Computer Security Breaches Report: University of Oklahoma & WannaCry

Verified

Added on 2020/02/19

AI Summary

This report provides a detailed analysis of two significant computer security breaches: the 2017 University of Oklahoma (OU) data breach and the WannaCry ransomware cyber attack. The OU incident involved a compromised file-sharing service, exposing sensitive student data due to lax security measures and insider access. The report examines the problem, affected parties, attack methods, and preventive measures, highlighting the violation of student privacy laws. The second part of the report focuses on the WannaCry attack, a global ransomware incident that encrypted user files and demanded ransom. It investigates the problem, affected users, attack execution, and potential preventative actions, emphasizing the impact on various organizations and the role of vulnerabilities like EternalBlue. The report concludes by discussing the importance of robust security practices, including training, encryption, intrusion detection, and regular audits, to mitigate future threats and protect sensitive information.

Running head: COMPUER SECURITY BREACHES (2017)
Computer Security Breaches
(2017)
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
COMPUTER SECURITY BREACHES (2017)
Table of Contents
Part A.............................................................................................................................2
Security Breach in the University of Oklahoma............................................................2
What was the Problem?..........................................................................................2
Who were affected?................................................................................................3
How the Attack was carried out?...........................................................................3
What could have been done to prevent the Attack?...............................................4
Part B..............................................................................................................................4
WannaCry Ransomware Cyber Attack......................................................................4
What was the problem?..........................................................................................5
Who were affected and how?.................................................................................5
How was the attack carried out?............................................................................6
What could have been done to prevent the attack?................................................7
References......................................................................................................................8

2
COMPUTER SECURITY BREACHES (2017)
Part A
Security Breach in the University of Oklahoma
In June 2017, the newspaper of the University ‘The Daily’ reported it, that the
security of the University has been breached and very personal sensitive information related
to the students and the Delve users have been exposed. This intrusion was made intentionally;
and exposed the records of the students from 2002 to 2016, including the very personal
information that was collected by the University. Delve was providing cloud storage and
sharing system of the files to more than one user in order to improve the performance of the
students (Ablon et al., 2016). Credentials were used to protect private information, but this
breach removed all the barriers and allowed all the users to download those files.
What was the Problem?
Microsoft Office Delve was the portal provided for each individual of the OU
University whoever has OU email’s access. Lax security measures, which OU was using to
save the details of the Student including very personal information like medical record,
grades, permanent address, bank account details and many more. These information were
made publicly by the intruder who was supposed to be an inside person (Branham, 2017).
The Delve was well protected by unique credentials and it allows sharing file between
different users, but ‘which file they want to share with whom’ was well protected by the
website as this system. By this intrusion, those files were exposed to every other user with an
option to download it. These activities violated the Family Education Rights and Privacy
(FERPA) law that sates “students have complete control over who can access their records
related to education” (Lopez, tsitouras & Azuma, 2012). This security was not breached for a
very long time, but for hours, the Delve was allowing download option for the documents of

3
COMPUTER SECURITY BREACHES (2017)
other users, which could have allowed many users to download that information, which were
related to other user.
Who were affected?
Delve was offered for the every OU’s email user and this intrusion affected every user
who were connected to the Delve and used to keep their files save in that software. Almost
every user of OU’s email service was using Delve whether they know how to keep data safe
or not. There were 29000, reported incident about this security breach, which exposed all the
information of the students who had taken admission from 2002 and after that (Qaisar, 2013).
This security breach affected all the students and staff members of the Oaklahoma University.
This data breach also affected the reputation of the university, as this service was provided by
the university, no doubt for the benefits of the students but they were not able to keep this
information secured (Watch, 2017). Legal actions could have taken against the University
and this could have resulted in drawbacks of the federal funding, which in results would have
affected all the individual who is connected the University by any way or means. The IT team
who was responsible for the maintenance of this server were also affected by this intrusion, as
they had to do much extra work and had to answer the panel about this intrusion.
How the Attack was carried out?
News Paper of the OU, ‘The Daily’ reported that any external unauthorized user did
not made the intrusion, rather it was an insider who had attempted and get access to the server
and manipulated the coding to expose the information (Branham, 2017). According to the
Microsoft Delve, the server was completely protected and the intrusion was made through the
database system of the OU. The insider was somehow able to hack the database system of the
University, which could be the result of human errors made by the IT team of OU (Watch,
2017). Delve was used as the breach by the intruder to enter the database and the cloud server

