Incident Details

Incident: Government Research Project on Extracting Data from Gaming Consoles.

Published Date: 2012-04-09

Postmortem Analysis
Timeline	1. The software failure incident mentioned in the article happened in 2012. Therefore, the timeline of the software failure incident is estimated to be in 2012.
System	unknown
Responsible Organization	1. Obscure Technologies was responsible for causing the software failure incident as they were awarded a contract by the Department of Homeland Security to develop a forensic tool to extract data from gaming consoles [11367].
Impacted Organization	1. Gamers storing sensitive information on gaming consoles [11367]
Software Causes	1. The software cause of the failure incident was the vulnerability in gaming consoles that allowed for the extraction of sensitive information stored on the devices [11367].
Non-software Causes	1. The Department of Homeland Security's research project aimed at hacking into gaming consoles to obtain sensitive information stored on the devices [11367]. 2. Concerns raised by the Electronic Frontier Foundation about users potentially not knowing what data is created and stored on their gaming devices [11367].
Impacts	1. The software failure incident led to concerns about the potential extraction of sensitive information from gaming consoles, including passwords, credit card numbers, addresses, and communications with other gamers [11367]. 2. Users were worried about the lack of awareness regarding the data created and stored on their gaming devices, as these consoles are used as general-purpose computers for various communications [11367]. 3. Researchers at Drexel University demonstrated that even after reformatting a device, sensitive information like credit card details and billing addresses could still be extracted from the hard drive of an Xbox 360, highlighting a significant impact of the software failure incident [11367].
Preventions	1. Implementing robust anti-tampering technologies within gaming consoles to make extracting data more difficult [11367]. 2. Enhancing user awareness about the potential data stored on gaming devices and the importance of securely erasing data before selling or disposing of the device [11367]. 3. Conducting thorough security assessments and testing on gaming consoles to identify and address potential vulnerabilities that could be exploited for data extraction [11367].
Fixes	1. Implementing stronger anti-tampering technologies on gaming consoles to prevent unauthorized data extraction [11367]. 2. Enhancing user awareness about the potential data stored on gaming devices and the importance of securely erasing data before selling or disposing of the device [11367]. 3. Conducting regular security audits and updates on gaming consoles to patch any vulnerabilities that could be exploited for data extraction [11367].
References	1. Department of Homeland Security 2. Obscure Technologies 3. Foreign Policy magazine 4. Government document justifying the award of the contract to Obscure Technologies 5. Simson Garfinkel, a computer science professor associated with the project 6. Obscure Technologies president Gregory May 7. Parker Higgins, a spokesman for the Electronic Frontier Foundation 8. Researchers at Drexel University [11367]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization	(a) The software failure incident related to extracting data from gaming consoles by hacking into them has not been reported to have happened again within the same organization (Obscure Technologies) or with its products and services. The incident described in the article seems to be a specific research project initiated by the Department of Homeland Security and contracted to Obscure Technologies for developing forensic tools to extract data from gaming consoles [11367]. (b) The software failure incident related to extracting data from gaming consoles through hacking has not been reported to have happened again at other organizations or with their products and services in the articles provided. The focus of the incident described in the article is on the specific research project conducted by the Department of Homeland Security and contracted to Obscure Technologies for developing tools to extract data from gaming consoles for investigative purposes [11367].
Phase (Design/Operation)	design, operation	(a) The article mentions a research project initiated by the Department of Homeland Security to develop a forensic tool that can extract data from gaming consoles, including Xbox 360, Wii, and PlayStation 3. The project involves creating new hardware and software tools to extract data from these consoles, particularly focusing on obtaining sensitive information stored on the devices. This initiative can be considered a design-related failure as it involves the development of tools and procedures to extract data from the gaming consoles [11367]. (b) The concern raised by Parker Higgins from the Electronic Frontier Foundation about users potentially not knowing the extent of sensitive and private information stored on their gaming devices, such as the Xbox, highlights a potential operation-related failure. Users may unknowingly store sensitive data on their consoles through various communications and activities, which could be at risk of extraction or misuse [11367].
Boundary (Internal/External)	within_system	(a) The software failure incident described in the articles is related to within_system factors. The failure is attributed to the Department of Homeland Security's research project to hack into gaming consoles to obtain sensitive information about gamers stored on the devices. This project involves developing new hardware and software tools to extract data from gaming consoles, including information about communications with other gamers. The failure originates from within the system as the project aims to extract data from the consoles themselves [11367].
