Module Code & Module Title

CS5052NI Professional Issues, Ethics and Computer Law

Assessment Weightage & Type

60% Individual Coursework

Year and Semester

2021 -22 Spring Semester

Student Name: Nischita Paudel

London Met ID: 20049186
College ID: np01nt4s210092
Assignment Due Date: 12th May 2022
Assignment Submission Date: 12th May 2022
Word Count (Where Required): 2832

I confirm that I understand my coursework needs to be submitted online via Google Classroom under the relevant
module page before the deadline for my assignment to be accepted and marked. I am fully aware that late
submissions will be treated as non-submission and a mark of zero will be awarded.
CS5052NI Professional Issues, Ethics and Computer Law

Acknowledgement
I am overwhelmed in all humbleness and gratefulness to acknowledge my depth to all those who
helped me to put these concepts, well above the level of simplicity and into something concrete. I
would like to offer my particular thankfulness to our module leader Ms. Yunisha Bajracharya and
our tutor Mr. Sandesh Gurung, for offering us opportunity to accomplish this great project. Which
also helped in completing a lot of research and came to know about so many new topics and gained
familiar with the term. I would also like to express gratitude to my family, who assisted me greatly
in completing this assignment within the deadline.

20049186 1
CS5052NI Professional Issues, Ethics and Computer Law

Abstract

The casino business has become a target for attackers, due to its rapid expansion in on-ground and
internet gambling. Because of its fast rise in both on-ground and online gambling, the casino
industry has become a target for attackers. The environment, like offensive techniques, is
constantly changing. According to ZDnet, an online casino business released information on over
108 million gambles, including details about user’s private details, transactions, and pay-outs, in
January 2019. The information was obtained from an Elasticsearch server that was left unprotected
online which led to outcast of the personal credentials of the gamble. This study explains how this
issue affects various facets of our lives, including ethical, legal, professional, and social. By the
end of this report, we will have a better understanding of all the challenges we face in our everyday
lives and how to deal with them while according to the laws and regulations imposed by our law
and society.

20049186 2
CS5052NI Professional Issues, Ethics and Computer Law

Table of Contents

1. Introduction ............................................................................................................. 5
1.1 Current Scenario ................................................................................................................ 6
1.2 Aims and Objectives .......................................................................................................... 7
1.2.1 Aims ............................................................................................................. 7
1.2.2 Objectives .......................................................................................................... 7
2 Background .............................................................................................................. 8
3 Legal Issues ............................................................................................................ 10
4 Social Issues ............................................................................................................ 11
5 Ethical Issues .......................................................................................................... 13
6 Professional Issues .................................................................................................. 15
7 Conclusion .............................................................................................................. 17
8 References .............................................................................................................. 18

20049186 3
CS5052NI Professional Issues, Ethics and Computer Law

Table of Figures
Figure 1: Online Gambling (News, 2022) ........................................................................ 5
Figure 2: Graph on Data Breach (Tunggal, 2022) ........................................................... 6
Figure 3: working mechanism of ElasticSearch ............................................................... 9
Figure 4 Social Issues ................................................................................................... 11
Figure 5 Ethical Issues (mikewright, 2016).................................................................... 13

20049186 4
CS5052NI Professional Issues, Ethics and Computer Law

1. Introduction
This report counts for 60% of the whole module. We have a scenario in this report
concerning a data breach caused by a security defect which affected the individual whose
personal credentials were stolen. This paper highlights the ethical, social, professional, and
legal difficulties that arise when personal information is exposed.

Any incident that leads in unauthorized access to computer data, applications,

networks, or devices is referred to as a security breach. Data breaching is on the rise because
it is an attack in which a person's credentials are revealed because of a variety of reasons,
including security weaknesses, or purposefully assaulting. As a result, information is accessed
without permission. This is what usually happens when an attacker gets past security obstacles.
Every year, millions of people are affected by data breaches, prompting a massive push to get
access to government computers in order to obtain essential information (Cloudflare, 2022).

Figure 1: Online Gambling (News, 2022)

As we move into the era of digitalization, where our personal credentials and crucial
data are kept in the cloud, data breaches have become a hot subject. Hackers have had an easier
time stealing information through cyber-attacks. The same thing happened in January 2019, an
online gambling corporation released information on more than 108 million betting, including
personal information, deposits, and withdrawals, according to ZDnet. The information was

20049186 5
CS5052NI Professional Issues, Ethics and Computer Law

obtained from an ElasticSearch server that was left unprotected online. ElasticSearch is a
strong, flexible web browser that enterprises use to increase the data gathering and
functionalities of their web apps. The user data includes genuine names, home addresses,
phone numbers, email addresses, birthdates, site usernames, account balances, IP addresses,
browser and OS features, last login details, and a log of played games. This online gambling
corporation suffered not only a data leak but also a security failure. Data was released due to a
lack of appropriate security techniques configuration and technologies. The above scenario
demonstrates how a company's data can be compromised if security measures are not in place.
This scenario shows how we can experience different types of issues when our data is leaked.

