There seems to be a cybersecurity headline once a week about at least one company or government agency being hacked or reporting some type of breach. In this module, you have learned about the challenges associated with cybersecurity and ways the threats can be mitigated. You will focus on the challenges experienced by Yahoo in this case study.
Write a 2-3 page paper not including the cover page or reference pages, that answers the questions from the textbook case study 5.1 – Yahoo Wins the Gold Medal and Silver Medals for the Worst Hacks in History! You must cite at least five independent scholarly sources to support your position, using appropriate APA format.
cite the source of your data according to APA standards.
Any information which not common knowledge is must include in-text citation. Needed a stronger introduction. Introduction needs more content for capturing attention at the beginning. The introduction also needs to set the tone for the paper and introduces Key Points
Yahoo Wins the Gold and Silver Medal for the Worst Hacks in History!
It wasn’t until Fall 2016 that Yahoo alerted its users and the public to the first of two of the largest known breaches of user information in history that had occurred 2–3 years earlier. On September 22, 2016, Yahoo publicly disclosed that over 1 billion Yahoo account records were stolen in mid-2013. A second news release on December 15, 2016, revealed a second attack that occurred in 2014 when the account information of over 500 million Yahoo account holders was breached. The delay in reporting is partly due to the fact that Yahoo itself did not know of the breach until shortly before releasing these statements to the public. The information leaked in the attacks included e-mail accounts, telephone numbers, street addresses, unencrypted security questions and answers, but no financial information.
To add insult to injury, at the time of the first news release, Yahoo was in negotiations with mega-corporation Verizon to acquire Yahoo for $4.83 billion. After the first news release, Verizon said that the announcement could have a negative impact on their purchasing decision. The second news release caused Verizon to further review the financial implications of the two breaches and reduce its offer by $350 million.
The 2013 breach was conducted by an unknown unauthorized third party. The information stolen in the 2014 attack was sold by a “state-sponsored actor” on the Dark Web for 3 Bitcoins (approx. $1,900). The actor, who used the name “Peace” is of Russian origin and attempted to sell data from 200 million Yahoo users online. Yahoo urged all of its users to change their passwords and security questions and to review their accounts for suspicious activity. To date, little information has been released on the 2013 breach, but more is known about the incident that occurred in 2014.
How the Second Attack was Carried Out
The data theft was similar to the way in which a typical online attack of a database is carried out. The protections used for database containing the login and personal information were insufficient to protect against the advanced methods used by the hackers. In this case, the encryption method employed in the database was broken by the hacker. Additionally, cybercrime analyst Vitali Kremez maintains that the hacker stole the information from Yahoo slowly and methodically so as to not draw attention to the breach taking place.
Since the breach was not immediately detected, the hacker had plenty of time to leverage the information in a financially, personal, or politically beneficial manner. It is not clear if the seller is the original hacker.
Impact of the Data Breach
Since the breaches were so devastating and far reaching to most of Yahoo’s customer base, Verizon is having second thoughts about the acquisition. Craig Silliman, general counsel to Verizon, said Verizon has “a reasonable basis” to believe that the data breach will have a significant impact on the deal proceedings and the likelihood that it will actually happen (Fiegerman, 2016). He furthers to explain that Yahoo will have to convince Verizon that the breach will not affect future processes in the company and that more security features have been and will be implemented. Also, the incidents could make the Yahoo deal worth about $200 million less than the $4.8 billion initially settled upon. In addition to the decreased value of Yahoo’s core assets, the company’s stock fell about 2% after the comments by Craig Silliman.
Justice is Served
On March 17, 2017, the U.S. Department of Justice indicted two Russian Intelligence agents and two state-sponsored hackers, Alexsey Belan and Karim Baratov, for the theft of the Yahoo user data in 2014. Belan, one of the FBI’s most notorious criminal hackers, had been previously indicted in two other cases. In the indictments it was revealed that the targets of the theft included Russian journalists, U.S. and Russian government officials, military personnel, and private-sector employees of financial, transportation, and other companies (Balakrishnan, 2017).
The obvious issue surrounding the Yahoo data breaches is Internet security. Simple username, password, and security questions simply are not enough to keep hackers at bay. UC Davis professor Hemant Bhargava notes that two-factor authentication (TFA) is successful in many other companies and that Yahoo should follow suit (Matwyshyn & Bhargava, 2016). An example of TFA would be that a user is asked to enter information such as username and password, then a mobile app generates and sends a random number code for the user to enter before being granted access to his or her account. Both the Yahoo account and the mobile app are linked to a common, secure account. This method is exceptionally popular and useful since over 50% of Web users access the Web through their mobile phones.
1. Why do you think Yahoo was targeted for these data breaches?
2. Why did Yahoo keep the breaches from the public eye? How did their nondisclosure affect Yahoo’s relationship with its customers and partners?
3. In addition to the data theft, what else was damaged by this incident?
4. Were these cybersecurity incidents foreseeable? Were they avoidable?
5. Assuming that the CEO and CIO were forced to resign, what message does that send to senior management at Yahoo?
Sources: Compiled from Fiegerman (2016), Hackett (2016a), Kan (2016), Lee (2016), Matwyshyn and Bhargava (2016), Murgia (2016), Sterling (2015), and Balakrishnan (2017).
Plagiarism Free Papers
All our papers are original and written from scratch. We will email you a plagiarism report alongside your completed paper once done.
All papers are submitted ahead of time. We do this to allow you time to point out any area you would need revision on, and help you for free.
A title page preceeds all your paper content. Here, you put all your personal information and this we give out for free.
Without a reference/bibliography page, any academic paper is incomplete and doesnt qualify for grading. We also offer this for free.
Originality & Security
At thehomeworkwritings.com, we take confidentiality seriously and all your personal information is stored safely and do not share it with third parties for any reasons whatsoever. Our work is original and we send plagiarism reports alongside every paper.
24/7 Customer Support
Our agents are online 24/7. Feel free to contact us through email or talk to our live agents.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
We work around the clock to see best customer experience.
Our prices are pocket friendly and you can do partial payments. When that is not enough, we have a free enquiry service.
Admission help & Client-Writer Contact
When you need to elaborate something further to your writer, we provide that button.
We take deadlines seriously and our papers are submitted ahead of time. We are happy to assist you in case of any adjustments needed.
Your feedback, good or bad is of great concern to us and we take it very seriously. We are, therefore, constantly adjusting our policies to ensure best customer/writer experience.