Cyber Defense Strategy for Atlanta Hawks

Ace your studies with our custom writing services! We've got your back for top grades and timely submissions, so you can say goodbye to the stress. Trust us to get you there!


Order a Similar Paper Order a Different Paper

Purpose

While hacking is the fun part, defending is the more intricate project, and that’s what this course is ultimately designed to teach you. Broad spectrum solutions don’t work– you have to find the right defense for every different hack.

Action Steps

  1. Review the cyber attack provided by your instructor
  2. Describe what target’s immediate response should be if the attack does happen
  3. Post-Mortem: Identify specific cyber security measures that this organization can take to prevent or reduce the likelihood of this kind of attack
  4. Post-Mortem: Propose necessary training for all of the target’s members and stakeholders
  5. Write a report that describes your defense for the top people at whichever organization is the target of the attack. Make sure to address the following areas:
    1. Immediate Response
    2. Post-Mortem: Cyber Security measures to prevent or reduce the likelihood of this kind of attack
    3. Post-Mortem: Propose necessary training for all the target’s members and stakeholders

How Will I Evaluate Your Work?

See the attached rubric for more detail on how these attacks will be graded. You should write your report using clear communication and professional writing conventions, including grammar.

Cyber Crime & Security: Design A Cyber Defense

 

Use the template below to structure your report. You should write your report using clear communication and professional writing conventions, including grammar. Remember that you’re writing for the top people at the organization.

1. Immediate Response

  • Describe what the target’s immediate response should be
  • Address all methods of attack in your response

 

 

 

2. Post-Mortem: Cyber Security

  • Identify specific measures that this organization can take to prevent this type of attack

 

 

 

 

3. Post-Mortem: Training

  • Propose necessary training for all of the target’s members and stakeholders

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Design A Cyber Attack:

Hacking Turing Pharmaceutical

 

Andrew Young School of Policy Studies

CRJU 4405: Cybercrime Investigations

Professor Dr. Don Hunt

March 10, 2024

 

 

 

 

 

 

 

 

 

Introduction:

Imagine waking up one day to find that all the money in your bank accounts has been emptied and that your identity has been stolen. Life-altering and world-shattering events such as these can completely ruin your life. Sadly, the harsh reality of cybercrime is that the victims can’t simply pinch themselves awake from that nightmare. Financially and mentally recovering from the damage caused by hackers could take years. Considering the amount of time, money, and energy it takes to get back on your feet after an attack, it makes sense why prevention and strong cybersecurity is so heavily emphasized and encouraged. In order to effectively guard against cyber attacks and better understand the motives and intentions behind hackers’ actions, you must first step into their shoes and view the world from their eyes.

Target:

More often than not, hackers will carefully choose their targets, whether it be a company or an individual, with an end goal in mind. Hacktivists, a type of hacker, pick out targets either for a cause or because they dislike their targets’ actions or ideals. Hacktivism utilizes different techniques to protest against the perceived injustices enacted by their targets. Like a vigilante, hacktivists go after those who they believe are greedy, violate privacy rights, or engage in unethical practices. To hackers, calling out and raising awareness about the wrongdoings of organizations is seen as a social service rather than solely an illegal act. In order to better understand the mind of a professional hacker, the novice hacktivist, Elisabeth Easley, will address the social issue of drug price gouging practices.

An increasingly prominent issue in the United States has been the prohibitively expensive cost of prescription drugs. The practice of price gouging medications has been an area of concern for decades, but within recent years it has become more prevalent and problematic. A prime example of a company that heavily contributed to the unethical and greedy medication price markups is Turing Pharmaceuticals, now known as Vyera Pharmaceuticals. In 2015, Turing Pharmaceuticals bought the rights to Daraprim, a drug used to treat a parasitic infection called toxoplasmosis. According to NPR, Daraprim was approved by the FDA in 1953, with its patents being long since expired. With only one supplier in the U.S. and no generic versions available, the CEO of Turing Pharmaceuticals, Martin Shkreli, saw a greedy and unethical money-making opportunity. Overnight Shkreli increased the price of this drug by more than 5000%, from $13.50 to $750. As a result, many hospitals won’t keep the medication in stock, and health insurance companies won’t pay for it (Lupkin, 2019). In addition, the public grew angry and frustrated with the significant price change. Price gouging of drugs has been going on since before Shkreli, with all other companies and CEOs doing so with greedy intentions and little care for the patients who need the medications.

