Friday, December 6, 2019

National Committee and Root Analytics †

Question: Discuss about the National Committee and Root Analytics. Answer: Introduction: The data security breaches have advanced at such a arte that it seems to be almost impossible for the data to be kept unprotected for a single moment also as the hackers are always on the look about for such a situation wherein they can enter the system of companies and steal crucial information which would hamper them. In the year 2016, the Republican National Committee hired Deep Root Analytics , a data analytics company to collect crucial political data with regards the voters in the USA (Daitch, 2017). Chris Vickery who was working as a cyber risk analyst found out that the crucial and critical data that was gathered by Deep Root Analytics i.e. basically comprised of private information for nothing less than 200 million citizens of America was stored on an Amazon Cloud server and that too without any protection such as passwords or any such authentication for over a fortnight in the month of June 2017. The examination of the situation has confirmed that the data that has been leaked comprises of names, addresses, phone numbers, date of birth and Voter registration numbers that were mentioned in the Voter Ids of the voters(Newman,2017). On doing a complete examination of the said case, it is understood that the main reason behind the attack was Deep Root Analytics themselves and he negligence act conducted by them of storing data on the cloud without protecting the same. The researcher, Chris Vickery had found out that there was a flawed database which comprised data of almost all the voters who were registered and which was gathered by the said analyst. The main issue here was absence of any password which would help protect it from access from unwanted people. However since the same was missing thereby anyone with an internet connection could gain access of the information and thereby tamper it. Around a terabyte of data was breached due to negligence (Bertrand, 2017). The issue here was also that various files that were exposed had not originated from Deep Root. They are the total of outside data entities and organizations and Republican super PACs , which basically puts the attention onto the ever increasing dat a network and that had supposedly lent a helping hand to the current president of US, slender limits in key swing rates. Even though the data possessed by Deep Root contained facts and figures typical of any political campaign, yet the fact that it is crucial for immoral and malicious individuals and groups cannot be ignored (Cameron Conger, 2017). The said issue propelled when the firm had updated their security settings early in the month of June 2017. Thus the main issue that can be understood from this kind of a data breach is that the analyst firm had obtained data from various other companies which contained data such as the type of campaigning that would help the President win the elections, the cost attached with the same, the kind of voters available etc. the files exposed were critical as they were data on the Democratic Senatorial Campaign Committee, Planned Parenthood and the American Civil Liberties Union (Walsh, 2017). The data breached also comprised of the preferences of the voters such as stem cell research and gun control. Thereby it can be rightly said that the carelessness on the part of the company made many people pay a price for it and that too the information was sensitive enough from the political perspective as well (Matthews, 2017). Solutions to Prevent Such Hacks Solutions are many which would help protection of such carelessness again in future. One of the most important was to ensure that if any updates have to be run on any previous data stored, then it is a necessity to ensure that adequate safeguards are installed. Even though Deep Root Analytics have assumed full responsibility for the occurrence of the breach, they have immediately on being aware of the same, have updated their security settings so that no further loss occurs. However, there should also be a system wherein after any updates being done, the system should by itself prompt about the lack of passwords or weak passcode. This would help protection as well as dealing with such a negligence in future as well (Lapdwsky, I2017). This is basically human error which can occur anytime, but such an error can be very disastrous for the whole country as it may lead to development of terrorism to a greater scale, hence these data analytics companies should either destroy off the data a fter the work is over or ensure security is not lacked at any moment whatsoever. There on a concluding note, it is understood that the staff of Deep Root Analytics were very careless and had a negligent attitude which led them to forgetting of checking the security settings once the system was duly updated. Storing any data in cloud definitely provides more space to the organizations, but at the same time they end up exposing the same to a huge arena of hackers who are always on the verge of stealing data and tampering them or playing unwanted games with the information. Deep Root Analytics although has presently taken care of the same and also confirmed that as per them not much of tampering have been done, yet they should ensure that the person behind the same should be thoroughly trained again. A world-wide ransomware attack with the help of attacking equipments extensively alleged by researchers to have been formulated by the US National Security Agency impacted the NHS in a negative sense, strike worldwide transporter FedEx and tainted PCs and laptops in nearly about more