M3A1: Case Study: Textbook Case 5.1 Yahoo Wins the Gold Medal and Silver Medals for the Worst Hacks in History!

Paper instructions:

Writer 1080
Case Study:
There seems to be a cybersecurity headline once a week about at least one company or government agency being hacked or reporting some type of breach. In this module, you have learned about the challenges associated with cybersecurity and ways the threats can be mitigated. You will focus on the challenges experienced by Yahoo in this case study.
Write a 2-3 page paper not including the cover page or reference pages, that answers the questions from the textbook case study 5.1 – Yahoo Wins the Gold Medal and Silver Medals for the Worst Hacks in History! You must cite at least five independent scholarly sources to support your position, using appropriate APA format.
cite the source of your data according to APA standards.
Any information which not common knowledge is must include in-text citation. Needed a stronger introduction. Introduction needs more content for capturing attention at the beginning. The introduction also needs to set the tone for the paper and introduces Key Points

Don't use plagiarized sources. Get Your Custom Essay on
M3A1: Case Study: Textbook Case 5.1 Yahoo Wins the Gold Medal and Silver Medals for the Worst Hacks in History!
Get an essay WRITTEN FOR YOU, Plagiarism free, and by an EXPERT!
Order Essay

Yahoo Wins the Gold and Silver Medal for the Worst Hacks in History!
It wasn’t until Fall 2016 that Yahoo alerted its users and the public to the first of two of the largest known breaches of user information in history that had occurred 2–3 years earlier. On September 22, 2016, Yahoo publicly disclosed that over 1 billion Yahoo account records were stolen in mid-2013. A second news release on December 15, 2016, revealed a second attack that occurred in 2014 when the account information of over 500 million Yahoo account holders was breached. The delay in reporting is partly due to the fact that Yahoo itself did not know of the breach until shortly before releasing these statements to the public. The information leaked in the attacks included e-mail accounts, telephone numbers, street addresses, unencrypted security questions and answers, but no financial information.
To add insult to injury, at the time of the first news release, Yahoo was in negotiations with mega-corporation Verizon to acquire Yahoo for $4.83 billion. After the first news release, Verizon said that the announcement could have a negative impact on their purchasing decision. The second news release caused Verizon to further review the financial implications of the two breaches and reduce its offer by $350 million.
The 2013 breach was conducted by an unknown unauthorized third party. The information stolen in the 2014 attack was sold by a “state-sponsored actor” on the Dark Web for 3 Bitcoins (approx. $1,900). The actor, who used the name “Peace” is of Russian origin and attempted to sell data from 200 million Yahoo users online. Yahoo urged all of its users to change their passwords and security questions and to review their accounts for suspicious activity. To date, little information has been released on the 2013 breach, but more is known about the incident that occurred in 2014.
How the Second Attack was Carried Out
The data theft was similar to the way in which a typical online attack of a database is carried out. The protections used for database containing the login and personal information were insufficient to protect against the advanced methods used by the hackers. In this case, the encryption method employed in the database was broken by the hacker. Additionally, cybercrime analyst Vitali Kremez maintains that the hacker stole the information from Yahoo slowly and methodically so as to not draw attention to the breach taking place.
Since the breach was not immediately detected, the hacker had plenty of time to leverage the information in a financially, personal, or politically beneficial manner. It is not clear if the seller is the original hacker.
Impact of the Data Breach
Since the breaches were so devastating and far reaching to most of Yahoo’s customer base, Verizon is having second thoughts about the acquisition. Craig Silliman, general counsel to Verizon, said Verizon has “a reasonable basis” to believe that the data breach will have a significant impact on the deal proceedings and the likelihood that it will actually happen (Fiegerman, 2016). He furthers to explain that Yahoo will have to convince Verizon that the breach will not affect future processes in the company and that more security features have been and will be implemented. Also, the incidents could make the Yahoo deal worth about $200 million less than the $4.8 billion initially settled upon. In addition to the decreased value of Yahoo’s core assets, the company’s stock fell about 2% after the comments by Craig Silliman.
Justice is Served
On March 17, 2017, the U.S. Department of Justice indicted two Russian Intelligence agents and two state-sponsored hackers, Alexsey Belan and Karim Baratov, for the theft of the Yahoo user data in 2014. Belan, one of the FBI’s most notorious criminal hackers, had been previously indicted in two other cases. In the indictments it was revealed that the targets of the theft included Russian journalists, U.S. and Russian government officials, military personnel, and private-sector employees of financial, transportation, and other companies (Balakrishnan, 2017).
The obvious issue surrounding the Yahoo data breaches is Internet security. Simple username, password, and security questions simply are not enough to keep hackers at bay. UC Davis professor Hemant Bhargava notes that two-factor authentication (TFA) is successful in many other companies and that Yahoo should follow suit (Matwyshyn & Bhargava, 2016). An example of TFA would be that a user is asked to enter information such as username and password, then a mobile app generates and sends a random number code for the user to enter before being granted access to his or her account. Both the Yahoo account and the mobile app are linked to a common, secure account. This method is exceptionally popular and useful since over 50% of Web users access the Web through their mobile phones.
Questions
1. Why do you think Yahoo was targeted for these data breaches?
2. Why did Yahoo keep the breaches from the public eye? How did their nondisclosure affect Yahoo’s relationship with its customers and partners?
3. In addition to the data theft, what else was damaged by this incident?
4. Were these cybersecurity incidents foreseeable? Were they avoidable?
5. Assuming that the CEO and CIO were forced to resign, what message does that send to senior management at Yahoo?
Sources: Compiled from Fiegerman (2016), Hackett (2016a), Kan (2016), Lee (2016), Matwyshyn and Bhargava (2016), Murgia (2016), Sterling (2015), and Balakrishnan (2017). 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

