| Recurring |
one_organization, multiple_organization |
(a) The software failure incident of being hacked has happened again at the New York Times. The article mentions previous instances of the New York Times being hacked, such as in 1998 by a group known as HFG, in 2002 by former hacker Adrian Lamo, and in 2011 when accounts of some of the paper's staff were hacked, possibly by WikiLeaks or someone associated with the group [16391].
(b) The software failure incident of being hacked has also occurred at other organizations. The article mentions that hackers from China attempted to hack into the network of Bloomberg News after publishing stories about the relatives of China's vice president. Mandiant investigated many breaches and found evidence that Chinese hackers had targeted more than 30 journalists and executives working for western media outlets [16391]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the hacking incident reported by the New York Times [16391]. The hackers breached the network by exploiting vulnerabilities in the system's design, allowing them to steal corporate passwords and gain access to personal computers of employees. The attackers installed custom malware, with nearly all of it going undetected by the antivirus products used by the newspaper. Additionally, the attackers created custom software to search for and grab specific emails and documents from the Times' email server, indicating a targeted approach based on the system's design weaknesses.
(b) The software failure incident related to the operation phase is evident in the misuse of the system by the attackers. The hackers, in an attempt to hide their tracks, routed their attacks through computers at universities and small companies, as well as internet service providers. They increased their activity after specific events, such as the publication of an investigation and the night of the presidential election. The attackers also cracked passwords to gain entry to employee computers, showcasing operational failures in password security and monitoring systems. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident reported in the news article is primarily due to contributing factors that originate from within the system. The hackers breached the New York Times' network, stole corporate passwords, installed custom malware, created backdoors, and accessed sensitive information within the system [16391]. The failure was a result of vulnerabilities within the system that allowed unauthorized access and manipulation by external attackers. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case was primarily due to non-human actions, specifically the actions of hackers from China who breached the New York Times' network and stole corporate passwords, installed custom malware, and created backdoors to access sensitive information [16391].
(b) However, human actions also played a role in this incident as the attackers cracked passwords to gain entry to employee computers and created custom software to search for and grab specific emails and documents from the Times' email server [16391]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware can be seen in the article where it mentions that the attackers routed their attacks through computers that they hacked at universities and small companies, as well as at internet service providers [16391]. This indicates that the attackers utilized hardware systems at these locations as part of their attack strategy.
(b) The software failure incident related to software can be observed in the article where it mentions that the attackers installed 45 pieces of custom malware during the three months they were in the paper's network, with nearly all of it going undetected by the antivirus products used by the newspaper [16391]. This highlights a failure in the software's ability to detect and prevent the installation of malicious software by the attackers. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in this case is malicious. The New York Times reported that hackers from China breached their network for at least four months, stealing passwords of reporters in an apparent attempt to identify sources and gather intelligence about stories related to the family of China's prime minister [16391]. The attackers installed custom malware, cracked passwords, and created software to search for and grab specific emails and documents from the Times' servers. This incident was part of a wider campaign directed by Chinese hackers against western media outlets since 2008, indicating a deliberate and malicious intent to infiltrate and compromise the system. |
| Intent (Poor/Accidental Decisions) |
unknown |
(a) The intent of the software failure incident was not due to poor decisions but rather a deliberate and targeted attack by hackers from China who breached the New York Times' network to steal information [16391]. |
| Capability (Incompetence/Accidental) |
development_incompetence, unknown |
(a) The software failure incident related to development incompetence is evident in the article as the hackers from China were able to breach the New York Times' network and steal corporate passwords for every employee, gaining access to personal computers of 53 employees. This breach occurred due to vulnerabilities in the network that were exploited by the attackers, indicating a lack of professional competence in securing the system [16391].
(b) The software failure incident related to accidental factors is not explicitly mentioned in the provided article. |
| Duration |
permanent, temporary |
(a) The software failure incident in this case can be considered permanent as the hackers from China were able to breach the New York Times' network and steal corporate passwords for every employee, install custom malware, create backdoors, and access sensitive information over a period of at least four months [16391].
(b) The software failure incident can also be seen as temporary in the sense that the attackers increased their activity in late October after the paper published its investigation of the prime minister's relatives and were particularly active the night of the Nov. 6 presidential election. The attackers showed interest only in specific information related to the prime minister's family and did not attempt to shut down the publishing system or cause widespread havoc within the network [16391]. |
| Behaviour |
value, other |
(a) crash: The software failure incident in this case did not involve a crash where the system loses state and does not perform any of its intended functions. The hackers were able to maintain access to the New York Times network for an extended period without causing a complete system crash [16391].
(b) omission: The software failure incident did not involve the system omitting to perform its intended functions at an instance(s). Instead, the hackers were able to access and extract sensitive information from the network without the system omitting any intended functions [16391].
(c) timing: The software failure incident did not involve the system performing its intended functions correctly but too late or too early. The hackers were able to access the network and extract information in real-time without any timing issues related to the system's functions [16391].
(d) value: The software failure incident did involve the system performing its intended functions incorrectly. The attackers were able to steal corporate passwords, access personal computers of employees, and breach email accounts, indicating a failure in the system's security mechanisms [16391].
(e) byzantine: The software failure incident did not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. The hackers' actions were focused on extracting specific information rather than causing erratic or inconsistent behavior within the system [16391].
(f) other: The software failure incident involved the system being compromised by hackers who installed custom malware, backdoors, and cracked passwords to gain unauthorized access to sensitive information. This behavior could be categorized as a security breach or intrusion rather than a specific failure mode like crash, omission, timing, or byzantine behavior [16391]. |