| Recurring |
unknown |
(a) The software failure incident related to the hacking of Plenty of Fish users' bank accounts by the Tinba malware is specific to the Plenty of Fish dating website. There is no mention in the provided article of a similar incident happening before within the same organization.
(b) The article does not mention any specific instances of similar incidents happening at other organizations with their products and services. Therefore, there is no information provided to suggest that this particular software failure incident has occurred elsewhere. |
| Phase (Design/Operation) |
design |
(a) The software failure incident in the article is related to the design phase. The failure occurred due to malicious spying software being secretly installed on users' computers through seemingly ordinary adverts on the Plenty of Fish website, regardless of whether the user clicked on the advert or not. This software, known as the 'banking Trojan' Tinba, was designed to track keystrokes and collect sensitive financial information whenever users accessed their bank accounts or entered card details on shopping websites [38922].
(b) The software failure incident is not related to the operation phase or misuse of the system. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident described in the article is primarily within the system. The failure occurred due to the presence of malicious spying software, specifically the Tinba banking Trojan, which was secretly installed on users' computers through seemingly ordinary adverts on the Plenty of Fish dating website. This malware was designed to silently collect sensitive financial information such as bank account details and credit card information whenever users accessed their accounts or made online transactions [38922].
(b) outside_system: The contributing factors that originated from outside the system in this software failure incident include the actions of hackers who exploited vulnerabilities in the Plenty of Fish website to deliver the malicious adverts containing the Tinba malware to users' computers. The hackers targeted the dating website's estimated 12 million members in the UK, indicating an external threat actor seeking to compromise the security of the system and its users [38922]. |
| Nature (Human/Non-human) |
non-human_actions |
(a) The software failure incident in this case occurred due to non-human actions. The incident involved hackers using malicious spying software, specifically a 'banking Trojan' called Tinba, to secretly install malware on users' computers through seemingly ordinary adverts on the Plenty of Fish dating website. This malware would then track every keystroke of users accessing their bank accounts, without requiring any user interaction [38922]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident in the article is primarily due to hardware-related factors. The incident involves hackers using malicious spying software, known as the Tinba banking Trojan, to target users' computers and track their keystrokes when accessing bank accounts. This spying malware is smuggled into users' computers through seemingly ordinary adverts, indicating a hardware-related vulnerability that allows the malware to be installed without user interaction [38922].
(b) The software failure incident is also related to software factors as the Tinba malware, once installed on users' computers, activates when users access their bank accounts online or enter card details on shopping websites. The malware silently collects sensitive financial information, demonstrating a software-related failure in terms of malicious software behavior and exploitation of vulnerabilities in the system [38922]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the article is malicious in nature. Hackers targeted users of the dating website Plenty of Fish by installing malicious spying software, known as the Tinba banking Trojan, on their computers without their knowledge. This malware was designed to track keystrokes and collect sensitive financial information, such as bank account details and credit card information, whenever users accessed their accounts online or entered their card details on shopping websites. The hackers' objective was to steal users' financial information and potentially raid their bank accounts, demonstrating a clear intent to harm the system and compromise users' security [38922]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The software failure incident described in the article was primarily due to poor decisions made by hackers who planted malicious spying software on the Plenty of Fish dating website. The hackers used a banking Trojan called Tinba to secretly install malware on users' computers through seemingly ordinary adverts, without requiring any user interaction. This malicious software was designed to track keystrokes and steal sensitive financial information, such as credit card details, when users accessed their bank accounts online or entered card details on shopping websites. The intent of the hackers was clearly malicious, aiming to raid the bank accounts of Plenty of Fish members by exploiting the security vulnerability introduced through the poor decision to plant the malware [38922].
(b) Additionally, accidental decisions or unintended consequences were also evident in this software failure incident. Users who visited the Plenty of Fish website were exposed to the malicious advert containing the Tinba malware without actively clicking on the advert. This accidental exposure to the malware highlights how users could become victims of the attack without any deliberate action on their part. The malware was designed to operate quietly on users' computers, waiting for them to log into banking sites to steal their financial information. This aspect of the incident shows how unintended consequences, such as unknowingly being exposed to malware through normal website browsing, contributed to the failure [38922]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the article as hackers were able to install malicious spying software on users' computers through seemingly ordinary adverts on the Plenty of Fish dating website. This indicates a lack of professional competence in ensuring the security of the website and protecting users from such attacks [38922].
(b) The software failure incident related to accidental factors is highlighted by the fact that users could have had the Tinba malware secretly installed on their computers without even clicking on the malicious advert. This accidental installation of malware showcases how users could have been affected unintentionally due to the security vulnerability on the website [38922]. |
| Duration |
permanent |
(a) The software failure incident described in the article is more of a permanent nature. The malware, known as Tinba, is designed to silently collect sensitive financial information from users whenever they access their bank accounts or enter card details online. This malicious software is installed on users' computers through seemingly ordinary adverts on the Plenty of Fish website, without requiring any user interaction. Once activated, Tinba remains on the computer, waiting for the user to perform actions of interest, such as logging into a banking site, to steal usernames and passwords for financial gain. The risks associated with this malware are described as very real, with potential consequences including hackers emptying out bank accounts quickly and efficiently [38922]. |
| Behaviour |
value, other |
(a) crash: The software failure incident described in the article is not related to a crash where the system loses state and does not perform any of its intended functions.
(b) omission: The failure in this incident is not due to the system omitting to perform its intended functions at an instance(s).
(c) timing: The failure is not related to the system performing its intended functions correctly but too late or too early.
(d) value: The software failure incident in the article is related to the system performing its intended functions incorrectly. The malware, Tinba, is designed to silently collect sensitive financial information whenever users access their bank accounts or enter card details on shopping websites, leading to potential financial theft [38922].
(e) byzantine: The failure is not due to the system behaving erroneously with inconsistent responses and interactions.
(f) other: The behavior of the software failure incident in this case is related to malicious spying software being secretly installed on users' computers through seemingly ordinary adverts, leading to the unauthorized collection of sensitive financial information for potential bank account raids by hackers [38922]. |