Deep Root Analytics and Data Breach †Free Samples to Students

Question: Discuss about the Deep Root Analytics and Data Breach. Answer: Introduction: Elections are always a tightly contested event, an attribute that facilitates a lot of scrutiny and tension. In todays world, this process has been marked by many technological advances which aim to improve the process through time and resource efficiency. Now, while these advances may facilitate better results, they also are associated with many problems because of the amount of data that is used. These problems have been well illustrated in 2017, where multiple hacks and data exposure incidences have occurred over electoral processes. This year alone countries such as Georgia, Philippines and Mexico have had extensive data leaks in their voter registration records, an outcome that has facilitated a great deal of speculation(Cappella, 2017). However, of all the incidences recorded, none has topped the recent leak in the American voter registration where over 198 million records were fairly exposed to the public at large. This incidence occurred in June and was subject to millions of records that dated back to a decade ago, accounting for a significant amount of the records held by the countrys electoral commission. Nevertheless, prior to the breach, the data was held by an independent data analytic company known as Deep Root. This company had been contracted by the Republican Party in order to conduct a research on the opinions held by the American voters. Therefore, at the time of the leak, thousands of records detailing names, addresses and personal opinions on political issues were held by the companys systems. Furthermore, the contracted company did not discover the problem by itself but was facilitated by an independent research group (Upguard) who through their researcher Chris Vickery found the data online(Halper Dave, 2017). How and why the leak occurred The Republican National Committee (RNC) had contracted the company at hand in order to conduct a general survey on the prevailing conditions of the country. Through this survey, Deep Root had collected and analysed data as given by the American voters. Now, at the time of the leak, the general public speculated that sophisticated tools and techniques were used to breach the companys systems in order to reveal the records. However, research conducted revealed a contrary observation as the leak was traced back to a negligent user within the contracted company (Deep Root). This employee had failed to implement critical security procedure needed to safeguard the information(Naylor, 2017). Data leak, how? To start with, the company either intentionally or unintentionally disabled its security protocols across its online platform. This failure inevitably facilitated any user to access clear text files that had the records of the voters. Moreover, the company had leased cloud facilities from the Amazon Web Service (AWS) which gave access to the stored data. Therefore, the data leak was as a result of negligent user behaviour which exposed a cloud infrastructure containing the data. Furthermore, following the leak, data experts verified the content exposed which highlighted the authenticity of the exposed information. This outcome outlined the level of access given to the third party member, who held sensitive records with minimal security procedures(Naylor, 2017). Why it occurred: To understand the root cause of the problem, one must examine the infrastructure used by Deep Root, RNC contracted Analytics Company. The company chose to host the data in an online system, specifically the Amazon S3 servers which like any other cloud service was associated with many risks as compared to in-house storage facilities. For one, it was supported by the internet which is well known for its extensive threats as propagated by malware and intruders attacks. Therefore, the company even without the data exposure placed the sensitive data at risk by applying a cloud infrastructure. Furthermore, the same structure required extensive security procedures to protect the data stored, which again was compromised based on the companys negligence(Digg, 2017). According to cyber security experts, cloud solutions are prone to many risks as they are facilitated by the internet. Moreover, the cloud infrastructure like any other IT system is subject to misconfigurations and deployment errors which unlike other in-house systems expose the services to the public. Therefore, as the first solution, the sub-contracted company should have used in-house facilities if they lacked the necessary skills to set-up a competent and secure cloud infrastructure. Secondly, the same company should have had better security procedures more so, when they dealt with the transmission and deployment of data(Assange, 2017). In addition to this, the leaked data was exposed in clear text format which highlighted the lack of encryption protocols. To avoid this problem, technical solutions including cryptographic techniques such as authentication and encryption should have been used to secure the data. In the future, the contracted company (Deep Root) should isolate the data from its other operations through these encryption methods. In essence, the voters records should be transformed into unreadable formats during their transmission. Moreover, the same data should be ferried via secure channels that are only accessible to the authorised members. Therefore, the site used by the company should have separate platforms for accessing the data, either through live portals that require access pins or through customised user applications (APIs). Finally, the company including the RNC should set a better security policy following a thorough risk assessment procedure. This procedure would identify the potential ris ks faced by the systems and facilitate the development of a procedural guideline of deploying data online(RBS, 2016). Throughout the years, many cyber-attacks have occurred across the world affecting multiple systems either individually or simultaneously. However, none has ever surpassed the intrusion level that was acquired by the now famous WannaCry attack. In general, the WannaCry attack was a malware intrusion that was classified as a ransomware as it forced its victims to pay money in order to access their files or data. In essence, the malware would block and deny users access to their computers until a certain fee was paid(News, 2017). Moreover, the attack was so intrusive that researchers changed its name to WannaCry from its initial name of WannaCrypt0r, a true testament to its actions that caused unprecedented pain. According to researchers, the WannaCry problem began in February when the National Security Agencys (NSA) systems were accessed which led to an exposure of its hacking tools. Now, this access or hack was conducted by a vicious cyber-criminal group known as Shadow Brokers who in past had succeeded to infiltrate some high-level cyber systems. Shadow Brokers through their access revealed a vulnerability in Windows systems which was heavily exploited to conduct the WannaCry attack. In all, the problems caused by