Part A

Security Breach in the University of Oklahoma

In June 2017, the newspaper of the University ‘The Daily’ reported it, that the security of the University has been breached and very personal sensitive information related to the students and the Delve users have been exposed. This intrusion was made intentionally; and exposed the records of the students from 2002 to 2016, including the very personal information that was collected by the University. Delve was providing cloud storage and sharing system of the files to more than one user in order to improve the performance of the students (Ablon et al., 2016). Credentials were used to protect private information, but this breach removed all the barriers and allowed all the users to download those files.

Microsoft Office Delve was the portal provided for each individual of the OU University whoever has OU email’s access. Lax security measures, which OU was using to save the details of the Student including very personal information like medical record, grades, permanent address, bank account details and many more. These information were made publicly by the intruder who was supposed to be an inside person (Branham, 2017). The Delve was well protected by unique credentials and it allows sharing file between different users, but ‘which file they want to share with whom’ was well protected by the website as this system. By this intrusion, those files were exposed to every other user with an option to download it. These activities violated the Family Education Rights and Privacy (FERPA) law that sates “students have complete control over who can access their records related to education” (Lopez, tsitouras & Azuma, 2012). This security was not breached for a very long time, but for hours, the Delve was allowing download option for the documents of other users, which could have allowed many users to download that information, which were related to other user.

Delve was offered for the every OU’s email user and this intrusion affected every user who were connected to the Delve and used to keep their files save in that software. Almost every user of OU’s email service was using Delve whether they know how to keep data safe or not. There were 29000, reported incident about this security breach, which exposed all the information of the students who had taken admission from 2002 and after that (Qaisar, 2013). This security breach affected all the students and staff members of the Oaklahoma University. This data breach also affected the reputation of the university, as this service was provided by the university, no doubt for the benefits of the students but they were not able to keep this information secured (Watch, 2017). Legal actions could have taken against the University and this could have resulted in drawbacks of the federal funding, which in results would have affected all the individual who is connected the University by any way or means. The IT team who was responsible for the maintenance of this server were also affected by this intrusion, as they had to do much extra work and had to answer the panel about this intrusion.

What was the Problem?

News Paper of the OU, ‘The Daily’ reported that any external unauthorized user did not made the intrusion, rather it was an insider who had attempted and get access to the server and manipulated the coding to expose the information (Branham, 2017). According to the Microsoft Delve, the server was completely protected and the intrusion was made through the database system of the OU. The insider was somehow able to hack the database system of the University, which could be the result of human errors made by the IT team of OU (Watch, 2017). Delve was used as the breach by the intruder to enter the database and the cloud server where the files were being saved. Cloud server is beneficial in all the aspects if there is not any intrusion made to the server, but there should proper protection measures for the server.  

Cloud server implementation has many beneficial aspects but proper importance should be provided to the protection of this server. Various preventive measures could have stopped this security breach, which were neglected by all the participants. Firstly, IT team of OU should have given proper training in order to eliminate human errors, which could be cause of this breach as stated above (Patel et al., 2013). Proper technology for the tokenization and encryption of the files before saving it to the server could have also stopped this intrusion, as the user who downloaded those files will have needed proper encryption for accessing those files. Intrusion-detection-system implementation could have informed the IT about the intrusion earlier, as the IT team was even informed by the report provided by The Daily (Khorshed, Ali & Wasimi, 2012). Proper and regular audit to the system database and the server by the IT team in order to check and modify the coding if any vulnerability seems that could affect the system. Monitoring system, training to the email users and delve users on how to keep those files more safe and creating risk plan management could be the preventive measures to stop this breach and keep those files and information safer (Chou, 2013).

WannaCry Ransomware Cyber Attack

This was a type of ransomware cyber attack, which affected almost the entire world. It is being estimated by the IT experts that the attack was started between 12^th and 15^th May 2017. The name that intruders called it was Wannacry ransomware (Mohurle & Patil, 2017). This malicious virus blocks the access o the users to their personal files saved in the system. Various organizations, federals, hospitals and many others around the world became prey of this attack. After altering the files, the hackers were asking money in-exchange to gain access to those files again by the users in the form of Bit-Coin Currency. This attack caused damage to more than 100,000 computers across the world and restricted various organizations from doing their operational activities using the computers (Young & Yung, 2017).

Technically, it can be said that the malicious virus was encrypting all the files stored in the storage system of the user’s computer, which blocks all the way to do the operational activities, which could be done by the computers in an organization (including hospitals, federals and many other sectors). The intruders had used one of the secret software created by the U.S agency, which was stolen and sold out at the internet. This was used as the primary software for the hackers to get access to the storage system or drive of the computers that were connected to the internet (Young & Yung, 2017). Another problem was that the IT teams were not getting any way to get rid of this attack. Few experts were able to decrypt the files that were encrypted by this virus but several were affected and it caused them by either paying ransom or losing those data. The hackers were asking money in exchange of the anti-virus named ‘double pulsar’, which could have allowed the users to gain access to their files again and perform the organizational operations efficiently. Many of the organization were not able to get the anti-virus even after paying the ransom amount.

