| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to hackers taking over accounts and running fraudulent ads on Facebook has happened again within the same organization, LiveRamp. In October, hackers commandeered the personal account of a LiveRamp employee and used it to gain access to the company's Business Manager account, allowing them to run ads using other people's money [94625].
(b) The software failure incident of hackers targeting ad accounts on Facebook has also happened at other organizations. In December, Facebook filed a lawsuit against a Chinese ad company for running a hacking campaign that targeted ad accounts on the social network. The hackers took over people's ad accounts through malware on browser extensions and spent at least $4 million with those accounts' credit cards for fraudulent products between 2016 and 2019 [94625]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the articles can be attributed to the design phase. The incident occurred when hackers took over a LiveRamp employee's personal account, which was then used to gain access to the company's Business Manager account, allowing them to run ads using other people's money [94625]. This breach was a result of a flaw in the system design that allowed unauthorized access to sensitive accounts and data. Additionally, the hackers targeted ad accounts on Facebook by taking over people's accounts through malware on browser extensions, leading to fraudulent activities involving credit card numbers and counterfeit goods [94625].
(b) The software failure incident can also be linked to the operation phase. The incident involved hackers compromising a LiveRamp employee's account, which was being operated within the Facebook advertising ecosystem. The misuse of the employee's account by the hackers led to unauthorized access to LiveRamp's customer accounts on Facebook, resulting in fraudulent ads and financial losses for the victims [94625]. This aspect of the failure highlights the importance of secure operational practices and the potential risks associated with the misuse of system access privileges. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system:
- The software failure incident involving LiveRamp's Facebook account being hacked and used to run fraudulent ads was primarily due to factors originating from within the system. The hackers were able to compromise a LiveRamp employee's personal Facebook account, which then allowed them to gain access to the company's Business Manager account and run ads using other people's money [94625].
- LiveRamp confirmed that the damage was contained and affected a limited number of customers and associated ad accounts. They worked with Facebook to revoke unauthorized access and restore functionality to normal for customers [94625].
(b) outside_system:
- The software failure incident also had contributing factors originating from outside the system, as hackers targeted LiveRamp's Facebook account through the personal account of an employee. The hackers used malware on browser extensions to take over people's ad accounts and spent at least $4 million with those accounts' credit cards for fraudulent products between 2016 and 2019 [94625].
- Facebook filed a lawsuit against a Chinese ad company for running a hacking campaign that targeted ad accounts on the social network, indicating external threats to the system [94625]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case was primarily due to non-human actions, specifically hackers taking over a LiveRamp employee's personal Facebook account and using it to gain access to the company's Business Manager account. This allowed the hackers to run fraudulent ads using other people's money and steal credit card numbers [94625].
(b) However, human actions also played a role in this incident as the LiveRamp employee's personal Facebook account being compromised was likely due to some form of human error or oversight in maintaining the security of their account credentials. Additionally, the lack of stringent security measures and protocols in place for employees with access to sensitive accounts like the Business Manager account could be considered a human action contributing to the failure [94625]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident occurring due to hardware:
- The incident described in the article does not directly point to a failure due to contributing factors originating in hardware. The primary cause of the incident was hackers taking over a LiveRamp employee's personal Facebook account, which led to unauthorized access to the company's Business Manager account and subsequent fraudulent activities on the platform. The focus is more on the security breach and misuse of access rather than hardware-related issues [94625].
(b) The software failure incident occurring due to software:
- The software failure incident in this case can be attributed to contributing factors originating in software. The hackers exploited vulnerabilities in the software systems, particularly in LiveRamp's and Facebook's platforms, to gain unauthorized access and run fraudulent ads using other people's money. The incident involved malware on browser extensions, which allowed the hackers to take over ad accounts and spend millions of dollars on fraudulent products. This highlights a software-related failure in terms of security loopholes and unauthorized access [94625]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious in nature. It involved hackers taking over a LiveRamp employee's personal Facebook account and using it to gain access to the company's Business Manager account, allowing them to run ads using other people's money [94625]. The hackers spent at least $4 million with those accounts' credit cards for fraudulent products like counterfeit goods and male enhancement supplements between 2016 and 2019. The incident was part of a hacking campaign that targeted ad accounts on Facebook, demonstrating malicious intent to scam countless people and steal credit card numbers [94625]. The hackers ran ads on LiveRamp's customer accounts on Facebook, spending thousands of victims' dollars to trick viewers into buying fake products and directing visitors to a page designed to steal people's credit card numbers [94625].
(b) The software failure incident was not non-malicious as it was a deliberate act by hackers to exploit vulnerabilities and gain unauthorized access to accounts for fraudulent activities. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
The software failure incident described in the articles can be attributed to both poor decisions and accidental decisions:
(a) poor_decisions: The incident involved poor decisions such as not requiring higher security standards for business managers, including major data partners like LiveRamp, on Facebook. Marcin Kleczynski from Malwarebytes highlighted concerns about the lack of stricter security measures and the risk associated with sharing the same identity for managing significant amounts of money and personal activities on Facebook [94625].
(b) accidental_decisions: The incident also involved accidental decisions or unintended consequences, such as the hackers exploiting the compromised personal Facebook account of a LiveRamp employee who had access to the company's Business Manager account. This unintended access allowed the hackers to run fraudulent ads using other people's money and credit card information [94625]. |
| Capability (Incompetence/Accidental) |
development_incompetence, unknown |
(a) The software failure incident related to development incompetence is evident in the article as hackers were able to take advantage of a LiveRamp employee's personal Facebook account to gain access to the company's Business Manager account. This incident occurred due to the lack of professional competence in ensuring the security of employee accounts that have access to sensitive data and advertising tools on Facebook [94625].
(b) The software failure incident related to accidental factors is not explicitly mentioned in the provided article. |
| Duration |
temporary |
The software failure incident described in the articles can be categorized as a temporary failure. The incident involved hackers taking over a LiveRamp employee's personal Facebook account, which then allowed them to gain access to the company's Business Manager account and run fraudulent ads using other people's money [94625]. This incident was not a permanent failure but rather a temporary one caused by specific circumstances, such as the hacking of the employee's account, which led to unauthorized access and misuse of the advertising platform. |
| Behaviour |
value, other |
(a) crash: The incident described in the articles does not involve a system crash where the system loses state and stops performing its intended functions. Instead, it involves hackers taking over a LiveRamp employee's account and using it to gain unauthorized access to the company's Business Manager account, allowing them to run fraudulent ads using other people's money [94625].
(b) omission: The software failure incident does not involve the system omitting to perform its intended functions at an instance(s). Instead, the incident revolves around hackers using compromised accounts to run fraudulent ads on Facebook, leading to financial losses and stolen credit card numbers [94625].
(c) timing: The failure incident is not related to the system performing its intended functions correctly but at the wrong time. It is more about unauthorized access and misuse of accounts to run fraudulent ads on Facebook [94625].
(d) value: The software failure incident does involve the system performing its intended functions incorrectly. Hackers took over accounts to run ads using other people's money, leading to financial losses and fraudulent activities on the platform [94625].
(e) byzantine: The incident does not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. It primarily involves unauthorized access and misuse of accounts for fraudulent activities on Facebook [94625].
(f) other: The behavior of the software failure incident can be categorized as a security breach resulting from unauthorized access to accounts, leading to financial losses, stolen credit card numbers, and fraudulent activities on the platform [94625]. |