The document analyzes the 2014 eBay cyberattack, where 145 million user accounts were compromised due to a breach by threat actors. It discusses various concepts of computer security, such as the CIA triad, cryptography, authentication methods, and network security, emphasizing the importance of robust security measures to prevent future attacks. Recommendations for improving security infrastructure and practices are also provided to help organizations combat cyber threats effectively.

1. Studocu is not sponsored or endorsed by any college or university
A1-obunga 1-R2110D12837119
Computer Security (University of East London)
Studocu is not sponsored or endorsed by any college or university
A1-obunga 1-R2110D12837119
Computer Security (University of East London)
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

2. NAME : ROBERT OBUNGA
STUDENT ID : R2110D12837119
TITLE : ASSIGNMENT 1
MODULE : COMPUTER SECURITY
MODULE CODE : UEL-CN-7016-33285
DATE : 29TH
OCTOBER 2022
1
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

3. THE 2014 eBay CYBER ATTACK. A CASE STUDY.
2
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

4. ABSTRACT
The possibilities provided by the internet in this day and times is almost limitless, fueled by
presence of global networks and larger operations being performed on a daily basis coupled with
people around the world who enjoy these benefits. However, the internet space is not used for
peaceful reasons as it should be assumed. The growing development in technologies and
substantive upgrade of programming systems has led to frequent cases of attacks by threat actors,
becoming a real problem for large companies.
Hence, therefore, one of the most famous cases in relation to hacking in the world was the
hacking of important information on the eBay database, an online shopping store. The case study
will focus on this attack.
3
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

5. Introduction
The incident under case study occurred in 2014, during summer where one of the world’s most
popular online trading platforms eBay, a company in the United States was attacked by virtual
threat actors (Meyer,2017). According to Meyer, eBay had up to 145 million user accounts
compromised (p. 11). With such a large amount of people affected by this this breach, it was
extremely hard for it to go unnoticed or rather be swept under the carpet by eBay. This attack
received a lot of public response.
The attack scenarios are similar in most cases; The threat actors enter systems through backdoor
means an access secret databases and other classified information which is not visible to the
public and lay the stolen information bare on a public network. Furthermore, as time passes,
fighting such criminals has become extremely difficult as they come up with new ways of
circumventing defense systems.
Therefore, it is important to dig in on what persuaded the threat actors, aftermath of the attack,
which counter measures were taken to avert future data leakages by eBay and the possible
recommendations in terms of hardware and software improvements and best practices that would
protect the company from persistent threats on the internet.
Literature review
The eBay attack being one of the worst cyber-attacks registered, review of various information
security concepts is vital. Furthermore, to tackle this case effectively, there is need to look at this
security principles as it will form the backbone of the case study. It will help in the assessment of
the whole incident in a wholesome manner and coming up with the best recommendations for the
same.
Furthermore, by assessing and reviewing various literature on the subject which relate to
computer security, we shall get a proper understanding of specific areas any organization should
put emphasis on in order to deal with cyberspace threats. This will intern create a secure working
environment. I shall tackle the various concepts of computer security and bring into context the
incident that occurred. Below are some of the concepts.
i) The fundamental concepts of computer security
Sutton (2017), asserts that computer security is a combination of well laid out
practices, tools, set standards, written policies and strategies that need to be taken to
reduce, prevent or eliminate cyber threats. Cyber threats as referred to here points to
threats to intellectual property, identity theft, fraudulent activities, cyber terrorism and
espionage. This includes other external and internal aspects as far as technology is
concerned. To tackle these, further emphasis is put on the following aspects of
computer security: -
A) The categories of cyber threats to computer and information security
4
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

