MITS 5004 IT SECURITY
Security breaching or data breaching is the concept that involves the activity of accessing data or any other application or service without any authorization being given by the owner of the data or the system. The incident of security of data breaching occurs due to the illegitimately entering to the private, confidential and unauthorised logical Information Technology parameter. Security or data breaching is the violation that has been occurring in the world of technology leading to large amount of cyber attacks and cybercrime case studies. This paper is based on the discussion of security issues and data management issues that has been faced by certain repudiated companies like Uber and Sony PlayStation leading to data and security breaching incidents occurring in the companies. The paper helps in the identification of the causes and the potential measures that are to be taken in order to prevent the occurrence of such incidents in future.
1. Search the web for news on computer security breaches
The Uber data-breaching incident that has affected more than 57 million customers and drivers all over the world and more than 2.7 million users itself in United Kingdom has been one of the biggest examples of data breaching. The incident has still its impact being persistent on the company until today leading indicating the harsh consequence that can be faced due to lack of proper computer security.
The Uber data breach case is one of the recent data-breaching incident that occurred in the year 2016 led to the exposing of massive number of personal data and confidential information. The incident affected 57 million customers all over the world that included both the driver’s information and the customer’s information. The company Uber, kept the breaching incident hidden and has paid the hackers a ransom of $100,000 in order to delete the data stolen by the hackers. The incident has led to the different consequences of compromise faced by the drivers the most and led to the vulnerability of the customer’s personal information (Senarath & Arachchilage, 2017). The protective measures that were to be taken by the company Uber was not effective and included the presence of ignorance and improper monitoring. According to the Bloomberg, the chief executive officer of the company Uber already had the notion of the breaching incident prior to the major attack that has occurred. This puts a light on the negligence that has been given by the CEO of the company and the security officer who was active in the company during the occurrence of the incident.
Occurrence and consequences
The incident took place at the software repository of the company, which is known as the GitHub. The GitHub is the platform, which is used by the developers in order to host the codes that are meant for security purposes and allows the re-viewing of each other’s codes with prior security permission. Due to certain carelessness, the developer’s private account was being hacked by the hackers that led to the stealing of the pathway to access the database of the company. The access that was being gained by the hacked with the help of the developer's account led to the identification of the set of login credentials. The hackers then used these login credentials in order to attack the user’s account and the driver’s account. The attack was more possible as the computing tasks of the company got onto the hands of the hackers with the help of the login credentials. The incidents have led to the attaining of the names, the email addresses and the cell phone numbers of the passengers song with the names and license of the drivers (Ahmed et al. 2018). The company has been facing different allegations and scandals accusations due to the occurrence of such incident and the rate of trust from the consumers decreased at the same time.
The basic reason behind the occurrence of such incident is the utmost negligence that has been given by the chief executive officer of the company when there was a first notice being given to the company. The security officer of the company had prior sent a notice to the company’s chief executive officer regarding the unusual activity and the possible threat that is to be faced by the company in the near future. Considering the letter to be a hoax, the chief executive officer did not pay much attention to the prior notification, which led to the occurrence of the incident on a massive level. This shows that the software repository used by the company was not up to the mark leading to the easy unauthorised access to the confidential information of the customer’s of the company and the driver's license being compromised (Robbins & Sechooler, 2018). The ineffectiveness being shown by the developer of the company in removing the login details from the storage service once they leave. There has been the identification of exposure of the private keys for the Amazon Web Service cloud account and the companies using the GitHub to put their websites and use credentials in code publicly. The presence such incident and the ineffectiveness showed by the company have led to the occurrence of the Uber data-breaching incident.
Considering the different impact that has been caused by the data breaching incident, it has been evident there is the need for the companies to give focus on their security system that is being used the computer infrastructure while carrying out any computing tasks. It is important to note that the incident could have been prevented if the executive officer looked into the first indication that was given by the security officer and carry out the investigation beforehand. The occurrence of the incident can be prevented by using zero-trust approach that will focus on providing access to services based on the information known to the individual about the user and the device (Groves, 2018).
2. I/O activity problems with many protection schemes including paging and base or bounds
The fence register mainly gives an accurate ability for relocating. In order to separate the major two user areas, users are providing a start address, which is known as the base address and it. All the different programs in the particular or specific user area are fully offset from the base address. In this I/O activity, problems a user can use the specific address space that may be exceed to beyond its limit and therefore an upper bound is also important for restricting those users from entering into other user area. On the other hand, the upper bound register is also known as bound register (Wong et al. 2018). Thus, in order to provide separation as well as maintain the integrity of different information and data it has been seen that the base or the bound register scheme is also important and significant and it also need to me implemented properly.
A pair of base or bound register mainly gives the upper and the lower limits of the different specific areas to their users therefore the pair will be able to protect a single user area in an appropriate way from the other users.
After analyzing the problems, it has been seen that paging can also help a user to solve the different I/O activity problems. Paging process mainly divides some programs into equal sized pieces as well as pages along with the memory also divided into several page frames. In addition, the page table name along with the associated memory address is also stored in an accurate page table. After utilizing the page and table along with offset value it can be said that different issues and the different addresses can be accessed (Zheng, 2015).