Nature (Human/Non-human)	non-human_actions, human_actions	(a) The software failure incident related to non-human actions can be seen in the article where it discusses the Department of Homeland Security's research project to find ways to hack into gaming consoles to obtain sensitive information about gamers stored on the devices. This project involves developing a forensic tool to extract data from gaming consoles, including Xbox 360, Wii, PlayStation 3, and others. The project aims to extract data from gaming consoles owned by foreigners outside the U.S., particularly for investigations related to pedophiles and terrorists using gaming consoles for communication and planning activities [11367]. (b) The software failure incident related to human actions is evident in the concerns raised by Parker Higgins from the Electronic Frontier Foundation regarding users potentially not being aware of the sensitive and private information stored on their gaming devices. Higgins highlighted that gaming consoles are being used as general-purpose computers and for various communications, including active online communities where people communicate. This lack of awareness and potential data exposure on gaming consoles could lead to privacy and security risks [11367].
Dimension (Hardware/Software)	software	(a) The articles do not provide information about a software failure incident related to hardware issues. (b) The software failure incident mentioned in the articles is related to software tools being developed to extract data from gaming consoles for forensic purposes. Obscure Technologies was awarded a contract to create new hardware and software tools to extract data from gaming consoles, including Xbox 360, Wii, and PlayStation 3 [11367]. The failure in this context could potentially arise from software bugs, glitches, or errors in the development of these forensic tools.
Objective (Malicious/Non-malicious)	malicious, non-malicious	(a) The objective of the software failure incident was malicious, as the Department of Homeland Security launched a research project to find ways to hack into gaming consoles to obtain sensitive information about gamers stored on the devices. The project involved awarding contracts to companies like Obscure Technologies to develop forensic tools to extract data from gaming consoles, including information such as passwords, credit card numbers, addresses, and communications with other gamers [11367]. (b) The software failure incident was non-malicious in the sense that the research project aimed at investigating pedophiles who target victims through gaming systems and terrorists who may be using gaming consoles to communicate and plan their activities. The government stated that the forensic tool would only be used on systems owned by foreigners outside the U.S., and any data regarding U.S. persons found on consoles purchased overseas would be removed from the corpus due to Privacy Act considerations [11367].
Intent (Poor/Accidental Decisions)	poor_decisions, unknown	(a) The intent of the software failure incident related to poor decisions can be inferred from the article. The Department of Homeland Security initiated a research project to hack into gaming consoles to obtain sensitive information about gamers stored on the devices. This project involved awarding a contract to Obscure Technologies to develop a forensic tool to extract data from gaming consoles, including Xbox 360, Wii, and PlayStation 3. The project aimed to extract information such as passwords, credit card numbers, addresses, and communications with other gamers from these consoles. The government justified the award of the contract to Obscure Technologies based on their experience in reverse-engineering and exploiting digital rights management technologies [11367]. This decision to pursue hacking into gaming consoles for sensitive data extraction can be considered a poor decision, as it raises privacy and security concerns for gamers. (b) The intent of the software failure incident related to accidental decisions is not explicitly mentioned in the articles.
Capability (Incompetence/Accidental)	unknown	(a) The articles do not provide information about a software failure incident related to development incompetence. (b) The incident described in the articles is related to a deliberate research project initiated by the Department of Homeland Security to find ways to hack into gaming consoles to obtain sensitive information about gamers stored on the devices. This project involves contracting Obscure Technologies to develop a forensic tool to extract data from gaming consoles, including information about communications with other gamers. The project is aimed at investigating pedophiles and terrorists who may be using gaming consoles for communication and planning activities [11367].
Duration	unknown	The articles do not provide information about a software failure incident being either permanent or temporary.
Behaviour	other	(a) crash: The articles do not specifically mention a software crash incident where the system loses state and fails to perform its intended functions. (b) omission: The articles do not specifically mention a software failure incident related to the system omitting to perform its intended functions at an instance(s). (c) timing: The articles do not specifically mention a software failure incident related to the system performing its intended functions correctly but too late or too early. (d) value: The articles do not specifically mention a software failure incident related to the system performing its intended functions incorrectly. (e) byzantine: The articles do not specifically mention a software failure incident related to the system behaving erroneously with inconsistent responses and interactions. (f) other: The articles discuss a research project by the Department of Homeland Security to find ways to hack into gaming consoles to obtain sensitive information about gamers stored on the devices. This project involves developing forensic tools to extract data from gaming consoles, including information about communications with other gamers. The behavior of this software failure incident could be categorized as a security breach or unauthorized data extraction, where the software is being used to access and extract data from gaming consoles without the users' consent or knowledge.

