Essay Example on Data Breach Due to Cloud Misconfiguration, Impacting Millions

Cloud configuration is a composite process any oversight can lead to hackers getting the data stored. On or around March 12th 2019 Capital One, an American bank holding company, experienced a data breach (Corcoran, 2019). The data infringement had an impact on over 100 million people in the US and 6 million in Canada (Corcoran, 2019). The data breach after an investigation was found to have been caused by a cloud misconfiguration. Capital One received a tip that information regarding the company was being stored in GitHub. After conducting due diligence, they found that the data is reliable and filed a criminal complaint.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

The FBI, on the other hand, started with Information gathering, which is pivotal to know more about the incident. Data gathering ensures they get to see the type of attack, its scope and potential suspects. After gathering of information, the FBI found out that it was an anonymous individual who alerted the bank. The FBI by this time had a suspect in mind as she had boasted of the attack in GitHub. After scrutiny, the fund that the GitHub account of the suspect has a resume where it shows there was a time she worked at Amazon Web Services ("USA v. Thompson (2:19-MJ-00344), Washington Western District Court", 2019). To solidify their case, the FBI will also examine the server to confirm if there was any intrusion. Capital One was renting their server from Amazon Web Services. After looking into the server, they were able to ascertain the Internet protocol (IP) from where the intrusion came from. The FBI then found out that the same IP address was the one trying to use the misconfigured firewall.

There are internal artifacts which were affected by the attack. An example is the windows event log. The event tracking system is significant to the FBI investigation. The system events are usually documented in any operating system. The suspect had to delete some of the files. The event logs were used to look at suspect activities in GitHub. The digital signature which was pivotal in apprehending the suspect was the IP address from I Predator. The FBI used publicly available records to show the IP address used 46.246 belongs to I Predator a company in Sweden. Capital One had noted suspicious activities from the said IP address. The digital signature is what physically tied the suspect to the crime apart. The server list used in GitHub was the same as the server list that attacked Capital One. Both IP address had 46.246.

Conclusion

The suspects used Tor, open-source software that hides the identity of the users. It makes it hard for security agencies to trace the internet activities of a person. She also used I Predator a virtual private network provider based in Sweden to hide her IP address. The FBI, on the other hand, employed the digital forensic framework. The software allows security agencies to look into a system activity. It can also look at active and deleted directories. The evidence was analyzed from different angles. Firstly, they used the suspect’s social media accounts such as GitHub, Twitter and Slack channel. They secondly used digital evidence which corroborated the information found on the social media account. After having all the relevant information, they were given a search warrant which they executed in the presence of the suspect. If evidence is not managed well, it cannot be sued in a court of law to prosecute an individual. All due process should be adhered to. Otherwise, the evidence will be inadmissible.

References

Corcoran, J. (2019). Former AWS Engineer Arrested as Capital One Admits Massive Data Breach. Threatpost.com. Retrieved 13 June 2020, from https://threatpost.com/aws-arrest-data-breach-capital-one/146758/.

USA v. Thompson (2:19-MJ-00344), Washington Western District Court. Pacermonitor.com. (2019). Retrieved 13 June 2020, from https://www.pacermonitor.com/public/case/29324566/USA_v_Thompson.