Skip to main content Link Search Menu Expand Document (external link)
LIS 640

Assignment: Final Paper: Recent Incident

Earlier in the semester, you read a chapter from Josephine Wolff’s book “You’ll See This Message When It Is Too Late”. Each chapter in that book has general format. First, the chapter provides a detailed overview of a specific, real-world security incident. She provides a timeline and description of what happened, who it happened to, and why it was bad. Second, she uses her social science knowledge and her technical knowledge to identify one or more underlying motives of the attacker(s) and tries to understand why the incident happened. Third, she uses this social science knowledge to critique current proposals that others have made to prevent similar incidents, and to make new proposals of her own about how similar incidents might be prevented.

For the final paper in this class, your task is to write a similar Wolff-like chapter about a recent cybersecurity incident of your choosing.

Imagine that you work for an organization and your boss saw a headline about the attack and asked you to look into it and write a report for her about the attack. Your boss is a generally intelligent person, but has not read anything about the details of the attack; your paper will have to explain what happened, why it happened, and what your organization can or should learn from this attack.

You must choose a recent cybersecurity incident, and write a “boss report”. Each chapter in Dr. Wolff’s book is a good example of such a report.

Below is a list of recent events. I encourage you to pick one of the events off of this list to write about. If you so choose, you are also allowed to choose a different recent cybersecurity incident, but you must clear that choice with me in writing before starting on the work (email me). Do not choose an incident that we covered as a case study in class; We already know a lot about those.

You should use publicly available data sources (like news articles) to write a description of what happened in the event: who the attacker was (if known), who the incident happened to, and what the eventual consequences of the attack are. You will need to have more than one source of information about this. I encourage you to look for Wikipedia articles, case reports at other universities, and other sources of 3rd party information; such information is helpful and should be cited. But I’ll also encourage you to follow their citations and embedded links to get more information, as the underlying data sources usually have more detailed information.

You should also use the information economics knowledge you gained in this class to contextualize and understand this incident. This incident is only one incident, and it already happened. We want to help protect ourselves, our organizations, and our society in the future. To do this, we need to think about the incident using our social science knowledge, and identify patterns that make it similar to other incidents. What motivated the attackers? Are their properties of how humans think that make incidents like this more or less likely in the future? Are there things that happened in this incident that are unique to this incident, or are there things that are common across other incidents? Concretely identify the theories or concepts from class that can help us understand how the human behavior in this incident is likely to be similar to other, future cybersecurity incidents.

As you work, I encourage you to utilize the worksheets we previously used in class to help you think through the case. You do not need to turn in any worksheets, but I suspect that they will help you think about the case and the issues it brings up more carefully. As a reminder, here are some of the worksheets we used:

Finally, propose a solution. If we are worried about other incidents like this one happening in the future — which, if you described the incident well, we should be — then what can we do to help stop those future incidents? In this class, we talked about technology designs that can help people be more secure, and we talked a lot about creating policies that can help people and groups be more secure. You should either propose a new feature for some technology, propose a new policy that a company can follow, or propose a new government policy. Don’t forget to critique your own proposal; explain why you think this proposal will be helpful, and think about what challenges might make the proposal not work or cause other types of problems. Also, look at your proposal from the perspective of the attackers; is there an easy way to work around your proposal?

That’s the summary: choose a recent cybersecurity incident, and write a Wolff-like chapter (aka a “boss report”) about it. The chapter should:

  1. Summarize and describe the incident — what happened, who was involved, why was it bad
  2. Identify social science concepts to understand how this is similar to other cybersecurity problems. Be specific about which concepts you think apply, and how they help you think about related problems.
  3. Propose a realistic solution — either technology design or policy — that can help with similar incidents in the future.

Length: Your paper should be no longer than one of the chapters in Wolff’s book, and may be shorter. Note, they are not that long; they are about 25 small pages, which on 8.5”x11” paper is probably closer to 10-15 pages. She did extensive research on what happened for each incident; I don’t expect you to read court proceedings or nearly as many news articles as she did. So I would recommend trying to keep your chapter to approximately 10 pages (not including references), though if you include images (e.g. of design ideas, or photos of what happened) or use a larger font or larger margins, then it might be longer.

