Respond to the following 3 posts:
1-Between January 2001 and January 2003, Daniel Baas hacked into Acxiom’s database and downloaded passwords and data files (eWeek,2003). Mr. Baas worked for the Market Intelligence Group, and they analyzed data for Acxiom (eWeek,2003). Through this connection he gained access to a password for one of Acxiom’s servers. Mr. Baas downloaded the passwords and data on the CDs and kept them at his house. He did not use the data or sell it. Acxiom only became aware of the theft when Hamilton Country Sheriff informed them (Holcombe, 2003). Mr. Baas stole over 300 passwords and data files then ended up costing Acxiom $5.8 million (eWeek, 2003). This is not the only time that Acxiom was victim to an external threat, a few months after this incident they became victim to an even larger data theft.
2- In 1994, Vladimir Levin a Russian mathematician and hacker attempted to steal $10 million from Citibank. Levin was able to gain customer identification codes and passwords to transfer money from cash management accounts to accounts in other banks controlled by Levin and his accomplices. Levin was arrested in London, England where U.S. Federal Government requested extradition of Levin to the U.S. During the extradition appeal hearing in 1997 House of Lords judgement records, an affidavit submitted by Citibank’s Byron Yancey the executive of Citi’s global cash management services wrote Levin was able to link to a “dumb computer terminal” through the telephone system, then to Citibank’s computer in Parsipanny, New Jersey. A request for transfer of funds is filtered to this terminal before going to Citibank’s computer, where the request must be authenticated by two employees of the customer, each using a separate identification and password (House of Lords Judgements – In re Levin, 1997).
If it were not for the customers early detection of funds going missing, the breach may not have been caught in time to notify the authorities and capture Levin. The customers did have a procedure of a two person authorization process, but it was Cititbank’s lack of proper encryption of the customer data that led to the theft (Romney, Steinbart, Summers, & Wood, 2021, p. 238).
After the 1994 Citibank hack, the company put in new controls for customers that required the use of electronic devices that creates a new password for every transaction. Currently new multifactor authentication has become the standard for most organizations can mitigate data breaches, but also best practice guidelines and user awareness can help prevent the risk of data breaches (Suleski, Ahmed, Yang, & Wang, 2023).
3- Rumors of a cyber attack during the Gulf War were confirmed in 1992. The attack was carried out by a group of Dutch teenagers who focused on collecting sensitive information “regarding military personnel, equipment, and other war operations via vulnerable network systems.” (Desert Snoopers, 1992) However, there is speculation that the group was searching for nuclear weapons data. The cyber attack(s) occurred between April 1990 and May 1991. The attack targeted 34 DoD (Army, Navy, and Air Force) sites attached to the internet. The group used well-known security weaknesses that previous hacker groups had used and that the DoD was aware of.
The hackers gained access to the DoD systems by weaving their way onto the internet via universities, government, and commercial systems. They used these sites as a way to access military sites. From there, the weaknesses came down to easily guessed passwords, known security holes in computer operating systems, and vendor-supplied accounts with easy-to-guess or no passwords. These accounts maintained privileged information about operations and maintenance. “In many of the intrusions, the hackers modified the system to obtain system administrator privileges and to create new privileged accounts.” (United States General Accounting Office, 1991) Prior to these attacks, many of the sites did not have written/set protocols on how to handle cyber attacks of this nature; however, as a result of the attack – protocols were established.
Before the cyber intrusion of the Dutch teens, the DoD knew the importance of internal controls and felt they had adamant procedures in place to prevent the level of intrusion they saw. However, it was made apparent that the established procedures were not being followed regularly. Recommendations for accounting information system (AIS) controls for the DoD (following the attack) would include:
Strong Password Requirements for ALL Accounts- This would include user/vendor profiles being required to change the original/default password, having randomly selected passwords, stringent password requirements (18 characters, with 3 numbers, etc.), and being forced to change passwords every 60-90 days.
Multi-Factor Verification – Having a one-time access code sent to an established email, phone, or app to verify identity.
Routine System Audits – Maintain an audit trail and conduct random and scheduled audits.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more