Security Breach Incidents for FAFSA Tool Breach- myassignmenthelp

Question: Discuss about theSecurity Breach Incidents for FAFSA Tool Breach. Answer: Taxpayers Compromised in IRS: FAFSA Tool Breach The present scenario of the cyber world is nothing short of a warzone where constant battles are being fought among the cyber criminals and the protectors of cyber space. The hackers are constantly developing and deploying advanced tools and strategies to outwit the vigilantes (Tax EIC, 2013). However, the organisations or the general mass whose integrity is in question are still ignorant to this emerging and dominant threat. This section of the report brings to light the news of the cyber attack that is coordinated on IRS or Internal Revenue Service of United States of America, declared officially on April 6, 2017. The news of the incident serves as practical evidence to the statement made above (Tax EIC, 2013). Overview on IRS The Internal Revenue Service (IRS) is a sector of the Department of Treasury who performs the operation of enforcing laws related to income tax and supervises the collection of federal income taxes. The IRS also has the responsibility to determine the qualification of pension plan (COHEN, 2015). The IRS has the responsibility to collect the major source of funding for the government of United States of America. The IRS utilises the treasury of US to execute and enforce many of the vital tax, economic and financial policies that affects the economy of United States (COHEN, 2015). Occurrence of the Problem The authority of Internal Revenue Service (IRS) declared officially on April 6, 2017 that it has been subject to a major security breach that can affect as many as 100,000 taxpayers. The breach is considered one of the most extensive breaches that the organisation has seen since the year 2015, when attackers used stolen information to obtain access to the tax returns of over 300,000 taxpayers and filed false returns to get refunds (Walters, 2015). The organisation got the wind of the attack on early March of 2017. However, the authorities of the organisation took a month to take legitimate action against the breach. Cause of the Breach According to the official statement made by the authority of IRS regarding the security breach, the hackers gained their objective by posing as students to use the IRS Retriever Online Tool that is used to apply for financial aids. The FAFSA or Free Application for Federal Student Aid is an initial form that the federal government, states and colleges use to award work-study, grants, student loans and scholarships (Botha, Grobler Eloff, 2017). Students and their parents residing at United States of America use the IRS Data Retriever Tool to access the tax return information that is required to fill up the FAFSA form. The data is directly transferred into the form from the website of IRS. The hackers disguised themselves as students and exploited the IRS Data Retrieval Tool to obtain details of around 100,000 taxpayers. They then filed false tax returns using the credentials of original users that were stolen by them. The authority suspects that around 8000 false returns were filed, in response to which the organisation has issued refunds that amounted up to 30 million dollars (Joseph, 2017). Actions Taken Against the Attack John Koskinen, the commissioner of IRS made a statement at a Senate Finance Committee hearing that the authority of IRS had detected an anomaly in the system on March 2017. The experts of the organisation have detected an abnormal hike in the quantity of incomplete forms that were submitted by the students and were suspicious of some illegal activities that were underway. However, the organisation took nearly a month to take necessary actions against the breach despite of being warned a month ago. This action has raised question among the taxpayers (Koehler, 2017). The authority of IRS shut down the IRS Data Retrieval Tool as soon as the possibility of a breach is confirmed. Shutting down the tool at the peak season of financial aid application caused outrage among the students and their parents. However, the authority claims that around 52,000 returns could be prevented by IRS filters while 14,000 illegal refund claims were stopped as well. As per the statement of the commissioner, the agency has provided with 35000 written documents to notify the taxpayers about the risk (Johnson, 2017). Apart from this, the authority is planning to establish contact with 100,000 taxpayers who might be at risk and inform them about the breach. The complete result of the breach is still unknown, as the agency did not provide details on this matter. The commissioner claims that extensive investigation is underway to analyse the exact damage measure of the attack and that the IRS Data Retrieval Tool is expected to be secured and rendered functional after the mon th of October 2017 (Johnson, 2017). Conclusion The report concludes with the fact that the cyber attack on Internal Revenue Service not only shows the extent to which the cyber crime has evolved in the last few years but also the existing ignorance of people and organisations alike that gives the hackers the required window to achieve their goal. It is necessary for constant vigilance and steadfastness from each individual working in an organisation to take immediate actions whenever any anomaly is detected. It is also mandatory to implement sophisticated software and hardware that can detect and prevent any kind of cyber attack. WANNACRY, New Face of Cyber Terror The advent of ransomware in the family of cyber incrimination tools has proved to be a priceless addition for the cyber criminals. It has taken cyber war to the next level of challenge. Before the debut of ransomware, the hackers sole purpose of attack was to use various tools of hacking to breach a user account and gather sensitive information from the system or network to use them for financial advantage (OGorman McDonald, 2012). The organisations or individuals who are responsible for the security of cyber world develop tools to counteract the attacks and often succeed in doing so for some time. However, the attackers always seem to stay one-step ahead of the saviours. Despite all this, the protectors of cyber security had a manageable grasp of the situation and somehow managed to keep things under control. The entry of ransomware in the warzone acted as the last straw on the camels back for the protectors (Everett, 2016). Ransomware is a type of