Background Facts

• Do Good, Inc. owns and operates a church in West Palm Beach, Florida. The church is called the Do Good Church; and the year is 2023.
• Do Good is in the midst of a multi-year redevelopment project in which it has hired construction contractors to build 3 new state of the art buildings and renovate the organization's existing business office. The construction company hired by Do Good is called Delayed Construction. The construction project is managed by Do Good's director of operations, Violet, and her team which includes: an in-house attorney who specializes in contracts, an accountant, named Mary, who manages Do Good's books, and Do Good's head of IT.
• Do Good is governed by a Board of Directors that serves on a volunteer basis and oversees Do Good's business operations and its budget. There are currently 5 people on the Board.
• Do Good has 100 employees and 1,000 regular attendees, with a regular annual budget of $5 million. Do Good has a special budget for the construction project of $12 million per year, with payments of $1 million per month. The construction project is going perfectlythe renovations are lovely and 2 out of 3 of the new buildings are nearly complete, ahead of schedule.

In January 2023

• At 5 a.m. on January 11, 2023, Do Good's accountant, Mary, received an email from Delayed Construction advising Mary that Delayed has moved its accounts to a new bank and that Delayed had updated wire instructions for receipt of its monthly payments from Do Good. Specifically, the email said "We are changing bankx and hav updated our wire inform. The new wire nomber information is beleaux."
• When Mary checked her email that morning at 8 a.m., she noted the changes to the wire number in Do Good's records and continued with her day. On the last Friday of January, Mary sent Delayed's monthly $1 million payment to the new wire account number and promptly received a receipt for the payment. The receipt stated "Payment Receaved." Mary saved the receipt in her records and left for the weekend.
• A few weeks later, on or about January 31, 2023, the President of Delayed called Violet to check on the status of last month's $1 million payment, as it was very unusual for Do Good to miss a payment, especially given how well the project is going and that Delayed is working ahead of schedule. Violet promised to check on it and immediately sent a text message to Mary, who confirmed she sent the wire on the last Friday of the month to Delayed's new wire number. Violet relayed this message to Delayed's President who confirmed that: (1) Delayed has not changed its bank or wire number and (2) that Delayed had not contacted Mary about any changes to its account the prior month.
• Mary and Violet are crushed by this news and quite concerned. They contact Do Good's IT director who advises them that Do Good may have been hacked.
• Throughout the construction project, Do Good consistently posted online pictures of the progress of the renovations and building erection; and received glowing reviews in local media about its annual $12 million construction budget and state-of-the-art plans for its new facilities.
• A criminal organization based in Europe saw the local press stories and had been tracking Do Good and Mary on Facebook for months.

In May 2023

• In another turn of bad luck for Do Good, on May 10, 2023, just when the church thought that it had resolved its issues with the payment to Delayed, Do Good's pastor attempted to log into her church laptop and was greeted by the following image:
• She immediately contacted the IT department which, in attempting to log in, was greeted by the same image. To be sure, the image is displayed on every Do Good employee's laptop. They are locked out of their files, including HR and personnel files and the monthly tithing records of church members and guests.
• After clicking on the image, Do Good's head of IT is taken to a screen where he is invited to chat with an unidentified individual who advises him that Do Good's files have been encrypted and it will cost them dearly to have the files unlocked.

Additional Background for the Semester-Long Assignment

• Do Good's Board of Directors formed a special committee (the "Do Better Committee") to assist the consulting firm initially hired to respond to the January cyber incident.
• The criminal organization responsible for the January and May incidents goes by the name "No Name" and employs hackers and money launderers throughout the world, including in West Palm Beach. One of No Name's employees, John Oh, met Mary at a Do Good church service and the two started casually dating back in 2019. From time to time, Mary left her Do Good laptop in her apartment unattended while John O. was visiting and he accessed her laptop to learn the details of Do Good's construction plans, banking patterns, and the method by which Do Good paid Delayed Construction for its work.
• Leaving her work laptop unlocked and unattended violated Mary's employment contract with Do Good and her duties as an employee of Do Good.
• Do Good has cyber insurance that will pay for it to engage professionals to investigate and attempt to remediate the January and May incidents.

Semester-Long Assignment:

You are one of the members of the Do Better Committee and, because of your experience in this course, your fellow committee members have asked you to help them spot issues and provide written guidance that addresses the following subjects. You are not a forensic expert or an attorney, but the Committee values your input and looks forward to reviewing your reference materials.

This assignment is open-resource and allows you to rely on course materials, lectures, guest interviews, and assigned readings.

Part II below, focuses on Modules 7 and 8.

You will be graded on:

• The substance of your answers
• Your identification and citations to your sources as Works Cited
• Organization of your answers to correspond with the questions below

Additional research is not required. For full credit, it is imperative that you provide citations to your references and explain your answers in detail.

Part III of this Semester-Long Assignment, the Midterm, and your Final, will be based on variations of the fact pattern above.

Part II - Understanding Cyber Incidents and Investigations

1. Based on the fact pattern, identify the nature of the January 11, 2023 incident. Which case study from Module 7 best fits this scenario?
   1. In addition, discuss the typical timeline of events for these types of incidents.
   2. Usingthe IC3 2021 Internet Crime Report as a guide:
      1. Please explain to the Do Better Committee the recent prevalence of this type of fraud.
      2. What are the steps that Do Good should take in reporting the January 11 incident to IC3?
2. The Committee wants to know who is at risk for the funds that were lost in the January wire transfer: Do Good or Delayed? What is your opinion based on the general rule from Module 7 that "the loss should be borne by the party best able to avoid it?" No additional legal research is expected.
   1. The January 11, 2023 is the result of both an insider threat and an external threat. Please provide examples of insider and external threats that can impact organizations. Also please:
      1. Identify the insider threat to Do Good based on the fact pattern, as well as the external threat.
3. The Committee understands that, as a victim of these threats, it must take further steps to safeguard the organization. Do Good's cyber insurer also requires the organization to conduct a thorough internal investigation of these incidents.

Actions