6. According to Sutton (2017), the impact of cyber related crimes can be tackled
inform of grouping where each threat is put where it fits. That is to say
- General crime: are crimes not very specific to a particular aspect. e.g
crimes related to loss of intellectual property falls in this category.
Such crimes could lead to the loss of value of the compromised
information.
- Cyber stalking: is another form of crime which involves unsolicited
online advances on people without their consent or bullying them
online. This can be grouped as cyber harassment.
- Cyber terrorism and espionage: - This is a form of cybercrime where
a nation uses cyber space to compromise another country’s national
security.
Last but not least, the above-mentioned are just a few which relate to the case
Study. Other cyber threats exist such us information stealing which is prevalent
in the case study.
B) What are the realms of cyber security
The field of cyber security is divided into several groups that makes it easier for
companies to make informed choices on which component best fits their security
needs when building cyber security infrastructure and systems.
The categories include applications and data security, forensic analysis and
software development security. Accordingly, these components shade light on the
things that should be given priority in order to prevent data from breach. The
other component components such as network and application security play a big
role in terms of software integrity and putting up a top-notch control for
organizations and consumers of available services. In addition, to ensure all
evidence associated with cyber breaches are well kept, forensic analysis is key as
part of incident response.
Finally, organizations must ensure there is a written incident response plan,
disaster recovery plan and business continuity plan to act as guides in the event of
a data breach.
C) The concept of confidentiality, integrity and availability: The CIA Triad
The domicile of information security is built on these core principles. They are
commonly referred as CIA triad. The architecture of cyber security heavily relies
on these principles and every company must work withing the framework of these
three in order to achieve its goals of computer and information security.
Confidentiality asserts that all data should and must be kept out of access must
require authorization. It emphasizes data classification to ensure it doesn’t end up
in the hands of unauthorized individuals. A water-tight security policy that ensures
confidentiality must be formulated to ensure no data is accessed by unauthorized
persons.
5
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

7. There is also the concept of data integrity which is a component of CIA. This
principle points to the fact data must be accurate at rest, during transfer and
eventually when it reaches its destination it must remain the same. This ensures
reliability and builds trust in information and that all transactions involving this
information must be accurate and reliable.
Finally, availability is a principle of the CIA triad that asserts that apart from
ensuring that information is confidential and has integrity, its availability to those
who rightfully need it is key. The information should be accessible to stake
holders with access rights to whatever information they need in order to run their
organizations effectively. In a nutshell, trust and reputation of computer systems
must be priority for all organizations.
ii) The concept and use of cryptography
Cryptography by definition is technique used to protect information and
communication using codes, such that only those who are authorized to it cab read
and process it. Modern cryptography concerns itself with the four major objectives of
information security. These objectives are confidentiality, integrity, non-repudiation
and authentication. The process of cryptography forms the foundation of cyber
security in this modern age.
Furthermore, cryptography employs the technique of encryption which is the process
of converting information to unreadable cipher text and decryption which is the
reverse of encryption. The process of encryption and decryption has revolutionized
cyber security and have made it possible for organizations to store information in a
more secure form making it difficult for third parties or malicious people to
comprehend the content of the information, stored or being transmitted.
To further enrich this concept, substitution and transposition ciphers came into play.
The algorithm used by substitution cipher for example, allows parties to swap text
information into unique and discrete formats acceptable to the parties involved. This
method was put to use by ceaser cipher and Vigenère cipher to transmit information
between themselves. In this cipher the position and identity of text changes. The
substitution method was enriched and reinvented into a more developed and effective
transposition ciphers. To encrypt text on the kali linux, gpg command is used i.e
$ sudo gpg –full-generate-key
iii) The concept of Identity, authentication, and access control
In this modern day and era, cyber-attacks have become more frequent than before. To
tackle this adequately and prevent intrusion or breaches similar to that of eBay, it is
crucial and mandatory to get a good understanding of the methods used to verify the
identity of individuals in an organization. There are three know authentication
mechanisms that can be used to identify and issue authorization to users. There are
namely: -
6
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

8. - Knowledge based authentication where access to systems is hinged on
what the user knows eg password or PIN
- Ownership based authentication where access to systems is hinged on
what the user has or posses as proof e.g RFID card, tokens
- Inherent based authentication where access to systems is based on
what the user is. Eg biometrics like finger print, face or Iris.
Identity management which is also referred to as Identity and access management (IAM)
refers to the overarching discipline used to verify a user’s identity and his/her access level
to a particular system. In that context, authentication and access control, regulates user’s
access level to a given system, thus playing a vital role in securing user data.
To further discuss these concepts, threat actors are known to always exploit and utilize
every level of access they can gain and thus it’s important to ensure that access levels and
restrictions are put in place and reinforced by a written security policy. Identity, trust and
reputation are key considerations for every organization before admitting a user into
internal networks.
To achieve that crucial goal, organizations must build systems that ensure users validate
their credentials every time they need to access the systems or network. It’s the duty of
the organization to ensure user information is secure and work towards maintain a level
of trust from the users of the systems. Therefore, the crucial process of validating user
information before accessing the system or network resources is called authentication.
This process can be said in layman’s language as “separating the wheat from the chuff”.
It ensures that only legitimate users have access to system and network resources.
Another widely used concept under authentication is the use of multifactor authentication
rather than rather than single intrinsic factor method for users. Multifactor authentication
requires a user to further prove his/her identity even after entering correct credentials. Eg
a verification code is sent to user’s email or phone number saved in the system. The user
will then be required to enter the code for access to be granted. This two-factor method
has proven to be effective and organizations must adopt this method to achieve some
maximum level of security to their information and network assets. Furthermore, this
method can be coupled with other authentication mechanisms like inherent based which
in turn provide solid security to information.
In a nutshell, the three authentication mechanisms if used correctly will help
organizations achieve its goal of information security. User training on this authentication
mechanisms is also required if organizations want to achieve their goal of information
security as it will be a waste of time to introduce them to an untrained staff who may not
take it seriously.
Lastly, to further boost the authentication mechanism employed, access control methods
to augment them is vital. Access control methods limits users and devices privileges to
access organization’s systems and network resources. There are various access control
methods as below:-
7
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