malware that has changed the concept of cyber attack completely. It does not apply conventional methods of cyber attack that involves breaching the security of a system or network to obtain crucial data of an organisation or a user, which can be later used by the hacker for financial advantage (Pathak Nanded, 2016). Instead, it breaches a system exploiting some of its vulnerabilities and holds the complete system and its resources at ransom by preventing the user of a system from performing any function on the same. This new concept of technapping has proved to be effective and beneficial for the cyber lawbreakers and revolutionised cyber war. The report sheds some light on this matter using the incident of the recent ransomware attack that caused exponential damage to the world on May 12, 2017 (Pathak Nanded, 2016). The Debut of WANNACRY On May 12, 2017, the inhabitants of 150 countries in the world felt the wrath of the ransomware WANNACRY, launched by an emerging community of hackers who claim themselves as Shadow Brokers. The wave of the attack took a toll of around 230,000 computers including organisational and personal. The intensity and suddenness of the attack caught many organisations off guard and ravaged their systems. The affected systems were held hostage remotely by the attackers and were demanded ransom against their restoration (Mohurle Patil, 2017). Mode of the Breach It has been detected that a defect exists within the Server Message Block (SMB) protocol of Windows server that is known as Eternal Blue. Microsoft Corporation was not aware of this defect and therefore the anomaly was not removed (Swenson, 2017). However, it was discovered a long ago by the experts working for the National Security Agency (NSA) of USA, who concealed the fact from Microsoft for their own advantage. The intention of NSA was to modify the anomaly and use it for offensive intelligence purpose. However, it was spirited away by the Shadow Brokers from the vaults of NSA and was unleashed on the world (Swenson, 2017). The ransomware exploits Eternal Blue to gain entry into the system of a user. The initial phase being achieved, it starts to encrypt the vital data files of the system and makes it almost impossible to access the system or use any of its features. Having crippled the system the ware then displays a message on the screen of the system that asks for ransom from the user of the system in form of bit coin currency within a specified span of time against restoring the system into its previous state. It is also warned that the system will be permanently rendered useless if the ransom is not received within the specified date (Swenson, 2017). The ransomware could affect those systems that were running any supported or unsupported version of Windows operating system, as the SMB protocol that the ware exploits to gain entry into the system is present in Windows server. Those systems that were running unsupported and older versions of Windows operating systems were the most affected (Swenson, 2017). After effects of the Attack The rampage of WANNACRY lasted for a few hours on May 12, 2017 as reported by various security experts. However, it managed to affect 230,000 computers in 150 different countries throughout the world. Innumerable organisations were affected during the attack and many emergency institutions like the National Health Service (NHS) of United Kingdom were forced to halt their emergency services that caused tremendous problems for the patients of the centre (Collier, 2017). Among all the affected organisations, some of the noteworthy organisations that were affected greatly were the Deutsche Bahn, Telefonica and FedEx of Spain. The common mass of these affected countries were not spared from the effects of this attack as well. Actions taken against the Attack Within the first few hours of the attack launched on May 12, 2017, all the security researchers around the world became busy with the one goal to mitigate the problem. A solution was discovered by a young researcher from England who found a method of resolving the issue by registering a domain name in the code of the ransomware program (Akkas, Chachamis Fetahu, 2017). The process seemed to work for a short time, which halted the advancement of the ransomware for a short while. However, it was found that newer versions of the ransomware were soon launched by the attackers that countered the solution of the researcher. Apart from this, Microsoft Corporation launched patch updates for all supported and unsupported version of Windows that resolved the Eternal Blue issue from the SMB protocol. The users were also requested by the Corporation to apply the updates as soon as possible. Security software providers like MalwareBytes, AVG Security, Norton and such provided updated version of the security software that had features to detect and prevent ransomware attacks (Akkas, Chachamis Fetahu, 2017). Conclusion The report concludes with the insight that the cyber security is an issue, which cannot be taken lightly. A short window of opportunity provided to the cyber criminals can lead to exponential loss ranging from personal to global interest. Therefore, it is better to look for ways to prevent the attack before it occurs. After all, it is widely known that prevention is better than cure. References Akkas, A., Chachamis, C. N., Fetahu, L. (2017). Malware Analysis of WanaCry Ransomware. Botha, J. G., Grobler, M. M., Eloff, M. M. (2017). Global data breaches responsible for the disclosure of personal information. COHEN, A. V. P. (2015). Agency. Collier, R. (2017). NHS ransomware attack spreads worldwide. Everett, C. (2016). Ransomware: to pay or not to pay?. Computer Fraud Security, 2016(4), 8-12. Johnson, K. (2017). Information Security Plan for Redacted Tax Service (Doctoral dissertation). Joseph, R. (2017). Data Breaches: Public Sector Perspectives. IT Professional. Koehler, C. R. (2017). Protecting your identity. Mohurle, S., Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5). O'Gorman, G., McDonald, G. (2012). Ransomware: A growing menace. Symantec Corporation. Pathak, D. P., Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware growing challenge. International Journal of Advanced Research in Computer Engineering Technology (IJARCET) Volume, 5. Swenson, G. (2017). Bolstering Government Cybersecurity Lessons Learned from WannaCry. Tax, P. F., EIC, I. C. (2013). Internal Revenue Service. Walters, R. (2015). Continued US Federal Cyber Breaches In 2015Analysis.