1.1 Current Scenario

In online gambling, billions of transactions are made online using credit and
debit cards, e-wallets, and bank transfers. Casinos are therefore among the most
popular targets for programmers and hackers. There are two major ways
that attackers target their assets: stealing money and obtaining private information
supplied by participants. However, digital intrusions are nothing new. The
consequences are devastating for us as it costs us thousands of dollars, causing
significant disruptions in their operations (wallarm, 2017). In 2021, IT Governance
found 1,243 security incidents, totalling 5,126,930,507 breached records. In
comparison to 2020, this implies an increase of 11% in security incidents (1,120)
(Irwin, 2022).

Figure 2: Graph on Data Breach (Tunggal, 2022)

20049186 6
CS5052NI Professional Issues, Ethics and Computer Law

1.2 Aims and Objectives

1.2.1 Aims
The main aim of this project is to compile a comprehensive report on
the challenges we encounter after our data has been hacked, as well as to
understand how a basic gambling firm with a low level of security can
damage various aspects of our lives.

1.2.2 Objectives
The main objective of this report is listed below:

• To know about the scenario and make a proper report

accordingly.
• To know about the professional, legal, ethical, and social issues.
• To know about data breaching and its effect on individual.
• To know how a lack of security causes create great impact on
our organization.
• To know about security details like hash type, date of the leak,
password etc of an organization.

20049186 7
CS5052NI Professional Issues, Ethics and Computer Law

2 Background
As organizations of all sizes become more familiar, breaching a company's data has
become as simple or as complex as obtaining access to restricted networks, with sensitive
business data stored on local PCs, corporate databases, and cloud servers. Data breaches did
not begin when businesses began keeping their confidential information digitally. Data
breaches have existed for as long as people and businesses have kept records and kept personal
data.

Personal information, deposits, and withdrawals for over 108 million wagers were
exposed by an online gambling corporation. The data came from an ElasticSearch server that
had been left online unsecured. ElasticSearch is a high-performance, portable search engine
that businesses use to improve data collection and management in their web applications.
According to Justin Paine, the security researcher who discovered the server, the user data
included real names, home addresses, phone numbers, email addresses, birthdates, site
usernames, account balances, IP addresses, browser and OS variables, last login information,
and a history of played games. According to ZDnet, it's unclear how long the server was left
open, how many people were affected, if anyone else authenticated the hacked server, or if
consumers were told that their personal information was exposed.

Several Elasticsearch database breaches have occurred, but this is the largest to date.
After a U.K.-based security business mistakenly released its "Data breach Database," which
stored vast amounts of information relating to security breaches from 2012 to 2019 without
password protection, more than five billion records were leaked.

20049186 8
CS5052NI Professional Issues, Ethics and Computer Law

Figure 3: working mechanism of ElasticSearch

The database was found by security researcher Bob Diachenko. Diachenko noted that the
leaked information contains a large amount of previously disclosed and unreported security event
details, including: Hashtype (how a password was presented: MD5/hash/plaintext, etc.), Date of
the leak (year) Email, Email domain, Password (hashed, encrypted, or unencrypted, depending on
the leak). Diachenko also confirmed a couple of the most well-known security incidents on Adobe,
Last.fm, Twitter, LinkedIn, Tumblr, VK, and other sites. After Diachenko quickly sent a security
notice, the database was taken down within an hour.

Elasticsearch servers have long been a security problem. According to security experts,
when there are no password safeguards or firewalls, the breach occurs. Security advice from
ElasticSearch include safe authenticated sign-in, adequate encryption, layered security, and audit
logging to ElasticSearch server.

20049186 9
CS5052NI Professional Issues, Ethics and Computer Law

3 Legal Issues

The unauthorized and unlawful procurement of personal data that jeopardizes the
security, confidentiality, or integrity of personal data lies under legal issues. The five legal
issues that we face are listed below.

i. Getting penalty as per Cyber Act: According to the law, Companies that have had
a data breach must tell individuals affected by the breach in most states with
notification breach laws. Two key items to consider when evaluating legal issues
on data breaching are; penalties can be applied for each record breached, and many
state laws clarify that corporations outside the state that retain residents' data are
also subject to breach notification rules.
ii. Temporary shutdown of Casino: A data leak is dangerous for any business. If there
is a data breach, a lawsuit will be brought against the casino group, causing it to be
temporarily shut down.
iii. Question on Security: There will be legal concerns with the casino group. The
company's security technologies will be called into question.
iv. Investigation on Staff: Police must search for each individual as a legal method and
a law of act.
v. Imprisonment: For the data leak, the casino group manager or workers could face
prison time as legal issues are really crucial to an organization.
Thus, a company is thoroughly searched of the consequences that led to data
breach. The casino group must go through legal procedure to get solutions
and again run business in a proper manner.