9. a) Discretionary access control- in this type of control, only the owner of the resource
can allow other users access to it. i.e, its at his disposal to allow or disallow other
users from accessing a particular object.
b) Role based access control (RBAC). This type of access control asserts that each user
or subject is given access to an object based on their roles in the organization. Eg a
loan officer can only have access to loan related information.
c) Mandatory access control (MAC). This type of access control demands that
information is classified and access to it requires some form of authentication.
Finally, other predefined access control mechanisms can be employed to add on those
mentioned to ensure information is secure and no unauthorized access is permitted.
iv) The use of Encryption, digital signatures and digital certificates
These components are employed in technology to allow encryption and decryption of
data. They form the cornerstone for carrying out cryptography. There are two known
encryption key techniques. These are symmetric and asymmetric keys encryption.
Majority of the encryption methods apply these two techniques.
Symmetric encryption is a type of encryption where one key is utilized in the process
of encryption and decryption of data. This principle guarantees that the speed of
encrypting and decrypting data is high and efficient for any organization that uses it.
The advantage of symmetric encryption is it can handle big volumes of data at a go.
The presence of a key ensures confidentiality of the data being transmitted.
Asymmetric encryption on the other hand, embrace the use of two keys the
encryption process. A key pair one for encrypting and the other for decrypting are
used unlike the case in symmetric encryption. Asymmetric encryption requires the
public and the private key. The two key requirement mechanism ensures safety in
compromised environments in case of attacks.
Data encryption algorithms available in this modern day for the benefit of this case
study are the standard encryption standards and advanced encryption standards.
Asymmetric algorithms for example include Rivest shammer Adelman (RSA) and
MD4 also referred to as message digest.
v) Incorporation of intrusion, detection and prevention measures in information
security
In every attack environment, there must be a corresponding defense measures put in
place by organizations to thwart such attacks. Cyber threats are real and any company
can be attacked without notice, thus organizations must have mechanisms and
policies to help them defend themselves against attacks. Installations of systems to
monitor and prevent attacks must be a priority.
8
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

10. These measures can be achieved by ensuring that the IT team of the organization have
enough training and experience to identify and deal with threats. In addition, a proper
understanding of threat models i.e STRIDE AND DREAD goes a long way in
achieving security goals. They must also have a proper understanding of the cyber kill
chain and how to break the chain incase of an attack. A well-documented information
on previous attacks and threats helps as it forms the cyber threat intelligence (CTI)
mechanism when threats are identified as the indicators of compromise (IOCs) are
already documented from previous attack. Constant vulnerability scans on internal
systems and networks coupled with staff training on information security will help
avert attacks.
vi) The concept of network security, malware and viruses.
In many ways the network acts as the information pathway and data transmission
relies on network infrastructure from place of origin to its final destination. In this
context, network security is an essential component of cyber security. Network
connectivity and data transportation is divided into layers known as the OSI model.
Data transmission goes through layers from initiation, transmission to its final
destination. These layers can be exploited my threat actors in case they have
vulnerabilities. Therefore, securing this layer is vital to ensure data is secure at all
stages of transmission and delivery.
In addition, there are significant examples to justify network security importance.
DNS exploits can be used to exploit DNS via insecure networks, bringing into the
fore the importance of understanding the OSI model and how it plays a role in data
transmission. As a matter of fact, each layer of the OSI model carries vulnerabilities
from the presentation layer to the physical layer. Most attacks are normally executed
at the network layers and transportation layers, hence the presence of encryption
protocols like transport layer security (TLS) to provide security at the transport layer.
Harmful and malicious programs can be sent over insecure networks causing harm to
systems and information. Malware stands for malicious software. In figure 1 below is
the summary of OSI model and the kind of attacks on each layer.
9
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

