Assessment of the Issue at VTech
With the advent of technology at a faster pace, the number of breaches have also increased at a similar pace if not more. Each month and not year, a number of computer security breaches happen which puts millions of targets in danger. Generally hacks have an impact on the adults, but the one being discussed is one of the largest ever hacks targeting the kids. The hack took place in the year November 2015, when VTech, the manufacturer of High-tech educational toys for children made it public with regards the security breach of its database, thus putting the personal data about millions of its customers at stake (Finkle 2015).
VTech, the Hong-Kong based company declared in a statement that it’s Learning Lodge Store which is an online portal wherein the customers can download the educational data to their VTech devices specially designed for children such as tablets had been hacked by an unauthorized user on 14th November 2015.
On analyzing the entire hack it was understood that those who had used the VTech’s Learning Lodge Store to download apps for their kids on their VTech gadgets should be made aware of such an attack. As per the data released by VTech, the customer base of VTech includes people across many countries such as USA, UK, France, Germany, Spain, Belgium, China, Australia, Hong-Kong and New Zealand. They declared the numbers as 4833678 accounts of parents and 200000 profiles of children being compromised (Franceschi-Bicchierai, 2015).
The customer base of VTech includes ‘general user profile information’ as per the company such as the name of the customers’ name, email addresses, passwords along with the secret questions for retrieval of the passwords, IP address, mailing address and also the download history. It also revealed that the general information also comprised of data about the kids i.e their names, birthdates and genders. The only relief was that the credit card detailed were not hacked since the payments were routed via a secure third party gateway.
However, had the hack been limited to the one mentioned above, then it would still had not given such a panic amongst the target, but unfortunately, sensitive data such as photos of children and the chat records of the children which they would have done with their parents. Thus the main issue here was basically focused upon the identities of the children being compromised which would endanger their lives as well (Kirk, 2015). The leaked data would enable the hackers to track the children to his or her parent thus getting through their addresses.
Solutions To Prevent Such Hacks
The highest number of hacks took place in the US. Although VTech confirmed that the images were encrypted and so was the audio files yet the hack happened. The most surprising part was that the audio files were encrypted using the AES 128 which is a secure cryptographic algorithm mainly used by the U.S. Government. It is still ambiguous as to how the hackers were able to decrypt the images since the brute-force attacks are next to impossible. At the same time it is also to be understood that the security of the encrypted files and images is highly dependent upon how well the company protected the private decryption keys (Kuchler, 2015).
First and foremost since the data was encrypted using the AES 128 yet got hacked gives a clear indication that someone within the company has been responsible behind the hack. The possible solution to prevent such attacks would be that the company should review the app on a regular basis to check out if there is any hacks or breaches or any leak points. Further, encryption of data properly is the key to prevent such attacks in future. Simple encryption is not the solution but the kind of encryption is the solution Unfortunately VTech had not encrypted all the information, it should have ensured to protect each string of information as leakage of sensitive data may even endanger lives (Victor, 2015). Had encryption been done at the highest possible level, then even though leakage had occurred such a data would be rendered as useless since encrypted data is difficult to read and understand.
This type of a breach puts stress upon the likely failings for multiple Internet of Things (IoT) wherein products and games are designed in a manner which would connect the internet but the security related issues are not taken up seriously. The security risks have to be understood well and countered as the industries as well the users will continue to take the advantage of the endless opportunities which is accessible with the help of IoT thus security related issues have to be dealt with in a separate manner which can be able to fight with the newer type of hacks which happens. Challenges with regards security do not undergo a change, but the application of these challenges differ each time (Wagstaff, 2015). The emerging technology has led to bringing a huge amount of database in the hands of many people which should be secured properly. Irrespective of the type and source of data, the same should be encrypted for the sake of guarantee.
Assessment of the Main Issue at Yahoo
Conclusion
The attack on VTech is one of the most prominent ones in the history of cyber crime specially because it targeted the children. More importantly, the encryption was not of a high quality and also the entire database was not encrypted due to which the hack happened It is considered to be one of the most dangerous attacks in the history of computer security breach as it has put the lives of all those kids into danger whose data has been leaked.
References:
Finkle.J. (2015). Toymaker VTech hit by largest-ever hack targeting kids. Retrieved from https://www.reuters.com/article/us-vtech-cyberattack-idUSKBN0TK5ML20151202
Franceschi-Bicchierai, L. (2015). One of the Largest Hacks Yet Exposes Data on Hundreds of Thousands of Kids. Retrieved from https://motherboard.vice.com/en_us/article/one-of-the-largest-hacks-yet-exposes-data-on-hundreds-of-thousands-of-kids
Kirk,J. (2015). Data breach at toy maker VTech leaked photos of children, parents, Retrieved from https://www.computerworld.com/article/3010513/security/data-breach-at-toy-maker-vtech-leaked-photos-of-children-parents.html
Kuchler,H. (2015). Toymaker VTech hit by cyber attack, Retrieved from https://www.ft.com/content/2bcf9ee6-9701-11e5-95c7-d47aa298f769
Newcomb,A. (2015). Toy Maker VTech Suffers Security Breach: What You Need To Know. Retrieved from https://abcnews.go.com/Technology/toy-maker-vtech-suffers-security-breach/story?id=35512412
Victor, D. (2015). Security Breach at Toy Maker VTech Includes Data on Children. Retrieved from https://www.nytimes.com/2015/12/01/business/security-breach-at-toy-maker-vtech-includes-data-on-children.html?_r=0
Wagstaff,K. (2015). Toy Maker VTech Hack Affects 5M Customers , including Kids. Retrieved from https://www.nbcnews.com/tech/security/toy-maker-vtech-hack-affects-5m-customers-including-kids-n471391
In the year 2013-2014, Yahoo had discovered a major hack wherein more than a billion users accounts had the face the brunt. Till that year it was said to be the biggest cyber attack the globe had ever faced which involved a contravention of the data of customers. The Company officials had admitted that the said hack may have lead to theft of the personal information as well as pass codes of the users. Information stolen were names, email ids, contact details, birth dates and hashed passwords. However in some cases the security questions were also hacked. However fortunately it did not include any kind of bank details or such other payment options (Graff, 2016). Most surprisingly the encrypted passwords were also stolen.
