Scribd Logo
Upload

Welcome to Scribd!

  • CMJ 256 Final Story

    Uploaded by

    Austin Eccleton
    69 views9 pages
    Feature Story

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Feature Story

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    69 views9 pages

    CMJ 256 Final Story

    Uploaded by

    Austin Eccleton
    Feature Story

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    CMJ25607

    Eccleton
    FeatureStory
    GVSUCyberAttack
    GrandValleysBannerSelfServiceSystemFacesCyberAttack

    Ifreakedout,saidMirandauponfindingoutherpersonalinformationmighthavebeen
    breachedduringacybersecurityattackonGrandValleyStateUniversitysBannerSelf
    ServiceSystem.

    Inarapidlyevolvingdigitallandscape,securitybreachesarebecomingalltoocommon
    forusernetworksandprivateorganizations.

    Hackerstargetingthesenetworkswiththousandsuponthousandsofusersareusingrobot
    drivenmethodstotargetweakusernamesandpersonalidentificationnumberstogain
    accesstosensitivefinancialinformationandsocialsecuritynumbers.

    Theserobotsrunautomatedscriptsinanattempttoguessthelogininformationneededto
    accessthepersonalaccountsofusers.

    MirandaHolmes,aGrandValleystudent,wasoneofthosedirectlyaffectedbythecyber
    attackthattookaimattheuniversitysBannerSelfServiceSystemonOct.3.

    TheVicePresidentofEnrollmentDevelopmentatGrandValley,LynnMcNamaraBlue,
    sentthefirstemailtothestudentsfollowingtheattack.

    Bluehadalsoservedasprovostanddeanforacademicservicesandinformation
    technologyattheuniversity.

    IntheemailsenttoMirandafollowingtheattackitstatedthatsomestudentaccountshad
    beenhackedandthatshewasrequiredtoresetherBannerpasswordandsecurity
    information.

    TheBannerSelfServiceSystemisusedbytheuniversitytomanagebothacademicand
    administrative/financialinformation.

    InthewakeoftheattackMirandawasnotifiedthatGrandValleywasnotsuretowhat
    extentheraccounthadbeenbreached,butitwaspossiblethatthelastfourdigitsofher
    socialsecuritynumber,directdepositinformationtoherbank,andaddresshadbeen
    retrievedbyhackersduringtheattack.

    ImmediatelyfollowingthisnewsMirandacalledEquifaxtoputawatchonhersocial
    securitynumberthathadpotentiallybeentaken,andcalledherbanktoletthemknow
    thatinformationmayhavebeencompromisedaswell.

    InafollowupemailonOct.5,Blueinformedthestudentsthatthesecurityteamhad
    lockedover21,000Banneraccountsasaresultofthecyberattackandanongoing
    investigationwasunderwayteamedwithlawenforcementtofindoutexactlywhathad
    occurred.

    Duringtheinvestigationitwasfoundthatfraudulentphonecallswerebeingplacedto
    studentsandparentsstatingtheyowedmoneytotheuniversityandweretryingtoobtain
    personalinformationoverthephone.

    Leadinguptothefraudulentphonecallreports,theFBIreleasedamediaadvisoryfrom
    theirWisconsinheadquarterstothepublicwithinformationonwhattodoiftargetedbya
    phonescam.

    TheadvisorywassharedwithGrandValleystudentsalongwithinformationregarding
    theBannerattacktokeepstudentspostedoncurrentthreatstotheirsecurity.

    ThehackerswereusingU.S.governmentcalleridentificationtoscamcollegestudents
    intopayingthousandsofdollarsinfalsemoneyowedonstudentloans,delinquenttaxes,
    andoverdueparkingtickets.

    TheFBIurgedtargetsofthisscamtonotifytheirbankinginstitutions,contactthethree
    majorcreditbureausandrequestanalertontheirfiles,contactlocallawenforcement,
    andfileacomplaintthroughtheInternetCrimeComplaintCenteratwww.IC3.gov.

    AftertheinvestigationGrandValleysentanotificationtotheaffectedstudentswhose
    accountshadbeenbreachedtoinformthemthatthesectionsofBannercontaining
    sensitiveinformationwasnotaccessedduringtheunauthorizedsessions.

    InathirdemailtothestudentbodyofGrandValleysentbyBlue,newpreventative
    measureswerebeingimplementedtohelpsafeguarduserinformationonBannerSelf
    Services.