Formatting: Up to you. Please don’t use a tiny font (11pt or 12pt is good), but it is up to you how you want your chapter to look and read. Font and margins are up to you. People are more likely to take your proposals seriously if they look professional; don’t use comic sans font and hand-drawn stick figures (unless it makes sense, such as if your proposal is to educate people about security using comic strips). Be sure to remember to use paragraphs to separate conceptual thoughts, and use headers in the document to help the reader understand the organization of your thoughts.

Examples of Recent Incidents

Target Breach (2013) (Good US Senate Report): https://www.commerce.senate.gov/services/files/24d3c229-4f2f-405d-b8db-a3a67f183883

MOVEIt and Clop (2023-2024): https://www.blackfog.com/what-we-know-about-the-moveit-exploit/ and https://therecord.media/clop-moveit-zero-day-dustin-childs-interview and https://www.wired.com/story/moveit-breach-victims/

UnitedHealth Group / Change Healthcare (2024, still ongoing): https://www.hhs.gov/about/news/2024/03/05/hhs-statement-regarding-the-cyberattack-on-change-healthcare.html and https://www.npr.org/sections/health-shots/2024/03/09/1237038928/health-industry-ransomware-cyberattack-change-healthcare-optum-uhc-united

Bad Dog (band) and copyright fraud (2024) - https://www.nytimes.com/2024/01/13/business/music-streaming-fraud-spotify.html?smid=nytcore-ios-share&referringSource=articleShare

Museum attacks (2024): https://www.nytimes.com/2024/01/03/arts/design/museum-cyberattack.html?smid=nytcore-ios-share&referringSource=articleShare

Cyber Kidnapping (2024): https://kutv.com/news/local/missing-foreign-exchange-student-out-of-utah-located-in-box-elder-county

Insomniac data breach / Rhysidia$ (2023): https://www.ign.com/articles/insomniac-hackers-release-stolen-data-leak-wolverine-videos-future-projects-and-more?utm_source=instagram

Lapsus$ and GTA6 (2023): https://www.bbc.com/news/technology-67663128

Ukraine cell infrastructure Kyivstar (2023): https://www.reuters.com/technology/cybersecurity/ukraine-says-russian-intelligence-linked-hackers-claim-cyberattack-mobile-2023-12-13/ (is this “hacktivists” engaging in acts of war? https://therecord.media/ukraine-intelligence-claims-attack-on-russia-tax-service and https://www.schneier.com/blog/archives/2023/12/cyberattack-on-ukraines-kyivstar-seems-to-be-russian-hacktivists.html)

Gay Furry Hackers (2023): https://www.engadget.com/self-proclaimed-gay-furry-hackers-breach-nuclear-lab-152034192.html and https://cybernews.com/news/idaho-national-lab-data-breach/#google_vignette

UW Phishing alert (2023): https://it.wisc.edu/news/phishing-attempt-netid-mfa-duo/ (I don’t know much about this; if you do, it could make for a good report. But if you can’t find more information than this, then it likely won’t be very good.)

Danish power infrastructure (2023): https://cybernews.com/news/denmark-cyberattack-energy-infrastructure-sandworm/

Attacking Ohio city infrastructure (2023): https://therecord.media/huber-heights-ohio-ransomware-attack

MGM ransomware (2023): https://cybersecuritynews.com/mgm-resorts-systems-restored/

HP Enterprise (2022): https://www.wsj.com/articles/hewlett-packard-enterprise-suffered-cyber-breach-over-months-last-year-4f2b0241?mod=djemCybersecruityPro&tpl=cy

Equilend (2023): https://www.wsj.com/articles/equilend-a-securities-lending-platform-hit-by-cyberattack-f219fbdf?mod=djemCybersecruityPro&tpl=cy

23 and me (2023): https://techcrunch.com/2024/01/25/23andme-admits-it-didnt-detect-cyberattacks-for-months/?mod=djemCybersecruityPro&tpl=cy&guccounter=1

