Cyber Security AssignmentRegarding Under Armour And Sony Playstation
Answer the following questions:
1. Search the web for news on computer security breaches that occurred during April-August 2015-2018. Research one such reported incident. Prepare a report focusing on what the problem was, how and why it occurred and what are the possible solutions. - 15 Marks
2. Explain why asynchronous I/O activity is a problem with many memory protection schemes, including base/bounds and paging. Suggest a solution to the problem.
1. Research the 2011 Sony PlayStation Network outage case on the web and prepare a report focusing on the following questions:
- What was the problem?
- Who were affected and how?
- How was the attack carried out?
- What could have been done to prevent the attack?
Security breach at Under Armour, May 25, 2018
Under Armour run a fitness application called as MyFitnessPal which has been breached and it had affected an approx. count of 150 million users who uses that app. On the investigation it’s found that the affected information includes the username, email address of the user, hashed passwords. After this attack the shares of the organization has fallen down to 3.8 which was a great loss. After few days Under Armour declared that the breach has also affected 150 million users application which includes the food and nutrition style. Since the payment information has been handled separately, the breach had not affected that data. Under Armour dint collect any of the data such as the government identifiers, like social security number as well as the driver license. Since the company has used the hashing algorithm to save the passwords it has not been affected. The technique discussed in this cyber security assignment behind the hashed password is that hashing function which “bcrypt” the password which is further stored as the chaotic where the characters are being assorted. Since this in this network security assignmentis the time consuming process for the hackers to crack the passwords. SHA-1 requires very less computing resources and its being implemented and it’s being managed by the hashing scheme. This algorithm in this cyber security assignment is considered as the fastest algorithm which consists of the layers involved in running the data and it makes the process more difficult one. Here the functions are designed in order to run the specific computations which is also considered as problem in the reversing order.
There are possibilities where the cracking of the password was very less and still there are few hackers called as bad guys who can also able to guess the passwords. The passwords which are being hashed using the SHA-1 is considered as the more vulnerable one. Thus the several years of lessons has taught the organization to involve in to the security concepts. The Under Armour has also provided the additional information about the breach. It has also announced that it has been working on the security firms which involves the security investigation. There are various reasons where the organization nee to audit the security protection of the data to discover and making the security breaches not to be continued. The lawsuit has also found that it needs to improve the security in the process involved in the data collection as well as the storage practices. The court also needs the agreement clause which is being presented by the organization to take the necessary steps. The final result of the data breach as discussed in this cyber security assignment was to safeguard the data of the organization and to protect the plaintiff and also identify eh information which is being accessed by the unauthorized access and when the information is being disclosed. This is due to the potential security issue and also because of the negligent.The application in this cyber security assignment has put the users email address, username if cracked it has also put the individuals in to the risk.
The organization needs to follows the rules of the GDPR in order to maintain the data security in to the products, policies, systems. This network segmentation requires the data security and hence the organization needs to provide the users with the plain language explanation how the users’ needs to collect the data and what it’s intended to do. The organization has also specified that majority of the passwords where considered to be robust by using the hashing SHA-1 function and minority of the passwords has been bcrypt. That has not been salted properly. It is necessary to protect the user’s passwords and also need to fulfill the security requirements of the GDPR. It is also advised not to reuse the passwords.
Asynchronous I/O activity
The asynchronous I/O in this cyber security assignment involves in the input as well as the output processing and termed as the non-blocking I/O. when the I/O is passed to the hardware, the system calls are returned. Since the process are not blocked during the execution time and hence it is called as the non-blocking. Here the data is being returned back to the caller with the help of the even handler. Hence this process is called as the call back function. There are possibilities for this function to be called at any time and it is also called the asynchronous activity. Here the function returns the value depending upon the functions. And if there is no asynchronous I/O activity it could lead to the major issues. Each of the function has the base address as well as the offset. When the user specifies the address is beyond the given limit there are possibilities where the register needs to be increased and it is called as the upper bound registers and if is lower than the specific limit it is called as the lower bound. Thus the user area in this has been limited as the upper bound and the lower bound. Through this activity, the area of the user is differentiated from the other users’ data. The process discussed in this cyber security assignment involved in dividing the program in to several equal parts are called as the paging. Through this activity, even the memory sizes are being divided in to several frames in the pages. The name of the table is being linked to the memory address in which it’s being stored. For accessing the various address, the page and the offset value is required. The fence register is considered as the major advantage of the operating system.It provides the ability to relocate. This option of relocating in this cyber security assignment is important for the multi user environment. The process which is involved in the loading of the program is unknown to the users such as which program needs to be loaded first and which is getting executed. When the relocation register is being used this issue could be solved. Here the issue is being solved by the providing the base address as well as the starting address. The variable fence register is termed as the base register. This just provides only the lower bound and does not provide the upper bound. Hence the upper bound is being used to find the space that are found in the forbidden areas as they are allocated. The issues found in this register in this cyber security assignment is being overcome by the second register. The contents of the base register is added to the address of the main register, in order to change the contents of the base register and the Bound register, the true address space is required which is termed as the context switch. In this mode discussed in this cyber security assignment, it involves the process of reading/writing the input and the output in the asynchronous way.The inputs and the outputs are present in the queue in the VM when its being passed. Here the data is return to caller function by means of the event handler function where the call back functions are used to call any of the functions at any time slot and also execute the instructions.
