| Recurring |
one_organization |
(a) The software failure incident related to the breach of SWIFT service providers' security firewalls using Microsoft exploits and Cisco firewalls happened again at the same organization, specifically at the SWIFT service providers. The NSA targeted nine computer servers at a SWIFT contractor, Dubai-based service bureau EastNets, using lines of code to query the SWIFT servers and Oracle databases handling the SWIFT transactions [50610, 58927].
(b) The incident involving the exploitation of vulnerabilities in commercially available software to gain access to the global system for transferring money between banks has not been explicitly mentioned to have occurred at multiple organizations in the provided articles. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the articles can be attributed to the design phase. The incident occurred due to weaknesses in commercially available software that were exploited by the U.S. National Security Agency (NSA) to gain access to the global system for transferring money between banks. The NSA likely used vulnerabilities in Windows servers and Cisco firewalls to breach the SWIFT service providers' security firewalls and target the computers interacting with the SWIFT network [50610, 58927].
(b) The software failure incident can also be linked to the operation phase. The NSA targeted nine computer servers at a SWIFT contractor, EastNets, and used lines of code to query the SWIFT servers and Oracle databases handling the SWIFT transactions. This operation phase involved the actual exploitation and querying of the systems to gain unauthorized access and extract information [50610, 58927]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident was within the system as the National Security Agency (NSA) likely used weaknesses in commercially available software to gain access to the global system for transferring money between banks. The NSA accessed the SWIFT money-transfer system through service providers in the Middle East and Latin America by targeting machines using Microsoft exploits after bypassing firewalls [50610, 58927]. The breach of firewalls and exploitation of vulnerabilities within the system allowed the NSA to compromise the SWIFT network. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the articles was primarily due to non-human actions. The incident involved hackers exploiting vulnerabilities in commercially available software, such as Windows servers and Cisco firewalls, to gain access to the SWIFT money-transfer system [50610, 58927].
(b) Human actions also played a role in the software failure incident. For example, the NSA targeted specific computer servers at a SWIFT contractor and used lines of code to query the SWIFT servers and Oracle databases handling the transactions [50610, 58927]. Additionally, the use of Microsoft exploits by the hackers to target computers interacting with the SWIFT network was a result of human actions in developing and deploying those exploits [50610, 58927]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident reported in the articles is primarily due to contributing factors that originate in hardware. The incident involved the U.S. National Security Agency (NSA) using weaknesses in commercially available software to gain access to the global system for transferring money between banks by exploiting vulnerabilities in hardware components such as Cisco firewalls and Windows servers [50610, 58927].
(b) The software failure incident also had contributing factors originating in software. The NSA used Microsoft exploits to target the computers interacting with the SWIFT network after penetrating the firewall of the SWIFT service providers, indicating a software vulnerability that was exploited in the incident [50610, 58927]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious in nature. The incident involved hackers releasing documents and computer files that revealed how the U.S. National Security Agency (NSA) exploited weaknesses in commercially available software to gain unauthorized access to the global system for transferring money between banks. The hackers provided a blueprint showing how the NSA likely used vulnerabilities in SWIFT affiliates' Windows servers and Cisco firewalls to compromise the SWIFT network [50610, 58927]. The NSA targeted specific servers at a SWIFT contractor and used lines of code to query SWIFT servers and Oracle databases, indicating a deliberate and targeted attack on the financial system [50610, 58927]. The NSA's actions, as described in the articles, were aimed at espionage and gaining unauthorized access to sensitive financial information, demonstrating a malicious intent to harm the system. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident:
- The software failure incident involving the U.S. National Security Agency (NSA) accessing the SWIFT money-transfer system through vulnerabilities in commercially available software was primarily due to poor decisions made by the NSA to exploit these weaknesses for espionage purposes [50610, 58927].
- The NSA targeted SWIFT service providers' security firewalls using a tool codenamed BARGLEE, indicating a deliberate effort to breach the system [50610, 58927].
- The NSA used Microsoft exploits to target computers interacting with the SWIFT network after penetrating the firewalls, showcasing a strategic decision to exploit software vulnerabilities for unauthorized access [50610, 58927]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence is evident in the articles as it was reported that the U.S. National Security Agency (NSA) likely used weaknesses in commercially available software to gain access to the global system for transferring money between banks. The NSA accessed the SWIFT money-transfer system through service providers in the Middle East and Latin America by exploiting vulnerabilities in Windows servers and Cisco firewalls [50610, 58927].
(b) The software failure incident related to accidental factors is not explicitly mentioned in the articles. |
| Duration |
permanent |
(a) The software failure incident in the articles appears to be permanent. The incident involved the U.S. National Security Agency (NSA) exploiting vulnerabilities in commercially available software to gain access to the global system for transferring money between banks. The NSA used tools and exploits to breach the security firewalls of SWIFT service providers and target computers interacting with the SWIFT network. The incident was part of a series of disclosures by a group called the Shadow Brokers, indicating a systematic and ongoing exploitation of software weaknesses for espionage purposes [50610, 58927]. |
| Behaviour |
value, other |
(a) crash: The software failure incident did not involve a crash as the system was not reported to have lost state and stopped performing its intended functions [50610, 58927].
(b) omission: The software failure incident did not involve omission where the system failed to perform its intended functions at an instance(s) [50610, 58927].
(c) timing: The software failure incident did not involve timing issues where the system performed its intended functions too late or too early [50610, 58927].
(d) value: The software failure incident involved a value issue where the system performed its intended functions incorrectly, allowing unauthorized access to the SWIFT money-transfer system through vulnerabilities in commercially available software [50610, 58927].
(e) byzantine: The software failure incident did not exhibit byzantine behavior where the system behaved erroneously with inconsistent responses and interactions [50610, 58927].
(f) other: The software failure incident involved a security breach where the National Security Agency (NSA) exploited vulnerabilities in software to gain unauthorized access to the SWIFT system for transferring money between banks [50610, 58927]. |