IPad's Security Breach - Assignment Example

? Full Paper Organized Hack A website of an organization d as ‘Square Enix’ was expansively penetrated by a group of experthackers on May 13 2011. The fundamental objective of ‘Square Enix’ is to hire skillful software developers, testers and creative thinkers to work on different projects related to game development. Likewise, the breach conceded 25,000 email addresses and 350 resumes. Later, the explanation regarding the hack was publicized in these following sentences by the victim as "Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again" News | SQUARE ENIX MEMBERS (n.d.) However, servers that were preserving archives correlated to e-commerce transactions and credit cards were not interconnected to the website. Moreover, candidates have uploaded their resumes to ‘Square Enix’ for job considerations were also pilfered. Hackers can now trade and sell information present in the resumes, as educational background, home address and contact numbers, interest, hobbies, references etc. are exposed. Conversely, organization denied the fact that only one email address was leaked during the hack. Moreover, organization also stated that the website was equipped with latest and most updated web security architecture. An employee from an organization justified this fact as “We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident” Square Enix admits to Deus Ex website hacks. (n.d.). The statement given by the concerned personnel of an organization was not credible as the security breach clearly demonstrated loopholes in their security architecture. One more incident related to website hacking took place in which some particular areas of the website were breached. The name of the website was daily Telegraph. It was hacked by Romanian hackers. Moreover, the areas that were hacked includes pages named as ‘Short Breaks’ and ‘Wine and Dine’ respectively. There are still no answers for the hacking incident that was conducted by these hackers. The methodology and technology that was used to attack the site was not found. A researcher named as Chris Boyd illustrated description of the pages that were hacked. The contents of the page were “sick of seeing garbage like this … calling us Romanians gypsies” (Daily telegraph website hacked by aggrieved Romanians, n.d.). The survey concluded and justified the real world factors related to website hacking, as it has its own place in the field of hacking. In order to protect websites from vulnerabilities and threats, security measures are required. Moreover, websites providing e-commerce services are even more vulnerable and require most updated security controls in place. 1 Ethics Statement Hacking is a process that is implemented to explore a security imperfection that has not been reported earlier. Mostly, information security specialists take hacking as a concept of stealing and destroying data or any incident related to criminal activities. However, hacking exemplifies skills of an individual to exhibit his knowledge on the network domain, as well as on the application domain. Research and development in terms of information security is evaluated due to hacking and security loop holes (Introduction to computer ethics n.d.). One view of hacking is to be acquiescent, as a good cause is to strengthen the security architecture. However, the second view of hacking has the capacity to facilitate individuals to steal highly confidential information from servers located in organization as well as stealing funds by credit cards and bank account, therefore, giving a major business loss to an organization. Hacking ethics are important for an organization to address. As Stephen Levy from the MIT department and Stanford, illustrated factors related to ethical hacking, which are as follows (Introduction to computer ethics n.d.): ‘Administrative accesses must be granted to every network resource, computing device and nodes. There will be no restrictions for accessing any kind of information from or within the network along with free of cost. There will be no ‘file access security’ framework and full privileges must be given for accessing centralized resources on the network. Merit based selection for employees avoiding race, religion, position in the company. Computers will be used to add attractiveness Involvement of computing devices to augment and facilitate better lifestyles In order to trace hackers paths, ethical hackers takes charge and investigate the pros and cons. However, during this process, there is a risk of trial against the ethical hackers. This is the prime issue that requires attention, as security professionals supports to address this issue. The first factor that will lay foundations for the rest of the strategy is to develop a code that will be acceptable internationally. However, there is a possibility that the two groups, ethical hackers, and law enforcement agencies differ in views and approaches, guidelines to ethical hacking can resolve this issue as well. 2 Social Responsibility An American online media company and blog network known as Gawker media is among the successful blog based companies in America. The owner of the company is Nick Denton who lives in New York. After taking all the cautionary steps in terms of security, Goatse Security disclosed 114,000 email addresses to the media reporter named as Ryan Tate. The disclosed email addresses contains emails of the following renowned personalities. The list includes (Goatse security and major apple iPad security issues, n.d.): Janet Robinson – New York Times Co. CEO, Diane Sawyer – ABC News, Harvey Weinstein – Film Producer, Michael Bloomberg – Owner of Bloomberg, Rahm Emanuel – White House Chief of Staff, William Eldredge – US Airforce Commander, Ann Moore – CEO of Time Inc, Chase Carey – President and COO of News Corp, Cathie Black – President of Hearst Magazines and Les Hinton – CEO of Dow Jones. The breach initialized when ‘Goatse Security’ has provided email addresses to the reporter. However, reporter safeguarded and confirmed that all the email addresses and ICC-IDs associated with it would be blue-penciled, in order to prevent them from intimidations and unauthorized access. Tactlessly, he was not able to protect the email addresses (Fpolom's blog, n.d). Even though ‘Gawker media’ was not mortified and was not socially accountable for the security breach that has transpired. In addition, ‘Gawker media’ never asked from AT&T regarding their position from the impact of the breach (Fpolom's blog, n.d). 