Draft:Unauthorized access

Submission declined on 13 February 2024 by Encoded (talk).

This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources.

If you would like to continue working on the submission, click on the "Edit" tab at the top of the window.
If you have not resolved the issues listed above, your draft will be declined again and potentially deleted.
If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors.
Please do not remove reviewer comments or this notice until the submission is accepted.

Where to get help

If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews.
If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed.

How to improve a draft

Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia.
Help:Wikitext – how to use the markup
Help:Referencing for beginners – how to include references
Wikipedia:Article development – how to develop your article
Wikipedia:Writing better articles – how to improve your article
Wikipedia:Verifiability – make sure your article includes reliable third-party sources

You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article.

Improving your odds of a speedy review

To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags.

Add tags to your draft

Editor resources

Easy tools: Citation bot (help) | Advanced: Fix bare URLs

Declined by Encoded 3 months ago. Last edited by Encoded 3 months ago. Reviewer: Inform author.

Resubmit

Please note that if the issues are not fixed, the draft will be declined again.

Submission declined on 16 January 2024 by Qcne (talk).

This submission reads more like an essay than an encyclopedia article. Submissions should summarise information in secondary, reliable sources and not contain opinions or original research. Please write about the topic from a neutral point of view in an encyclopedic manner.

Declined by Qcne 4 months ago.

Comment: Suggest improving Cyberattack instead. asilvering (talk) 10:46, 27 January 2024 (UTC)

Comment: Please see WP:VOICE Qcne (talk) 16:53, 16 January 2024 (UTC)

Unauthorized access refers to the situation in which an individual or entity gains access to information on a computer or system without prior permission from the system owner. This activity is commonly referred to as hacking.^[1] Essentially, it involves an attempt to breach security measures in order to access data that the individual should not possess. Various methods can be employed to achieve unauthorized access, such as releasing a worm into the network where the data is stored or gaining control over a system with valuable information using stolen credentials. Unauthorized access may result in the theft of valuable data, data manipulation, or other security risks, often leading to legal consequences.

Overview[edit]

Logic[edit]

Distinguishing between authorized and unauthorized access is straightforward in real-world scenarios, as there are clear boundaries. However, this distinction becomes less obvious when examining computer systems. When an individual accesses another computer within their operating network, they are merely transmitting data, constituting authorized access to the system. On the other hand, computer hackers strategically leverage resources from a second computer in a network to obtain more information than intended, constituting unauthorized access to the system. Not everyone engaging in such activities is necessarily a hacker, and situations are not always simple.^[2]

For instance, the 1986 Kennison v. Daire case illustrates a scenario where individuals could withdraw money from ATM machines despite their bank accounts being closed. Whether done knowingly or unknowingly, such actions would be considered unauthorized access. This is because the principle behind granting authorization to resources, to an individual, mandates that it be explicitly designated by the person. Machines, in contrast, lack the capacity to provide authorization autonomously.^[3]

Defense mechanisms[edit]

Many contemporary organizations implement Multi-Factor Authentication (MFA) systems to enhance their defense against cyber threats. The adoption of MFA implies that gaining access to the system is no longer as straightforward as entering a username and password. Instead, additional layers of security are introduced, such as one-time codes that change at regular intervals. Another protective measure involves the deployment of firewalls within the network to mitigate potential attacks. In larger organizations, the responsibility for managing access to specific systems or network segments often rests with designated individuals who possess access keys. These individuals may include department managers or other designated personnel. Additionally, access-control lists (ACLs) play a role in computer security by providing a list of users authorized to access specific systems or log into a network.

Attack methods[edit]

Attackers initiate their efforts by acquiring data about the target network or system. This involves not only identifying vulnerabilities but also locating potential entry points and gathering information on program versions, system architecture, and potential flaws. Various strategies may be employed to exploit weaknesses, such as targeting unpatched software and misconfigured services. Deceptive methods, such as false emails, messages, or phone calls, are also commonly used to trick users into revealing passwords or downloading malware. Once access is secured, attackers aim to maintain control over the system, employing tactics like installing backdoors, creating new accounts, or implanting malware to ensure continued access even after closing initial entry points.

Organizations under attack must ascertain whether the threat originates from an insider or an external source. In the event of a security breach, companies need to consider the possibility that the perpetrator may be an employee. This is plausible as employees often possess a deeper understanding of the company's network systems than external parties. An illustrative case of unauthorized insider access is Edward Snowden, a whistleblower who disclosed classified information from the National Security Agency (NSA) to the public.

Importance[edit]

The volume of personal information stored in data centers or servers is increasing daily, driven by the growing number of people using social media and sharing information on public [[network domain |domains]] or websites. The rise in valuable resources within these data centers has led to a corresponding increase in cyber attacks. In 2014, CEOs in the U.S. alone were spending up to 60 billion dollars annually to combat cyber attacks.^[4]. This issue has evolved into a significant threat to governments, given the abundance of highly classified data stored on servers. Protecting against unauthorized access within organizations that control these domains or websites is synonymous with safeguarding the personal data of their customers or users, even for individuals with accounts on popular social media platforms.