Who were affected?

As stated earlier, this was a global attack; it affected many computers of different organizations in different corners of the world (Renaud, 2017). According to the findings it can said that mostly affected corner was China. The users with pirated operating systems or outdated operating systems were reported to be the affected most. Hackers were targeting the users with the operating system Windows 7, Windows 8, Server, and Windows Xp, although, minimum damage was caused to the users with Windows Xp and Server. Many police headquarters in China and India were affected by this attack, which forced them to take their stations offline. Many hospitals in Russia, China, UK and U.S. had to suffer a lot by delaying several operations, surgeries and meetings. Big and rich Automobile companies like Renault and others also reported to the security breach due to this intrusion, which affected their production.

According to the research made by the experts, it is being estimated that the WannaCry Ransomware Cyber-attack was started at London on 12^th May 2017 by a European. The virus was activated after the access to a zip file which had several advance coding including the ‘EternalBlue’ and then coding to connect to the internet. ‘EternalBlue’ was software generated by the U.S. Agency in order to get access to the storage system of the users (Pascariu, Barbu & Bacivarov, 2017). It was explained by them that this was generated to improve cyber-espionage and keep the city safe. EternalBlue allowed the hackers to get access to the storage drives of the computers and those coding helped the virus to spread into the internet and affect other computers like a communicable disease by using internet as a medium. After that, the virus spread all over the internet and affected the computers with latest operating systems like windows 7, windows 8 and many others as stated above. This virus encrypted all the files that were being saved in the storage system and hackers were offering the anti-malware software for this virus in-exchange of money (Collier, 2017). This money was being collected in the form of Bit Coin Currency rather than any bank payment. This malicious virus gets into the storage drive of the computer and encrypts all the files stored in those drive by a unique encryption code. Many experts tried to encrypt those files but get failed due to the regular updates that were being uploaded by the intruders.

Following are the various methods that could have prevented this security breach:

• This virus has not affected the original and updated operating systems and those who were affected Microsoft offered them security patches in order to keep their files safe. This implies that using original and updated operating system could save the users from this mass security breach.
• Encryption and tokenization to the files could have protected them from being corrupted and stopped hackers to encrypt it again.
• Anti-malware software is also the option to stop it from being happened again in the future, as it could have stopped the hackers to get access to the computers (Vuolo, 2017).
• EternalBlue the primary weapon for the hacker should not have been exposed anyhow. If exposed the U.S. agency should have informed this and about its affect earlier.
• Microsoft should have offered these security patches earlier not after the attack, by predicting such attack after the expose of that software in the black market.

 References

Ablon, L., Heaton, P., Lavery, D., & Romanosky, S. (2016). Data Theft Victims, and Their Response to Breach Notifications.

Branham, D. (2017). OU shuts down file sharing service after failing to protect thousands of students’ records. [online] OU Daily. Available at: https://www.oudaily.com/news/ou-shuts-down-file-sharing-service-after-failing-to-protect/article_4f9a5e2c-50a2-11e7-a807-2f591e6c54f0.html [Accessed 22 Aug. 2017].

Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), 79.

Khorshed, M. T., Ali, A. S., & Wasimi, S. A. (2012). A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Generation computer systems, 28(6), 833-851.

Lopez, M. P., Tsitouras, D. J., & Azuma, P. C. (2012). The Prospects and Challenges of Educational Reform for Latino Undocumented Children: An Essay Examining Alabama’s HB 56 and Other State Immigration Measures.

Patel, A., Taghavi, M., Bakhtiyari, K., & JúNior, J. C. (2013). An intrusion detection and prevention system in cloud computing: A systematic review. Journal of network and computer applications, 36(1), 25-41.

Qaisar, E. J. (2012, March). Introduction to cloud computing for developers: Key concepts, the players and their offerings. In Information Technology Professional Conference (TCF Pro IT), 2012 IEEE TCF (pp. 1-6). IEEE.

Vuolo, J. (2017). Should we be using water filled gloves under the heel to prevent pressure ulcers?. benefits, 10, 32.

Watch, O. (2017). Security Breach at OU Exposes Thousands of Students’ Data. [online] Oklahoma Watch. Available at: https://oklahomawatch.org/2017/06/14/security-breach-at-ou-exposes-thousands-of-students-data/ [Accessed 22 Aug. 2017].

Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5).

Young, A. L., & Yung, M. (2017). Cryptovirology: The birth, neglect, and explosion of ransomware. Communications of the ACM, 60(7), 24-26.

Collier, R. (2017). NHS ransomware attack spreads worldwide.

Renaud, K. (2017). It makes you Wanna Cry.

PASCARIU, C., BARBU, I. D., & BACIVAROV, I. C. (2017) Investigative Analysis and Technical Overview of Ransomware Based Attacks. Case Study: WannaCry.