There have been many successful attacks worldwide especially from hackers whose primary targets are usually global firms such as Home Depot and Target. These attacks mostly go through regardless of the fact that such firms have invested billions of resources, but all goes in vain. The big question is, should the companies attacked be held responsible for the losses from the successful attack made on the AIS (Accounting Information System) applications? The following cases will get to answer that in an appropriate and liable manner.
Target firm, also known as Acquire, is a company that is owned by an acquirer. The target firm has experienced several hackings over the years. For instance, the data of 70 million customers and 40 million debit cards, as well as credit cards, were stolen from the retailer. A specialist in Active Directory monitory and protection, Aorato, gave out a well-explained report on how the attackers made use of the stolen credentials, for their attack to be successful. In order to leverage all the reports available to the public on the breach, Aorato directed Researcher Tal Be’ery and the entire team listed all the ways the attackers utilized to compromise Target firm in an attempt to make a step-by-step report of how the attackers penetrated the retailer, circulated within its network and eventually removed the credit card data from the point of Sale(PoS) system indirectly connected to the internet (Chou, 2013) . Be’ery declared that it was important to be aware of how the attack took place because the attacker was still active, even though most of the details showing how the breach took place remained obscured. Just the previous week, the Homeland Security Department and also the United States Secret Sevice had released an advisory that, the same malware that was used by the hackers in attacking the Target’s PoS system, had compromised many other PoS systems over the previous year.
Delegate your assignment to our experts and they will do the rest.
Regardless of the fact that Be’ery acknowledged that some of the details given by Aorato in his account might be not correct, he is assertive that the reconstruction is a bit accurate. Be’ery claimed that the many reports that were delivered concerning the tools found in the incident did explain how the tools were used by the attackers (Chou, 2013). In December 2013, during the time which the shopping season is usually the busiest, word commenced trickling out on a data crack at Target. Later on, the trickle was outpoured, and at the end of it all, it would become very clear that the attacker had obtained the Personal Identifiable Information(PII) of the 70 million customers, data for 40 million credit cards and debit cards. Be’ery had a belief that the attacker undertook 11 intentional steps for them to get into the heart of Target’s operations. The first step was installing malware that is capable of stealing credentials. All started with the theft of credentials belonging to Target’s HVAC vendor, that is, Fazio Mechanical Services. The Kreson Security, which said the story of the breach firstly, stated that the attackers infected the vendor with Citadel, that is a general purpose malware, through an email phishing campaign.
The second step was connecting using the stolen credentials whereby Be’ery says that the attackers used the stolen credentials to get access to the Target-hosted web services. Fazio Mechanical Services president and owner Ross Fazio, gave out the information that the company did not do monitoring of remote or other control of heating, cooling or the refrigeration systems for Target. The president of Fazio Mechanical Services told this information in a public statement that was issued after the breach. The president also said the Fazio Mechanical Service’s data connection with Target was specifically for project management, electronic billing as well as contract submission. The president was trying to clarify its company was not related in any way with the hacking attack at Target firm. Be’ery also claims that the web application was quite limited because it did not permit uniformed command execution, which would have been useful in compromising the machine. The next step was exploiting a web application vulnerable. The attackers wanted to get a vulnerability they could exploit. “xmlrpc.php” is one of the tools which the attackers used. This PHP file is very helpful when it comes to running of scripts within the web applications (Chou, 2013) . The web application has an upload functionality whose purpose is to upload the legitimate documents. However, no checks on security were done to get an assurance that none of the executable files had been uploaded. Be ’ery points out that the attackers probably called the file “xmlrpc.php” for it to appear as a more popular PHP component. In other words, the attackers concealed the wicked component as a legitimate one, for them to coat it in plain sight. The “hiding in the plain sight” was done over and over again throughout the attack. The attackers sold the credit card numbers in a black market, and after some time, Target was informed about the breach by the credit cards companies. The attackers were aware that the campaign was not going to take longer and they did not want to invest in becoming invisible and infrastructure as well.
The attackers searched for relevant targets for propagation. The attackers wanted to know the servers that had information about customers, as well as the credit data card and they, were able to do this because they could run arbitrary the operating system commands. By use of the standard LDAP protocol, the attacker was able to question the Active Directory, contains data on all domain members, with internal windows tools. According to Aorato, the attackers retrieved all the services that had the string “MSSQLSvc” and not directed the use of each service by checking the name of the server. Having obtained the names of their targets, the attackers got the IP addresses by questioning the DNS server. The other step was stealing access token from domain admins. Having have identified their targets; the attackers, therefore, required access to privileges that would affect them, mostly the Domain Admin privileges. According to Aorato, the attackers used a common technique of attacking called “Pass-the-Hash” to access the NT that can allow impersonation of the Active Directory administrator (Riley et al., 2014) . Aorato said this basin his arguments on the information provided by a former member of Target’s security team, and the recommendations that were made by the Visa in its report on the breach. The attackers must also have created a new domain account using the stolen token. The attackers added this account to Admin groups hence giving the account some privileges they needed as well as providing them with a guide to passwords.
