacks will be reduced

Conclusion

After this whole discussion we conclude that the maintenance of security and privacy of information is job of security experts who have better knowledge that how data can be remained more secured in databases. So they should suggest management to implement these solutions quickly. They should aware employees of company about bad impacts of hacking attacks and computer security breaches and also order them to use all suggested security tools and techniques. The support of company’s management is also required. If we want to use databases, computer systems and network solutions at our workplaces then our first priority should be security and privacy of information that will be stored and transferred through these tools

References

Curtis, S. (2017). Domino's Pizza hackers demand £24k ransom. Telegraph.co.uk. Retrieved 7 April 2017, from https://www.telegraph.co.uk/technology/internet-security/10902321/Dominos-customer-details-held-to-random-by-hackers.html

Dark Reading. (2017). Attacks & Breaches News, Analysis, Discussion, & Community - Dark Reading. Retrieved 7 April 2017, from https://www.darkreading.com/attacks-breaches.asp

Forbes.com.(2017). The Top 5 Most Brutal Cyber Attacks Of 2014 So Far. Retrieved 7 April 2017, from https://www.forbes.com/sites/jaymcgregor/2014/07/28/the-top-5-most-brutal-cyber-attacks-of-2014-so-far/#7bd28e9134da

Greene, T. (2017). Biggest data breaches of 2015. Network World. Retrieved 7 April 2017, from https://www.networkworld.com/article/3011103/security/biggest-data-breaches-of-2015.html

Huffingtonpost.com. (2017). Security Breach. Retrieved 7 April 2017, from https://www.huffingtonpost.com/news/security-breach/

HackRead. (2017). Top 15 Cyber Attacks and Security Breaches in 2015. (2017). Retrieved 7 April 2017, from https://www.hackread.com/top-15-cyber-attacks-security-breaches-in-2015/

Healthcare IT News. (2017). 2015 healthcare security breaches. (2017). Retrieved 7 April 2017, from https://www.healthcareitnews.com/slideshow/2015-healthcare-security-breaches-long-list

Inquirer, T., suspension, D., Latest, I., & read, M. (2017). Domino's hackers fail to release customer data following Twitter suspension | TheINQUIRER. https://www.theinquirer.net. Retrieved 7 April 2017, from https://www.theinquirer.net/inquirer/news/2350198/hackers-demand-domino-s-pizza-delivery-of-eur30-000-to-prevent-customer-data-leak

Munson, L. (2017). Domino’s Pizza hacked, customer database held to ransom. Naked Security. Retrieved 7 April 2017, from https://nakedsecurity.sophos.com/2014/06/16/dominos-pizza-hacked-customer-database-held-to-ransom/

Moore, M. (2017). Domino's Pizza WARNING - why customers should change their passwords NOW. Express.co.uk. Retrieved 7 April 2017, from https://www.express.co.uk/life-style/science-technology/744453/dominos-pizza-change-password-warning-customer-phishing

Motherboard. (2017). Bug in Domino's Pizza App Allowed Hackers to Get Free Pizza for Life. Retrieved 7 April 2017, from https://motherboard.vice.com/en_us/article/bug-in-dominos-pizza-app-allowed-hackers-to-get-free-pizza-for-life

Mail Online. (2017). Hackers demand £24,000 from Domino's in return for stolen details. Retrieved 7 April 2017, from https://www.dailymail.co.uk/sciencetech/article-2658862/Thats-lot-dough-Hackers-demand-24-000-Dominos-Pizza-return-650-000-stolen-passwords.htmlq

Msdn.microsoft.com. (2017). How To: Protect From SQL Injection in ASP.NET. Retrieved 7 April 2017, from https://msdn.microsoft.com/en-us/library/ff648339.aspx

SearchSecurity. (2017). What is data breach? - Definition from WhatIs.com. Retrieved 7 April 2017, from https://searchsecurity.techtarget.com/definition/data-breach