There seems to be a cybersecurity headline once a week about at least one company or government agency being hacked or reporting some type of breach. In this module, you have learned about the challenges associated with cybersecurity and ways the threats can be mitigated. You will focus on the challenges experienced by Yahoo in this case study.
Write a 2-3 page paper not including the cover page or reference pages, that answers the questions from the textbook case study 5.1 – Yahoo Wins the Gold Medal and Silver Medals for the Worst Hacks in History! You must cite at least five independent scholarly sources to support your position, using appropriate APA format.
cite the source of your data according to APA standards.
Any information which not common knowledge is must include in-text citation. Needed a stronger introduction. Introduction needs more content for capturing attention at the beginning. The introduction also needs to set the tone for the paper and introduces Key Points
Yahoo Wins the Gold and Silver Medal for the Worst Hacks in History!
It wasn’t until Fall 2016 that Yahoo alerted its users and the public to the first of two of the largest known breaches of user information in history that had occurred 2–3 years earlier. On September 22, 2016, Yahoo publicly disclosed that over 1 billion Yahoo account records were stolen in mid-2013. A second news release on December 15, 2016, revealed a second attack that occurred in 2014 when the account information of over 500 million Yahoo account holders was breached. The delay in reporting is partly due to the fact that Yahoo itself did not know of the breach until shortly before releasing these statements to the public. The information leaked in the attacks included e-mail accounts, telephone numbers, street addresses, unencrypted security questions and answers, but no financial information.
To add insult to injury, at the time of the first news release, Yahoo was in negotiations with mega-corporation Verizon to acquire Yahoo for $4.83 billion. After the first news release, Verizon said that the announcement could have a negative impact on their purchasing decision. The second news release caused Verizon to further review the financial implications of the two breaches and reduce its offer by $350 million.
The 2013 breach was conducted by an unknown unauthorized third party. The information stolen in the 2014 attack was sold by a “state-sponsored actor” on the Dark Web for 3 Bitcoins (approx. $1,900). The actor, who used the name “Peace” is of Russian origin and attempted to sell data from 200 million Yahoo users online. Yahoo urged all of its users to change their passwords and security questions and to review their accounts for suspicious activity. To date, little information has been released on the 2013 breach, but more is known about the incident that occurred in 2014.
How the Second Attack was Carried Out
The data theft was similar to the way in which a typical online attack of a database is carried out. The protections used for database containing the login and personal information were insufficient to protect against the advanced methods used by the hackers. In this case, the encryption method employed in the database was broken by the hacker. Additionally, cybercrime analyst Vitali Kremez maintains that the hacker stole the information from Yahoo slowly and methodically so as to not draw attention to the breach taking place.
Since the breach was not immediately detected, the hacker had plenty of time to leverage the information in a financially, personal, or politically beneficial manner. It is not clear if the seller is the original hacker.
Impact of the Data Breach
Since the breaches were so devastating and far reaching to most of Yahoo’s customer base, Verizon is having second thoughts about the acquisition. Craig Silliman, general counsel to Verizon, said Verizon has “a reasonable basis” to believe that the data breach will have a significant impact on the deal proceedings and the likelihood that it will actually happen (Fiegerman, 2016). He furthers to explain that Yahoo will have to convince Verizon that the breach will not affect future processes in the company and that more security features have been and will be implemented. Also, the incidents could make the Yahoo deal worth about $200 million less than the $4.8 billion initially settled upon. In addition to the decreased value of Yahoo’s core assets, the company’s stock fell about 2% after the comments by Craig Silliman.
Justice is Served
On March 17, 2017, the U.S. Department of Justice indicted two Russian Intelligence agents and two state-sponsored hackers, Alexsey Belan and Karim Baratov, for the theft of the Yahoo user data in 2014. Belan, one of the FBI’s most notorious criminal hackers, had been previously indicted in two other cases. In the indictments it was revealed that the targets of the theft included Russian journalists, U.S. and Russian government officials, military personnel, and private-sector employees of financial, transportation, and other companies (Balakrishnan, 2017).
The obvious issue surrounding the Yahoo data breaches is Internet security. Simple username, password, and security questions simply are not enough to keep hackers at bay. UC Davis professor Hemant Bhargava notes that two-factor authentication (TFA) is successful in many other companies and that Yahoo should follow suit (Matwyshyn & Bhargava, 2016). An example of TFA would be that a user is asked to enter information such as username and password, then a mobile app generates and sends a random number code for the user to enter before being granted access to his or her account. Both the Yahoo account and the mobile app are linked to a common, secure account. This method is exceptionally popular and useful since over 50% of Web users access the Web through their mobile phones.
1. Why do you think Yahoo was targeted for these data breaches?
2. Why did Yahoo keep the breaches from the public eye? How did their nondisclosure affect Yahoo’s relationship with its customers and partners?
3. In addition to the data theft, what else was damaged by this incident?
4. Were these cybersecurity incidents foreseeable? Were they avoidable?
5. Assuming that the CEO and CIO were forced to resign, what message does that send to senior management at Yahoo?
Sources: Compiled from Fiegerman (2016), Hackett (2016a), Kan (2016), Lee (2016), Matwyshyn and Bhargava (2016), Murgia (2016), Sterling (2015), and Balakrishnan (2017).
Contact homework help service for help with this assignment
Plagiarism Free Papers
Thehomeworkwritings.com’s team of writers write all papers from scratch. We deliver 100% original, unique papers. That’s what makes us the best custom homework writing service
We provide unlimited free revisions to all customers and on all papers. Try The Homework Writings today for the best custom homework writing service and experience in the industry.
Thehomeworkwritings.com gives clients title pages free of charge. Your only job is to fill out our order form. We will handle the rest.
As the leading essay writing service, we never submit any paper without a reference/bibliography page. We do this free of charge too.
Originality & Security
At Thehomeworkwritings.com, we take great pride in delivering only high-quality 100% original papers to all our clients. We also never share any of our clients’ information with third parties. Your data is safe with us.
24/7 Customer Support
No other custom homework writing service has a friendly, always available customer support team to respond to clients like us.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
Why outsource our services
We have the best customer support team for your essay writing needs.
You won’t find any other custom homework writing service with pricing as flexible and affordable as ours.
Admission help & Client-Writer Contact
We provide a direct line of communication with our writers for the best writing experience.
As the leading custom homework writing service, we take deadlines very seriously. You will have your paper submitted on time without any delays.
We truly value your feedback, good or bad, and always use your feedback to help us provide you with an even better custom homework writing service