11. Figure 1 The OSI model and attack examples (Manninen,2018)
Network vulnerability tools such as tcp dump and Nmap can be used to check network
vulnerabilities and have them fixed eg
$ sudo tcpdump on Kali linux Terminal. For packet sniffing
$ sudo nmap scanme.nmap.org to scan for open ports
Incident overview
The e-commerce giant e-Bay Inc is an American company in the United States in San Jose,
California. It facilitates the process of consumer-to-consumer sales through an online platform.
The Washington post published a report on attack on the online shopping platform of eBay which
occurred between February and March 2014. The attack went on undetected for a whole month.
The threat actors got access to user credentials and used them gain access to the internal systems
of eBay and carry out their malicious activities. This resulted in exploitation of 145 million user
accounts as per the report.
Discussion and analysis of the attack
The actions of the threat actors who illegally gained access to user information and harvested
passwords and other access credentials were well organized and quiet professional. Nonetheless,
this doesn’t point to a fact that eBay protection was weak since for some time, their firewall was
protected. In spite of the presence of a firewall, the threat actors managed to overcome the
firewall defense and effectively committed their crime. To better explain hacker activities, Figure
2 below shows the series of events pointing to what actually happened to the internet store and
the nature of threat customers had to experience.
10
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

12. Figure 2. The case of eBay data theft and potential threats to customers (Codsi,2014)
From figure 2, conclusions can be that customers were at serious risk as threat actors aim was to
steal information and sell to companies as shown for monetary gains. The companies A and B are
hypothetical since its wasn’t proven outright in the investigations.
a) Possible intentions of the attack
In this particular attack, the intentions and motives of the threat actors are not well established.
The plausible motive of their actions could have been to undermine the authority of the company.
According to El-Kenawy, El-Dosky and Sarhan (2014), eBay is ranked as one of the largest
global online stores and this could be actions of a rival online store aimed at bringing down
popularity of eBay.
Another plausible reason for the attack was that the attackers did and ordinary database attack
just for entertainment purposes or hacktivism, thus sending a signal to the creators of eBay
security team that their product has vulnerabilities and can be hacked easily.
Nevertheless, their intentions notwithstanding, they succeeded to achieve what they aspired to
do. They penetrated the eBay systems and made information of 145 million clients’ accounts
available to unauthorized parties.
b) Mode of attack used
In most cyber security breachers, threat actors use different modes or methods to execute their
attack. In this case, the threat actors did not use the well-known scheme of Distributed Denial of
Service attack (DDOS), where the intent of the attack is to flood one site with many requests
with the aim of causing its collapse. These threat actors employed a more sophisticated method.
They used compromised user credentials and hacked into information field of the store’s
11
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

13. database and gaining access to vital information. The only relief to users is that no critical
financial data were kept in the attacked base. This means there was no monetary loss incurred by
users. The most identified method was social engineering on compromised accounts of three
employees.
However, even though no financial losses were incurred, the reputation of the company was
severely damaged. Aggarwal, Arora, et al (2014) asserted that millions of data was lost.
c) Vulnerabilities exploited by threat actors
In carrying out attacks, cyber criminals usually exploit various vulnerabilities that exist in any
system or network of their target victim. In the case of eBay, threat actors were able the
weaknesses in their network infrastructure and used it to their advantage to access and control
the databases that contained user information.
The vulnerabilities that were identified in this case were a cross-site scripting vulnerability and a
cookie reuse. Another remote vulnerability was identified as basic standard firewalls setup by
eBay easy to penetrate.
To tackle the cross-site scripting vulnerability in detail, eBay’s auction site was affected by a bug
which consistently caused a cross-site scripting. This anomaly created a loophole for users to add
malicious codes in java-script and HTML into the company systems. The threat actors utilized
this to write a script that would store user credentials whenever they visited the site. This
assertion is plausible on how credentials of users were obtained. In this case both employees and
customers credentials were compromised.
Cookie re-use as mentioned earlier is a vulnerability plausibly exploited by the attackers. In
addition, eBay site utilized cookie re-use which permits its systems to allow alike or similar text
files holding cookie data to be re-utilized. This method enhances data harvesting as the threat
actors’ systems ate able to listen and collection valuable information. The presence of a standard
firewall was also cited as a vulnerability
d) Response by eBay to counter the attack
For every attack, follows a response otherwise known as incident response. eBay responded to
the attack to reduce the impact of the attack though late by informing their members to change
their passwords. The Cyber security team went ahead and put in place access control measures to
their existing infrastructure which is essential to the functioning of their online business.
In addition, vetting mechanisms were put in place which ensured only cleared employees got
access to their business operations and server rooms. The remaining set of employees were
locked out or denied access to servers and databases that were considered critical to the business
operations. Furthermore, the firewall and its intrusion sensors were reinforced to ensure effective
detection of threats, intrusion and corresponding prevention signatures for solid internal network
security.
To add on this measures, intrusion and prevention monitoring systems were audited to ensure
user activities registered were accurate and reliable. Encryption of all databases was done to
prevent threat actors from scooping more information. They released a report to confirm this to
boost customer confidence. This was done as investigations continued.
12
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

