Incident: Hackers Stream Pornography on Asics Store Screens in New Zealand

Published Date: 2019-09-30

Postmortem Analysis
Timeline 1. The software failure incident at the Asics sports store in New Zealand happened on Sunday morning [89516]. Therefore, the estimated timeline for the incident would be September 29, 2019.
System 1. Asics sports store IT systems [89516]
Responsible Organization 1. Hackers were responsible for causing the software failure incident at the Asics sports store in New Zealand [89516].
Impacted Organization 1. Customers and passersby on Auckland's Queen Street [Article 89516] 2. Asics sports store employees 3. Asics company itself
Software Causes 1. The software cause of the failure incident was hackers taking over the shop's IT systems, leading to the streaming of pornography on the giant television screens at the Asics sports store in New Zealand [89516].
Non-software Causes 1. Hackers taking over the shop's IT systems [89516]
Impacts 1. Pornographic content was displayed on giant television screens at an Asics sports store in New Zealand for hours, causing offense and shock to passersby, including families with children [89516].
Preventions 1. Implementing robust cybersecurity measures such as regular security audits, penetration testing, and intrusion detection systems could have potentially prevented the hacking incident [89516]. 2. Ensuring proper access controls and authentication mechanisms within the IT systems could have helped in preventing unauthorized access to the screens displaying the inappropriate content [89516]. 3. Conducting thorough vetting and testing of software and online security solutions provided by third-party suppliers to ensure they are secure and not vulnerable to exploitation by hackers [89516].
Fixes 1. Enhancing cybersecurity measures to prevent future hacking incidents [89516]
References 1. Witnesses at the scene, including the store manager and Tanya Lee [Article 89516] 2. Security officer Dwayne Hinango [Article 89516]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident having happened again at one_organization: The article mentions that Asics, the Japanese company whose IT systems were hacked leading to the display of pornography on giant television screens at their sports store in New Zealand, stated that they were working with their software and online security suppliers to ensure such incidents didn't happen again [89516]. (b) The software failure incident having happened again at multiple_organization: There is no specific mention in the article about similar incidents happening at other organizations or with their products and services.
Phase (Design/Operation) design, operation (a) The software failure incident at the Asics sports store in New Zealand, where pornography was played on giant television screens, was attributed to hackers taking over the shop's IT systems. This incident points to a failure in the design phase, as the hackers were able to exploit vulnerabilities in the system's design or security measures, leading to unauthorized access and the display of inappropriate content [89516]. (b) Additionally, the incident could also be linked to failures in the operation phase, as the unauthorized content continued to be streamed on the screens facing the busy shopping street until employees arrived to open the store on Sunday morning. This suggests a failure in the operation or monitoring of the system, allowing the inappropriate content to be displayed for an extended period before being stopped [89516].
Boundary (Internal/External) within_system, outside_system (a) within_system: The software failure incident at the Asics sports store in New Zealand, where pornography was played on giant television screens, was due to hackers taking over the shop's IT systems [89516]. This indicates that the failure originated from within the system itself, as external actors (hackers) were able to breach the system's security and manipulate the content displayed on the screens.
Nature (Human/Non-human) non-human_actions (a) The software failure incident at the Asics sports store in New Zealand, where pornography was played on giant television screens, was due to non-human actions. Hackers took over the shop's IT systems, leading to the unauthorized streaming of the inappropriate content onto the screens facing Auckland's Queen Street [89516].
Dimension (Hardware/Software) hardware, software (a) The software failure incident at the Asics sports store in New Zealand, where pornography was played on giant television screens, was attributed to hackers taking over the shop's IT systems. This indicates a hardware-related failure as the contributing factor originated in the hardware systems that were compromised by the hackers [89516]. (b) The response from Asics mentioned that they were working with their software and online security suppliers to prevent such incidents from happening again. This suggests that there were software-related vulnerabilities that allowed the hackers to exploit the system and stream the inappropriate content on the screens [89516].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident at the Asics sports store in New Zealand, where pornography was played on giant television screens, was malicious in nature. The incident was caused by hackers who took over the shop's IT systems, streaming inappropriate content for hours until employees arrived to open the store [89516]. The store manager mentioned that his staff members were not responsible for the incident, indicating that the failure was a result of malicious actions by external parties. Additionally, the company stated that they were working with their software and online security suppliers to prevent such incidents from happening again, further suggesting that the failure was due to malicious intent.
Intent (Poor/Accidental Decisions) unknown (a) The intent of the software failure incident was not due to poor decisions. The incident was caused by hackers who took over the shop's IT systems, leading to the streaming of pornography on the giant television screens at the Asics sports store in New Zealand [89516]. The store manager mentioned that he was "100 per cent sure" that his staff members were not responsible for the incident, indicating that it was an external malicious attack rather than an internal poor decision [89516].
Capability (Incompetence/Accidental) accidental (a) The software failure incident at the Asics sports store in New Zealand, where pornography was played on giant television screens, was not attributed to development incompetence. The store manager mentioned that he was "100 per cent sure" that his staff members were not responsible for the incident, indicating that the failure was not due to lack of professional competence by humans or the development organization [89516]. (b) The incident of pornography being streamed on the screens at the Asics store was attributed to hackers taking over the shop's IT systems. This indicates that the software failure was accidental, as it was caused by external malicious actors gaining unauthorized access to the IT systems, rather than being introduced accidentally by internal staff or the development organization [89516].
Duration temporary (a) The software failure incident in the Asics sports store in New Zealand, where pornography was played on giant television screens, was temporary. The incident lasted for several hours over the weekend, from 1 am on Sunday morning until 10 am when employees arrived to open the store [89516]. The incident was not permanent as it was eventually stopped and did not continue indefinitely.
Behaviour crash (a) crash: The software failure incident in the Asics sports store in New Zealand can be categorized as a crash. The incident involved hackers taking over the shop's IT systems, leading to the playback of pornography on giant television screens facing a busy shopping street. The system lost control and displayed inappropriate content until employees arrived to open the store, indicating a failure due to the system losing its state and not performing its intended functions [89516].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence unknown (a) death: People lost their lives due to the software failure (b) harm: People were physically harmed due to the software failure (c) basic: People's access to food or shelter was impacted because of the software failure (d) property: People's material goods, money, or data was impacted due to the software failure (e) delay: People had to postpone an activity due to the software failure (f) non-human: Non-human entities were impacted due to the software failure (g) no_consequence: There were no real observed consequences of the software failure (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? The consequence of the software failure incident: The incident at the Asics sports store in New Zealand, where pornography was played on giant television screens due to hackers taking over the IT systems, did not result in any physical harm, loss of life, or impact on basic needs like food or shelter. It primarily affected the reputation of the store, causing offense to some individuals and leading to shock among witnesses. The incident did not lead to any reported property damage or financial loss. The primary consequence observed was the display of inappropriate content in a public space, leading to discomfort and shock among passersby [89516].
Domain entertainment (a) The failed system was intended to support the entertainment industry. The incident involved pornography being played on giant television screens at an Asics sports store in New Zealand, which is related to the entertainment sector [89516].

Sources

Back to List