Wednesday, May 6, 2020
Recent Hacking Story Case Study of JPMorgan & Chase
Question: Discuss about theRecent Hacking Storyfor Case Study of JPMorgan Chase. Answer: Introduction The grave problem that comes with the advancement and up-gradation of technology is that of its negative impact. The 21st century is completely depended on the internet for its functioning. Along with the beneficial effect of internet comes the negative impact of misusing it. Cyber-hacking is the most vulnerable problem of this century (Wagstaff, 2016). With the increase in the dependency on internet, the rate of crime associated with it is also increasing. The computer is the main component in conducting business and commerce as well as the source of todays entertainment. This creates an increase in the opportunity of committing the crime (Macau Business Daily, 2016). This essay mainly tries to captures the context of hacking as the main cyber crime. The monograph will be subjected mainly on the hacking of the profiles of the customers of JP Morgan, the largest bank in US. Before going into the case study directly, a short general overview of cyber crime will be discussed followed b y few statistical figures related to recent hacking. According to ISTS (Institute for security technology and studies), hacking a network or computer can again be of three types: Self declared hackers who breach with the motive of constructing new codes and for their own entertainment purpose. Media- labeled hackers with the aim of hacking through a network and causing harm to the society by injecting malwares, viruses or by retrieving personal information from the network hacked. The third type is Ethical hackers who have the motto to find the gap in the security of any Company. Ethical hacking is usually carried out by the company themselves by hiring professional hackers. It is usually done to keep a track of the functioning of the companys online system. The unethical hacking or the media-labeled hacking is the main threat to the whole cyber world. They are also known as Crackers. Initially the term hacker was given to the over-enthusiast people with a thirst for knowledge and engaged in surfing in others domain without causing harm. The basic problem that lies in this respect is that criminal economy is growing at faster pace than the normal economy. JP Morgan, the USs largest asset holding bank faced the problem of media-labeled hacking in the year 2014. The statistical data on hacking from the year 2016 states that every day more than 30 thousand websites are infected with malware daily. Information of 70 million credit card users has been leaked. J.P Morgan faced a massive leakage in their data base with more than 76 million customers data being leaked. A report published in Inside Counsel shows that it is not only big business whose security is hacked. Small businesses are mostly vulnerable to the cyber security threat. The term hacking means trespassing into a computer or network to either loosen the security of the network. It is done to import data from the network illegally or even at times to alter or change the security of the given system. The persons who are engaged in these activities are termed as hackers (Techopedia, 2016). The hacking business came into existence with its own codes of ethics. These ethics had been upgraded depending on the need of the society (Coleman, 2013). The basic ethics and codes that the hackers were supposed to follow were: They were supposed to work for the well being of the society in general and human being in particular. They must honor the confidentiality related to the computers that they are hacking (Holzer Lerums, 2016). They must make themselves honest and trustworthy to other people. They should also keep in mind not to disclose the confidentiality of the data and harm people with their action (Wald, 2016). The hackers should also maintain the ethics of respect and honor. They must honor the intellectual property rights specially the patents and copyrights. These rules are just like the commandments of the computer ethics and if hampered it will cause a loss to the people. The open access to networks is important for spreading knowledge without discriminating the gender, race or religion of the users. The hackers can use their talent to mend the security flaws related to the system. It is seen that most of the hackers forgets this issues and hacks for the sake of profit and power. They forget s their ethics and morals and is only seeks to make the most possible profits by economic espionage and laundering of money. The cost incurred per year due to cybercrime is more than $ 1 trillion throughout the world. Figures suggest that on an average the cost of data breach