20049186 10
CS5052NI Professional Issues, Ethics and Computer Law

4 Social Issues
Social issues are actions or conditions that have a detrimental influence on society's
members and hence require a solution. That is, these sociological issues affect not only
individuals but often huge groups of people, causing disturbance or difficulty (Millicent
Kelly, 2017). The following are five types of social difficulties that may arise as a result of
the online gambling company's data leak:

Figure 4 Social Issues

i. Technology trust issues: After the data was leaked, we as a social group were
impacted because the leaked information included our real names, home addresses,
phone numbers, email addresses, birthdates, site usernames, account balances,
browser and operating system details, last login information, and so on. This made
us doubt the technology because it was no longer secure and reliable. For example,
if I save my information on an online server and it breaches my data, I no longer
feel safe storing my data on that server. Never again would I put my trust in that
server (Sankaran, 2021).

ii. Problems with mutual trust: We work in a group in a firm, and if our data is leaked
through our company's network, we will no longer be able to trust our co-workers,
causing chaos in the workplace. For example: ram works in an IT company and his
credentials is leaked through the company’s server then, he will have suspicion on
every one of the companies.

20049186 11
CS5052NI Professional Issues, Ethics and Computer Law

iii. A ruckus in the workplace: If an individual's data is released, the entire company
will begin to distrust one another, causing chaos in the workplace, which will also
degrade the worktime of the people as companies must control the breach and
undertake a comprehensive investigation into how it happened and what systems
were accessed. For example: a company where people work together will start
disrespecting, distrusting each other which will cause havoc in the company where
people will blame each other.

iv. Reputational Damage: News travels quickly, and within hours of a breach being
exposed, an organization can become a global news story. This unfavourable
publicity, along with a loss of consumer trust, can inflict irreversible damage to the
company that has been hacked. Consumers are acutely aware of the value of their
data, and if businesses cannot explain that they have taken all reasonable means to
safeguard it, they will simply quit (TEAM, 2020). For example: A company going
bankrupt after dealing with data breach.

v. Taking Legal Action: Organizations are legally required to demonstrate that they
have taken all necessary precautions to secure personal data under data protection
legislation. Individuals can initiate legal action to claim compensation if their data
is breached, whether intentionally or not (TEAM, 2020). For example: If a company
network leaked Sita’s personal credential, then she can appeal to the court for the
protection of her data and can case against company.

In a word, society is an integral aspect of our lives, and we must follow the
norms and regulations. A single blunder can put us in a position where we will be
influenced by the consequences.

20049186 12
CS5052NI Professional Issues, Ethics and Computer Law

5 Ethical Issues

When a business action violates moral human standards and has a negative impact on
the people who work for the company, it becomes an ethical dilemma. The five types of ethical
issues that the company has to get after a data breach scandal on ElasticSearch Server are listed
below:

Figure 5 Ethical Issues (mikewright, 2016)

i. Virtue theory: A virtuous person always does the right thing, at the right time, in
the right way, in the right amount, toward the right people. According to virtuous
person the company did unethical thing. If the company had acted like a virtuous
person and took security measure at the right time then, they would not have
suffered through this scandal.

ii. Deontology Theory: Deontology is a moral philosophy that uses rules to decide
what is right and wrong. If a corporation had thought like a deontologist, this data
leak may have been avoided. According to deontologist, the organization's data
breach was immoral because it violated a company regulation by leaking people's
personal credentials. A deontological person, for example, will assist a friend who
is obeying the rules.

20049186 13
CS5052NI Professional Issues, Ethics and Computer Law

iii. Utilitarianism theory: According to this theory, "In each given situation, we should
select the action that provides the greatest good for the largest number," According
to utilitarianism, this is unethical because it did not bring happiness to a large
number of people, as data leaking made a people suffer more which caused chaos
among people. For example: if data leaking had caused happiness to a large number
of people, then it would have been ethically correct.

iv. Right: According to this theory, we should live by rules that, in general, will lead
to the greatest good for the largest number of people. The data breach would not
have occurred if the organization had good policies, rules, and regulations in place,
as rules are designed to be followed. For example: If I follow the rule and do a
thing then I would have any legal hurdles coming in the way.

Thus, living a life based on ethics will make us happy; if the corporation
had ethical standards, it would not have suffered as a result of these consequences,
leaving many individuals in a horrible condition (reference taken from the lecture
slide).

