Hackers That Breached the Eidos Montreal Website - Assignment Example

? Full Paper Hacking a Website Group of expert hackers breached Eidos Montreal website compromising 25,000 email addresses along with 350 resumes dated May 13 2011. The description of the incident was stated by the company as "Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again"(Square enix confirms data lifted in website raids • the register ). Nonetheless, data associated with online e-commerce transactions and credit cards was available on the data servers that but not linked to the website. Similarly, many applicants have applied for recent job openings at the studio, their resumes were also stolen, revealing educational background, home address and contact numbers. However, the organization claimed that only email addresses are stolen. The companies accounted that only email addresses are stolen. However, the organization declared that the security of the website was most updated. The concerned personnel of the organization stated, “We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident” (Square enix: 25,000 email addresses taken in deus ex website hack). The statement given by the concerned personnel of the organization was not credible as the security breach clearly demonstrated loopholes in their security architecture. One more incident related to website hacking took place in which some particular areas of the website were breached. The name of the website was daily Telegraph. It was hacked by Romanian hackers. Moreover, the areas that were hacked includes pages named as ‘Short Breaks’ and ‘Wine and Dine’ correspondingly. The methodology and technology that was used to attack the site was not found. A researcher named as Chris Boyd illustrated description of the pages that were hacked. The contents of the page were “sick of seeing garbage like this … calling us Romanians gypsies” (Daily telegraph website hacked by aggrieved romanians). The survey concluded and justified the real world factors related to website hacking as it has its own place in the field of hacking. In order to protect websites from vulnerabilities and threats, security measures are required. Moreover, websites providing e-commerce services are even more vulnerable and require most updated security controls in place. 2 Ethics Statement Hacking is related to explore a security flaw that has not been addresses before. Generally, information security professionals take hacking as a concept of stealing and destroying data or any incident related to criminal activities. However, hacking illustrates brilliance of an individual to demonstrate his knowledge on the network domain as well as on the application domain. All the critical inventions associated with information security are evaluated due to hacking attacks (Introduction to computer ethics). One part of accepting hacking as a good cause is to strengthen the security architecture, but on the other hand, hacking has the capacity to facilitate individuals to steal highly confidential information from servers located in organization as well as stealing funds by credit cards and bank account. Hacking ethics are important for an organization to address. As Stephen Levy from the MIT department and Stanford, illustrated factors related to ethical hacking, which are as follows (Introduction to computer ethics): ‘Administrative access’ must be granted to every network resource, computing device and nodes. There will be no restrictions for accessing any kind of information from or within the network along with free of cost. There will be no ‘file access security’ framework and full privileges must be given for accessing centralized resources on the network. Merit based selection for employees avoiding race, religion, position in the company. Computers will be used to add attractiveness Involvement of computing devices to augment and facilitate better lifestyles In order to trace hackers paths, ethical hackers takes charge and investigate the pros and cons. However, during this process, there is a risk of trial against the ethical hackers. This is the prime issue that requires attention, as security professionals supports to address this issue. The first factor that will lay foundations for the rest of the strategy is to develop a code that will be acceptable internationally. However, there is a possibility that the two groups, ethical hackers, and law enforcement agencies differ in views and approaches, guidelines to ethical hacking can resolve this issue as well. 3 Social Responsibility An American online media company and blog network known as Gawker media is among the successful blog based companies in America. The owner of the company is Nick Denton who lives in New York. After taking all the precautionary steps in terms of security, Goatse Security disclosed 114,000 email addresses to the media reporter named as Ryan Tate. The disclosed email addresses contains emails of . The email addresses were of renowned personalities, including (Goatse security and major apple iPad security issues): Janet Robinson – New York Times Co. CEO, Diane Sawyer – ABC News, Harvey Weinstein – Film Producer, Michael Bloomberg – Owner of Bloomberg, Rahm Emanuel – White House Chief of Staff, William Eldredge – US Airforce Commander, Ann Moore – CEO of Time Inc, Chase Carey – President and COO of News Corp, Cathie Black – President of Hearst Magazines and Les Hinton – CEO of Dow Jones. Hackers concluded that they have found evidence that only on one condition Goatse Security has disclosed email addresses to the reporter. Reporter ensured that all the email addresses and ICC-IDs associated with would be censored, in order to prevent them from threats and unauthorized access. Unfortunately, he was not able to protect the email addresses (Fpolom's blog). Gawker media was not guilty and was not socially responsible for the security breach that has happened. In addition, Gawker never asked from AT&T regarding their position from the impact of the breach (Fpolom's blog). 