Discuss the impact security breaches have had on society



Contents

TJX Companies Inc.

In December of 2006, clothing and home department store chain TJX Companies Inc. (part of the TK Maxx company), suffered a major security breach resulting in 94 million credit cards being exposed. The security breach began with hackers exploiting the companies weak security wireless networks within the store. This gained them access to the central database, where, over 17 months millions of people’s credit card and bank details were stolen.

This security breach could have possibly been prevented, because TJX did not have adequate firewalls in place in their systems, allowing suspicious traffic to enter the systems.

The stolen data was reported to have been used to make $8 million of purchases in the USA, Hong Kong and Sweden. Customers also lost driver licence numbers (if they were returning items without a receipt) and 455,000 of those were announced to have been stolen.

This cost TJX at least $250 million (about £150 million). Costs to the company included giving vouchers (up to $60 per person) to people who lost money because of the hackers, this cost them $10 million in total. At least 60 banks also have had to give out money to cover losses from compromised credit and debit cards, and fraudulent charges.

As well as the financial costs to this company, TJX had to build back up trust with their customers. This proved especially difficult because customers who were at risk of having their identity stolen did not find out this from TJX, but from the local news. This left people feeling confused about what had happened, and a lot of people felt that the chain could have been more open and honest about the security breach.

(Jadhav-Awhad, 2013) (Velasco, 2013), (Brenner, 2007), (Armerding, 2012), (Incorporations)

Sony PlayStation Network

Sony PlayStation suffered a huge security breach in 2011. Hackers had access to more than 77 million PlayStation Network accounts, with full names, addresses, date of births, phone numbers, credit card numbers, usernames and passwords. Of the 77 million accounts hacked, 12 million of them had credit card details available to steal, unencrypted.

The attack was initially hidden in an online purchase, used to plant software in the server, and that was then used to access the database server. Sony PlayStation Network (PSN) was taken offline for several days to prevent any more damage, and to secure the system.

Sony was fined £250,000 by the UK Information Commissioners Office for negligence and failing to provide adequate protection for customer’s credit card and login details. Sony did not agree with this fine, so appealed against it, but eventually gave in; because they believed continuing to fight it would risk exposing vulnerable parts of their system.

Although the hackers had access to (and possibly stole) credit card numbers, there has not yet been any unusual activity or theft from the customers accounts. Even so, this security breach had a huge effect on customers who put their trust in Sony, especially since the site was shut down for several days. There is also the risk that customers are still now at risk of identity or credit card fraud, as information could have been taken. Especially if hackers have their personal email and home addresses.

Most of all, it dented Sony’s reputation, and allowed their competitors to have an advantage over them. Sony also lost money by offering free games to customers as an apology for the disruption.

(Vaas, 2013), (BBC, 2013)

(Vaas, Sony to pay £250,000 fine for PlayStation Network breach, 2013),

Loveletter virus

This virus began in May 2000, in the Philippines, but after just one day was spread worldwide, to over 50 million computers- an estimated 10% of the world’s computers were affected.

Loveletter (A.K.A. ‘the love virus’ or ‘ILOVEYOU’) began overwriting image files and spreading into the infected computers email address book, sending a copy of the virus attached to a message to the first 50 people in their address book. This virus affected millions of people’s computers. Once the virus has been sent on, it also attempted to download a file ‘WIN-BUGSFIX.exe.’, a password cracking program that will find as many saved passwords as it can on your machine, and send a list of them to the owners in the Philippines via email. The virus can also spread through networked computers, making it even more difficult to stop, especially if you are unaware you computer is infected.

Some people think the reason it was so destructive was because the file that was attached was called ‘LOVE-LETTER-FOR-YOU.txt.vbs’, and on Windows computers the ‘vbs’ is hidden by default. ‘vbs’ is a ‘Visual Basic Script’ and performs a function. This lead user’s to believe that the file they were opening was a text file, and so couldn’t do any harm to their computer. Also, the file looked to the user that it was a letter declaring their love for someone, so a lot of people would open it out of plain curiosity.

The virus spread west from the Philippines, through Asia, Europe, UK and finally USA. The damage was estimated to have cost between $5 million to $8.7 million, and cost the USA $15 billion to destroy the virus. Although the virus cost a lot to destroy, most of the damage resulted was time lost fixing computers and getting back files that were corrupted and resetting passwords.

The two men that were found responsible for creating and releasing the virus were arrested and an inquiry began. However, in the Philippines, there was no actual law against writing malware (malicious software), so they both were released without being charged. Just two months later, an E-Commerce law was enacted.

(Kretkowski, 2007), (Wikipedia, 2013), (Austin, 2000), (Curioser)

The BubbleBoy Worm

The BubbleBoy worm was the first of its time, as it did not require human acceptance to infect the receiver’s computer. The receiver only has to open the email, or view it on a preview panel; there are no attachments to the email. This immediately makes receivers less suspicious than they would be if the email had an attachment. BubbleBoy is embedded into an email in HTML format.

As well as sending a copy of the infected email to everyone in your Microsoft Outlook address book, once the owner of the computer has turned off then on their computer, a file that was previously planted (when the email was opened) is activated a file that changes your computer name to ‘BubbleBoy’. Once this message “UPDATE.HTA” appears on your computer it means your computer has been infected.

BubbleBoy was created by Argentinean coder called ‘Zulu’. Zulu also has played a role creating other viruses and worms.

(The BubbleBoy Virus), (University), (Katrin Tocheva), (Wikipedia- Various)

Phillip Cummings

Between the years 1999 and 2000 Phillip Cummings from New York scammed thousands of innocent people. He worked at a help desk in an organisation that allowed people to access their credit card accounts online, and using his insider knowledge and passwords and codes to the databases, stole thousands of people’s credit card details, and sold them on to others. Once Cummings had downloaded the credit card reports and information (for roughly $30 each), he sold them on to around 20 other people. These people would steal money straight from peoples accounts, or change their addresses, so their ATM cards were posted directly to their house. The scam continued even after Cummings had left his job, and in total 30,000 people had their information stolen, with a sum of $100 million (£61 million in today’s conversion rate) taken.

By networking with large numbers of people, including people from Canada, USA and Nigeria, Cumming managed to continue his scam for several years, before the FBI put a stop to it.

In 2005, Cummings pled guilty to fraud and conspiracy charges, apologising in court and saying that he “didn’t realise that his accomplices caused so much damage”, but he understood what he did was illegal. Cummings was sentenced to 14 years in jail, and is due to pay compensation, the amount of which will be decided at a later date.

(BBC News, 2005), (FILTERED n/a), (FBI, 2004)

Bibliography

BBC News. (2005, January 11). ID theft mastermind gets 14 years . Retrieved October 2013, from BBC News:

FBI. (2004, October 18). Largest Case-To-Date of ID theft. Retrieved October 2013, from FBI:

FILTERED n/a. (n.d.). Retrieved from

Katrin Tocheva. (n.d.). BubbleBoy. Retrieved October 2013, from F-Secure:

The BubbleBoy Virus. (n.d.). Retrieved October 2013, from Viruzlist:

University, P. (n.d.). BubbleBoy Virus Information. Retrieved October 2013, from Office of Information Technology:

Wikipedia- Various. (n.d.). BubbleBoy. Retrieved October 2013, from The Virus Encyclopedia:

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download