14. e) Impact of the attack on eBay
The impact of the attack was quite significant. It caused leakage of confidential user credentials
which included emails, names and passwords. This attack placed users at risk and this affecting
the reputation of eBay as one of the largest online stores. This information found their way to
black markets where they were sold at good retail price to companies dealing in metadata. In
addition, this attack also caused a financial loss to customers who didn’t get the goods they
ordered for.
On the part of eBay, and equally financial loss of about 200 million dollars was incurred which is
a loss of revenue. The major loss was actually reputational damage which meant loss confidence
in the company by users which translates to future financial losses.
To cap it all, the counter-measures by eBay to contain the attack made it even harder for the
already frustrated users to operate on their platform. This was occasioned by the security
restrictions put in place which involved stringent verification protocols. Some users left the
platform because of this.
On the part of investors, who had invested on this online store, financial loss was incurred as
they had to pay forensics experts and IT gurus to get the systems up and running. In line with this
systems upgrades had to be done to make the platform secure. This meant purchasing and
replacing existing firewall and ensuring a top-notch data encryption mechanism to all data.
Conclusion
This attack was one of the biggest attacks in this century and in US history. This case study has
put into perspective the dangers of cross-site scripting and cookie re-use to online platforms. The
importance of up-to-date firewalls, intrusion and detections systems has been highlighted as key
elements of data security. In addition, this information and data age demands that security of
both data and systems is essential. Threat actors according to the case study got access easily
because of eBay’s poorly trained employees on information security. This was escalated by lack
of enough preventive mechanisms to detect intrusion. This clearly points to the fact that if small
things aren’t taken care off, they can escalate to bigger and expensive things.
Recommendations
Firstly, to prevent such breaches, organizations must ensure data is stored in encrypted form.
This will prevent unauthorized access to information, any form of listening and interception of
traffic. The process of encryption involves the use of a particular key to access particular website
or system resources. The technicalities involved in the method of data security is that threat
actors will not gain access to information minus having the particular secret key to decrypt the
information. The encryption can be symmetric or asymmetric as highlighted in the concepts of
information security in the literature review. An example to elaborate encryption is shown in
figure 3 below:-
13
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

15. Figure 3: The login page of eBay (WebCount ,2017)
When you observe the login interface in figure 3, it is easy to identify the type of encryption
used. i.e. single key or Symmetric encryption. This is used on many online platforms. We can
also get to define other unique methods of how eBay IT staff would have prevented the 2014
attack. Even in encryption it is essential to adhere to proper preventive rules to prevent attack. In
this case adding the stay signed on option negated the encryption method used as an attacker can
exploit this vulnerability. It is also clear that eBay did not employ the use of a two-factor
authentication requirement for users to verify their identity before login.
The second method that would prevent such attacks from recurring is to ensure access to systems
is restricted. The methods deployed to prevent unauthorized access can actually be simple if
properly executed. The most important and basic goal of restriction is to reduce or eliminate
completely the ability of a threat actor to have unfettered access to critical servers which avail
webservices to external users. When a threat actor is prevented from accessing a port, he can’t
attack it. The IT team at eBay failed to provide this complete protection in time.
A centralized key management is a third method to protect information. In this concept,
important factors are put into account. The sequence and flow of work must and should be in
conformity with a uniquely defined algorithm and adherence a unique chain. To elaborate this
order, figure 4 will be used.
14
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