20049186 14
CS5052NI Professional Issues, Ethics and Computer Law

6 Professional Issues
Professional ethics are rules that regulate a person's or a group's behaviour in the
workplace. Professional ethics, like values, establish guidelines for how a person should
interact with other individuals and organisations in a given situation. The five professional
issues that come under data breaching are:
i. Understand what success means: As a professional persona, we must consider more
than just running a casino. We must determine whether adequate technology or
management of individuals according to their working capacity has been
implemented. We must determine whether an authorized individual is capable of
performing their duties correctly. A thorough examination of co-worker’s is also
required to manage a successful business.

ii. Thorough Planning and Scheduling: Planning helps in identifying desired outcomes
and reducing risks. When planning and preparing a project, as well as creating bids
or contracts, being comprehensive and meticulous. They should have done
extensive preparation on which server they should use as an online casino business.
They lacked adequate planning and scheduling. If they had proper plans, they
should have known about elastic search since they had previously disclosed other
data.

iii. Evaluate re-use of software: We should not take used software for granted that it is
safe and re-usable. We should assess whether the technology in use is suitable for
business operations. They should have assessed technology first in the gambling
case. They should have first checked the technology. They would not have had this
scandal if they had done a proper examination of the technology.

iv. Protect: Backdoors should be installed to safeguard our business. Consider the
worst-case scenario and take appropriate measures. They should have inserted a
backdoor in the case of gambling. They should have chosen a proper server for
keeping their data and should have installed more security tools.

20049186 15
CS5052NI Professional Issues, Ethics and Computer Law

v. Candidness: The capabilities, safety, and limitations of software should

have been openly discussed by the casino group. After learning that the elastic
server had caused past data breaches, they should have invested in security
solutions and chosen a different server to store data.
As a result, managing a firm is not an easy task; we must carefully consider
each and every step. Professionally, there are many factors to consider in a
business setting in order to manage a firm efficiently.

20049186 16
CS5052NI Professional Issues, Ethics and Computer Law

7 Conclusion

Data breaches have always been a problem, whether they are deliberate or the result of
inadequate security measures. To prevent data breaches, a corporation must strengthen its
security. To manage a firm properly, a thorough examination of technology, personnel, and
everything else in the company is required.
As, an online gambling company's data was leaked, the gaming company should have
installed a backdoor or utilized a different server to store personal credentials. Despite knowing
that the ElasticSearch server had previously leaked data, the corporation should have taken
preventative measures and been more cautious. They should have followed proper security
standards, such as using passwords or firewalls. They should have more invested on security
tools and should have managed to distribute the works among the co-workers according to
their handling capacity. They did not just have a data leak; they also did not pick the best server
for the job. as there have been several Elasticsearch database breaches in the past. After a U.K.-
based security business mistakenly released its "Data breach Database," which stored vast
amounts of information relating to security breaches from 2012 to 2019, more than five billion
records were exposed. Detailed device data, links to photographs and videos, and about
800,000 email addresses were all revealed by the server. Gambling is a major problem that is
likely prohibited in many countries. They should have been more cautious because many
people visit casinos for entertainment and some to make money. People follow their ethics,
and people who enter casinos have a different perspective. Detailed device data, links to
photographs and videos, and about 800,000 email addresses were all revealed by the server.
The company must have implemented AAA in order to respond in this case
(Authentication, Authorization, Accountability). To be safe, they should have employed
password protection. In order to manage a business smoothly, we must consider a variety of
factors. In a nutshell, data breaches affect not only the individual organization, but also the
people who work there. We can react in this type of situation with competent firm management,
proper analysis, and proper security understanding.

20049186 17
CS5052NI Professional Issues, Ethics and Computer Law

8 References
Cloudflare, 2022. What is a data breach?, s.l.: Cloudflare, Inc..
Irwin, L., 2022. Data breaches and cyber attacks in 2021: 5.1 billion breached records,
UK: IT Governance.
mikewright, 2016. Data savvy customers as concerned by ethics breaches as security
breaches, s.l.: MYCUSTOMER.
Millicent Kelly, L. C., 2017. Social Issues: Definition & Examples, s.l.: study.com.
News, F. G., 2022. How old do you have to be to gamble? Everything you need to
know, Miami: Focus Gaming News.
Sankaran, P. R., 2021. Data breach and its impact on society , Bangalore: ISME
Mission.
TEAM, M. M., 2020. 5 Damaging Consequences Of A Data Breach, s.l.:
MetaCompliance.
Tunggal, A. t., 2022. What is the Cost of a Data Breach in 2022?, s.l.: UpGuard.
wallarm, 2017. The Biggest Hacker Attacks on Gambling, s.l.: wallarm.

20049186 18