| Recurring |
one_organization |
(a) The software failure incident having happened again at one_organization:
- Kaspersky Lab acknowledged being hacked by a nation state once before in 2015, when dozens of machines in its networks were infected by the Duqu 2.0 spyware [64153].
(b) The software failure incident having happened again at multiple_organization:
- There is no specific mention in the provided article about similar incidents happening at other organizations. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the article can be attributed to design-related factors introduced during system development and updates. The incident involved an NSA contractor who had confidential hacking tools leaked to Kaspersky Lab due to a series of security mistakes. The contractor had disabled the Kaspersky antivirus software at some point and later turned it back on after downloading and installing malware while trying to pirate Microsoft Office. The antivirus software then detected NSA hacking tools as malware and uploaded the file to Kaspersky Lab for analysis [64153].
(b) The software failure incident can also be linked to operational factors introduced by the operation or misuse of the system. The contractor's actions, such as downloading pirated software and disabling the antivirus, contributed to the exposure of the NSA hacking tools. The misuse of the system by the contractor, including downloading malware and using illegal software, played a role in the chain of events that led to the security breach and leakage of confidential tools [64153]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident in the article is primarily attributed to multiple serious security errors on the part of the user, believed to be an NSA contractor. The contractor was using Kaspersky's home antivirus software when malware attributed to the "Equation Group" was detected on their computer. The contractor disabled the antivirus software at some point and later turned it back on after downloading and installing malware while trying to pirate Microsoft Office. This led to the antivirus detecting NSA hacking tools as malware and uploading them to Kaspersky Lab for analysis [64153].
(b) outside_system: The article does not provide direct evidence of the software failure incident being caused by contributing factors originating from outside the system. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- The software failure incident in the article was primarily due to a series of security mistakes made by an NSA contractor, such as downloading and installing pirated software which contained malware [64153].
- The Kaspersky antivirus software correctly detected and blocked the malware, as well as NSA hacking tools, which were uploaded to Kaspersky Lab for analysis [64153].
(b) The software failure incident occurring due to human actions:
- The NSA contractor's actions of downloading and installing pirated software, which contained malware, contributed to the software failure incident [64153].
- The contractor disabling and then re-enabling the Kaspersky antivirus software also played a role in the incident [64153]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in the articles does not seem to be directly related to hardware issues. The incident primarily revolves around security mistakes made by an NSA contractor, the detection of malware and NSA hacking tools on the contractor's computer, and the subsequent actions taken by Kaspersky Lab in response to these findings [64153].
(b) The software failure incident is attributed to multiple serious security errors on the part of the NSA contractor, such as downloading and installing pirated software which contained malware, disabling and re-enabling the antivirus software, and the detection of NSA hacking tools as malware by the antivirus program. These software-related factors contributed to the incident where the contractor's actions led to the exposure of confidential hacking tools to Kaspersky Lab [64153]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious in nature. The incident involved a US National Security Agency contractor leaking confidential hacking tools to a Russian cybersecurity firm, Kaspersky Lab. The contractor's actions, such as downloading pirated software and inadvertently exposing NSA hacking tools, were part of a sequence of security mistakes that ultimately led to the breach [64153]. The incident raised concerns about potential involvement of Russian intelligence agencies targeting the NSA contractor for further attacks [64153].
(b) The incident was not non-malicious as it involved intentional actions by the contractor that led to the exposure of sensitive NSA hacking tools to a third party [64153]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The software failure incident described in the article can be attributed to poor decisions made by the NSA contractor. The contractor made a series of serious security errors, including downloading and installing pirated software which led to the installation of malware on the computer. Additionally, the contractor disabled the Kaspersky antivirus software at one point, allowing for the malware to potentially provide access to third parties. These poor decisions ultimately led to the exposure of NSA hacking tools and the subsequent involvement of Kaspersky Lab in the incident [64153].
(b) The software failure incident can also be linked to accidental decisions made by the NSA contractor. For instance, the contractor accidentally downloaded and installed malware while trying to pirate Microsoft Office using an illegal activation key generator. This accidental decision resulted in the installation of a backdoor on the computer, potentially allowing unauthorized access. Furthermore, the contractor's actions of turning the antivirus software on and off at different times could be seen as unintended decisions that contributed to the failure [64153]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident in the article can be attributed to development incompetence. The incident involved a series of security mistakes made by a US National Security Agency contractor, leading to the leaking of confidential hacking tools to Kaspersky Lab [64153]. The contractor made serious security errors, such as downloading and installing pirated software, which resulted in the detection of NSA hacking tools by the antivirus software. Additionally, the contractor's actions, like disabling and re-enabling the antivirus software, contributed to the exposure of the hacking tools.
(b) The software failure incident can also be considered accidental to some extent. The contractor's actions, such as downloading and installing pirated software with malware, may have been accidental in nature. Furthermore, the timeline of events and the sequence of errors that occurred could be seen as unintentional mistakes rather than deliberate actions [64153]. |
| Duration |
temporary |
The software failure incident described in the article was temporary. The incident involved a series of security mistakes by a US National Security Agency contractor, leading to the leaking of confidential hacking tools to Kaspersky Lab. The contractor disabled the Kaspersky antivirus software, downloaded malware while trying to pirate Microsoft Office, and then re-enabled the antivirus software, which correctly detected and blocked the malware along with NSA hacking tools. The contractor's actions introduced contributing factors that led to the temporary failure incident [64153]. |
| Behaviour |
value, other |
(a) crash: The software failure incident described in the article does not involve a crash where the system loses state and stops performing its intended functions. Instead, the antivirus software correctly detected and blocked malware and NSA hacking tools, indicating that the system was still operational and performing its functions [64153].
(b) omission: The incident does not involve a failure due to the system omitting to perform its intended functions at an instance(s). The antivirus software successfully detected and blocked the malware and hacking tools, indicating that it was actively performing its functions [64153].
(c) timing: The failure is not related to the system performing its intended functions too late or too early. The timeline provided in the article shows a sequence of events where the antivirus software detected the malware and hacking tools at appropriate times, triggering the necessary responses [64153].
(d) value: The software failure incident does involve a failure due to the system performing its intended functions incorrectly. The system flagged NSA hacking tools as malware, which led to the uploading of the files to Kaspersky Lab for analysis. This action was based on a misinterpretation of the hacking tools as new variants of malware [64153].
(e) byzantine: The incident does not exhibit a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The actions taken by the system, such as detecting and blocking malware, uploading files for analysis, and responding to security threats, were consistent with its intended functions [64153].
(f) other: The software failure incident involves a unique behavior where the system, in this case, the antivirus software, detected NSA hacking tools as malware and uploaded them for analysis based on a misinterpretation. This behavior could be categorized as a misclassification or misidentification of the files, leading to an unintended consequence of sharing sensitive information with the antivirus company [64153]. |