the intrusion were experienced far and wide as countries such as United Kingdom, Russia, and Spain were forced to shut down their systems in order to contain it. Moreover, the attack infiltrated any system connected to the networks targeted by the intruders through the malware(Wattles Disis, 2017). Affected parties and how? At its best, WannaCry was the true definition of a cyber-weapon as it infiltrated thousands of online systems in a short period of time. In fact, at the start of the attack, more than 40, 000 computer systems were affected throughout the world. At the same time, more than 100 countries were affected as both their private and public sector systems were infiltrated. However, some countries faced the full force of the attack as evidenced by the damages exhibited by the aftermath of the attack. The United Kingdom (England) was one of these countries as it faced the biggest intrusion in the public sector after its healthcare industry was compromised through its national healthcare system (NHS)(McGoogan, Titcomb, Krol, 2017). In essence, the country used a single and common system to coordinate medical operations, a structure that was facilitated by the online infrastructure. Now, following the attack, medical practitioners and patients were subjected to a $300 ransom in order to access t heir files an outcome that halted the entire industry. The same outcome was experienced in Spain where the private sectors led by the telecommunication and electrical industry was compromised. Similarly, Russia had to deal with a possible economic meltdown after the banking industry was severely affected by the attack on its leading financial institutions. Furthermore, the same country was left helpless when it failed to secure its public sector after the attack took down two of its major ministries, health and interior governance. In addition to this, Russias state owned railway company was affected which for short while slowed down the transportation industry(McGoogan, Titcomb, Krol, 2017). All the independent observers and researchers involved highlighted the contribution of the NSA in the attacks. The NSA through their hacking tools had developed a vulnerability known as EternalBlue, this vulnerability exploited a major bug in Windows operating systems a component that was used in the attack. Now, the Windows system used a special communication protocol known as the Server Messaging Block (SMB) to conduct its networking operations. These operations were conducted within the application layer of the TCP/IP structure where they facilitated the sharing, reading and writing of computer files. Therefore, through the SMB, the users were able to share services and resources(Graham, 2017). WannaCry used this vulnerability within the SMB protocol to access its functionalities and spread the malware in networks. At first, the malware would detect network connections particularly those lacking secured ports to trigger the attack. After accessing unsecured ports, the intrusion would then proceed to plant the starter for the malicious program, an action that was termed as the transfer of the payload. This step was then followed by the activation of the program, an action that attacked the host machine and facilitated the spread of the malware as it proceeded to replicate in any other visible and unprotected networks/ports(McGoogan, Titcomb, Krol, 2017). Preventing the WannaCry attack Several prevention tactics would have been used to stop the WannaCry attack, including the most basic and obvious precaution of being offline. However, based on the demands and needs of the internet, the best solutions would have been related to an online connection. First, network isolation would have helped to contain the attack, a countermeasure that was readily available with firewalls and intrusion detection systems. Now, these firewalls through their servers would have implemented isolation DMZs (demilitarised zone). It is through these servers that the intrusion would have been detected and thus contained within them. Moreover, the same outcome could have been achieved if the victims networks were isolated based on their use(Newman, 2017). In addition to this, the networks and their access ports should have been secured to block all unauthorised users. This functionality would have been easily accomplished using access control and effective network authentication measures. However, of all the solutions and countermeasures highlighted, none would have surpassed the fix for the EternalBlue vulnerability. In essence, the attack was generally caused by the bug in the Windows systems, a problem that was later fixed using an update patch. Therefore, installing the patch to the Windows bug would have prevented the entire attack(RBS, 2016). References Assange, J. (2017). Deep Root Analytics behind data breach on 198 million US voters: security firm. DW, Retrieved 30 August, 2017, from: https://www.dw.com/en/deep-root-analytics-behind-data-breach-on-198-million-us-voters-security-firm/a-39318788. Cappella, N. (2017). 198 million voter records leaked by analysis firm. The Stack, Retrieved 30 August, 2017, from: https://thestack.com/security/2017/06/20/198-million-voter-records-leaked-by-analysis-firm/. Digg. (2017). If You're A Registered Voter, Your Personal Data Was Likely Exposed By A Data Firm . Digg, Retrieved 30 August, 2017, from: https://digg.com/2017/registered-voter-data-breach. Graham, C. (2017). NHS cyber attack: Everything you need to know about 'biggest ransomware' offensive in history. The Telegraph, Retrieved 30 August, 2017, from: https://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-know-biggest-ransomware-offensive/. Halper, E., Dave, P. (2017). A Republican voter data firm probably exposed your personal information for days and you don't have much recourse. Los Angeles Times, Retrieved 30 August, 2017, from: https://www.latimes.com/politics/la-na-pol-gop-data-breach-20170619-story.html. McGoogan, C., Titcomb, J., Krol, C. (2017). What is WannaCry and how does ransomware work? The Telegraph, Retrieved 30 August, 2017, from: https://www.telegraph.co.uk/technology/0/ransomware-does-work/. Naylor, B. (2017). Firm Contracted By Republican Groups Left Millions Of Voter Files Unsecured Online. npr, Retrieved 30 August, 2017, from: https://www.npr.org/2017/06/19/533551243/firm-contracted-by-rnc-left-millions-of-voter-files-unsecured-online. Newman, L. (2017). The Ransomware Meltdown Experts Warned About Is Here. The wire, Retrieved 30 August, 2017, from: https://www.wired.com/2017/05/ransomware-meltdown-experts-warned/. News, B. (2017). WannaCry ransomware cyber-attacks slow but fears remain. Technology, Retrieved 30 August, 2017, from: https://www.bbc.com/news/technology-39920141. RBS. (2016). Data Breach QuickView Report. 2016 data breach trends year in review, Retrieved 30 August, 2017, from: https://pages.riskbasedsecurity.com/hubfs/Reports/2016%20Year%20End%20Data%20Breach%20QuickView%20Report.pdf. Wattles, J., Disis, J. (2017). Ransomware attack: Who's been hit. CNN Tech, Retrieved 30 August, 2017, from: https://money.cnn.com/2017/05/15/technology/ransomware-whos-been-hit/index.html.