Pennsylvania courts DDoS (2023): https://therecord.media/ddos-attack-knocks-pennsylvania-court-system-services-offline?utm_medium=email&_hsmi=293031103&_hsenc=p2ANqtz-8UJPkqnawqixbeHU4HLEUA1ytvEc9djocbUxMBUTH4vDbtTL28Lb9M7GYhtU8nhG2igP4WCMkcoBQWPBNUwTFrKfiHlQ&utm_content=293028239&utm_source=hs_email

Hacking to chill free speech (2023): https://www.indexoncensorship.org/2023/12/hacking-is-far-more-than-a-security-issue-it-chills-free-speech/

GPS challenges because Ukraine war (2023): https://www.nytimes.com/2023/11/21/world/europe/ukraine-israel-gps-jamming-spoofing.html?smid=nytcore-ios-share&referringSource=articleShare

Baruch college ransomware (2023): https://theticker.org/12149/news/breaking-potential-ransomware-attack-causes-campus-wide-system-outage-switch-to-remote-learning/

Volt Typhoon (2023): https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a

Aadhaar Data Breach (2018): https://www.moneylife.in/article/aadhaar-data-breach-largest-in-the-world-says-wefs-global-risk-report-and-avast/56384.html

Irish Health Services (2022): https://www.schneier.com/blog/archives/2022/02/on-the-irish-health-services-executive-hack.html

GoDaddy (2020-2022): https://krebsonsecurity.com/2023/02/when-low-tech-hacks-cause-high-impact-breaches/

Intentional vulnerabilities: Linux Bans the University of Minnesota (2022): https://www.bleepingcomputer.com/news/security/linux-bans-university-of-minnesota-for-committing-malicious-code/

FBI’s Information Sharing Network InfraGuard hacked (2022): https://krebsonsecurity.com/2022/12/fbis-vetted-info-sharing-network-infragard-hacked/

LastPass Data Breach (2022): https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Viewing Experian Credit Reports (2022): https://krebsonsecurity.com/2023/01/identity-thieves-bypassed-experian-security-to-view-credit-reports/ and https://krebsonsecurity.com/2023/01/experian-glitch-exposing-credit-files-lasted-47-days/

NextGen Health Ransomware (2023): https://www.washingtonpost.com/politics/2023/01/23/latest-cyberattack-health-care-shows-how-vulnerable-sector-is/

T-Mobile Breach(es) (2022): https://krebsonsecurity.com/2023/01/new-t-mobile-breach-affects-37-million-accounts/ and https://krebsonsecurity.com/2023/02/hackers-claim-they-breached-t-mobile-more-than-100-times-in-2022/

Albanian Banks (2023): https://www.nytimes.com/2023/02/25/world/europe/albania-iran-nato-cyberattacks.html?smid=nytcore-ios-share&referringSource=articleShare

US Marshalls data breach (2023): https://www.nytimes.com/2023/02/27/us/politics/us-marshals-ransomware-hack.html?smid=nytcore-ios-share&referringSource=articleShare

Reddit Phishing Attach (2023): https://www.zdnet.com/article/reddit-was-hit-with-a-phishing-attack-how-it-responded-is-a-lesson-for-everyone/

Fortra Mass Ransomware (2023): https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/?guccounter=1

xz Utils Backdoor (2024): https://www.schneier.com/blog/archives/2024/04/xz-utils-backdoor.html and https://www.nytimes.com/2024/04/03/technology/prevent-cyberattack-linux.html?unlocked_article_code=1.h00.nDPf.n9rA2dx-Uqzm&smid=nytcore-ios-share&referringSource=articleShare&ugrp=m&sgrp=c-cb (and https://www.schneier.com/blog/archives/2024/04/other-attempts-to-take-over-open-source-projects.html for other examples)

(Note: These are only examples; you are welcome to choose a different cybersecurity incident if you want. Also, these links are just a place to start; you should try to find better sources of information if you can.)