Hacking into a major pharmaceutical company is no easy task, so it is important to understand and identify the company’s weak points. Companies as large as Turing Pharmaceuticals have strong cybersecurity measures and software in place to ensure safety from hackers. However, upon further research, the novice hacktivist discovered that in 2015, the CEO of Turing Pharmaceuticals Twitter account was hacked hours after he tried to plead his innocence to security fraud charges on the platform. According to an article titled “Twitter Account of Pharmaceutical Executive Shkreli Hacked”, hackers tweeted seven messages from Shkreli’s account. One tweet read, “Anyone want free money? Willing to donate hundreds of thousands to charities before I go to prison”, while another said, “I am now a god” (Reuters, 2015). The messages tweeted by hackers from the CEO’s account were intended to tease Shkreli about his ongoing price-gouging scandal. With this newfound information, the novice hacktivist determined that the weak spot in this company is the social media accounts of its employees and CEO. Social media accounts are inherently easier to hack than big corporations. Hacking and gaining access to employee social media accounts would allow the novice hacktivist to collect personal information, such as phone numbers and passwords. Many individuals use the same passwords for everything, usually just with small variations. Learning what password an employee uses for their social media account would make it easier to figure out the password for their work account. After hacking an employee’s social media account, the hacktivist would use several methods of attack to then gain entry into the company’s website.

 Goal:

As a hacktivist novice, the goal of this attack on Vyera Pharmaceuticals, previously called Turing Pharmaceuticals, is to call out, raise awareness, incite change, and force the company to be accountable for its unethical actions. It is inherently wrong and immoral to raise the prices of medications to an unreasonable and unaffordable amount. Individuals who desperately need certain medications will no longer be able to afford them, which would result in future complications. Instead, consumers would have to turn to less effective medications that have more side effects. Hacking this company’s website would show Vyera Pharmaceuticals how outraged the public is by their actions. Ultimately, the novice hacktivist wants Vyera Pharmaceuticals to be heavily inconvenienced, frustrated, and lose money.

Method of Attack:

In order to successfully accomplish the goals mentioned above, the novice hacktivist will utilize three methods of attack, including phishing, website defacement, and data breach and leak. As learned within the fourth week of this course, phishing is done by sending emails or text messages to gain unauthorized access to a system. The novice hacktivist would send a phishing email to an employee of Vyera Pharmaceuticals regarding their social media account, like Instagram. The email would look exactly like a real email from Instagram regarding trouble logging in. The email would read, “Hi (employee username), Sorry to hear you’re having trouble logging into Instagram. We got a message that you forgot your password. If this was you, you can get right back into your account or reset your password now. If you didn’t request a login link or a password reset, you can ignore this message and learn more about why you may have received it.” This email would provide a link for the employees to enter their account information and reset their password. Upon gaining this information, the novice hacktivist can make posts on the employees’ accounts regarding Vyera Pharmaceuticals’ unethical medication prices. Another phishing email attack would be oriented towards the employees’ accounts with the company. This would grant the novice hacktivist access to the employees’ login credentials to then conduct the next method of attack, website defacement. Website defacement is when a hacker alters the appearance of a website to display any content they desire. The novice hacktivist would then insert images on the company’s website with text bubbles condemning their price gouging practices. The last method of attack, data breach, and leak would expose the confidential and protected information regarding Vyera Pharmaceuticals’ greedy high pricing practices. The novice hacktivist already has access to the company due to the previous hack of the employee’s account. Through this gained entry, the novice hacktivist would then release sensitive information regarding the company’s pricing tactics to the public. This confidential information would then be submitted to news organizations and media outlets in order to further spread awareness about the issue. All methods of attack work together to achieve the desired end goal, to frustrate, inconvenience, and cause Vyera Pharmaceuticals to lose money.

Consequences:

            When you choose to become a hacker, it is well understood that there are many legal and ethical consequences that can coincide. According to Georgia Law, O.C.G.A. § 16-9-109.1, “It shall be unlawful for any person with intent to defraud, by means of a web page, e-mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing himself, herself, or itself to be a business without the authority or approval of such business” (Justia Law, 2022). Conviction of violating this law will result in a one to twenty-year prison sentence, a felony, and a fine anywhere between one thousand to five hundred thousand dollars (Lawson & Berry). The ethical consequences of this hack is that it violates the privacy and reputation of the company. Doing so could potentially result in large-scale employee layoffs. This means that it would impact individuals who had nothing to do with the price-gouging practices.