It is very clear that cybercrime has and will continue to grow exponentially as technology advances. Avast, a computer security company defines cybercrime as “any criminal activity carried out using computers or the internet” (Avast.com). There are many ways attackers are able to achieve this such as social engineering, virus and all types of malware among many others. As organisations and individuals continue to rely on digital technology to store their data and perform certain operations, so do criminals find new ways to perform malicious attacks and unauthorised operations with this information and technology. The Yahoo data breach is a perfect example of the implications of cybercrime to organisations, individuals and nations globally.

The most probable reason that Yahoo was a target for an attack by the assailants is because of the nature of emails. Emails are very widely used as a mode of communication. Whenever an email is hacked, the attacker has the victims’ information such as the address, telephone numbers as well as sent and received messages that may be sensitive and confidential. If the attacker continues to have unauthorised access, he or she could continue to receive and send messages to other people without his or her activities being discovered. It is possible for an attacker to perform a financial operation with a victim’s account. This makes mail operators like Yahoo and Google a big target for hackers. When done on a large scale like in this case, the data could be processed and used to make decisions to benefit the attacker, for instance, if an attacker got access to the mail of an entire organisation, it would be possible for him or her to anticipate their business move and even sell their plans to competitors. It is also possible that Yahoo was targeted for its minimal information security measures. They only had a password and a security question for security, it is possible it was just not that difficult or tedious to hack the company.

Organisations often choose to keep quiet about data breaches mostly because of their business viability in the market (Janakiraman 2018).  In Yahoo’s case, the users would feel like their information was no longer safe and opt to move to other mail providers. The company would lose a large number of clients to this effect. While this may seem like a viable option, it is not often the right decision. Yahoo realised that the information obtained by the hacker was on sale on the dark web and now that causes a lot of problems. The first and major one is that these users are unaware that their information has lost their confidentiality and will continue sending confidential and sensitive information using the same compromised emails. The second is the idea that the public would come to know about the breach eventually but from a different source other than the one involved. These issues pushed Yahoo to disclose the breach and with that started to lose value in the stock, faith by customers and value of the company where Verizon reduced the deal by $350 million.

The after-effects of a data breach are even more damaging than the theft of data itself. First are the financial impacts of the breach such as paying back as compensation to customers what was stolen if at all it had monetary value. Next are fined by government organisations set up in place to safeguard the information that belongs to the public provided by the data protection regulation in most countries (Schuessler 2017). Lastly, reputational damage which was the biggest effect of Yahoo after the breach. Their reputation was ruined and business deals revised due to this cause and effect.

