Unauthorized Code Execution

Requirement

PART A
Hacking Case of TuneCore
PART B
What was the problem?

PART A
Hacking Case of TuneCore

Solution

One of the major computer security breaches that occurred in 2015 between the period of September and December was the hacking of TuneCore Record Label. TuneCore is a service that deals in online distribution of music in record labels. It reported that its database has been breached by the hackers and therefore, the personal information about some of its customers was either on the verge of being compromised or has compromised. While, the company has been working for fixing it with a cyber-security firm with the help of federal authorities in order to resolve the matter. This attack is being considered one of the high profile attacks that have been in the news in recent times. It is now included in the list of Sony Pictures, Home Depot, Office of Personnel Management as well as the U.S. State Department.
The problem started when the hackers became able to obtain TuneCore’s encryption key. According to its CEO, they discovered that some suspicious activity was going on in the servers of TuneCore. On November 17th, as the news suggests, a hacker illegally collected information collected from its servers (Goldman, 2015). The report says that the attacker may have had access to important data belonging to its customers such as their names, addresses, email addresses, account numbers, TuneCore account numbers, TuneCore protected passwords, their banks names, billing information, server stored billing information, PIN numbers and bank routing numbers. However, the CEO said the full financial account information is never stored with TuneCore, therefore, the liaison between the parties was not breached as TuneCore had already hired a third party in order to process their credit card and banking transaction. The reasons behind this hacking may be one or all of the many reasons as described follows:

  • Vulnerability Scanning: it is the technique being followed by the hackers in order to identify any possible weaknesses in the computer system. Generally this technique is utilized by the network administrators for maintaining the security measures. It is considered as the gateway to additional attacks.

  • Server Disruption: in terms of server disruption, these hacking attacks are carried with personal motives. The majority of cases seem to have the goal of shutting down or rendering a specific site useless. Distributed Denial of Service (DDoS) is one such disruption mechanism, by which hackers seize control over a network of zombie computers called as Botnet.

Do you have no idea how to write your Information Technology assignment? Then consider contacting Allassignmenthelp.com for assistance. Our professionals have extensive experience and always deliver well-researched bioinformatics assignments. The main advantage of getting information systems homework help from our website is timely delivery. We never miss a deadline for an assignment.

Stealing Money:

this is the most frequently used motivation to hack the computer systems or servers. Therefore, it is something that everyone is most fearful about. In this age of online banking and online transaction of money, hackers often look for the opportunities in order to steal the credit card information. Online banking has made it possible for the hackers to digitally steal from us by putting banking Trojans or malicious lines of code.
Stealing Information: it is also one of the most widely utilized motivation by the hackers and it has become a huge concern for the online users. The hackers access the personal and private information of the users for numerous reasons. Their intentions could well be to impersonate us by assuming our identities and this happens by stealing Social Security Numbers. Sometimes, it is done in such a scale that an entire company is at the mercy of the hackers.   
Website Vandalism: it is often carried out for the purpose of shock factor to grab people’s attention. Such attacks could be politically motivated such as defaming someone’s website or decreasing someone’s credibility. It is widespread among the youth to vandalize their school website.

Unauthorized Code Execution:

in this type of attack, the hackers generally intent to infect the website of a user with malware in order to ultimately take control by executing certain commands. It is one of the most powerful forms of hacking as the hacker can perform this without even a trace of being caught.
In order to avoid hacking and malicious infections happening in the applications, a number of software companies are now incorporating new anti-tamper solutions that are effectively going to protect the entire applications and to maintain the code integrity at the same time. One of the emerging approach that is being used is to arm the applications with such a defense mechanism that itself injects thousands of checks and balances into the source code of the required application. As a result, the application is transformed into its own profoundly robust security system (Iyer, 2015). The best approach to do this is to use an anti-temper solution being applied on per application basis. That is, each application has unique and distinct defense specific to that particular application build.       

PART B

What was the problem?

In this case, a computer hack of massive scale had affected the accounts of almost 76 million people as well as around seven million businesses that operate in medium and small scale. This case is termed as one of the largest of its own kind that have ever discovered. This huge attack was going on for almost one month before it was found out. The reports suggest that this particular data breach is one of the most apocalyptical intrusions into the information system of a large scale American Corporation. It is even said to be the largest in the history. The attack was announced in August 2014 by the bank. It further desperately declared that the login information regarding the accounts such as passwords and social security numbers were not tampered or compromised. However, names, emails, postal addresses as well as phone number of its customers were accessed by the hackers, giving rise to the high concerns for potential phishing attacks (Rushe, 2014). The attack was so menacing that it also targeted nine other financial institutions other than JP Morgan Chase.

Who were affected and how?