3 Factors a CEO should consider Contemporary business tendencies are unified to expedite processes and functions by means of computing procedures. Organizations preserve mission critical data on servers that are protected by proficient hardware based or software based security applications on a truncated cost. CEO is committed to take actions after a security breach, as in case of Apple’s I pad following factors are obligatory to bear the consequences associated with it in a resourceful manner. These factors are (Top ten security questions for CEOs to ask, n.d.): Identification of the concerned staff related to security protection and prevention of data assets on the network. There must be security objectives that illustrate risk mitigation methods that must be followed in every phase of the network i.e. maintenance phase, expansion face, security breach phase etc. Benchmark testing is essential at this point as it will highlight the overall structure of the current network with weak security boundaries so that security professionals can summarize what has actually happened and how to repair it. The traces from the system are removed to a limit possible as hackers do not want anyone tracing them. In fact, there are cases where hackers gain access to networks for a long time without exploiting their presence. In that case, logs are the ultimate weapon for eliminating there hidden access. There is a requirement for a recovery plan in order to recover quickly from a security breach. A recovery plan may include list of actions to perform in less time and hence may save the reputation of the company. Staff training is also an essential factor. In training sessions, usage of social networking sites must be prohibited, as it will facilitate the hacker even more. For instance, if there is a security breach in an organization, every employee must be restricted to social networking sites, as they tends to share the status of the workstation as offline/ online. All the security-concerned personnel must focus on limiting the exploitation of the breach from spreading to other parts of the network as well. For detecting the characteristics of the security breach on immediate basis, preliminary assessment is an essential task to perform. The task provides characteristics of the threats that facilitate to develop a plan, containing all the actions that need to be followed. As per the scenario, email addresses of thousands of people were compromised. It is the responsibility of an organization to notify their valued customer, what has happened, and what will be the consequences linked with the breach. There are many methods to notify the customer. For example, email, telephone, SMS etc. 4 Security Breach Notification Via Email Whenever, organizations are affected by a hacking attempt or security breach, support staff constructs an email and forwards it to all the customers. An example of an email is given below: Dear Valued Customer, Our security team has revealed a security breach on 10 June 2010, conceding 114,000 email addresses of our respected iPad customers. In order to trail and remove the threat from the network, we have implemented some tasks in order to guarantee your safety, the tasks are: We have shutdown I pad email services momentarily for all the users. We have established a committed highly skilled security team to dissect and penetrate in-depth exploration and analysis of the security breach along with its reason of occurrence. Hardware and Software based security modules are gauged in order to find a probability to add security at the utmost level. We considerably appreciate your lenient and co-operating insolence during this time, as our committed security team is reconnoitering the security breach in order to provide imperative solution. For the moment, examination is in practice, group of individuals have accomplished access to the following information: Email addresses All the information available in the e-mail body If you receive any call asking too much personal information or confirming bank accounts or credit card numbers, please be aware as it is not necessary that these people are honest. Be contingent on the information shared in emails, there may be other dimensions of the invasion of this security breach. Kindly reconcile bank account statements, credit reports, and other possible things that you assume relevant to the scenario. Moreover, there is also a likelihood of identity thefts and financial losses. We need your mutual support and sympathetic attitude on this security breach. Thanks again for your co-operation and patience. Apple Inc. References News | SQUARE ENIX MEMBERS. (n.d.). Retrieved from https://member.eu.square-enix.com/en/news Square Enix admits to Deus Ex website hacks. (n.d.). Retrieved from http://www.ggmania.com/?smsid=30965 Daily telegraph website hacked by aggrieved Romanians, n.d. | media | guardian.co.uk Retrieved 5/24/2011, 2011, from http://www.guardian.co.uk/media/2010/apr/15/daily-telegraph-hacking Introduction to computer ethics (n.d.) Retrieved 5/24/2011, 2011, from http://www.infosectoday.com/Articles/Intro_Computer_Ethics.htm Fpolom's blog Retrieved 5/24/2011, 2011, from http://fpolom.wordpress.com/ Top ten security questions for CEOs to ask (n.d.) Retrieved 5/24/2011, 2011, from https://www.infosecisland.com/blogview/11576-Top-Ten-Security-Questions-for-CEOs-to-Ask.html Goatse security and major apple iPad security issues (n.d.) Retrieved 5/25/2011, 2011, from http://www.beersteak.com/breaking-news/goatse-security-and-major-apply-ipad-security-issues/ Read More