 

 

 

 

 

 

 

 

 

References

2022 Georgia code: Title 16 – crimes and offenses: Chapter 9 – forgery and fraudulent practices: Article 6 – Computer Systems Protection: Part 4 – internet and e-mail fraud: § 16-9-109.1. fraudulent business practices using internet or e-mail; definitions; penalties and sanctions; immunity. Justia Law. (n.d.). https://law.justia.com/codes/georgia/2022/title-16/chapter-9/article-6/part-4/section-16-9-109-1/

Have You Been Charged with Fraudulent Business Practices using the Internet or Email in Georgia?. Lawson & Berry | Justice When You Need It Most. (n.d.). https://www.georgiacriminallawyer.com/fraudulent-business-practices-using-the-internet-or-email#:~:text=The%20Penalty%20for%20False%20Representations,%241%2C000%20and%20%24500%2C000%2C%20or%20both.

Lupkin, S. (2019, December 31). A decade marked by outrage over drug prices. NPR. https://www.npr.org/sections/health-shots/2019/12/31/792617538/a-decade-marked-by-outrage-over-drug-prices

Twitter Account of Pharmaceutical Executive Shkreli Hacked. Reuters | Breaking International News & Views. (2015, December 20). https://www.reuters.com/

Vyera Pharmaceuticals. (n.d.). https://www.vyera.com/

The target for my cyber-attacks will be the Atlanta Hawks NBA basketball team. The target is fragile because there are no real reasons to set up protection against hackers due to the organization not having a lot of “valuable” information.

The purpose of the cyber-attacks is to humiliate the Atlanta Hawks organization for not doing a better job of handling the team. In the past few years, the front office has made no free agent signings, traded winning players away to save money, and handled relationships with the players poorly, all because the owner of the Hawks does not care about winning. My frustration with the Atlanta Hawks front office and the owner will be shown through a series of attacks at multiple levels. My goal is to show other basketball fans the ridiculousness and the joke of an organization that is the Atlanta Hawks. The attacks will target the Hawks’ social media pages, the company employee’s email addresses, and the Hawks’ basketball-related data. The result of these attacks will cause a great deal of annoyance and frustration upon the organization and ownership as a reflection of how the Hawk’s fans feel about the team.

The first attack will be done by using phishing to get into the social media accounts for the Atlanta Hawks. According to Aleroud and Zhou (2017):

“Phishing is an attack wherein the attacker exploits social engineering techniques to perform identity theft. Phishing traditionally functions by sending forged e-mail, mimicking an online bank, auction or payment sites, guiding users to a bogus web page which is carefully designed to look like the login to the genuine site” (p. 1).

These social media accounts are used by multiple people which will mean there will be plenty of opportunities to take advantage of these users. I can do this by using spear phishing techniques. Spear phishing consists of targeting a specific person, or group of persons, within an organization that the attacker has specific information about making the phishing email appear that much more authentic (Halevi, et al., 2015). For starters, it is not difficult to find company emails through a source such as LinkedIn, which shows emails and profiles of the people part of an organization. Once I send out the same spear phishing email to these users, I will be able to take over these accounts. After gaining access to the social media accounts, I will deface the Hawks website with a website defacement attack which essentially involves hacking the front facing servers and replacing legitimate photographs with others that send a different message to readers other than what was intended (Albalwani et al., 2023). In this case I will post photos of the owner in awkward poses with uncomplimentary captions to worsen the reputation of not only the Hawk’s organization but also the Hawk’s owner, Tony Ressler (NBA.com, 2024). This phishing attack is also the first step in my other methods of attack.

I will then, again, use phishing attacks to deliver malware to users’ computers. Since Hawk’s season tickets are worth a fair amount of money and are not a benefit of being part of the Hawk’s organization, a bogus giveaway for Hawks season tickets is something that should entice Hawks employees to follow the links I embed in the email. Once the employee clicks on the giveaway link, they will be sent to a website that will manipulate the web browser into redirecting the user into automatically downloading malware onto the computer. Malware (officially malicious software) is any payload inserted into a system for malicious purposes often to steal data, damage the targets’ files, or destroy their computer systems altogether (Gopinath & Sethuraman, 2023) This malware will steal data from their files by utilizing keywords to target specific files. In doing so, multiple files can be stolen which segues into my final attack.

In the final attack I will dump the data files onto social media so that the public can view these files and download them. Doing this should embarrass the organization in the eyes of everyone on social media and in the NBA. It will also cause a search to see who clicked on the phishing emails that led to the malware and create further disruption. The team will be seen as untrustworthy, and players may opt not to join or remain with the team. Additionally, employees who work for the Hawks may become frustrated with the organization’s lack of security and find employment elsewhere, eventually leading to a company-wide breakdown.

