Business relationship between ReliaQuest and ABC Company
ReliaQuest and ABC Company have been in a business-client relationship. As a national leader in information technology security, ReliaQuest remains a preferred security provider for Fortune 2000 enterprise clients, including ABC. As a client, ABC was entitled to every “technical parameter of ReliaQuest’s Threat Management Offering” (Elder et al. 7).
How a breach at ABC Company could affect ReliaQuest
A breach at ABC under ReliaQuest’s watch would create a PR crisis for ReliaQuest due to a tarnished brand image (Elder et al. 1). ReliaQuest might consequently lose some existing and potential customers.
Approach(es) that Joe’s Red Team considered when validating the breach
Joe’s Red Team had to consider three approaches when validating the breach (Elder et al. 3). The first question was how to initiate communication with whoever had the data to gain more knowledge regarding its content. Secondly, the team considered purchasing the stolen data or a sample from the hacker so its members could actually get their hands on it. After successfully getting the data, the team would analyze and compare it to the official copy ABC retained to ascertain that it was indeed customers’ personally identifiable information.
Challenges that Joe and the Red Team faced
Joe and the Red Team faced three main challenges while considering acquiring ABC’s data from the dark web. The first hurdle was communicating with the hacker without implicating either ABC or ReliaQuest. Additionally, they had to mask their identity while accessing the dark web. The third challenge involved avoiding exposure while communicating with the potentially sophisticated hacker because being exposed could render useless even a successful attempt to mask identity (Elder et al. 4).
Hurdles faced when considering paying with Bitcoin
Joe and the Red Team encountered two major challenges when considering paying with Bitcoin. First, Bitcoin transactions face an elevated risk of fraud due to an anonymity feature and the irreversibility of complete transactions. The second hurdle involved raising the required amount of Bitcoins within the time constraints. The asking price for the stolen information was hundreds of Bitcoin, an amount that was challenging to raise considering two facts: ReliaQuest lacked an existing Bitcoin account at the time, and the amount was five times higher than the daily limit of a new Bitcoin user.
Thoughts about ReliaQuest’s potential use of Bitcoin in this scenario
ReliaQuest can use Bitcoin in this scenario, but it should not do so. The action is premised on the belief that it had worked for other companies, such as Facebook, and it can help ReliaQuest enhance data protection. However, there are several uncertainties, ethical issues, and legal concerns to consider. Even after going through all this trouble to acquire the data, if the breach is real, the negative consequences would be inevitable.
A recent Breach
Microsoft Inc. recently suffered a data breach orchestrated by LAPSUS$. It is speculated that LAPSUS$ hackers impersonated law enforcement agencies to subpoena privileged information (“Hackers Gaining Power of Subpoena via Fake “Emergency Data Requests”). If the breach is confirmed, a potential course of action would be to reinforce weak links these hackers exploited. For example, employees could be trained on social engineering tactics that hackers favorably use to infiltrate companies.
Works Cited
Elder, Jonathan, et al. “ReliaQuest: Behind Enemy Lines.” Muma Case Review, vol. 2, no. 12, 2017, pp. 1-20.
“Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”.”Krebs on Security – In-Depth Security News and Investigation, 2022.