is $3.5 million (Klein et al., 2016). Report published on 7th November in Inside Council states that five cyber criminal have been identified for hacking few top companies, which cost around $300 million. The criminals hail from Ukraine and Russia and they have hacked Visa Inc, Jet Blue Airways Corp., Nasdaq, Carrefour SA, etc (Klein et al., 2016). News published on Bloomberg on 10th November 2015 brings into highlight the fact that within the duration of 2012 to 2015 the hackers was able to hack at-least 9 giant financial institutions with more than a 100 billion customers details (Walters, 2014). The hackers were able to gain access to the high-end secured data with the help of treacherous business officials who sold out their moral values at the cost of lump sum bribe (Bloomberg, 2016). If the history of hacking can be analyzed it will be seen that more than one third of the data manipulation and theft have occurred in the business sector. Hacking in health sector follows next with the massive hacking of the database of Anthem, one of the top-level health insurance companies of US. Data of nearly 60-70 million customers both former and existing have been penetrated in this event (Mathews, 2016). This essay will try to provide an insight into one of the greatest hacking of US history. The data penetration of JP Morgan Chase took place in 2014 (Sidel, 2016). The massive breach of data from USs largest bank created an alarm in the society regarding the security of the cyber world. JP Morgan confirmed that more than 76 million of their clients data have been hacked. They also ensured that their customers data relating to their finance have not been hampered. It is only their customers personal details that have been hacked in that cyber crime (Rushe, 2016). The bank got notion of this attack on July 2014, a month after the actual incident occurred. A report by The Guardian as published on 3rd October brings out the fact that the problem of data hacking was more serious than they have estimated. The case of USs biggest data breach was given to the United States Secret Service to investigate and find out the culprit or group of culprits involved. The hacking took place by spreading a malicious program me in the bank is networking system. To avoid being caught, the hackers breached the data by steps over a period of time (Robertson, 2014). They along with the help of Federal Bureau of Investigation took up the duty of getting an insight into the matter. Bloomberg in their daily published on August highlights the fact that hackers hailing from Russia were engaged in the high- profile breach of the banks data (Richards, 2014). There has been a lackadaisical approach on Russias part on the enforcement of cyber crime and intellectual property right. This affects Russia internally as well as other nations (McDougal, 2015). Brian Krebs, the famous author and blogger of Krebs on Security is of the view that the hackers who took so much risk and pain in this massive case surely have the motive of making profit causing a cost to the victims. It is a continuous process of up-gradation of new technology that is required to save the data from the hands of these immoral hackers. On other hand, report published on WSJ suggests that the hacking have been conducted by using the personal computer of one of the employee (Sidel, 2016). There has been a huge impact on the reputation of the bank as well as on the global economy post breach of data. Federal authorities were been able to point out four of the culprits engaged in this crime namely, Gery Shalon, Ziv Orenstein, Anthony R. Murgio and Joshua Samuel Aaron. Shalon and Joshua hails from Israel with the later engaged in a big unlawful gambling business in US. They are now detained in Moscow (Muncaster, 2016). Murgio and Shalon once inv ested $100,000 to appoint a conspirator in the said banks directorial board (Krebs on Security, 2016). The cyber threat opened the eyes of the banks security officials. It made them realize that the security system that they use could be easily surpassed by the intelligence possessed by the hackers. There is continuous cyber warfare amongst the hackers and they are into constant up-gradation of their system. Hence, companies and financial institutions need to constantly upgrade their security system to keep up with their enemies (Lee et. al., 2015). After the unexpected breach, CEO of the USs largest bank JP Morgan, Jamie Dimon, announced that their bank will double their spending on security issues. US $250 million had been spent in the year 2014 and they have planned to increase it to US $ 500 million within a span of 5 years (Doug Drinkwater, 2016). Scott MacKenzie, CISO of Logical Step commented that