A major or essential advantage of an operating system with the help of fence register is the ability to move, this trademark is imperative in a multi client circumstance. With something like two customers, none can know early where a program will be stacked for execution. The relocation register also deals with the different issues by giving base or beginning location process. All area inside tasks is offsets that also are associated with base area. All area or address inside the I/O activity process also undertakings is balances from that base area. A variable fence register is known as base registers for resolve all the issues. Fence register mainly gives a lower bound yet not an upper one.
On the other hand, it can be said that an upper bound can be useful as well as essential in knowing how much space is allocated and in enlisting for surges with illicit zones or forbidden areas. To vanquish or overcome an issue a second enlists or register is consistently included. The second register is called a bound enroll is an upper area control. Each program conveys is constrained to be over the construct area with respect to the grounds that the substance of base enlists is added to address. This technique shields a program address from modification by another customer in order to solve and I/O activity issues along with the help of paging and base or bounds (Wong et al. 2018).
1. Sony PlayStation Network outage
The incident of Sony PlayStation Network outage is a case of external intrusion that has occurred on the Sony’s Play station Network and the Qriocity services given by the company. In this incident the personal details of the more than 77 million accounts were hacked. The incident also restricted the users from accessing the consoles of PlayStation 3 and PlayStation Portable. The security breach that occurred in the company was one of the largest breaches that occurred in the history worldwide, leading to the outage being active for twenty-three days. It has been noted that the security-breaching incident has led to the high level of vulnerability concern for the users as their credentials and confidential information were exposed.
Between April 17 and April 19, 2011, the outage of the Sony PlayStation Network took place that lasted almost twenty-three days and has been marked to be the largest data breaching case in the history until then. The outage has led to the exposure of the confidential information and the other credentials of the users of the PlayStation. This occurrence of the external intrusion has led to the restriction of the usage of the PlayStation 3 and the PlayStation Portable by the users. The company was forced to turn off the PlayStation Network on April 20, 2011 and the conformation of the incident was given on May 4, 2011 that included the announcement of personally identifiable information being leaked and exposed (Goode, Hoehle, Venkatesh & Brown, 2017).
After the announcement of the incident, the company Sony has launched the PlayStation 3 firmware on May 4, which is a version of the PlayStation 3.61 that acted as the security patch for the users using the play station. This led to the changing of the password during the signing in process but the network of the system was rather offline. The incident has led to the removal of the details of the 2500 users that were stolen by the hackers. These data included the names and the address of the database that were created in the year 2001.
The outage has led to the exposing of the important and confidential information, which forced the company Sony to warn the users of the play station that their information has been stolen (Milburn, 2017). The company locked the gamers out of the network for more than a week. It has been noted that the Sony’s PSN one of the biggest holders of credit cards that holds more than 100 million accounts. However, the company ensured that there was no stealing of the credit card numbers of credentials, which might have caused further more impact on the individuals using the Sony PSN. it has been noted that the incident led to the disruption in the usage of the play station as the users did not want to involved themselves as part of the being the victim of such an activity. The occurrence of this attack had led to the suspension of the SOE servers and the Facebook games. The company had to face huge criticism leading to the comments being given by the security exerts Eugene Lapidous of AnchorFree that questioned the breaching incident and questioned the company's security system that has been used by them.
Ways that carried out the attack
There are various reasons that have come up as a part of the attack occurred in the company. It has been analysed that the continuation of the Anonymous DDoS reprisal for Sony’s persecution of PlayStation 3 jailbreak, Geohot. It has been observed that the actual reason being the attack is not well known due to the security reasons. However, there have been certain assumptions that the weakness in the mechanisms of the PSN security is one of the major causes for the incident. This has led to the passing of the data to the hackers or the attackers might have got into the SQL injection attack. The lack of effective security system being used on the play station and the misuse of the network by the play Station has led to the occurrence of such incidents. There was the presence of the unauthorised access to the system of the company’s play station where the encryptions of the valuable information were not carried out effectively. The exposed data and the stealing of the valuable information have led to the realization that security is the most important aspect in terms of using the personal computer system or any network (Pandey, 2018).
There is the need for such companies to ensure that the different threats notification that are being received by them from the security officers is to be focussed and there is the need to take preventive measures. It is important for the companies using a large part of their operations relating to information technology and network to make sure there is regular updating of the security system of the network being used. In order to prevent such attacks in future, there is the need for the companies to develop their security logging system so that the attackers who are highly skilled are unable to get through the assessing capability of the login credentials. Data protection is the most important aspect that is to be focused on by the companies like Sony so that the companies are being able to maintain their security system and ensure that there is no occurrence of such incidents in the company (Woon & Pang, 2017).
The discussion carried out above indicates that there is the need for the companies using information technology and internet in order to conduct different business operations and the servicing of the product to the customers to be actively taking part in their security system updating. It is highly recommended that the similar companies like Uber and Sony need to pay attention to the prior notification received by them regarding the security issues that are to be faced or is active. It has been gathered from the above discussion that the use of the information system and technology relates to the high rate of insecurity in terms of the information that are being shared by the users over the internet leading to the huge impact and loss.