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
COMPUTER SECURITY BREACHES (2017)
where the files were being saved. Cloud server is beneficial in all the aspects if there is not
any intrusion made to the server, but there should proper protection measures for the server.
What could have been done to prevent the Attack?
Cloud server implementation has many beneficial aspects but proper importance
should be provided to the protection of this server. Various preventive measures could have
stopped this security breach, which were neglected by all the participants. Firstly, IT team of
OU should have given proper training in order to eliminate human errors, which could be
cause of this breach as stated above (Patel et al., 2013). Proper technology for the
tokenization and encryption of the files before saving it to the server could have also stopped
this intrusion, as the user who downloaded those files will have needed proper encryption for
accessing those files. Intrusion-detection-system implementation could have informed the IT
about the intrusion earlier, as the IT team was even informed by the report provided by The
Daily (Khorshed, Ali & Wasimi, 2012). Proper and regular audit to the system database and
the server by the IT team in order to check and modify the coding if any vulnerability seems
that could affect the system. Monitoring system, training to the email users and delve users
on how to keep those files more safe and creating risk plan management could be the
preventive measures to stop this breach and keep those files and information safer (Chou,
2013).
Part B
WannaCry Ransomware Cyber Attack
This was a type of ransomware cyber attack, which affected almost the entire world. It
is being estimated by the IT experts that the attack was started between 12th and 15th May
2017. The name that intruders called it was Wannacry ransomware (Mohurle & Patil, 2017).
This malicious virus blocks the access o the users to their personal files saved in the system.

5
COMPUTER SECURITY BREACHES (2017)
Various organizations, federals, hospitals and many others around the world became prey of
this attack. After altering the files, the hackers were asking money in-exchange to gain access
to those files again by the users in the form of Bit-Coin Currency. This attack caused damage
to more than 100,000 computers across the world and restricted various organizations from
doing their operational activities using the computers (Young & Yung, 2017).
What was the problem?
Technically, it can be said that the malicious virus was encrypting all the files stored
in the storage system of the user’s computer, which blocks all the way to do the operational
activities, which could be done by the computers in an organization (including hospitals,
federals and many other sectors). The intruders had used one of the secret software created by
the U.S agency, which was stolen and sold out at the internet. This was used as the primary
software for the hackers to get access to the storage system or drive of the computers that
were connected to the internet (Young & Yung, 2017). Another problem was that the IT
teams were not getting any way to get rid of this attack. Few experts were able to decrypt the
files that were encrypted by this virus but several were affected and it caused them by either
paying ransom or losing those data. The hackers were asking money in exchange of the anti-
virus named ‘double pulsar’, which could have allowed the users to gain access to their files
again and perform the organizational operations efficiently. Many of the organization were
not able to get the anti-virus even after paying the ransom amount.
Who were affected and how?
As stated earlier, this was a global attack; it affected many computers of different
organizations in different corners of the world (Renaud, 2017). According to the findings it
can said that mostly affected corner was China. The users with pirated operating systems or
outdated operating systems were reported to be the affected most. Hackers were targeting the
users with the operating system Windows 7, Windows 8, Server, and Windows Xp, although,