2011 Sony PlayStation Network outrage case
In the year 2011, the higher number of the data breaches has occurred as discussed in this cyber security assignment. Due to these breaches, higher volume of the information has got compromised. It has been estimated that Sony lose nearly 14 billion which is approximately $171 million dollar on the network outage. This amount also include the amount which is used to setup the security again. The organization has state that it has not confirmed whether it was credit card fraudulent or the identity theft. Sony has declared that it was non-cash charge and it has also blamed that it was an adverse impact of the Japan earthquake. It is said that services are not operating in the full mode and it also said that is considered as the most devastating security breach. It has somehow restored the functionality of the network. Sony PlayStation has downtime in order to download the games. As a compensation it has planned to provide the free games. After two days of downtime, it was found that the Sony’s server clusters and the datacenters was hacked. After 24 hours of silence it has updated the new in its blog that it was an external intrusion which was the reason behind it. The person who was behind the security breach was unknown. The Sony has also guessed that PlayStation is weak due to the security mechanism which is passed through the data and it has also thought it also could be the SQL injection. There was an alternative option which is used to build it called as the Rebug.
This environment has helped the organization to change the PS3 to a developer unit. This also provides the trusted access to the internal developer. When the user is using the internal services there are more possibilities for the new hacks to occur which also includes the usage of the faked credit card details which is available on the network PlayStation. Once the firmware is being installed it is possible to breach the customer details which is present in the database. And it is also possible to attack the trusted network. The other issue arise such that the Network PlayStation passwords where exposed. It was very difficult to prevent the unauthorized usage of the system and it is simplest way to encrypt the data in order to secure the user privacy data.Sony had said to its customers that the credit card details has been leaked along with the customer information and it’s required to change their passwords. Since new organizations wraps up the story where it has been hacked, among those organization Sony has let out the information to its customers. It was said that nearly 70 million user data has been compromised and millions of the gamers has been inconvenienced to stay offline which was done for the welfare of the organization as well as the welfare for the people. The information which has been provided by the company is considered as the transparency. It is also announced that the network is going to remain down since it is going to rebuild its system and also strengthen the network infrastructure. After various steps as mentioned Sony has confirmed that it was under attack and it has also estimated the loss of nearly 10 billion dollar when its being calculated as an observer. It has suspected the unauthorized individual has stolen the information from the website such as the user name, email address, DOB which also includes the network password. After few days it has also said that the credit card information has also been stolen. The organization was also criticized for not knowing the reason of shut down for a week. Observers started to draw to the comparison with Apple and Microsoft. The organization has also seeked for the insurer for the coverage. Finally came to the conclusion that bad guys has attempted the breach. These people targets the services which are available on the cloud. They are well capable to get the services which are available on the cloud and hence the information has been compromised. It has been carried out in the well-organized manner by the bad guys. They enjoy in the success of the targeting the services and chase the individuals which also increase the efforts to safeguard the services in the cloud. It is also suspected that cyber criminals are also involved in the organization crime where the cookies are being written by them and is being sold based on the needs of the services. As a result the monetization services are provided to the writers. Few users may need the credit card information whereas the other may require the usernames. The others who attempts the attack is the Anonymous. They perform the security breach in the most traditional method since Sony don’t have the better network security. The cryptographic feature was also available in the PlayStation firmware which enhances the feature on the device used to validate the credit card number. Various measures as recommended in this cyber security assignment are taken to stop the security breach. Right policies needs to be formulated to prevent the breaches taking place in the further way.The third party security needs to be provided to the users so that they can handle it in the better way. The loopholes that is being used by the bad guys and the other hackers needs to be checked and finally the organization needs to check for the insurers to provide the benefit to the users data and also the organization from occurring the further hacking.
B. Quinn and C. Arthur, "PlayStation Network hackers access data of 77 million users", the Guardian, 2019. [Online]. Available: https://www.theguardian.com/technology/2011/apr/26/playstation-network-hackers-data. [Accessed: 21- Apr- 2019].
J. Newton, "https://digitalcommons.ciis.edu/cgi/viewcontent.cgi?article=1079&context=ijts-transpersonalstudies", International Journal of Transpersonal Studies, vol. 34, no. 1-2, pp. 172-186, 2015. Available: 10.24972/ijts.2015.34.1-2.172.
S. Anthony, "How the PlayStation Network was Hacked - ExtremeTech", ExtremeTech, 2019. [Online]. Available: https://www.extremetech.com/gaming/84218-how-the-playstation-network-was-hacked. [Accessed: 21- Apr- 2019].
"Under Armour says data breach affected about 150 million MyFitnessPal accounts", CNBC, 2019. [Online]. Available:
https://www.cnbc.com/2018/03/29/under-armour-stock-falls-after-company-admits-data-breach.html. [Accessed: 21- Apr- 2019].
"Lawsuit Filed in Wake of Under Armour Data Breach", Bankinfosecurity.com, 2019. [Online]. Available:
https://www.bankinfosecurity.com/lawsuit-filed-in-wake-under-armour-data-breach-a-11051. [Accessed: 21- Apr- 2019]. "The 10 Biggest Data Breaches of 2018... So Far", Blog.alertlogic.com, 2019. [Online]. Available:
https://blog.alertlogic.com/10-biggest-data-breaches-2018-so-far/. [Accessed: 21- Apr- 2019].
F. Allen, R. Greiner and D. Wishart, "CFM-ID Applied to CASMI 2014", Current Metabolomics, vol. 5, no. 1, pp. 35-39, 2017. Available: 10.2174/2213235x04666160620100011.