IoT System Layer

Layer	Option	Rationale
Perception	None	None
Communication	None	None
Application	None	None

Other Details

Category	Option	Rationale
Consequence	property, non-human, theoretical_consequence, other	(a) death: There is no mention of any deaths resulting from the software failure incident in the provided article [11367]. (b) harm: The article does not mention any physical harm caused to individuals due to the software failure incident [11367]. (c) basic: There is no indication that people's access to food or shelter was impacted by the software failure incident [11367]. (d) property: The software failure incident did impact people's material goods and data as the Department of Homeland Security launched a research project to find ways to hack into gaming consoles to obtain sensitive information about gamers stored on the devices [11367]. (e) delay: The article does not mention any delays caused by the software failure incident [11367]. (f) non-human: Non-human entities, specifically gaming consoles, were impacted by the software failure incident as the government aimed to extract data from them [11367]. (g) no_consequence: The software failure incident did have observed consequences, particularly related to data extraction from gaming consoles, so it does not fall under the "no_consequence" category [11367]. (h) theoretical_consequence: The article discusses potential consequences of the software failure incident, such as concerns about sensitive and private information stored on gaming consoles and the potential for data extraction even after reformatting the devices [11367]. (i) other: The software failure incident could potentially lead to privacy concerns and unauthorized access to personal information stored on gaming consoles, which is an additional consequence not explicitly mentioned in the provided article [11367].
Domain	entertainment, government	The software failure incident reported in the articles is related to the entertainment industry. The Department of Homeland Security launched a research project to find ways to hack into gaming consoles to obtain sensitive information about gamers stored on the devices [Article 11367]. The project involved awarding a contract to Obscure Technologies to devise a forensic tool that can extract data from gaming consoles such as Xbox 360, Wii, PlayStation 3, and others. These gaming consoles are used for entertainment purposes and can store sensitive information like passwords, credit card numbers, and addresses. The government's interest in extracting data from these consoles is related to investigations of pedophiles targeting victims through gaming systems and concerns about terrorists potentially using gaming consoles to communicate and plan activities. Furthermore, the article mentions that the government has long been concerned about terrorists plotting and training in online games, indicating a connection to the entertainment industry [Article 11367]. Additionally, the article highlights that gaming consoles are being used as general-purpose computers and for various communications within online communities, further emphasizing the entertainment aspect of the failed system. Therefore, the software failure incident discussed in the articles is primarily related to the entertainment industry.

Sources

Feds Want Way to Hack Xboxes and Wiis for Evidence - WIRED - Published on: 2012-04-09
Article ID: 11367

Back to List