Running Head: MODULE 4 ASSIGNMENT

Module 4 Assignment
Savannah Mills
University of Alabama
CS 391-908

MODULE 4 ASSIGNMENT

Module 4 Assignment (Introduction)

According to IBMs 2016 report, 1.5 million cyber attacks occur each year: 4,000 attacks
every day, 170 attacks every hour, 3 attacks every minute. The report also states that businesses
are attacked an average of 16,856 times per year, and roughly 1.7 attacks per week are successful
(Ghazi-Tehrani). When cyber crimes are committed against businesses, individuals become
victims as well. The case studies below are two attacks against businesses, Ashley Madison and
Target, which impacted a large number of individuals and families.
Main Body
Case Study #1
In July 2015 AshleyMadison.com (Ashley Madison), a romance website that promotes
extra-marital affairs, was breached by a hacking outfit called The Impact Team. The online
information of 37 million users, including high profile individuals (Top Trending, 2015), was
obtained and released to the public along with maps of Ashley Madisons internal company
servers, employee network account information, company bank account data, and salary
information (Krebs, 2015). The hacking outfit threatened to release the financial records while
demanding that Ashley Madison and sister site, Established Men, be shut down. The personal
details, email passwords, Social Security Numbers, health records, credit card information, bank
account details of the 37 million exposed Ashley Madison clients were not revealed: the hack
simply released email addresses and names (Quick, 2016). However, The Impact Team claimed
via manifesto to have customer records, including profiles with all the customers secret sexual
fantasies and matching credit card transactions, real names and addresses, and employee

MODULE 4 ASSIGNMENT

documents and emails (Krebs, 2015). This information was not released, yet it still could be in
the future.
The Impact Team claimed in the manifesto that the cyber attack occurred in response to
Avid Life Media, the parent company of Ashley Madison, Established Men, and Cougar Life,
selling customers in 2014 a Full Delete feature. This feature would remove site usage history
and personally identifiable information from the site, for 19 dollars. The Impact Group claimed
that this income generator was a sham since users purchase details, real names, and addresses
were not removed post-transaction. The manifesto also included pointed language against the
male gender as well as powerful and rich clients, causing one to wonder if the attack was revenge
(Krebs, 2015). I personally believe the perpetrator was an insider seeking personal revenge or
acting based on skewed moral beliefs.
Avid Life Media admitted immediately that there was a breach in security and a thorough
investigation was being held. The investigation began with speculation of former Ashley
Madison employees or contractors, while a fleet of IT professionals worked quickly to patch the
system. Avid Life Media closed the cyber attacks access points and secured the websites. The
CEO, Biderman, released in a statement to the media and Ashley Madison clients stating that the
perpetrator was not an employee of Avid Life Media but certainly had touched our technical
services (Krebs, 2015). Some of the leaked documents revealed that Avid Life Media was aware
of the risks of a data breach and had invested in the latest privacy and security technologies.
Regardless, it was still not enough to keep the attack from occurring.
Ashley Madison tailored this website to encourage married people to commit adultery
with other married people. Therefore, exposure of the names of 37 million users meant that a lot

MODULE 4 ASSIGNMENT
of families were destroyed. While extra-marital affairs are never right and the homes of those
engaging in them are already damaged, this hack destroyed the reputation of many exposed
users. Their dirty laundry was aired to the public in the most embarrassing way. Children were
mortified by their parents/parents unfaithfulness on a public platform; spouses were caught off
guard and crushed by the weight of being cheated on and every one of their colleagues, friends,
and family knowing about it.
Case Study #2
Different from the Ashley Madison cyber attack yet equally devastating, Target was the
victim of a massive cyber attack where 40 million credit card numbers and 70 million other
customer records, including names, addresses, email addresses, and credit card expiration dates
were taken. The hack occurred between November 27, 2013 and December 15, 2013, a direct
result of stolen third-party vendor credentials. Fazio Mechanical, a refrigeration contractor,
opened a phishing email, which installed the Trojan, Citadel on his computer. This gave the
hackers access to Targets network, and they installed Trojan.POSRAM malware on Targets
Security and Payment Systems, specifically the Point-of-Sale. (Kassner, 2015). The credit/debit
card information swiped when purchasing items was then stolen from an estimated 110 million
customers of Targets 1,797 stores (Top Trending, 2015).
This attack could have been prevented several ways. Target chose to ignore malware
warning signs that its security system, Fireye, provided (Harris, 2014). If Target had made
security a higher priority and had heed the warning signs, this attack may not have occurred.
Another possible prevention method is the use two-factor authentication; Target lacked two-

MODULE 4 ASSIGNMENT

factor authentication, making it simple for the hackers to access the system using the third-party
vendor (Olavsrud, 2014).
I believe this attack could be the work of a cyber criminal seeking financial gain. The
Target cyber attack cost Target and its customers greatly. Target lost 105 million dollars, and
Target customers were each allowed to claim $10,000 maximum (Hackett, 2015). This largescale cyber attack is still affecting its victims and Targets reputation.
Conclusion
Each of these case studies demonstrates the harmful effects of cyber attacks. Whether an
innocent grocery shopper or a cheating spouse, humans are susceptible to attack at all times.
Cyber attacks go beyond the business being taken advantage of: it can destroy families and
individuals relationally and financially.

MODULE 4 ASSIGNMENT

References
Ghazi-Tehrani, A. (2016). CC 201: INTRO. TO CYBER CRIME Week 5, Class 7. The
University of Alabama, Tuscaloosa, IN. Lectures and Slides. Retrieved from
https://ualearn.blackboard.com/
Hackett, R. (2015). How much do data breaches cost big companies? Shockingly little. Fortune.
Retrieved from http://fortune.com/2015/03/27/how-much-do-data-breaches-actually-costbig-companies-shockingly-little/
Harris, E. A. & Perlroth, N. (2014). Target Missed Signs of a Data Breach. The New York Times.
Retrieved from http://www.nytimes.com/2014/03/14/business/target-missed-signs-of-adata-breach.html
Kassner, M. (2015). Anatomy of the Target data breach: Missed opportunities and lessons
learned. ZDNet. Retrieved from http://www.zdnet.com/article/anatomy-of-the-target-databreach-missed-opportunities-and-lessons-learned/
Krebs, B. (2015). Online Cheating Site AshleyMadison Hacked. KrebsOnSecurity: In-depth
security news and investigation. Retrieved from
http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/
Olavsrud, T. (2014). 11 Steps Attackers Took to Crack Target. CIO from IDG. Retrieved from
http://www.cio.com/article/2600345/security0/11-steps-attackers-took-to-cracktarget.html?page=2

MODULE 4 ASSIGNMENT

Top Trending. (2015). 10 Biggest Computer Hacks Of All Time. Retrieved from
https://www.youtube.com/watch?v=oOoMqgnvZaY
Quick, M., Hollowood, E., Miles, C., & Hampson, D. (2016). World's Biggest Data Breaches.
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
which pulls date from this Google Doc:
https://docs.google.com/spreadsheets/d/1sJW1mbc-44xCNwRRGns5UuqhUSB8iZ8o2TrgQu4kJQ/edit?single=true&gid=2&range=A1:W400#gid=1640918774