| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
The incident involving the South Korean bank's servers crashing in April was not an isolated event. South Korean investigators found evidence indicating that similar cyberattacks had occurred before, with 10 servers used in the bank incident being the same ones used in previous cyberattack operations against South Korea, including one in 2009 and another in March [7176].
(b) The software failure incident having happened again at multiple_organization:
The articles mention other instances of cyberattacks targeting South Korea, such as a denial-of-service operation in July 2009 that blocked access to at least 35 South Korean and U.S. government websites, as well as another denial-of-service assault in March that crashed 29 South Korean government and corporate websites [7176]. These incidents suggest a pattern of cyberattacks targeting multiple organizations in South Korea. |
| Phase (Design/Operation) |
operation |
(a) The software failure incident mentioned in the articles was primarily related to the operation phase rather than the design phase. The incident involved a cyberattack on a South Korean bank's servers, which resulted in the destruction of key data and the inability of 30 million customers to use ATMs or online services for several days [7176]. The attack was initiated when a contractor inadvertently downloaded a malicious program onto a laptop computer, allowing hackers to control the computer remotely and place malicious code throughout the bank's network, leading to the crash of hundreds of servers at once. This incident was more about the operational aspects of the system, such as the misuse of a contractor's computer, rather than a design flaw in the system itself.
(b) The incident did not specifically mention any contributing factors related to the design phase of the system. The focus was more on the operational aspects of the cyberattack and the vulnerabilities in the operational procedures that allowed hackers to infiltrate the bank's network and cause the servers to crash [7176]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident involving the South Korean bank crashing was primarily due to contributing factors that originated from within the system. Investigators found that the incident occurred when a contractor inadvertently downloaded a malicious program onto a laptop computer, which then allowed hackers to control the computer remotely and place malicious code throughout the bank's network, ultimately leading to the crash of hundreds of servers at once [7176].
(b) outside_system: The software failure incident also had contributing factors that originated from outside the system. South Korean prosecutors stated that the April bank attack, which was more sophisticated than previous denial-of-service operations, was staged from China. This tactic allowed North Korean hackers to avoid leaving a digital trail back to their nation, indicating an external origin of the attack [7176]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The software failure incident involving the South Korean bank crashing was attributed to a cyberattack believed to be orchestrated by North Korea. Investigators found evidence indicating that the attack was a new kind of cyberterror involving North Korea, with hackers placing malicious code throughout the bank's network, leading to the crash of hundreds of servers at once [7176].
(b) The software failure incident occurring due to human actions:
The incident at the South Korean bank was initiated when a contractor inadvertently downloaded a malicious program onto a laptop computer, giving hackers the ability to control the computer remotely. This human action allowed the hackers to place malicious code throughout the bank's network, ultimately leading to the servers crashing [7176]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The incident involving the South Korean bank's servers crashing was attributed to a cyberattack orchestrated by North Korea [7176].
- Investigators found evidence indicating that the servers were targeted by a new kind of attack, with servers crashing and key data being destroyed [7176].
- The attack involved hackers placing malicious code throughout the bank's network, leading to the servers crashing simultaneously [7176].
(b) The software failure incident occurring due to software:
- The incident was caused by a cyberattack involving the infiltration of the bank's network through a malicious program downloaded onto a laptop computer, allowing hackers to control the network remotely [7176].
- The hackers placed malicious code throughout the bank's network, which ultimately led to the servers crashing [7176].
- The incident was described as the first publicly reported case of computer sabotage by one nation against a financial institution in another country, indicating a software-related attack [7176]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident related to the South Korean bank servers crashing was malicious in nature. Investigators found evidence indicating that it was a cyberattack orchestrated by North Korea with the objective to disrupt the bank's operations and destroy key data [7176]. The attack involved the deliberate placement of malicious code throughout the bank's network, allowing hackers to remotely control the servers and make them crash simultaneously [7176].
(b) The incident was not non-malicious as it was clearly identified as an act of cyberterror involving North Korea, with the aggressor being probably North Korea according to Western analysts [7176]. The attack was described as the first publicly reported case of computer sabotage by one nation against a financial institution in another country, highlighting the malicious intent behind the software failure incident [7176]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The software failure incident involving the South Korean bank was primarily due to poor decisions made by a contractor who inadvertently downloaded a malicious program onto a laptop computer, giving hackers the ability to control the computer remotely. This ultimately led to the hackers being able to place malicious code throughout the bank's network, causing hundreds of servers to crash at once [7176]. Additionally, the incident highlighted the poor decisions made by the bank in terms of network security, as they pledged to spend a significant amount ($476 million by 2015) on improving their network security after the attack [7176]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident described in the articles was not due to development incompetence but rather a deliberate cyberattack orchestrated by North Korea against a South Korean bank. The attack involved sophisticated tactics such as planting malicious code throughout the bank's network and remotely controlling servers to cause them to crash simultaneously [7176].
(b) The software failure incident was accidental in nature as it was initiated when a contractor inadvertently downloaded a malicious program onto a laptop computer, which then allowed hackers to gain control over the computer and subsequently the bank's network [7176]. |
| Duration |
temporary |
The software failure incident reported in the articles was temporary. The incident involving the South Korean bank's servers crashing was due to a cyberattack orchestrated by North Korea. The attack resulted in 30 million customers being unable to use ATMs or online services for several days, with key data being destroyed [7176]. The incident lasted for a specific period and was not a permanent failure. |
| Behaviour |
crash, other |
(a) crash: The software failure incident mentioned in the articles can be categorized as a crash. The incident involved nearly half of the servers for a South Korean bank crashing, leading to 30 million customers being unable to use ATMs or online services for several days. Key data was destroyed, making it the most serious of a series of incidents in recent months [7176].
(b) omission: The incident did not specifically mention a failure due to omission where the system omitted to perform its intended functions at an instance(s).
(c) timing: The incident did not specifically mention a failure due to timing, where the system performed its intended functions correctly, but too late or too early.
(d) value: The incident did not specifically mention a failure due to the system performing its intended functions incorrectly.
(e) byzantine: The incident did not specifically mention a failure due to the system behaving erroneously with inconsistent responses and interactions.
(f) other: The behavior of the software failure incident can be described as a deliberate cyberattack orchestrated by North Korea against a South Korean bank's servers, leading to a crash of the systems and destruction of key data. The attack involved the hackers placing malicious code throughout the bank's network, allowing them to make hundreds of servers crash at once [7176]. |