Morgans step or decision of doubling the amount invested for security in-spite of null evidence of customers password and account hacking is a positive step and it will help them to g et back their over their damaged reputation (Hemphill Longstreet, 2016). The bank with the largest valuation of assets in US being hacked tried to find out the notorious criminals behind this action (Fisch, 2015). They with the help of Federal authorities and investigation bureau found out the criminals and carried on with the proceedings there after as given in their laws. At the same time the bank also focused on increasing the amount they spend on their security issues. It is taken into consideration that increasing the allotted sum for security purpose will help them to tighten and save their online data (Amigorena, 2014). The questions that keeps on lingering regarding this matter is whether at all just by increasing the fund allotted will be enough to stop the crackers from getting a hold of the companys data. Just as the bank and other financial institutions are willing to allot greater amount of funds for tighter security, similarly on other side their antagonist also upgrades themselves with better hacking techniques. The basic flaws that this ba nk had in their security system is that they were so confident regarding their security issues that the basic system of dual verification was missed out. Usually big banks use the system of double verification where the users need to use a One-Time Password (OTP) every time whenever they try to get access into any details. The password is generated by the main system and the accounts and data can only be accessed with that password. In addition, the password cannot be used for a second time, as the name itself indicates that it gives access only once. It gets lapsed after a certain pre-determined time, say for example within 2 minutes of generation of password ("Protections Against Digital Bank Robbers", 2016).The cyber crime was not of a zero-day crime which implies that the leaked data have been manipulated and sold at the parallel economy. It has been found out that access to one of the employees personal computer was the method adopted to hack the system. A bank with the largest asset value is not expected to have such a simple security system that can be breached by getting access only to a general employees PC. Whenever a company or financial institution faces a threat or a security issues it is geared up to tighten the same. The security issues should be tightening up on daily basis for such a large institution. The measures that can be taken by them from beforehand in order to avoid such circumstances are discussed as follow (Parrish, 2016): Policy of Data Breach notification: This policy will help their customers to take necessary actions if any breach of data occurs. Training: The employees who are in charge of the companys security system should be trained so that they can understand and detect the operations carried on by the hackers. Establishing proper company policies: The employees should be given proper training on the tools that they are supposed to use. They should also be aware of the types of devices and networks they can use to do their work (Shields, 2015). The company should start doing Pen-testing of their own system. Pen-testing is the process where someone attempts to get hold of the critical assets of the company and its network without getting detected by the same. The company can also conduct vulnerability scanning of their data in small successions to avoid any further harmful consequences. There is a great difference in vulnerable scanning and pen-testing. Vulnerable-scanning points out the weakness of the companys security system. Pen-testing on other hand highlights the quantity of data that can be breached with the process of ethical hacking (Northcutt et. al., 2016). The easiest way on customers side to avoid their data from getting leaked is by creating a difficult password. Creating a difficult password with lowercase, numbers, uppercase and punctuations will make it difficult for hackers to penetrate into the customers account. It is also referable to have quite a few word merged together to form the password ("Eight steps to beat the online bank fraudsters", 2016). The statistical data regarding the notion of cyber crime shows that there is a constant rise in this statistic. Cyber world being a vast and digressed world do not follow any particular law. In addition, the cyber world does not fall under any territorial boundary. Hence, the rate of crime is also more than any other types of crime. The global economy cannot work without the internet and computer systems. The hackers take this issue as