Cyber Tech's Involvement in the OPM Breach

Date:  2021-03-26 12:51:34
4 pages  (1204 words)
Back to categories
logo_disclaimer
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
logo_disclaimer
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The Company Dropping One of the Cases:

In a lawsuit that signifies a conflict of interest, cyber tech's involvement in the OPM breach poses a significant dilemma. In what appears as a complicated situation bound to the decision, there exists the need for critical decision-making as it would either soil or uphold cyber tech's reputation. On whether cyber tech should remain on both the OPM breach investigation and drop one of the cases, the latter proves viable. In the matter that requires in-depth critical thinking, cyber tech that represents the consultants should recognize the urgent need for avoiding conflict of interest (Biometric Technology Today, 2015, p. 1). In this regard, appearing on both sides of the OPM investigation shows cyber tech's insensitivity to the whole issue about conflicting interests pitting the gray hat hacking group and equation test. Even as cyber tech boasts of having represented OPM unrelated cases depicted competing interests in the recent past, the case at hand shows similarity contrary to ones handled previously. Therefore, cyber tech's need for dropping one of the cases would show utmost observance of work ethics and professional responsibility (Simpson, 2015, p. 381). Also, the Code of Professional Responsibility having adopted the disciplinary rules and ethical considerations bars lawyers from any participation in a lawsuit that portrays the conflict of interest.

What Happened:

In figuring out whatever happened, Cyber Tech recognizes the rising occurrences of hacking in which the present one affected the security of federal employees' data. In this case, there shows certainty that the hackers were targeted US secrets in a move for a collection of any hard evidence (Simpson, 2015, p. 381). The detection came after a security engineer had set out in a task of decrypting one of the Secure Sockets Layer that enables flow of traffic across OPMs digital network and it came to their realization that the SSL could not signal any decryption effort and that t the outbound traffic got exposed already

What is Known?

In a move to adequately co-operate with the investigating agencies, most hackers have mastered adeptness in the use of SSL encryption and therefore the block any security sites after accessing these networks. . In this case, the OPM confirms that indeed data records of over 4 million people got accessed to hackers matched and verified any relevant clientele information.

What is not Known:

An issue that shows difficulty in knowing is that how the hackers could have used data sloshing in monitoring flow of data in and out of the OPMs systems. What even makes it more difficult in understanding has it that the OPM-related naming system used in encryption got established for deceiving any hacker. The deception meant that they could easily own a domain within the system, and in the process get trapped. How they went round the obstacle raises a lot of questions about the certainty of answers to the question (Biometric Technology Today, 2015, p. 1). An important bit of information worth noting shows that investigation team embarks on a mission that verifies fraud patterns that depict that hacking took place.

Remedy to the Situation:

In finding a remedy to the situation, the company in conjunction with the investigators can embark on a land-laying strategy where a study of the various pictorial objects for comprehension of the OPM's layout of its system of the computer network. It is through this research that discovers the vulnerability in both the FTP and Web servers which show weak configurations breach (Biometric Technology Today, 2015, p. 1). These findings then allow for the involvement of law enforcement agencies say from the Department of Data Analysis from Federal Bureau Investigation. They would assist in the collection of data that range from mirror figures of the two suspected companies gateway and even interview staff from OPM. The interview would aid in the discovery of the different systems that experienced the hacking based on their vulnerability or inadequate configuration regulation mechanisms. The team can also unearth other factors such as proximity to the internet (Simpson, 2015, p. 381). These stages would lead the company into finding a system that compromised the OPM data system. At this juncture, the company should exude keenness in looking out for the various backdoor program and keystroke loggers that show any different program that got established in the system fraudulently.

The company can also look for evidence of footprints left by the intrusion process; as it also becomes apparent that the vulnerable servers bring the staging point for any accessibility to these sites. From this stage, the company through its team needs a launch of a verification scheme that looks into the various dates and time stamps for the discovery of whether intrusion took place after accessing the OPM's network (Simpson, 2015, p. 381). The scheme can then discover that the breach shows a likelihood of an ongoing process where the hacker could have created running' files. In a case where an ejection of most of OPM's servers offline took place, and hackers replaced most of the records they compromised, the company enables and configures logging and audit tasks. It would ensure that for any unauthorized access that took place, the OPM can detect the occurrence. The investigation team studied various diagrams to learn OPM's layout of the computer network breach (Biometric Technology Today, 2015, p. 1). The study sought to find out whether there existed any vulnerability. Since the team had to keenly look into the different prints that the hackers could have unknowingly forgotten during their hacking spree; the investigation would only have a look at the several audit logs and files for clues that assist the investigation process into completion.

After setting up all these necessities, the company requires setting up a trap through the services of a laptop with EtherPeek as its software program. Another vital asset has the sniffer packet that assesses the flow of all the unauthorized traffic to and from the various servers that got affected (Biometric Technology Today, 2015, p. 1). It therefore visualizes the actual time and place where the hacker attacked so when the hacker begins the fraud through duplication of the employees' information that could get backed up by OPMs system.

Recommendation:

In the recommendation, the company also requires further efforts in the preservation of the already compromised routers and systems that also show utmost importance. The importance exists not only in the detection of timeframes for the attacks but also in proving the occurrence of such breaches in courts of law. The next item involved here presents appropriate measures that require both parties take keen observation of any vulnerabilities that occur in their security systems. It comes in the rise of complicated cyber-related criminal occurrences that ultimately compromise the integrity of institutions as witnessed in the OPM breach (Biometric Technology Today, 2015, p. 1). Another important recommendation for the company requires the periodic assessment of vulnerability scan that would ensure the safety of the company's network systems. It would aid in prior identification of vulnerabilities and assist the network specialists prescribe the problems in time and even find solutions for the same.

 

References

OPM hack now stands at 5.6m fingerprints. (2015). Biometric Technology Today, 2015(10), 1-2. http://dx.doi.org/10.1016/s0969-4765(15)30145-4

Simpson, S. & Gandossy, R. (2009). Bad Business: The OPM Scandal and the Seduction of the Establishment. Contemporary Sociology, 15(3), 381. http://dx.doi.org/10.2307/2070012

logo_essay logo_essay

Request Removal

If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal: