Public-Key Cryptography Analysis

An administrator came to realize that their credentials had been used to run a query that they would not normally run, this would be a violation of separation of duties; which means that “any task in which vulnerabilities exist, steps within the tasks are assigned to different positions with different management”. Meaning that the attacker would have only been able to use this vulnerability through this employee because of their role in the copy, and other employee would have not had the ability to run this query. The attacker used job listing sites to narrow down what software Anthem uses to house their data; from their they used this public information to sort out over 100 employees that had access to this data. The attacker then used malware to get a hand full of employee’s credentials. Even though it is said that to keep all the personal information stored in Anthem’s computer system encrypted would have not stopped or prevented this attack because these attackers had done their research and knew what credentials they would need to perform the attack, no matter how the information was stored they still would have been able to access it. The one thing that could have been done is using cryptography for all the employee’s, especially those whom can use their credentials to perform special task. …show more content…
This form of cryptographic would give them a public key and a private key, the public key any random set of numbers and letters that would match up with the private key but the private key would only be displayed once while attempting to complete a task which is only good for 5 minutes if they user doesn’t input the out come of the two within the time frame they will be required to generate a new private key in order to move