their forte and keeps on hacking the network. It has been often seen that they commit this crime with the motive of earning a massive amount of black money. They run a parallel economy which works along with the main E-economy. Just as there is advancement in the mainstream cyber world, similarly they also up-dates themselves and often stays ahead of the main cyber world. The companies and financial institutions should always be highly alerted and upgraded with their system keeping in consideration of other cases which may have happened with other comp anies. JP Morgan was lucky enough that though they faced a massive breach of their data source but the hackers could not get hold of their customers passwords and security accounts. They doubled their spending on the security system and realized that only a single time authentication was not enough to stop the hackers. Hence, their loss gave the other financial institutions and companies a warning that without constant up-gradation any of them can be vulnerable to this parallel community of hackers. References: About Us | JPMorgan Chase Co.. (2016). JPMorgan Chase Co.. Retrieved 11 November 2016, from https://www.jpmorganchase.com/corporate/About-JPMC/about-us.htm Amigorena, F. (2014). The threat from within: how to start taking internal security more seriously.Computer Fraud Security,2014(7), 5-7. Arrests in JP Morgan, eTrade, Scottrade Hacks Krebs on Security. (2016).Krebsonsecurity.com. Retrieved 9 November 2016, from https://krebsonsecurity.com/2015/11/arrests-in-jp-morgan-etrade-scottrade-hacks/ Coleman, E. G. (2013).Coding freedom: The ethics and aesthetics of hacking. Princeton University Press. Doug Drinkwater, S. (2016).JPMorgan to double cyber security spending to 310 million after hack.SC Magazine UK. Retrieved 9 November 2016, from https://www.scmagazineuk.com/jpmorgan-to-double-cyber-security-spending-to-310-million-after-hack/article/376894/ Fisch, J. E. (2015). The Mess at Morgan: Risk, Incentives and Shareholder Empowerment.University of Cincinnati Law Review,83, 651. Hemphill, T. A., Longstreet, P. (2016). Financial data breaches in the US retail economy: Restoring confidence in information technology security standards.Technology in Society,44, 30-38. Holzer, C. T., Lerums, J. E. (2016, May). The ethics of hacking back. InTechnologies for Homeland Security (HST), 2016 IEEE Symposium on(pp. 1-6). IEEE. JPMorgan's 2014 Hack Tied to Largest Cyber Breach Ever. (2016).Bloomberg.com. Retrieved 9 November 2016, from https://www.bloomberg.com/news/articles/2015-11-10/hackers-accused-by-u-s-of-targeting-top-banks-mutual-funds Lee, J., Maker, J. M. S. L. D., At, D. (2015). JP MORGAN.Wall Street Journal. Lee, J., Maker, J. M. S. L. D., At, D. (2015). JP MORGAN.Wall Street Journal. Mathews, A. (2016).Anthem: Hacked Database Included 78.8 Million People.WSJ. Retrieved 9 November 2016, from https://www.wsj.com/articles/anthem-hacked-database-included-78-8-million-people-1424807364 Muncaster, P. (2016).Alleged JPMorgan Hacker Detained in Moscow.Infosecurity Magazine. Retrieved 9 November 2016, from https://www.infosecurity-magazine.com/news/alleged-jpmorgan-hacker-detained/ Parrish, M. (2016).6 Steps for Data Breach Recovery and Prevention.Intralinks Blog. Retrieved 9 November 2016, from https://blogs.intralinks.com/2013/10/6-steps-for-data-breach-recovery-and-prevention/ Richards, J. (2014). A New Cold War? Russia, China, the US and Cyber War. InCyber-War: The Anatomy of the global Security Threat(pp. 43-56). Palgrave Macmillan UK. Rushe, D. (2016).JP Morgan Chase reveals massive data breach affecting 76m households.the Guardian. Retrieved 9 November 2016, from https://www.theguardian.com/business/2014/oct/02/jp-morgan-76m-households-affected-data-breach Shields, K. (2015). Cybersecurity: Recognizing the Risk and Protecting against Attacks.NC Banking Inst.,19, 345. Sidel, E. (2016).J.P. Morgan Working Closely With Law Enforcement on Cyberattack.WSJ. Retrieved 9 November 2016, from https://www.wsj.com/articles/j-p-morgan-not-seeing-unusual-fraud-regarding-reports-of-hacking-1409227168 Wagstaff, K. (2016). Hack to the Future: Experts Make 2016 Cybersecurity Predictions. NBC News. Retrieved 11 November 2016, from https://www.nbcnews.com/tech/internet/hack-future-experts-make-2016-cybersecurity-predictions-n486766 Wald, E. (2016). Legal Ethics Next Frontier: Lawyers and Cybersecurity.Chapman Law Review, Forthcoming, 16-04. Walters, R. (2014). Cyber attacks on us companies in 2014.Heritage Foundation Issue Brief, (4289). What is Hacking? - Definition from Techopedia. (2016).Techopedia.com. Retrieved 9 November 2016, from https://www.techopedia.com/definition/26361/hacking
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.