| Recurring |
one_organization |
(a) The software failure incident happened again at the same organization, Bank of America. Rodney Reed Caverly, a Bank of America worker, installed malware on the ATMs to make fraudulent withdrawals without leaving a transaction record [1457, 1460].
(b) There is no information in the provided articles about the software failure incident happening again at other organizations or with their products and services. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in this case can be attributed to the design phase. The incident involved a Bank of America worker who installed malicious software on ATMs, allowing him to make fraudulent withdrawals without leaving a transaction record. The malware was specifically designed to instruct the ATMs to dispense cash without creating a record of the transactions [1457, 1460].
(b) Additionally, the software failure incident can also be linked to the operation phase. The worker, Rodney Reed Caverly, was able to successfully carry out the fraudulent withdrawals over a seven-month period by operating the compromised ATMs with the malware he installed. This operation of the system in a malicious manner led to the theft of a significant amount of money [1457, 1460]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident in this case was primarily within the system. The incident involved a Bank of America worker, Rodney Reed Caverly, who installed malware on the bank's ATMs, allowing him to make fraudulent withdrawals without leaving a transaction record [1457, 1460]. Caverly wrote the code himself, instructing the ATMs to dispense cash without creating a record of the transactions [1460]. The malware used by Caverly was specifically targeted at Bank of America ATMs, indicating an internal system breach [1460]. The failure originated from within the system, as it was caused by the actions of an insider with access to the bank's IT infrastructure. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the articles was primarily due to non-human actions. The incident involved the installation of malware on ATMs by a Bank of America worker, Rodney Reed Caverly, which allowed him to make fraudulent withdrawals without leaving a transaction record [1457, 1460]. The malware instructed the ATMs to dispense cash without creating a record of the transactions, leading to the theft of a significant amount of money over a seven-month period.
(b) However, human actions were also involved in this software failure incident. Rodney Reed Caverly, the Bank of America worker, pleaded guilty to installing the malware on more than 100 ATMs and stealing $304,000 over the seven-month period. He admitted to writing the code himself that instructed the ATMs to dispense cash without recording the transactions [1460]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident in the articles was not due to hardware issues but rather due to malicious software installed on the ATMs by the Bank of America worker, Rodney Reed Caverly. The malware he installed on over 100 ATMs allowed him to make fraudulent withdrawals without leaving a transaction record, resulting in the theft of hundreds of thousands of dollars [1457, 1460].
(b) The software failure incident was directly related to software issues. Rodney Reed Caverly installed malware on the ATMs, which he wrote himself, instructing the machines to dispense cash without creating a record of the transactions. This software manipulation led to the fraudulent withdrawals and theft of funds over a seven-month period [1457, 1460]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in this case was malicious. Rodney Reed Caverly, a Bank of America worker, installed malware on ATMs with the intent to make fraudulent withdrawals without leaving a transaction record. He pleaded guilty to installing the malware on more than 100 ATMs and stealing $304,000 over a seven-month period [Article 1457, Article 1460]. Caverly wrote the code himself, which instructed the ATMs to dispense cash without creating a record of the transactions [Article 1460]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident:
- The software failure incident involving the Bank of America ATMs was due to poor decisions made by the Bank of America worker, Rodney Reed Caverly. He intentionally installed malware on over 100 ATMs to steal money by instructing the machines to dispense cash without creating a record of the transactions [Article 1457, Article 1460].
- Caverly's attorney mentioned that his client wrote the code himself, indicating a deliberate and premeditated action to carry out the fraudulent withdrawals [Article 1460]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident in the articles is related to development incompetence. Rodney Reed Caverly, a Bank of America worker and former CEO of a software development company, installed malware on ATMs to make fraudulent withdrawals without leaving a transaction record. He pleaded guilty to installing the malware on over 100 ATMs and stealing $304,000 over a seven-month period [1457, 1460]. This incident highlights a failure due to contributing factors introduced by a person with professional competence in software development, rather than accidental factors. |
| Duration |
permanent |
(a) The software failure incident in this case was permanent. Rodney Reed Caverly installed malware on Bank of America's ATMs, allowing him to make fraudulent withdrawals over a seven-month period ending in October 2009 [1457, 1460]. This indicates that the failure was ongoing and not limited to a specific temporary circumstance. |
| Behaviour |
crash, omission, other |
(a) crash: The software failure incident in the articles can be categorized as a crash as the malware installed by the Bank of America worker caused the ATMs to dispense cash without creating a record of the transactions, essentially leading to a loss of state and not performing the intended functions of recording the transactions [1457, 1460].
(b) omission: The incident can also be classified as an omission since the malware instructed the ATMs to dispense cash without leaving a record of the transactions, thereby omitting the intended function of recording the cash withdrawals [1457, 1460].
(c) timing: There is no indication in the articles that the software failure incident was related to timing issues where the system performed its intended functions either too late or too early.
(d) value: The incident does not align with a failure due to the system performing its intended functions incorrectly in terms of the value output.
(e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions.
(f) other: The other behavior exhibited in this software failure incident is unauthorized access and malicious activity by the Bank of America worker who installed the malware on the ATMs to carry out fraudulent cash withdrawals [1457, 1460]. |