Case Study: Parler About this Case Study In January 2021, Parler, a free speech-focused social network that, according to reports, was used to coordinate the 2021 storming of the US Capitol, was hit by a content scraping attack that allowed to extract 99% of its publicly accessible posts. This attack facilitated the arrest of many individuals who had stormed the US Capitol.

Read 1. Wikipedia:

Parler 2. 70TB of Parler users messages, videos, and posts leaked by security researchers

3. Every Deleted Parler Post, Many With Users' Location Data, Has Been Archived

4. Parler Was Hacked on WordPress, The Internets Biggest Platform.

Complete the Worksheet:

Incident summary (6 points total, 1 point deducted per wrong answer)
Title of Incident:	Provide a brief descriptive name for this incident
Discovery date:	When was this incident discovered?
Start date of Incident:	When did this incident begin? (Beginning of offensive operations)
End date of incident:	When did this incident end? (Back to normal operations)
Organization affected:	What is the name of the organization that was directly impacted?
	Number of employees	Approximate number (Use OSINT if this is not provided, provide source)
	Revenues	Approximate revenues (Use OSINT if this is not provided, provide source)
	Country	Where is the head office located? (Use OSINT if this is not provided)
	Line of business	What is their main business (Use OSINT if this is not provided)
Cause of the incident:	Accident, Error or Voluntary? (No explanations are necessary)
Aspect affected:	Confidentiality, Integrity or Availability? There could be multiple answers.
Incident description (4 points)
Provide a short paragraph of up to 4 lines describing the incident itself. Dont cover its resolution. (How would you describe this incident to me if I dont know anything about it?)
Direct impacts (4 points)
Provide a description of how the operations of the affected organization have been impacted and explain why.
Direct cost (4 points)
Do we know anything about the direct costs of this incident for the affected organization? How has this money been spent? You can speculate or extrapolate on this if the information is not available.
Incident timeline (4 points)
Provide a timeline of up to five major events related to this incident. This should include at least the beginning of the incident, its discovery, and its resolution.

Perpetrator (4 points)

Do we know who is the likely perpetrator of this incident? What is our level of confidence? Why? I need answers to these 3 questions.

Motivation (4 points)

Do we know anything about the likely motive(why and what) for causing this incident? What is our level of confidence? Why? I need answers to these 3 questions.

Vulnerabilities being exploited and techniques used by the attackers (4 points)

An incident can only happen if the organization was vulnerable to something. What exploited vulnerabilities led to this incident? What specific techniques were used by the attackers? You can speculate or extrapolate on this if the information is not available.

Incident resolution (4 points)

What was done by the affected organization to resolve this incident and get back to normal operations? Can we say that the incident has been fully resolved or are there aspects that can never be fully resolved? I need answers to these 2 questions.

Communications to external parties (4 points)

Was the organization affected forthcoming on their communications? Did they seem to have a communication strategy? Did this have an impact on the outcome of this incident? I need answers to these 3 questions.

Long-term impacts (4 points)

Has there been or do you anticipate any long-term impacts to the organization? Why? I need answers to these 2 questions.

Lessons learned (4 points)

Could the organization have done anything differently to prevent this incident from happening?

Can we say this organization had done their due diligence? I need answers to these 2 questions.