Question

Classify each of the following acts as a violation of confidentiality, of data integrity, source integrity, or availability, or some combination thereof: a) A hacker obtains millions of Yahoo passwords. b) Anthony accidentally cuts the electricity from the server room. c) The NSA finds an efficient method to break AES. d) Anna registers the domain name, "JohnSmith" and refuses to let John Smith buy or use the domain name. e) Some malware encrypts the victim’s hard drive with a secret key and a criminal asks for a ransom to decrypt it. f) The NSA wiretaps the cell phone of a suspect in a criminal investigation. g) A foreign state actor finds a zero-day vulnerability for voting machines used in the US.

Answer 1

Answer:

A) Violation of Confidentiality and Source Integrity:

Passwords are very confidential information and are usually protected by both the owner and the ower of the system (which in this case is Yahoo). To obtain the passwords, the hacker had to illegally gain access to the source of the data which is on Yahoo servers. Hence a breach of confidentiality and lack of adequate integrity on the part of Yahoo.

B) Source Integrity: Anthony accidentally cuts the electricity from the server room. Why would he be able to do that? how did he gain access into the server room? This speaks to source integrity. People should not be able to access the server room except they are authorised.

C) Source Integrity and Confidentiality: NSA finds an efficient method to break AES. AES refers to the Advanced Encryption Standard. AES is a symmetric encryption technology known as a block cipher.

It is used by the United States Government for the classification of information. Their ability to break this code speaks to Violation of Source Integrity. In this case, they haven't exactly hacked any document. However, any document that was encrypted using this technology is already compromised at the source.

D)   Anna registers the domain name, "JohnSmith" and refuses to let John Smith buy or use the domain name: Violation of Availability.

It is assumed here that John Smith was the original owner of the domain but it was highjacked at expiration and registered by Anna. This kind of breach is called Violation of Availability of the domain name.

E) Some malware encrypts the victim’s hard drive with a secret key and a criminal asks for a ransom to decrypt.

This move is called the Ransomeware attack. The Integrity of the source of information (which is the hard drive) is already compromised. This is a combination of Source Integrity or availability and confidentiality violation.

F) The wiretapping of a cell phone is a breach of confidentiality and data integrity.

G) when there is a vulnerability in a system or software that is unknown to those who should be interested, it is called a Zero-Day vulnerability. Where there is a Zero-Day vulnerability there could be a violation of confidentiality, data integrity, source data and or it's availability.

Cheers!