The potential legal consequences of these attacks could be very severe Khadam et al., 2023). The damage done to such an important organization is catastrophic because of how much data was sent out and released to the public. On top of that, these attacks led to malware affecting a bunch of employee’s computers and greatly ruined the reputation of the organization in the eyes of people both inside and outside of the NBA. The outcomes of these punishments will include a lofty amount of jail time and severe fines. Restitution will occur for damaging the organization’s credibility as well as leaking valuable information to the public. There is also a very high likelihood that sanctions will be enforced that prevent me from being able to have access to computers in the future.

The ethical consequences of these attacks are also as vast as the legal consequences. Phishing attacks are a way of deceiving people and tricking them into giving you something valuable. These phishing attacks resulted in malware being downloaded which ended up stealing private data from the Hawk’s employees and then releasing it to the public. It is extremely likely that more than a few employees who are simply trying to make a living will lose they jobs after this attack. In an ethical sense, there is no way to see this as beneficial for anyone as the rationale behind this attack was to vent frustration with the franchise.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

References

Albalawi, N., Alamrani, N., Aloufi, R., Albalawi, M., Aljaedi, A., & Alharbi, A. R. (2023). The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities. Electronics12(12), 2664.

 

Aleroud, A., & Zhou, L. (2017). Phishing environments, techniques, and countermeasures: A survey. Computers & Security68, 160-196.

 

Gopinath, M., & Sethuraman, S. C. (2023). A comprehensive survey on deep learning based malware detection techniques. Computer Science Review, 47, 100529.

 

Halevi, T., Memon, N., & Nov, O. (2015). Spear-phishing in the wild: A real-world study of personality, phishing self-efficacy and vulnerability to spear-phishing attacks. Phishing Self-Efficacy and Vulnerability to Spear-Phishing Attacks (January 2, 2015).

 

Khadam, N., Anjum, N., Alam, A., Mirza, Q. A., Assam, M., Ismail, E. A., & Abonazel, M. R. (2023). How to punish cyber criminals: A study to investigate the target and consequence based punishments for malware attacks in UK, USA, China, Ethiopia & Pakistan. Heliyon9(12).

 

(2001) NBA.com. [S.l.: NBA Media Ventures, LLC] [Software, E-Resource] Retrieved from the Library of Congress, https://lccn.loc.gov/2004565108.

Report: Cyber Defense Strategy for Atlanta Hawks

In response to the cyber attack scenario targeting the Atlanta Hawks organization, it is imperative to develop a robust cyber defense strategy to mitigate vulnerabilities and safeguard digital assets. The attack, aimed at humiliating the organization and its owner, underscores the importance of proactive cybersecurity measures.

Immediate Response

In the event of a social media account breach, the immediate response should involve swift action to isolate the compromised accounts and prevent further unauthorized access. Communication with followers must be prioritized to mitigate reputational damage, while forensic analysis is crucial to determine the extent of the breach and identify the source.

Post-Mortem: Cyber Security Measures

To prevent similar attacks in the future, the implementation of comprehensive cybersecurity measures is recommended. Employee training programs should be prioritized to raise awareness about identifying phishing attempts, social engineering tactics, and data security best practices. Enforcing two-factor authentication (2FA) for all social media and email accounts adds an extra layer of security, while regular security audits help identify vulnerabilities.

Advanced threat detection systems should be deployed to identify and mitigate phishing attempts and malware infections in real-time. By investing in proactive cybersecurity measures, the Atlanta Hawks organization can significantly enhance its resilience against cyber threats.

Post-Mortem: Necessary Training

Employee training initiatives should focus on enhancing awareness of phishing emails, including spear phishing techniques, and emphasizing the importance of verifying email authenticity. Social engineering awareness training is essential to educate employees about tactics used by attackers to manipulate individuals into divulging sensitive information.

Furthermore, training should cover data security best practices, including secure file handling, data encryption, and password management. By equipping employees with the necessary knowledge and skills, the organization can create a culture of cybersecurity awareness and reduce the likelihood of successful cyber attacks.

Evaluation:

The effectiveness of the cyber defense strategy will be evaluated based on measurable outcomes, including the reduction in successful attacks, employee compliance with cybersecurity protocols, and incident response time. By monitoring key performance indicators, the organization can assess the efficacy of its cybersecurity measures and make necessary adjustments to enhance resilience.

Conclusion:

In conclusion, a proactive cyber defense strategy is essential for the Atlanta Hawks organization to mitigate vulnerabilities and safeguard against cyber threats. By prioritizing employee training, implementing advanced security measures, and fostering a culture of cybersecurity awareness, the organization can enhance its resilience and protect its digital assets and reputation.

Writerbay.net

Looking for top-notch essay writing services? We've got you covered! Connect with our writing experts today. Placing your order is easy, taking less than 5 minutes. Click below to get started.


Order a Similar Paper Order a Different Paper