16. Figure 4: The system of centralized cryptographic key management (Gemalto ,2017)
From figure 4, it can be noted that all objects of the database chain are actually managed by a
single key element. When the central apparatus is reliably and professionally managed, the
chances of attack on such a system will be minimal
The fourth recommendation is proper training of employees. This encompasses written security
policies for them to adhere to. The policy concept may include the principle of least privilege
which avails them with bare minimum amount of permission and access rights to perform their
duties. Additionally, an incident response plan that can be implemented in times of crisis or
intrusion must be in place.
Furthermore, the fifth point is that organizations must ensure their systems have proper security
controls which was a glare vulnerability in the case study. Security measures such as the use of
two factor authentication mechanism wasn’t put in place. Organizations must ensure such
fundamental security measures are in place. In addition, having regular checks on organization’s
systems will help detect any intrusions in time. Businesses should also ensure that systems are
equipped with proper antimalware software to prevent malware attacks. In a nutshell regular
system checkup must be made routine and compulsory.
Accordingly, the sixth recommendation is that organization’s IT team must ensure that the first
layer of security is applied. The operating systems running webservers, databases, including
other network services must always be up to date with security patches. In addition, most
webservers typically reside in demilitarized zone, which is typically exposed to untrusted
external networks where unknown web users can interact with webservers by establishing a
connection enabling them to send data to the webserver thus making it vulnerable to attacks.
15
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

17. When the webserver and database server are installed in the demilitarized zones zone, then
chances of hackers gaining access to the databases is high. Therefore, separating servers with
different roles is crucial i.e webserver and database server should be separated. This will improve
the security of an organization’s web farm and limits the extent of damage in case of an attack.
The principle of least privilege is another security concept that should be adopted by IT
professionals working in organizations. This simply means that the webserver should have the
least possible privilege to access databases. In addition, it should not be granted administrative
rights to invoke changes to the databases structure e.g the drop table. This will go along way in
limiting the damage in case servers are compromised by an attack.
Limiting remote access is also another security concept that should be adopted by organizations
to protect all their server in the web farm. This means that webservers and database servers
should only be accessed locally from local area networks; admin interfaces must not be accessed
from the internet. Therefore, if remote access id unavoidable, a well-documented handful number
of IP addresses can be granted access to these administrative interfaces. This can be achieved
using whitelisting from the firewall. The other method remote access can be secure is by
employing the use of cryptographically secure mechanisms such as SSH or use virtual private
network. In a nutshell there are many security measures that can be employed by organizations to
protect their systems and other internal assets.
REFERENCES
1. Aggarwal, P., Arora, P., & Ghai, R. (2014). Review on cybercrime and
security. International Journal of Research in Engineering and Applied Sciences, 2(1),
48-51.
2. The case of eBay data theft and potential threat to customers [Image]. (2014). Web.
3. The damage that the Heartbleed bug caused [Image]. (2014). Web.
16
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381

18. 4. Gujrathi, S. (2014). Heartbleed bug: An OpenSSL heartbeat vulnerability. International
Journal of Computer Science and Engineering, 2(5), 61-64.
5. El-Kenawy, E. S. M. T., El-Desoky, A. I., & Sarhan, A. M. (2014). Bidder strategy system
for online auctions trust measurement. International Journal of Computer Science Issues
(IJCSI), 11(5), 76-82.
6. How hackers hack PayPal account in 2017 – Hack PayPal. (2017). Web.
7. The login page of eBay [Image]. (2017). Web.
8. Meyer, C. (2017). Submitted to the Department of technology systems. Web.
The system of centralized cryptographic key management [Image]. Web.
9. Sahib, S. (2015) Cyber terrorism: Policy and technical perspective. Melaka: Penerbit
University Teknikal Melaysia Melaka.
10. Andrade, R. et al. (2021) “Extending a trust model for energy trading with cyber-attack
detection,” Electronics, 10(16), p. 1975.
11. Butler, R. (2007) “A framework of anti‐phishing measures aimed at protecting
the online consumer’s identity,” Electronic library, 25(5), pp. 517–533.
12. Byrne, D. J. (2015) “Cyber-attack methods, why they work on us, and what to
do,” in AIAA SPACE 2015 Conference and Exposition. Reston, Virginia:
American Institute of Aeronautics and Astronautics.
17
Downloaded by kemar frank (revolute.p@gmail.com)
lOMoARcPSD|1449381