| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the breach of source-code management systems, particularly the vulnerabilities in the Perforce system, occurred at multiple organizations. McAfee's white paper highlighted the insecurities in the Perforce system and suggested ways to secure it. Many companies attacked were using the same source-code management system made by Perforce, a California-based company. The attackers exploited vulnerabilities in the Perforce system to gain access to proprietary source code or make changes to the code surreptitiously [1011].
(b) The software failure incident involving the breach of source-code management systems, specifically the vulnerabilities in the Perforce system, affected 34 U.S. companies, including Google and Adobe. The Operation Aurora attacks targeted software-configuration management systems (SCM) to steal proprietary source code or make changes that could go undetected into commercial versions of the company's products. McAfee's white paper highlighted the flaws in SCMs and the risks associated with unsecured systems, emphasizing the need for better security measures in place [1011]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase is evident in the vulnerabilities found in the Perforce source-code management system. The article highlights several design flaws in Perforce that contributed to the security breach. For example, Perforce runs its software as "system" under Windows, allowing malware to inject itself into system-level processes and providing attackers access to all administrative functions on the system. Additionally, weak authentication in Perforce tools allows any user to replay a request with a guessable cookie value to obtain authenticated access to perform powerful operations on the server [1011].
(b) The software failure incident related to the operation phase is demonstrated by the lack of security measures in place for source-code management systems (SCMs). The article mentions that many SCMs are not secured out of the box and do not maintain sufficient logs to aid forensic investigators examining an attack. This lack of operational security in SCMs allows attackers to target individual developer systems to harvest large amounts of source code quickly, without needing to hack the backend SCM systems directly [1011]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident described in the article was primarily due to contributing factors that originated from within the system itself. The vulnerabilities and flaws in the Perforce source-code management system allowed hackers to exploit the system, gain unauthorized access, and potentially steal proprietary source code or make surreptitious changes to the code [1011]. The weaknesses in Perforce, such as running its software as "system" under Windows, allowing unauthenticated anonymous users to create users, lack of encryption for communication between client systems and the server, and storing files in cleartext, all contributed to the breach [1011]. These internal vulnerabilities within the source-code management system were exploited by the attackers to carry out the Operation Aurora attacks on various companies, including Google and Adobe [1011]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The software failure incident in Article 1011 was primarily caused by hackers who exploited vulnerabilities in the source-code management systems (SCM) used by various companies. The hackers targeted the SCM systems, particularly those made by Perforce, and manipulated security flaws to gain unauthorized access to intellectual property, including source code. The vulnerabilities in the Perforce system, such as running software as "system" under Windows, weak authentication, unencrypted communication between client and server, and storing files in cleartext, were exploited by the attackers without human participation [1011].
(b) The software failure incident occurring due to human actions:
The software failure incident in Article 1011 also involved human actions that contributed to the breach. The initial access by the attackers was gained through a spear-phishing attack against specific targets within the companies. The targets received deceptive emails or messages containing malicious links that, when clicked, executed a zero-day exploit targeting a vulnerability in Internet Explorer. This human interaction with the malicious content facilitated the attackers in establishing a foothold within the corporate networks, leading to further exploitation of vulnerabilities in the SCM systems [1011]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware:
- The article mentions vulnerabilities found in the Perforce source-code management system, such as running its software as "system" under Windows, allowing malware to inject itself into system-level processes and providing attackers access to all administrative functions on the system [1011].
- The default installation of Perforce on Windows runs as a local system, or as root, which can lead to security issues [1011].
(b) The software failure incident related to software:
- The software failure incident was primarily due to vulnerabilities and flaws in the Perforce source-code management system, which allowed hackers to exploit the system and gain unauthorized access to proprietary source code [1011].
- The attackers manipulated security flaws in the source-code management systems, enabling them to siphon source code and potentially modify it to make customers vulnerable to attacks [1011].
- McAfee discovered numerous design and implementation flaws in source-code management systems, indicating weaknesses in the software itself [1011]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The objective of the software failure incident was malicious. The hackers targeted source-code management systems to gain unauthorized access to intellectual property, specifically source code, in order to potentially modify it to make customers vulnerable to attacks. The attackers exploited vulnerabilities in the software-management systems to steal proprietary source code and develop exploits to attack customers using the software [1011]. The attack was part of the Operation Aurora attacks that affected multiple U.S. companies, including Google and Adobe [1011]. The attackers used spear-phishing techniques to gain initial access and then proceeded to exploit vulnerabilities in the source-code management systems to achieve their objectives [1011]. |
| Intent (Poor/Accidental Decisions) |
unknown |
(a) The intent of the software failure incident was not due to poor decisions but rather deliberate actions by hackers who targeted source-code management systems to gain unauthorized access to intellectual property [1011]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the article as it discusses vulnerabilities found in the Perforce source-code management system. The vulnerabilities include running the software as "system" under Windows, allowing unauthenticated anonymous users to create users without a password, transmitting information between client and server unencrypted, using weak authentication, and storing files in cleartext, among others. These issues indicate a lack of professional competence in designing and implementing secure software systems [1011].
(b) The accidental software failure incident is highlighted in the article through the exploitation of vulnerabilities in the source-code management systems by hackers. The attackers gained initial access through a spear-phishing attack, which led to the execution of malicious JavaScript and a zero-day exploit in the user's Internet Explorer browser. This accidental access allowed the attackers to infiltrate the systems and potentially steal or modify source code, impacting the security of the software unintentionally [1011]. |
| Duration |
permanent |
(a) The software failure incident described in the article is more aligned with a permanent failure. The hackers targeted source-code management systems, exploiting vulnerabilities that allowed them to potentially steal proprietary source code or make undetected changes to the code. The vulnerabilities in the Perforce system, such as running software as "system" under Windows, weak authentication, unencrypted communication, and storing files in cleartext, indicate a significant and ongoing security risk that could lead to long-term consequences [1011]. |
| Behaviour |
value, other |
(a) crash: The incident described in the article does not involve a crash where the system loses state and does not perform any of its intended functions. The attackers gained access to the source-code management systems and potentially stole proprietary source code or made changes to the code, indicating that the system was still functioning to some extent despite the unauthorized access [1011].
(b) omission: The incident does not involve a failure due to the system omitting to perform its intended functions at an instance(s). Instead, the attackers were able to access the source-code management systems and potentially steal or modify the source code, indicating that the system was still operational in terms of allowing access to the code [1011].
(c) timing: The incident does not involve a failure due to the system performing its intended functions correctly but too late or too early. The attackers were able to exploit vulnerabilities in the source-code management systems to gain unauthorized access, indicating that the system was functioning in real-time rather than with timing issues [1011].
(d) value: The incident does involve a failure due to the system performing its intended functions incorrectly. The attackers were able to manipulate security flaws in the source-code management systems to gain unauthorized access to valuable intellectual property, potentially stealing or modifying the source code to make customers vulnerable to attacks [1011].
(e) byzantine: The incident does not involve a failure due to the system behaving erroneously with inconsistent responses and interactions. The attackers' actions were deliberate and targeted, aiming to exploit vulnerabilities in the source-code management systems to achieve their goals rather than causing erratic or inconsistent behavior in the system [1011].
(f) other: The behavior of the software failure incident can be categorized as a security breach or unauthorized access. The attackers targeted source-code management systems to potentially steal proprietary source code or make changes to the code, which could have serious implications for the affected companies and their customers. This unauthorized access highlights a critical security flaw in the system that allowed external actors to compromise sensitive information [1011]. |