What information was taken from Yahoo?
Assugnment Brief
Task 1 Attack analysis
Answer the following questions in a report.
- What information was taken from Yahoo? [2 marks]
- What went wrong and why? Indicate vulnerabilities that were exploited, apply any relevant models [4 marks]
- What can or has been done with the information released? [8 marks]
- How have they recovered from the attack and how have others responded?[4 marks]
- In your opinion should they have done anything differently? [6 marks]
- Discuss any drawbacks of their response and your suggestions. [6 marks]
- Making a sound argument, critical analysis, including introduction of the problem at hand, discussion, conclusions, references, etc [20 marks]
Task 2 Protecting yourself against cryptojacking
“Mining” for cryptocurrencies requires a lot of computing power, so malware criminals have taken up “cryptojacking”, installing code on victims’ machines or websites that helps the criminals with mining. Analyse the risk of cryptojacking malware infection and the best way of protecting an organisation like De Montfort University from it.
This involves answering the following questions, using any frameworks and methods covered in the module or others:
- What assets are potentially affected by cryptojacking and thus need to be protected? [4marks]
- What would the impact of a successful attack on these assets be?[4 marks]
- Through which routes might cryptojacking malware come into your system? [6 marks]
- What measures would you put in place to prevent cryptojacking attacks within your organisation? [8 marks]
- What measures would you put in place to detect a possible cryptojacking malware infection? [4 marks]
- What measures would you put in place to minimise the effect of a possible cryptojacking malware infection? [4 marks]
- Making a sound argument, critical analysis, including introduction of the problem at hand, discussion, conclusions, references, etc [20 marks]
Sample Answer
Task 1: Yahoo Attack Analysis Report
Introduction
In one of the largest data breaches in history, Yahoo was hacked in 2013 and 2014. The attack exposed billions of user accounts and had long-term implications for cybersecurity awareness and data protection. This report explores what went wrong, what information was leaked, the aftermath, and how Yahoo and others responded.
1. What Information Was Taken from Yahoo?
Yahoo confirmed that the attackers stole personal information including:
-
Names
-
Email addresses
-
Telephone numbers
-
Dates of birth
-
Encrypted passwords (using MD5, a weak hashing algorithm)
-
Security questions and answers (some unencrypted)
2. What Went Wrong and Why?
What went wrong:
Vulnerabilities exploited:
-
Weak password hashing (MD5)
-
Forged cookies vulnerability
-
Poor security hygiene (delayed detection and response)
Relevant model:
3. What Can or Has Been Done with the Information Released?
-
Credential stuffing on other sites where users reused passwords.
-
Identity theft through personal data like birthdates and security answers.
-
Phishing emails targeting Yahoo users.
-
Financial fraud through linked email recovery or account access.
This breach also had consequences for Yahoo’s business reputation, including a $350 million reduction in its acquisition price by Verizon.
4. How Have They Recovered and How Have Others Responded?
Yahoo’s Response:
-
Forced password resets
-
Invalidated unencrypted security questions
-
Strengthened encryption methods
-
Notified affected users
-
Cooperated with law enforcement
Others Responded By:
-
Rethinking password storage policies
-
Strengthening data encryption across industries
-
Revising incident response strategies
5. Should They Have Done Anything Differently?
Yes, Yahoo should have:
-
Used strong encryption (e.g., bcrypt or SHA-256)
-
Applied two-factor authentication earlier
-
Detected breaches sooner through better monitoring
-
Been transparent immediately instead of delaying for years
Continued...
100% Plagiarism Free & Custom Written,
tailored to your instructions