Computer Security- 2015 Anthem Medical Data Breach Case -Security Threats - Assessment Answer

Computer Security Assignment

Assignment Task

1. Search the web for news on computer security breaches that occurred during April-August 2016. Research one such reported incident. Prepare a report focusing on what the problem was, how and why it occurred and what are the possible solutions.

2. Research the 2015 Anthem medical data breach case on the web and prepare a report focusing on the following questions:

What was the problem?

Who were affected and how?

How was the attack carried out?

What could have been done to prevent the attack?

Introduction

1. The Computer Security Breach discussed in this section is one of the popular and shocking hacks of the year 2016 which is the LinkedIn hack. LinkedIn is a very popular social – networking site for professionals to connect globally. LinkedIn network was hacked in May 2016. Previously in the year 2012, LinkedIn was hacked by an unknown entity from Russia and this hack led to leaking of users’ personal information and nearly 6 million users’ data were leaked. (Hughes, 2016) Thus, it is very clear that LinkedIn was a main target for hackers. The year 2016 hack leaked nearly 117 million of LinkedIn user data which included e – mail ids and passwords of the users’. The hacker named himself as “Peace” and posted these users’ account information online for sale. The hacker also mentioned that, the data for current security breach was used from the year 2012 breach. The Hacker called “Peace” posted the sale of LinkedIn user information on the dark web illegal market place that is popularly called as The Real Deal and the amount claimed for the sale was 5 bitcoin, which is around $ 2, 200. Another data search engine named as Leaked Source, which is a paid hacked site, also claimed that they have obtained the LinkedIn users’ data. Both the masterminds of LinkedIn security breach, who are Peace and one person behind the Leaked Source website, said that they were successful in hacking database of LinkedIn users’ personal information and account which consisted of nearly 167 million users’ data and out of these 167 million users’ data, nearly 117 million users’ data / information consisted of both encrypted passwords and e – mail IDs. (FRANCESCHI-BICCHIERA, 2016)

The most vital part of the LinkedIn hack is that, clients' for the most part tend to rehash their passwords for different site logins, along these lines expanded the likelihood of programmers of accessing about 117 million client messages and financial balances. Different PC Security Specialists pondered what turned out badly with LinkedIn to take such a great amount of time to make sense of issues with their own PCs. (FRANCESCHI-BICCHIERA, 2016)

LinkedIn got to be mindful that another arrangement of information has been discharged which contained email addresses and also blend of passwords that were in a hashed form of users which were more than 100 million. (Hackett, 2016) During the period of hack of 2012, LinkedIn took the step of effectively resetting the passwords of their users that were in the hacked shortlist. Hence, the same process of resetting the users’ passwords was initiated in the 2016 hack but this time it took place in a bigger scale. (BBC News, 2016) LinkedIn Organization made prompt move to nullify the passwords of client records that are affected furthermore guaranteed to communicate with the suspected clients immediately and requested them to reset the passwords of their respective LinkedIn accounts. To accomplish this, the LinkedIn Organization requested all their users to visit the official LinkedIn website adn go to the customer care section and reset their passwords using the two – step process and also, utilization of strong passwords was recommended. ("Millions of hacked LinkedIn IDs advertised 'for sale' - BBC News", 2016)

Amid this exploration it was experienced by a Security Master that, the real reason for LinkedIn hacking ascended from the way that LinkedIn Organization had "hashed" its clients' passwords yet neglected to "salt" before sparing them. After the late security rupture, LinkedIn executed the idea of "Salting" yet just profited the login DB (Information Base) that was produced after the security assault. As indicated by Mr. Ferguson, actualizing the idea of "Salting" in LinkedIn was one of the best choices taken to store client passwords safely. ("Millions of hacked LinkedIn IDs advertised 'for sale' - BBC News", 2016)Cory Scott, the Central Data Security Officer of LinkedIn, said that the LinkedIn site is been scrambled and "salted" – or adding arbitrary information to the client passwords before they are encoded to guarantee they are not hacked effortlessly. Subsequently, LinkedIn effectively figured out how to advise every one of its clients' to redesign their login passwords in the site such that the watchword is not utilized anyplace as a part of other record logins furthermore effectively actualized client validation utilizing two – step check, which is an element that sends another security code to the client's enrolled telephone amid each login. (Hackett, 2016)

Considering the LinkedIn security assault in the year 2012 and additionally in the year 2016, it is entirely clear that LinkedIn was not exceptionally mindful about their clients' certification security and along these lines needed numerous elements to secure the records of their almost 400 million clients'. As indicated by the reports discharged by different Network Security Experts, it has been obviously specified that LinkedIn took a significant long time to follow the issue and were astounded to realize that LinkedIn wasn't generally mindful what turned out badly with their own Company's PCs. Likewise, the Company figured out how to just encode the client passwords by utilizing the idea of "hashing" however did not utilize "salting" highlight before securing and sparing them. Accordingly, it can be inferred that, LinkedIn's consecutive security rupture thinks about the poor validation and security system utilized by the Company. Be that as it may, "salting" furthermore two – step check validation are executed by LinkedIn post the digital assault.