You are on page 1of 5

Running head: CS ASSIGNMENT 4 CASE STUDY

CS 391 Assignment 4 Case Study Evaluation Paper
Case study on computer security breeches
Tong Zou
University of Alabama

1

CS ASSIGNMENT 4 CASE STUDY

2

Case study on computer security breeches
Case 1: Adrian Lamo and his attacks to The New York Times
Who was affected and what happened?
Adrian Lamo is a “homeless hacker”. He broke into internal computers network of The New
York Times in 2002. He accessed to the confidential database , modified the private information
of The New York Times and used the papers’ LexisNexis account to carry out researches. more
than 3,000 people who had contributed to the paper’s Op-Ed page were affected. Adrian Lamo
acknowledged his wrong doing and he also set up user accounts via the i>Time account, through
which he offered information to more than 3000 searches. Because of his hacking into the private
databases of The New York Times, The New York Times estimated to lose costs of about
$30000, covering the cost of the LexisNexis searches, which was $18500 (Roberts, 2004).
How had it done?
According to Geek(2002), Adrian Lamo accessed to the internal network of New York Times
through mis-configuring New York Times proxy serves. In this way, Adrian Lamo could access
to sensitive information as the password policies of New York Times is very weak. It should be
noted that he accessed to 3000 contributors to the paper’s Op-Ed page and modified some
information. What is more, Adrian Lamo created a new accounts for himself by using the
account of an employee who had the power to create a new account but who had not change his
default password.
What could have prevented it

CS ASSIGNMENT 4 CASE STUDY

3

The internal network of New York Times should not be running at an open proxy server. Adrian
Lamo discovered 7 misconfigured proxy servers which function as doorways between the public
internet and the internal network of New York Times. In addition, it is password policies of the
company that broaden his access. The internal network of New York Times should take the
security very seriously. The employees who had the right to create a new account should change
its password rather than the default (Poulsen, 2002.
What steps were taken afterwards by the responsible parties
Firstly, New York Times actively investigate its potential security breach and take steps to ensure
the security of its network. To Adrian Lamo, the company charges his breaching into its internal
computer network and accessing to private information which caused the company lost cost of
about $300000.
Case 2 Albert Gonzalez and his cyber-crime
Who was affected and what happened
Albert Gonzalez is an American computer hacker. During 2005-2007, he had hacked into
computer system of TJX, Office Max and DSW, etc , stole credit card information from these
major retailer and resold them to other criminals. He also hacking into computer network of
Heartland Payment systems, 7-Eleven chain and the Hannaford supermarkets (Weil, 2010). 130
million numbers were pirated from Heartland Payment Systems and 4.2 million numbers were
pirated from Hannaford Brothers food markets (Meek, 2009).
How had it done

CS ASSIGNMENT 4 CASE STUDY

4

Albert Gonzalez is motivated by his ego. He used to serve as a secret service informant (Weil,
2010). And he used sensitive investigative information that he had learned from the secret
service. Through his parents' line of credit Gonzalez callously laundered a huge number of
dollars in currency. He had heard of the cyber-crime was selling stolen credit card number and he
was pleased. He wanted to make huge sums of money so he followed(Meek, 2009).
What could have prevented it
For cardholder, to protect credit card and do online shopping and banking, it is necessary to
checking the account, even $1 is missing. In addition, cardholder should reset the PIN
periodically and cover PIN when input it. For the major retailer , they should improve their
network security and avoid from the attacks from the hackers.
What steps were taken afterwards by the responsible parties
Some victims had been alerted. Cardholders were urged by officials to closely check their
monthly statements if any suspicious charges was found, they should call their credit card
company and their bank. It is difficult to access the full finical damage of Albert Gonzalez’s
wrong doing.

CS ASSIGNMENT 4 CASE STUDY

5
Reference

Geek, (2002)Adrian Lamo hacks New York Times. http://www.geek.com/news/adrian-lamohacks-new-york-times-548405/.
Roberts, P.(2004). New York Times hacker Adrian Lamo gets home detention. Retrieved from:
http://www.computerworld.com/article/2566583/cybercrime-hacking/new-york-timeshacker-adrian-lamo-gets-home-detention.html
Poulsen, K. (2002-02-26). New York Times Internal Network Hacked. SecurityFocus. Retrieved
from: http://www.securityfocus.com/news/340.
Meek, J. G. (2009) Hacker Albert Gonzalez charged with largest ID theft ever involving 130M
credit, debit cards. Retrieved from: http://www.nydailynews.com/news/world/hackeralbert-gonzalez-charged-largest-id-theft-involving-130m-credit-debit-cards-article1.394976
Weil, N. (2010). Gonzalez Sentenced for Multimillion Dollar Credit Card Scam. Retrieved from:
http://www.pcworld.com/article/192436/article.html.