| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the Chrome spyware attack has happened again within the same organization, Google. In 2018, Google had set new rules for extension developers to follow or face the possibility of having their extension removed from the Chrome store after one in 10 submissions was deemed malicious [101422]. This indicates that Google had faced similar issues with malicious extensions in the past, leading to the implementation of stricter rules.
(b) The incident of malicious software being distributed through Google's Chrome Store is not unique to Google alone. Malicious developers have been using Google's Chrome Store as a conduit for a long time due to its popularity, initially spewing unwanted advertisements and now installing additional malicious programs or tracking users for espionage purposes [101422]. Additionally, in February, an independent researcher and Cisco Systems' Duo Security uncovered a similar Chrome campaign that stole data from about 1.7 million users, with Google finding 500 fraudulent extensions [101422]. This suggests that similar incidents have occurred with other organizations or their products and services as well. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be attributed to the malicious Chrome extensions that were developed and distributed through Google's Chrome Web Store. Security researchers discovered malware that compromised users through downloads of these extensions, which were designed to appear as legitimate tools for warning users about questionable websites or converting files. However, instead of serving their stated purposes, these extensions siphoned off browsing history and sensitive data, leading to a significant security breach [101422].
(b) The software failure incident related to the operation phase can be linked to the users who downloaded and installed the malicious Chrome extensions. These users unknowingly exposed their browsing history and sensitive information to the attackers behind the spyware campaign. The operation of the system, in this case, involved users interacting with the compromised extensions on their Chrome browsers, ultimately leading to the theft of their data [101422]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system:
The software failure incident related to the Chrome spyware attack on Google Chrome extensions can be categorized as a within_system failure. The malicious Chrome extensions were able to compromise users and steal sensitive information due to the fact that they were able to bypass Google's security measures and infiltrate the Chrome Web Store, which is a part of the Chrome browser system itself [101422].
(b) outside_system:
The software failure incident can also be attributed to contributing factors that originate from outside the system. The developers behind the malicious Chrome extensions supplied fake contact information when submitting the extensions to Google, making it difficult for Google to detect the malicious intent initially. Additionally, the domains used in the attack were purchased from an external registrar in Israel, Galcomm, which claimed innocence and cooperation with law enforcement to prevent malicious activities [101422]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident related to non-human actions in this case was the distribution of malware through malicious Chrome extensions. Security researchers discovered that the spyware attacked users through 32 million downloads of Chrome extensions, which siphoned off browsing history and data without the users' knowledge [101422].
(b) The software failure incident related to human actions in this case involved the malicious developers who supplied fake contact information when submitting the extensions to Google. Additionally, the developers designed the extensions to avoid detection by antivirus companies or security software, showing deliberate actions to evade detection [101422]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident related to hardware:
- The incident reported in the news article [101422] is primarily related to software failure due to malicious Chrome extensions that compromised users through downloads. The malware attacked users through 32 million downloads of Chrome extensions, which were designed to steal browsing history and data for access to internal business tools. This indicates that the failure originated in the software domain rather than hardware.
(b) The software failure incident related to software:
- The software failure incident reported in the news article [101422] is directly related to software issues. The incident involved the distribution of malicious Chrome extensions that acted as spyware, stealing information from users' computers and sending it to a third party. The malicious software infiltrated computing devices through the Chrome Web Store, highlighting a software-related failure in terms of security vulnerabilities and malicious code execution. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in the articles is malicious in nature. Security researchers discovered malware that compromised users through downloads of extensions to Google's Chrome web browser. The malware, described as 'spyware,' attacked users through 32 million downloads of Chrome extensions, which were designed to steal browsing history and data for unauthorized access to internal business tools [101422]. The malicious developers behind the spyware campaign supplied fake contact information when submitting the extensions to Google, and the extensions were designed to avoid detection by antivirus companies or security software [101422].
Additionally, the incident involved the purchase of more than 15,000 malicious domains linked to each other from a small registrar in Israel, Galcomm. The registrar denied involvement in any malicious activity and claimed to cooperate with law enforcement and security bodies to prevent such activities [101422].
Former National Security Agency engineer Ben Johnson highlighted that malicious developers have been using the Chrome Store to install additional malicious programs or track users' activities for espionage purposes [101422]. Google had set new rules for extension developers to follow to prevent such incidents, but similar campaigns have been uncovered in the past, indicating a persistent threat from malicious actors targeting Chrome users [101422]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was due to poor decisions made by the malicious developers who created the spyware-infected Chrome extensions. These developers supplied fake contact information when submitting the extensions to Google, designed the extensions to avoid detection by antivirus companies, and purchased malicious domains to hide their activities [101422]. These actions demonstrate a deliberate effort to deceive users and evade detection, indicating a clear intent to compromise users' data for malicious purposes. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence is evident in the malware attack on Google Chrome users through malicious extensions. Security researchers discovered that the spyware attack compromised users through 32 million downloads of Chrome extensions, which were designed to steal browsing history and credentials for internal business tools [101422].
(b) The software failure incident related to accidental factors is seen in the oversight by Google in detecting and removing the malicious Chrome extensions on its own. Despite the widespread impact of the spyware attack on millions of Google Chrome users, Google had not detected and removed the malicious add-ons until alerted by the researchers [101422]. |
| Duration |
permanent, temporary |
(a) The software failure incident in the articles can be considered as a permanent failure. The malware that compromised users through Chrome extensions was a deliberate and malicious act by developers who supplied fake contact information and designed the extensions to avoid detection by antivirus companies or security software [101422]. Additionally, the incident involved a significant number of downloads (32 million) of the malicious Chrome extensions, indicating a widespread and enduring impact on users [101422].
(b) The software failure incident can also be seen as a temporary failure in the sense that Google took action to remove more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by security researchers [101422]. This action by Google can be seen as a temporary resolution to the immediate threat posed by the malware-infected extensions. |
| Behaviour |
omission, value, other |
(a) crash: The software failure incident related to the Chrome spyware attack did not involve a crash where the system loses state and does not perform any of its intended functions. The spyware extensions were actively stealing browsing history and data, indicating that the system was still functioning to some extent [101422].
(b) omission: The software failure incident can be categorized under omission, as the malicious Chrome extensions omitted to perform their intended functions of warning users about questionable websites or converting files, instead siphoning off browsing history and sensitive data without the users' knowledge [101422].
(c) timing: The software failure incident was not related to timing issues where the system performs its intended functions too late or too early. The spyware extensions were actively collecting and transmitting data in real-time, indicating no timing-related failures [101422].
(d) value: The software failure incident falls under the category of value, as the malicious Chrome extensions were performing their intended functions incorrectly by stealing sensitive information from users' computers and sending it to a third party without the users' knowledge [101422].
(e) byzantine: The software failure incident does not align with a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The spyware extensions consistently stole information from users' computers and sent it to a third party without deviation [101422].
(f) other: The software failure incident can be categorized under a form of data breach or cyber attack, where the malicious Chrome extensions were designed to deceive users by offering seemingly legitimate functions while actually stealing sensitive information. This behavior could be classified as a deceptive tactic leading to a security breach [101422]. |