    Thenewchangestopreventfuturerobotattacksconsistedofanadditionalquestionat
    logintoproveyouarenotarobotusingacaptchacode,requiringstrongerpassword
    credentials,emailingstudentswhentheirPINchanges,strengtheningsecurityquestions,
    andrequiringmultiplesecurityquestions.

    Accordingtocaptcha.net,ACAPTCHAisaprogramthatprotectswebsitesagainstbots
    bygeneratingandgradingteststhathumanscanpassbutcurrentcomputerprograms
    cannot.

    Byrequiringstrongerpasswords,GrandValleycanhelpstudentstoguardtheirBanner
    accountswithanadditionallayerofsecurity.

    TheUnitedStatesComputerEmergencyReadinessTeampublishedanarticleonthe
    officialwebsitefortheDepartmentofHomelandSecurityexplainingtheimportancein
    havingastrongpassword,howtheusercancreateasafepassword,andhowtoprotect
    themoncetheyhavebeenchosen.

    TheEmergencyReadinessTeamstatesthatusingpasswordsbasedonpersonal
    informationthatareeasytoremembercanbedangerousandmakeitveryeasyfor
    hackerstocrackthem.

    Onepopularmethodusedbyhackersiscalledadictionaryattack,whichattemptsto
    guessPINsbasedonwordsusedinthedictionary.

    Duringthepasswordcreationprocess,themorevariablesusedtheharderitwillbeforthe
    hackerstoinfiltrateyouraccount.

    Methodstocreatingastrongpasswordinvolvestringingtogetheraseriesofwordsand
    usingmemorytechniquesormnemonicstohelpdecodethephrase.

    Thebestpasswordsincludebothuppercaseandlowercaselettersincombinationwith
    numbersandspecialcharacterstoaddadditionallayersofsecuritytothem.

    Whenastrongpasswordhasbeencreatedtheusermustkeepitsafe,andcreateseparate
    passwordsforalloftheiraccountsincaseahackerisstillabletoobtaintheir
    information.

    Nevershareyourpasswordsoverthetelephoneoremail,ashackerswillhidethemselves
    behindcalleridentificationorfalseemailaccountstotrickusersintosharingtheir
    usernamesandpasswords.

    Passwordsshouldnotbestoredorsavedinpubliccomputersandtheusershouldalways
    logoutofanyaccountsthatcouldbephysicallyaccessedbyothers.

    Dinopass.com,passwordsgenerator.net,andlastpass.comare3websitesthatwillgenerate
    randompasswordsfortheuserthatmeetthecriteriadescribedbytheEmergency
    ReadinessTeam.

    Anexampleofastrongpasswordis!RF6GF9tj427.

    Byfollowingtheseprecautionaryproceduresuserscanmakeitverydifficultforhackers
    togettheirhandsontheirpersonalinformationbyguessingtheirpasswordsthroughthe
    useofrobots.

    ThemorningofNov.17theBannerSelfServicenetworkwentofflineagainaround5
    a.m.andcontinuedtocutoutthroughoutthemorningforunknownreasons.

    AnotherstudentaffectedbythebreachinsecuritywasjuniorTedRider.

    ThemorningaftertheattackRiderwenttothelibrarytostudyandwasdeniedaccessto
    hisaccount.

    Heimmediatelycalledtheinformationtechnologyhelpdeskregardinghisaccountwhere
    hewasguidedthroughthenecessarystepstoregainaccessandchangehisPIN.

    Ridersaid,Iwasnotifiedduringtheordealbutdidntthinkitwouldhappentome.

    Ashackerscontinuetofindwaystobreakpastnetworksecuritywallsitisimportantfor
    userstounderstandtherearesecuritymeasurestheycancarryoutontheirownto
    minimizerisktothemselvesandtheirpersonalinformation.

    WhenMirandawasaskedabouttheattemptedcyberattacksituationasawholeshe

    responded,IfeltprettyupsetaboutthesituationbecauseIalwaysthoughtGVwas
    invisibleandwhenmyaccountgothacked,itwaskindofarealitycheckthatthings
    happenandyouhavetoprotectyourowninformationandbeproactiveinfixing
    mistakes.

    Afterchangingherpasswordtomakeitmoredifficulttocompromiseandwiththe
    implementationofthenewcaptchacode,Mirandastilldidntfeelherinformationwas
    100percentsafe.

    Imkindofworriedaboutthishappeningagain,butIchangedmypasswordandmadeit
    moredifficult,soitshouldbebetter.Butitisalwaysaworryonceithappensonce.
    Mirandaconcluded.

    You might also like