The escalating frequency of cyber attacks has resulted in substantial losses for large corporations due to the theft of valuable data. Implementing defensive solutions comes with a considerable cost, and after an attack, many organizations struggle to recover due to resource constraints.

Over the years, both individuals and companies have become more attuned to this problem. In the past, when attacks were less frequent, cost-benefit considerations often deterred investments in authorization access policies and cyber attack defense, deeming them too expensive. Nowadays, it has become evident, even to small businesses how crucial protection against malware, ransomware, and other unauthorized access methods is. The landscape has shifted to the point where not only large corporations but also small and medium-sized businesses are susceptible to attacks.^[5]

History[edit]

Unauthorized access to sensitive systems and data poses a threat, with the potential to escalate into a cyber attack. Throughout the digital era, there have been notable instances of some of the most significant cyber attacks in history.

Melissa Virus

The Melissa virus, unleashed on March 26, 1999, stands as one of the earliest cyber attacks in the history of the digital landscape. Functioning as a malicious computer worm, it propagated by attaching itself to email messages and then replicating across the contact lists of email owners. Primarily targeting Microsoft Word and Outlook-based systems, the virus caused a substantial overload, leading to a surge in email volumes.

Being the first mass-mailing worm, Melissa rapidly spread globally, inducing chaos in its wake. The estimated damage amounted to approximately $80 million, and its disruptive impact resulted in the temporary shutdown of numerous businesses and organizations. The Melissa virus serves as a pivotal case study in the evolution of cyber threats, underscoring the imperative need for continuous advancements in cybersecurity measures to thwart such malicious attacks.^[6]

MyDoom

The Mydoom worm, which surfaced in January 2004, gained notoriety as one of the fastest-spreading email worms during its time. Propagating through email, its primary goal was to create a backdoor in the infected system, allowing unauthorized remote access. Mydoom had significant repercussions, resulting in considerable losses for major corporations, including Microsoft, SCO, and Google. The overall estimated damage caused by this computer worm amounted to 38 billion dollars.^[7]

Cyber attacks on Yahoo

The 2013 Yahoo cyber attack affected three billion user accounts. State-sponsored actors utilized forged cookies to gain unauthorized access. Though discovered in 2014, Yahoo only disclosed the breach in 2016 during acquisition talks with Verizon, resulting in legal consequences. This incident underscored the necessity for robust cybersecurity measures. In response, Yahoo implemented security enhancements and increased investments in cybersecurity to mitigate future threats. The breach had a substantial impact on public perception and inflicted lasting consequences on the company's reputation, highlighting the critical importance of timely detection and transparent disclosure in the evolving landscape of cyber threats. ^[8]

References[edit]

^ "Unauthorized Access". Information Security. DEPARTMENT OF TECHNOLOGY SOLUTIONS. Retrieved 10 January 2024.
^ Winn, Peter A. (2007). The Guilty Eye: Unauthorized Access, Trespass and Privacy. Retrieved 10 January 2024.
^ Gibbs, C.J. "Kennison v Daire [1986] HCA 4 - BarNet Jade". jade.io. Retrieved 10 January 2024.
^ Kumar, Naveen (December 2014). Today's importance of cybersecurity - ProQuest. Utica College. pp. 1–4.
^ Bharath, Aiyer. "New survey reveals $2 trillion market opportunity for cybersecurity technology and service providers | McKinsey". www.mckinsey.com. McKinsey & Company.
^ A. Rhodes, Keith (April 15, 1999). The Melissa Computer Virus Demonstrates Urgent Need for Stronger Protection Over Systems and Sensitive Data (PDF). United States General Accounting Office.
^ Hariyami, Anmol (June 2019). Analysis of Statistical Data of Cyber Attacks in History (PDF) (Volume 6 ed.). pp. 1–5.
^ Thielman, Sam (15 December 2015). Yahoo hack: 1bn accounts compromised by biggest data breach in history (PDF). pp. 1–3. {{cite book}}: |work= ignored (help)

[1] "Unauthorized Access". Information Security. DEPARTMENT OF TECHNOLOGY SOLUTIONS. Retrieved 10 January 2024.

[2] Winn, Peter A. (2007). The Guilty Eye: Unauthorized Access, Trespass and Privacy. Retrieved 10 January 2024.

[3] Gibbs, C.J. "Kennison v Daire [1986] HCA 4 - BarNet Jade". jade.io. Retrieved 10 January 2024.

[4] Kumar, Naveen (December 2014). Today's importance of cybersecurity - ProQuest. Utica College. pp. 1–4.

[5] Bharath, Aiyer. "New survey reveals $2 trillion market opportunity for cybersecurity technology and service providers | McKinsey". www.mckinsey.com. McKinsey & Company.

[6] A. Rhodes, Keith (April 15, 1999). The Melissa Computer Virus Demonstrates Urgent Need for Stronger Protection Over Systems and Sensitive Data (PDF). United States General Accounting Office.

[7] Hariyami, Anmol (June 2019). Analysis of Statistical Data of Cyber Attacks in History (PDF) (Volume 6 ed.). pp. 1–5.

[8] Thielman, Sam (15 December 2015). Yahoo hack: 1bn accounts compromised by biggest data breach in history (PDF). pp. 1–3. {{cite book}}: |work= ignored (help)

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]