The people who were affected by this massive hack were the account holders of JP Morgan Chase. 76 million of them were the ordinary householders and 7 million were small businesses. According to the documents that JP Morgan submitted to the Securities and the Exchange Commission, the names, addresses and emails of the customers were accessed by the hackers. They stated that the hackers were not able to steal money, credit card numbers, Social Security Numbers and account passwords of the customers. These information details about the customers was very lucrative for the hackers so much so that they thought that it would them a big pay day. 

How was the attack carried out?

The operating procedures of the thief hackers was such that they utilized a stock price manipulation scheme that allowed them to gather millions of dollars. Not only this, the hackers also operated several illegal internet gambling websites as well as a Bitcoin exchange that again generated millions more. In order to hide these activities, the attackers then set up multiple shell companies and also used fake passports and several other fraudulent credentials to maintain false identities. Particularly, one of the vulnerabilities that the hackers used was to obtain access to the sites with the help of Heartbleed Vulnerability that was discovered and exposed the year before. The alleged mastermind of this hacking operation was Shalon who was absconding from 2012 to 2015 and ultimately led the investigation team to the theft of more than 100 million victim’s data. According to the reports, these hackers stole customer information because they hoped to establish their own brokerage business. It was confirmed by the online chats between the perpetrators and authorities as they mentioned about modelling Meryl Lynch’s business practices in order to build their own business (Zetter, 2015). But with the stolen customer data to give them a leg up. Not only the JP Morgan Chase, the hackers were also charged with the hacking crime by attacking six other financial institutions, financial news sites, online stock brokers as well as software companies. The authorities, after the investigations, had charged Grey Shalon, Joshua Samue Aaron and Zic Orstein on as many as 23 cases including the serious ones like unauthorized access of the computers, identity theft, securities and wire fraud as well as money laundering. There was one more hacker, that is, the fourth one who helped them breach the security networks, has not been identified as yet.

What could have been done to prevent the attack?

As today, the banks, financial institutions and various other organizations and corporations are finding it increasingly difficult and challenging to ensure secure transactions. Also, it is equally important for their clients to secure their valuable information. It is a known fact today, that hackers like all other predators will be going to attack the weakest one or the least secure one. The experts suggest that it is not enough to rely on the banks authentication and security procedures. Many hackers make use of a rather simpler keystroke logger as well as remote access to allow a straight forward connection to a computer to such a computer that is trusted on a bank’s website. While others operate by using a piggyback on to a user’s secure connection that allows them to remain connected even after the user is logged off ("Six Ways Banks Can Defeat Hackers and Reduce Data Breaches | Bank Systems & Technology", 2013). With regards to the JP Morgan Chase hacking case, following are some of the recommendations that could have utilized in the first place in order to avoid the attack:
Manage the information assets just like all the other assets. The bank’s data life cycle is needed to be identified as to how it is collected, stored, accessed, and if sensitive, protected.
A high security measurement should have performed. There are data risk security advisors and they would have revealed the weak areas for the bank.
A security officer or officers should have appointed.
The employees and the bank staff should have educated about the best security practices.
The social media exposure also should have monitored.
 The data access should have made limited in order to make it more secure. 

 

Place Order For A Top Grade Assignment Now

We have some amazing discount offers running for the students

Place Your Order

References

  • Bank Systems & Technology. (2013). Six Ways Banks Can Defeat Hackers and Reduce Data Breaches | Bank Systems & Technology. [online] Available at: http://www.banktech.com/six-ways-banks-can-defeat-hackers-and-reduce-data-breaches/a/d-id/1296283? [Accessed 5 Apr. 2016].

  • Goldman, J. (2015). Hackers Hit Tunecore, JD Wetherspoon, Elephant Bar - eSecurity Planet. [online] Esecurityplanet.com. Available at: http://www.esecurityplanet.com/hackers/hackers-hit-tunecore-jd-wetherspoon-elephant-bar.html [Accessed 5 Apr. 2016].

  • Iyer, K. and Iyer, K. (2015). TuneCore Hacked: Millions Of Musicians' Private Data At Risk. [online] TechWorm. Available at: http://www.techworm.net/2015/12/tunecore-hacked-millions-musicians-private-data-risk.html [Accessed 5 Apr. 2016].

  • Rushe, D. (2014). JP Morgan Chase reveals massive data breach affecting 76m households. [online] the Guardian. Available at: http://www.theguardian.com/business/2014/oct/02/jp-morgan-76m-households-affected-data-breach [Accessed 5 Apr. 2016].

  • Zetter, K. (2015). Four Indicted in Massive JP Morgan Chase Hack. [online] WIRED. Available at: http://www.wired.com/2015/11/four-indicted-in-massive-jp-morgan-chase-hack/ [Accessed 5 Apr. 2016].

Get Quality Assignment Without Paying Upfront

Hire World's #1 Assignment Help Company

Place Your Order