4 Factors a CEO should consider Current business trends are integrated to facilitate processes and functions via computing devices. Organizations maintain critical data on servers that are protected by efficient hardware based or software based security appliances on a low cost. CEO must take actions after a security breach as in case of Apple’s I pad following factors are mandatory to handle the situation in an efficient manner. These factors are (Top ten security questions for CEOs to ask): Identification of the concerned staff related to security protection and prevention of data assets on the network. There must be security objectives that illustrate risk mitigation methods that must be followed in every phase of the network i.e. maintenance phase, expansion face, security breach phase etc. Benchmark testing is essential at this point as it will highlight the overall structure of the current network with weak security boundaries so that security professionals can summarize what has actually happened and how to repair it. The traces from the system are removed to a limit possible as hackers do not want anyone tracing them. In fact, there are cases where hackers gain access to networks for a long time without exploiting their presence. In that case, logs are the ultimate weapon for eliminating there hidden access. There is a requirement for a recovery plan in order to recover quickly from a security breach. A recovery plan may include list of actions to perform in less time and hence may save the reputation of the company. Staff training is also an essential factor. In training sessions, usage of social networking sites must be prohibited, as it will facilitate the hacker even more. For instance, if there is a security breach in an organization, every employee must be restricted to social networking sites, as they tends to share the status of the workstation as offline/ online. All the security-concerned personnel must focus on limiting the exploitation of the breach from spreading to other parts of the network as well. For detecting the characteristics of the security breach on immediate basis, preliminary assessment is an essential task to perform. The task provides characteristics of the threats that facilitate to develop a plan, containing all the actions that need to be followed. As per the scenario, email addresses of thousands of people were compromised. It is the responsibility of the organization to notify their valued customer, what has happened, and what will be the consequences linked with the breach. There are many methods to notify the customer. For example, email, telephone, SMS etc. 5 Security Breach Notification Via Email Dear Valued Customer, Our security team has discovered a security breach on 10 June 2010, compromising 114,000 email addresses of our respected iPad customers. In order to track and remove the threat from the network, we have performed some tasks in order to ensure your safety, the tasks are: We have shutdown I pad email services temporarily for all the users. We have developed a dedicated highly skilled security team to scrutinize and penetrate in-depth investigation of the security breach along with its reason of occurrence. Hardware and Software based security modules are evaluated in order to find a possibility to add more security. We drastically appreciate your tolerant and co-operating attitude during this time as our security expert team is investigating the security breach in order to provide urgent solution. For the moment, exploration is in practice, group of individuals have accomplished access to the following information email addresses, and all the information available in the body of an emails. If you receive any call asking too much personal information or confirming bank accounts or credit card numbers, please be aware as it is not necessary that these people are the concerned authentic ones. Depending on the information shared in emails, there may be other dimensions of the invasion of this security breach. Please reconcile bank account statements, credit reports, and other possible things that you assume relevant to the scenario. Moreover, there is also a possibility of identity thefts and financial losses. We need your mutual support and understanding on this security breach. Thanks again for your co-operation and patience. Apple Inc. References Square enix confirms data lifted in website raids • the register Retrieved 5/25/2011, 2011, from http://www.theregister.co.uk/2011/05/16/square_enix_website_hack/ Daily telegraph website hacked by aggrieved romanians | media | guardian.co.uk Retrieved 5/24/2011, 2011, from http://www.guardian.co.uk/media/2010/apr/15/daily-telegraph-hacking Introduction to computer ethics Retrieved 5/24/2011, 2011, from http://www.infosectoday.com/Articles/Intro_Computer_Ethics.htm Fpolom's blog Retrieved 5/24/2011, 2011, from http://fpolom.wordpress.com/ Top ten security questions for CEOs to ask Retrieved 5/24/2011, 2011, from https://www.infosecisland.com/blogview/11576-Top-Ten-Security-Questions-for-CEOs-to-Ask.html Goatse security and major apple iPad security issues Retrieved 5/25/2011, 2011, from http://www.beersteak.com/breaking-news/goatse-security-and-major-apply-ipad-security-issues/ Read More