The next step was propagating to the relevant computers by use of the new admin credentials. Having obtained their new credentials, the attacker was now able to proceed and go after their goals. However, Aorato states that the attackers experienced two obstacles that are; avoiding firewalls and the other network-based security elucidations that reduce access to essential targets directly. The second obstacle was the running of remote services on different machines in the chain towards the relevant goals. The “Angry IP Scanner” was used by the attackers to detect the computers which were accessible by internet from the current computer, and they avoided the security measures by tunneling through a sequence of servers. The attackers made use of their credentials in connection with the Microsoft PSEXec utility, which is a telnet-replacement for accomplishing the processes in the other systems, and all the Windows Internal Remote Desktop(RDP) client. After getting access to their targeted systems, the attacker made use of the Microsoft Orchestrator management solution to get proper access that would enable them to execute arbitrary code on the servers which are compromised.
According to Aorato, the attackers assessed the worth of database server by the use of SQL query tool. Additionally, the attackers retrieved the database contents using the SQL bulk copy tool. After getting access to the 70 million Pil, they could not access the credit cards just because of the PCI compliance. The attackers switched to plan B which was stealing the credit cards from the Points of Sales after the databases refused to store no specific data concerning the credit cards because their target was the PCI compliant. This information was provided by Be’ery. The attackers, therefore, installed a malware for them to steal 40 million credit cards. In this step, the attackers probably custom-written malware and not just the common Information Technology(IT) tools. The attackers installed a malware, Kaptoxa, on the PoS machines which were used to save all the credit cards in the local file as well as in scanning the memory of the infected computers. After the malware getting the credit card data, it was capable of creating a remote file share on a remote, FTP-allowed machine making use of domain admin credentials as well as the Windows Commands (Riley et al., 2014). This enabled them to the send data they had stolen through network sharing. After the arrival of the data on the FTP-enabled machine, the attackers used a script in sending the file to their FTP accounts making the use of Windows Internal FTP client.
The response of the Target firm makes it more liable to the losses it encountered. Target also left most of its customers very angry because they did not have a payback, and instead, the firm started doing investigations of how the attacker managed. If the KresonSecurity had given the notice about the breach, investigations had to begin with an immediate effect hence saving the company from the attacks. Therefore, Target firm is somehow responsible for the losses it incurred during the attack.
Sony is a global entity which involves an interactive entertainment, previously known as the Sony Computer entertainment. Sony is best known for its production of a famous line of PlayStation consoles of which the line grew after the failure of partnership with Nintendo. Sony has been attacked severally by the hackers, mostly because of security reason. For instance, the PlayStation Network (PSN) was attacked by hackers in the year, 2011. Sony declared that the PSN outage was because of a massive hack that revealed the names, passwords, email addresses, birthdays, security questions and maybe the credit card details, of all its users. At first, Sony did not give a vivid explanation of its downtime. However, when the outage went past a few days, Sony stated that it was rebuilding its networks, the reason being that they had experienced an external intrusion (Chou, 2013) . Sony was hacked for security reasons. This is so ironical because Sony is historically well known as tight-lipped when it comes to security matters. Therefore, the exact attack vector was not known though some well-educated guesses were made. First of all, Sony had undergone Anonymous’s recent attacks, and there was a likelihood that the database breach was somehow connected. Maybe, Anonymous had known the weakness in the PSN’s security mechanism and probably passed that information to another group of hackers. This might have become an enormous leakage for the next group of a hacker to use and get in right with an SQL injection attack.
Alternatively, the release of bug, that is a custom PlayStation three firmware, led to the attack. The Rebug is very useful in tuning a PS3 into a developer unit and also activating a swerve of features that the consumers cannot access in the normal way. The rebug firmware enabled the console trusted access to the Sony’s internal developer network. There were some reports that stated that while you are in the internal trusted network, a wide range of hacks was available. These hacks included the use of credits cards details which were fake on the PlayStation network. The customer database details must have been easily accessible after the custom firmware was installed. The customer details database was the one breached. There are very high chances that the Sony’s security mechanisms were not accountable for the internal attack from the trusted network. One is not capable of creating a functional network without having trusted some of its agents.
PlayStation Network passwords had not been hidden. This was the most shocking part of the news. This brought a lot of questions that had no one to answer them appropriately. For instance, everyone knows that Sony is aware of one or two things about security, but why is it that the PSN passwords had been stone in a plain and human-readable text? Additionally, why was important data such as email addresses, credit card details as well as personal details not stored in an encrypted form? Encrypting data in a way that it secures the user privacy and makes it nearly worthless to future hackers is something very simple. However, it might be a bit difficult in preventing unauthorized access to any system. For the PS3 to be jailbroken, it took much longer than the contemporaries, that is, the Wii and the Xbox. Sony advised its users to lodge a fraud alert with credit bureaus, for example, Experian and Equifax, which are capable of preventing their credit cards from being utilized by the hackers (Riley et al., 2014) . Sony also warned its users to search for mail or other telephone scams.
Sony happens to be one of the largest technology companies buts recklessness led to it being attacked by the hackers. Sony is very much responsible for this attack because all its security mechanisms were very low and even the hackers did not have a difficult time in getting the data they wanted. For instance, the open passwords revealed the credit card details as well as email addresses of the consumers. They did not take right action after the Anonymous attack which made them doubt that it was this previous which made the current one to occur. Moreover, Sony was not responsible for the loss it causes to the consumers. Instead of following up with the credit bureaus as a company, it sent all are consumers to sort out themselves.
References
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology , 5 (3), 79.
Riley, M., Elgin, B., Lawrence, D., & Matlack, C. (2014). Missed alarms and 40 million stolen credit card numbers: How Target blew it. Bloomberg Businessweek , 13 .