There is a first and fundamental rule in information security, “digital information on the internet can never be a hundred per cent safe” (Priyadarshini 2019). Cybersecurity experts have to deal with this fact. They can only reduce to a manageable level. It was possible for Yahoo to foresee some the possible breaches that could amount from the services they provided to their clients but there are plenty of parameters leading up to that. The major one is technology and its fast rate of change. A firewall that was effective last year might not be so effective this year and yet with every update and new installation is a rise in the business overhead for the organisation. Another problem is that if the Yahoo system applied all kinds of security measures for their clients, it would mean that the operability became even more complex. Digital information systems functionality reduces with increase in security (Priyadarshini 2019). So, yes it was possible to foresee a cyber incident by Yahoo security department and yes it was possible to avoid it but it does not necessarily mean that the company would not have faced other problems with regards to the measures they undertook.

For senior management, the biggest lesson from the Yahoo data breach is to invest proper resources and time in cybersecurity. A proper cybersecurity team can monitor risks, identify breaches in time and give proper recommendations in the event of an attack. Information security should be part of the development of any information system and not just as an afterthought when the entire process is complete (Kim 2016). Every employee needs to be properly trained in security be it digital or manual as anyone could become a part of social engineering by a malicious attacker.

Cybercrimes will continue to be a nuisance to organisations globally. Cybersecurity experts need to be as good as the hackers themselves in order to be able to prevent, stop or foresee attacks. Hackers invest a lot of resources to breach networks and applications and the same amount of resources should be given in organisations to their information systems departments.

References

Avast.com. What is Cybercrime? Retrieved on 13th September 2019 from https://www.avast.com/c-cybercrime

Janakiraman, R., Lim, J. H., & Rishika, R. (2018). The effect of a data breach announcement on customer behaviour: Evidence from a multichannel retailer. Journal of Marketing82(2), 85-105.

Kim, D., & Solomon, M. G. (2016). Fundamentals of information systems security. Jones & Bartlett Learning.

Priyadarshini, I. (2019). Introduction on Cybersecurity. Cyber Security in Parallel and Distributed Computing: Concepts, Techniques, Applications and Case Studies, 1-37.

Schuessler, J. H., Nagy, D., Fulk, H. K., & Dearing, A. (2017). Data Breach Laws: Do They Work?. Journal of Applied Security Research12(4), 512-524.

 

 

Homework Sharks
Order NOW For A 10% Discount!
Pages (550 words)
Approximate price: -

Our Advantages

Plagiarism Free Papers

All our papers are original and written from scratch. We will email you a plagiarism report alongside your completed paper once done.

Free Revisions

All papers are submitted ahead of time. We do this to allow you time to point out any area you would need revision on, and help you for free.

Title-page

A title page preceeds all your paper content. Here, you put all your personal information and this we give out for free.

Bibliography

Without a reference/bibliography page, any academic paper is incomplete and doesnt qualify for grading. We also offer this for free.

Originality & Security

At Homework Sharks, we take confidentiality seriously and all your personal information is stored safely and do not share it with third parties for any reasons whatsoever. Our work is original and we send plagiarism reports alongside every paper.

24/7 Customer Support

Our agents are online 24/7. Feel free to contact us through email or talk to our live agents.

Try it now!

Calculate the price of your order

We'll send you the first draft for approval by at
Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

We work around the clock to see best customer experience.

Pricing

Flexible Pricing

Our prces are pocket friendly and you can do partial payments. When that is not enough, we have a free enquiry service.

Communication

Admission help & Client-Writer Contact

When you need to elaborate something further to your writer, we provide that button.

Deadlines

Paper Submission

We take deadlines seriously and our papers are submitted ahead of time. We are happy to assist you in case of any adjustments needed.

Reviews

Customer Feedback

Your feedback, good or bad is of great concern to us and we take it very seriously. We are, therefore, constantly adjusting our policies to ensure best customer/writer experience.

See all services