6
COMPUTER SECURITY BREACHES (2017)
minimum damage was caused to the users with Windows Xp and Server. Many police
headquarters in China and India were affected by this attack, which forced them to take their
stations offline. Many hospitals in Russia, China, UK and U.S. had to suffer a lot by delaying
several operations, surgeries and meetings. Big and rich Automobile companies like Renault
and others also reported to the security breach due to this intrusion, which affected their
production.
How was the attack carried out?
According to the research made by the experts, it is being estimated that the
WannaCry Ransomware Cyber-attack was started at London on 12th May 2017 by a
European. The virus was activated after the access to a zip file which had several advance
coding including the ‘EternalBlue’ and then coding to connect to the internet. ‘EternalBlue’
was software generated by the U.S. Agency in order to get access to the storage system of the
users (Pascariu, Barbu & Bacivarov, 2017). It was explained by them that this was generated
to improve cyber-espionage and keep the city safe. EternalBlue allowed the hackers to get
access to the storage drives of the computers and those coding helped the virus to spread into
the internet and affect other computers like a communicable disease by using internet as a
medium. After that, the virus spread all over the internet and affected the computers with
latest operating systems like windows 7, windows 8 and many others as stated above. This
virus encrypted all the files that were being saved in the storage system and hackers were
offering the anti-malware software for this virus in-exchange of money (Collier, 2017). This
money was being collected in the form of Bit Coin Currency rather than any bank payment.
This malicious virus gets into the storage drive of the computer and encrypts all the files
stored in those drive by a unique encryption code. Many experts tried to encrypt those files
but get failed due to the regular updates that were being uploaded by the intruders.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
COMPUTER SECURITY BREACHES (2017)
What could have been done to prevent the attack?
Following are the various methods that could have prevented this security breach:
 This virus has not affected the original and updated operating systems and
those who were affected Microsoft offered them security patches in order to
keep their files safe. This implies that using original and updated operating
system could save the users from this mass security breach.
 Encryption and tokenization to the files could have protected them from being
corrupted and stopped hackers to encrypt it again.
 Anti-malware software is also the option to stop it from being happened again
in the future, as it could have stopped the hackers to get access to the
computers (Vuolo, 2017).
 EternalBlue the primary weapon for the hacker should not have been exposed
anyhow. If exposed the U.S. agency should have informed this and about its
affect earlier.
 Microsoft should have offered these security patches earlier not after the
attack, by predicting such attack after the expose of that software in the black
market.

8
COMPUTER SECURITY BREACHES (2017)
References
Ablon, L., Heaton, P., Lavery, D., & Romanosky, S. (2016). Data Theft Victims, and Their
Response to Breach Notifications.
Branham, D. (2017). OU shuts down file sharing service after failing to protect thousands of
students' records. [online] OU Daily. Available at: http://www.oudaily.com/news/ou-
shuts-down-file-sharing-service-after-failing-to-protect/article_4f9a5e2c-50a2-11e7-
a807-2f591e6c54f0.html [Accessed 22 Aug. 2017].
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal
of Computer Science & Information Technology, 5(3), 79.
Khorshed, M. T., Ali, A. S., & Wasimi, S. A. (2012). A survey on gaps, threat remediation
challenges and some thoughts for proactive attack detection in cloud
computing. Future Generation computer systems, 28(6), 833-851.
Lopez, M. P., Tsitouras, D. J., & Azuma, P. C. (2012). The Prospects and Challenges of
Educational Reform for Latino Undocumented Children: An Essay Examining
Alabama’s HB 56 and Other State Immigration Measures.
Patel, A., Taghavi, M., Bakhtiyari, K., & JúNior, J. C. (2013). An intrusion detection and
prevention system in cloud computing: A systematic review. Journal of network and
computer applications, 36(1), 25-41.
Qaisar, E. J. (2012, March). Introduction to cloud computing for developers: Key concepts,
the players and their offerings. In Information Technology Professional Conference
(TCF Pro IT), 2012 IEEE TCF (pp. 1-6). IEEE.

9
COMPUTER SECURITY BREACHES (2017)
Vuolo, J. (2017). Should we be using water filled gloves under the heel to prevent pressure
ulcers?. benefits, 10, 32.
Watch, O. (2017). Security Breach at OU Exposes Thousands of Students’ Data. [online]
Oklahoma Watch. Available at: http://oklahomawatch.org/2017/06/14/security-
breach-at-ou-exposes-thousands-of-students-data/ [Accessed 22 Aug. 2017].
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack
2017. International Journal, 8(5).
Young, A. L., & Yung, M. (2017). Cryptovirology: The birth, neglect, and explosion of
ransomware. Communications of the ACM, 60(7), 24-26.
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Renaud, K. (2017). It makes you Wanna Cry.
PASCARIU, C., BARBU, I. D., & BACIVAROV, I. C. (2017) Investigative Analysis and
Technical Overview of Ransomware Based Attacks. Case Study: WannaCry.