than a hundred countries. The number of computers being infected by the attack has crossed 300,000 and Russia, Taiwan, Ukraine and India being the top most amongst them whose computers were the most infected by the WannaCry as per the data released by Czech security firm Avast (Graham, 2017). The main issue that can be understood with regards this particular attack was the fact that it was not an attack on any particular company or country but the same was on a much larger scale wherein more than a hundred were infected. The ransomware was named as WannaCry also popularly known as WanaCrypt0 or 2.0, WannaCry and WCry. The main trick used by the attacker was that of phishing wherein the virus is sent to various computers with the help of emails and it contains such data that misleads the recipient and he or she ends up opening the given attachments, which thereby further attacks the systems as the attachments basically contains malicious files. Another very crucial issue here was that once the system gets infected, a payment is asked for cleaning the same up and giving the access back to the users but at the same time there is no conformity to the access even after payment. The attack had spread like a fire and one of the biggest in history which made it difficult for the defenders to safeguard the computers of lakhs across the globe at a faster pace. It was not only restricted to only one country or continent (Hern, Gibbs, 2017). The visibility of the attack was so widespread that there has been a lot of hue and cry. The worst impact of this attack has been seen in Britains NHS. Hospitals and GP surgeries in England and Scotland were among at least 16 health service organizations hit by a ransomware attack. The malware that was used here was named as Wanna Decryptor. The employees and the workers were asked to switch over from the systems to manual way of working i.e by using pen and paper and also increased the usage of ones own cell phones since the attack has had an impact on various main systems which included landlines as well. Unfortunately the suffering and the ailing patients were forcibly sent back who were ready for major surgeries in the hospitals in various parts of England. Various appointments were also cancelled after such a horrendous attack which ended up messing and scuttling of information stored on various systems. Unfortunately, health facilities being one of the most crucial for any country, there people were asked to demand and look for a medical help only in case of emerge ncy due to the attack and the impact of it being so deep (BBC News 2017). Till present day, the most infected countries by the said malicious software is Russia, where the Interior Ministry was attacked and three more countries as per Czech Security i.e. Taiwan, India and Ukraine. Another very major company which was infected was FedEx Corp, whereas a telecommunication entity named Telefonica in Spain was also infected although it was confirmed by them that the attack had not infected all the systems and only a few were impacted and none of its clients or any of the services being provided to them were affected in any manner. Further two more companies in the same segment, Portugal Telecom and Telefonica Argentina also said that they were also amongst the ones who were infected by the attack (Wong, Solon, 2017). Surprising the said attack was not carried out in any special manner, but to the surprise of all, it used one of the most common methods i.e. phishing. A cyber-gang named Shadow Brokers are being blamed for the particular hack. As per the confessions made by the gang, they said that they had stolen a cyber weapon from the most powerful military intelligence unit in the world i.e. National Security Agency (NSA), USA. The said hacking weapon Eternal Blue provides an unparalleled access to various systems which use MS Office. The said weapon was developed by NSA so that they could enter the systems of the various terrorists and such other foes (Perlroth 2017). However, it is being thought by all that the gang had put the said bug on an incomprehensible site and which in turn was further stolen by another gang who used it to infect systems worldwide. One of the biggest ways that would have enabled protection of this attack would have been regularly updating Windows and running the anti-virus as well. The weakness of the government is one of the main reasons behind the same and thereby they should be more vigilant and stringent in protecting their database and such critical software programs as well. Further the users should not open all the spam mails and the attachments found. Downloading of software and apps from unknown places should be prevented. Last but not the least, a pro-active way of thinking is a must specially in segments which are very crucial such as the health care segment. References: Bertrand,N. (2017). GOP data firm that exposed millions of Americans personal information is facing its first class-action lawsuit. Retrieved from Cameron,D. Conger,K. (2017). GOP Data Firm Accidentally Leaks Personal Details of Nearly 200 Million American Voters. Retrieved from Daitch,H. (2017). 2017 Data Breaches The Worst So far. Retrieved from Lapdwsky, I. (2017). What Should (And Shouldnt) Worry You In That Voter Data Breach. Retrieved from Matthews,K. (2017). Deep Root Analytics Is In Deep Trouble With Voter Data Breach. Retrieved from Newman,L.H. (2017). The Biggest Cyber Security Disasters of 2017 so far. Retrieved from Walsh,A. (2017). Deep Root Analytics behind data breach on 198 million US voters : security firm. Retrieved from BBC News. (2017). Massive ransomware infection hits computers in 99 countries. 