The number of people affected due to the said attack is so huge that it may be by far the biggest in the history of cyber attack specially in case of cities and countries which are very populated as highly technology prone such as India wherein the accounts and personal data of millions of ordinary citizens are at higher risk than known.
Yahoo is one such website which is basically used by the ordinary citizens, thus they were the worst affected since those who use these websites on a regular basis are now at risk. For those users who re-use their passwords while logging into various places, are at a higher risk since the stealers of their yahoo accounts may have also got the access to the log in id and password to their bank accounts thus pilfer their money as well. As per Yahoo’s statement, the passwords are secured as they were scrambled two times, one via the process of encryption and secondly through hashing. However, the attackers have become technologically advanced thus by accumulating various glossaries of correspondingly twisted phrases and matching them against the stolen password databases such as that of Yahoo. Therefore it is rightly said that this could bring in trouble for those users who re-use the yahoo passwords for logging into other online accounts as well.
The main targets were the Russian and the US Government officials which even included the cyber security, diplomatic and military personnel and they mainly aimed to collect information concerning the intelligence (Thielman, 2016). Finally the criminal hackers also used this data to fill their own pockets as well by threatening the public. It is also discovered that the yahoo hack also targeted the Russian journalists, various staff of the other providers whose networks the thieves and the hackers wanted to utilize and employees of the financial services as well.
The hack at impacted around eight million accounts in UK and it is believed that the data was stolen by what it is believed is a state-sponsored actor. The hacker by the name of ‘Peace’ was seemingly trying to sell the data of 200 million yahoo stolen accounts. The condemnation proclaimed by the US Justice Department links Russia’s spy agency the FSB, to the hacking of the accounts which had started in 2014 for fulfilling two goals i.e. attaining financial benefits and surveillance (Balakrishnan, 2017). The Russian agents were recognized as Dmitry Dokuchaev and Igor Sushchin who were members of the successor agency to Russia’s KGB. Both of them were behind the direction of the entire hack. These two officers secluded, directed, assisted and bribed criminal hackers to gather facts and figures via intruding into computers in the United States of America and such other big countries. They hired Alexsey Belan and Karim Baratov to conduct the entire hack (Phys.org 2017).
There were a series of methods which these hackers used for accessing and stealing the data of the yahoo account holders. In some cases they used the technique of phishing wherein they used emails camouflaged as legal communication. They were also able to produce fake cookies or such bits of software which was used for authentication of the users and used the stolen yahoo records to mishandle the accounts of the other webmail providers such as Google. Lastly there was one more scheme which showed the users a path where they would search for dysfunction medications to a false website that basically contained unwanted software which was a malware.
Yahoo has been one of the most sought after targets in the recent years and has even changed four information security officer within two years i..e from 2013-2015. The biggest hack of 2014 took place under Marissa Mayer. Yahoo had started to resist calls for more funds and efforts as well to tighten its security as per an information security officer who had resigned before the occurrence of the said attack. Security was pushed at the back seat wherein this should have been the only priority for a technology company. The same could have been prevented if in the year 2013-2014 when the hack took place, the company had taken steps to curb the same. The same s=could have been prevented if the encryption was string enough and security which has always been the priority of Yahoo since its inception had not lost its importance (Brown, 2016).
Such a hack can be prevented again in future if the users change their passwords often and also disable their security questions. Further the passwords given should not be a common one so that it does not endanger other accounts. Lastly a twin factor authentication program can also be used to protect from such account hacks in future (Smith, 2016).
References:
Balakrishnan,A. (2017). US accuses Russia of hacking Yahoo. Retrieved from https://www.cnbc.com/2017/03/15/doj-set-to-indict-four-people-in-yahoo-hackings-sources-tell-nbc.html
Brown,B. (2016). Update: Ever had a Yahoo Account ? Take these steps now to protect yourself. Retrieved from https://www.digitaltrends.com/web/yahoo-account-hack-how-to-protect-yourself/
Graff,M. (2016). Yahoo Hack: Is It the worst cyber attack in history?. Retrieved from https://www.hindustantimes.com/tech/yahoo-hack-analysis-worst-hack-in-histroy/story-Dw8gjRQWcmsjTY1ysahPCN.html
Phys.org. (2017). US Charges two Russian spies in massive Yahoo cyberattack (update). Retrieved from https://phys.org/news/2017-03-russian-hackers-mass-yahoo-breach.html
Smith,C. (2016). How to protect yourself following the massive Yahoo attack. Retrieved from https://bgr.com/2016/12/15/yahoo-mail-security-breach/
Thielman,S. (2016). Yahoo hack: 1bn accounts compromised by biggest data breach in history. Retrieved from https://www.theguardian.com/technology/2016/dec/14/yahoo-hack-security-of-one-billion-accounts-breached
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
