There are still more questions than there are answers regarding what went wrong during the Sony PlayStation and Qriocity cyber security breaches. However, based on the media coverage of the event, it is possible to piece together some plausible scenarios regarding what went wrong. First, I will present information procured from media sources regarding the details of the attack and the weaknesses of Sony’s systems. Second, I will describe how the attack fits into some of the theoretical frameworks that we have been discussing in this class so far this semester. First, from the media coverage of the cyber attack in the publication Fortune , it appears that Sony PlayStation and Qriocity were hacked by LulzSec, a sub-sect of the hacker
organization
…show more content…
Also, Sony knew which vulnerability the hacker(s) were able to exploit: “Between April 17 and 19, a so-far unnamed person illegally gained access to Sony's
PSN servers in San Diego, Calif., by hacking into an application server behind a Web server and two firewalls. According to Sony Chief Information Officer Shinji Hajesima, the attack was disguised as a purchase, so it did not immediately raise any red flags. The vulnerability the attacker was able to exploit was known, according to Sony” (Ogg 2011). Even if Sony had knowledge of the specific vulnerability that was exploited, they decided not to release that detailed forensic information to the public.
In addition, Alan Paller, research director of the SANS Institute, was quoted in a Reuters article following the attack proposing some possible explanations for how and why Sony
PlayStation and Qriocity were compromised:
“Paller said Sony probably did not pay enough attention to security when it was developing the software that runs its network. In the rush to get out innovative new products, security can sometimes take a back seat...He suspected the hackers entered the network by taking over the
…show more content…
This could have resulted in an under-investment in resources (time, money, employees, etc.) for cyber security.
Additionally, we may be able to learn more about the Sony’s incident response from some of the ideas presented in “The Cyber Incident Response” report from The Economist . This report notes that one of the reasons why cyber incident response is weak and chaotic in some organizations is due to the fact that “the level of preparedness is being held back by a lack of understanding about threats” (Witchalls 2014, p. 4). From the information presented in the case study, it appears that Sony executives and representatives were unprepared for the cyber attack and unsure as to how the threat would affect users’ ability to access PlayStation and Qriocity in
3 Lily Rowen the days and weeks following the attack. This leads one to wonder whether or not Sony had an incident response plan in place before the cyber attack.
2. Based on SEC guidance to make appropriate disclosures, list and prioritize what
However, I feel users had a different vision/perspective on security mechanisms and they trusted each other during those times and did not have to worry about protecting their information (this is how exactly, one person’s ignorance becomes another’s person’s - hacker, here bliss). This book helps us to understand the vulnerabilities; its impacts and why it is important to address/ fix those holes.
In this section we investigate attacks and threats to our primary devices. These attacks and threats are built off of the vulnerabilities the previous section and help to determine which security controls would be most valuable against future attacks.
The Minneapolis based Target Corporation announced in December that criminals forced their way into the company’s computer system. The data breach compromised 40 million credit and debit card accounts of customers who shopped during the holiday season between November 27 and December 15, 2013. The data captured was far broader than originally imagined as hackers gained access to 70 million customer’s personal information including names, home addresses, telephone numbers, and email addresses. Additionally, expiration dates, debit-card PIN numbers, and the embedded code on the magnetic strip of the card were stolen.
Hacking into large companies or agencies to steal one’s card information has become simple. Lewis (2013) says that, “Hacking is incredibly easy; survey data consistently shows that 80 to 90 percent of successful breaches of corporate networks required only the most basic techniques“(p. 1). On November 27, 2013, Target’s security was breeched when forty million credit and debit cards were stolen. The breach lasted from November 27 to December 15, 2013.
More along those lines, the attackers were successful in loading the card stealing malicious software to cash registers in the Target store...
Computer crime has been an issue since the beginning of computers. Wherever there is something good, there is always someone who takes advantage of it. This can be seen in cyber crime, which has been on the rise in recent years. According to the Los Angeles Times, the median cost of computer crime to a company per year has risen from $3.8 million dollars in 2010 to $5.9 million. (Rodriguez, 2011) This suggests that computer crime is becoming an even bigger hazard to companies. A recent example of this was the data breach committed against Target in 2013.
Hundreds of programs, websites, and devices have been made across the digital world allowing cheaters
The threats to security from the United States Department of Defense, the national power grid and the Chamber of Commerce are very real and omnipresent. The Defense Department made an admission of the first major cyber attack upon its systems in August 2010. It was revealed that the attack actually took place in 2008 and was accomplished by placing a malicious code into the flash drive of a U.S. military laptop. “The code spread undetected on both classified and unclassified systems, establishing what amounted to a digital breachhead.” (2) This quote, attributed to then Deputy Defense Secretary William J. Lynn III, is just part of the shocking revelations that were disclosed in his speech made on July 14, 2011.
In this case, a large health services organization (HSO) in Florida, that has a world-renowned AIDS treatment center had information breach of 4,000 HIV+ patient records, and the list was sent to newspapers, magazines, and the internet. Consequently, this issue was featured in every media vehicle in the world and as CEO, you are requested by the board of trustees to come up a better management information system (MIS) to resolve all information security issues or you will face termination. After hiring an undercover computer security consultant to help determine where the security leak came from, she quickly identifies numerous breaches in computer security and provides a report with the issues identified. The report furnished by the consultant revealed that facility had major problems with the MIS and the staff. In order to determine how to address the issues, the CEO must first answer the following questions: what law is being violated by the employees, why was this law enacted, what are the penalties for such violations, what are the penalties for sharing celebrity information, and should he be updating his resume and looking for another job (Buchbinder, 378).
Nowadays, hacking systems which get the data from payment card in retail stores is a popular issue. The use of stolen third-party vendor credentials and RAM scraping malwares were the main reasons for the data breach. A brief introduction of when and how the Home Depot’s data breach took place and how the home depot reacted to the issue and rectified it by
Sony Corporation is a multination conglomerate corporation headquartered in Tokyo, Japan , and one of the world's largest media conglomerates with revenue of US$88.7 billion (as of 2008) based in Minato, Tokyo .
Although an act of cyberterrorism has yet to occur, officials and scholars continuously study the possibilities of such an attack. As our physical and virtual worlds continue to intertwine the risk of such an event rapidly increases. Everything from our transportation systems to pharmaceutical manufacturing are computer controlled. The closest the world has come to an act of cyberterrorism was in 2000. Known as the Maroochy Shire case in Queensland, Australia was committed by Vitek Boden. Boden was an engineer for Pacific Paradise, a sewage pumping in Australia. He was able to successful hack into a control system modifying the operations and dumping millions of litres of raw sewage into the local waterways. Boden’s motivation was the only reason the act was not classified as cyberterrorism was his motivation. It was personal rather than political or religious in nature (Sharp Parker, 2009). The only reason this wasn’t the first act of cyberterrorism was motivation. As companies invest in upgrading their technological capabilities, they too need to invest in security structure to protect their systems and the public from threats of terrorism. Our government must also decide how to address public safety in regards to cyberterrorism. On September 11th, 2001 America was reminded how vulnerable we are when it comes to acts of terrorism. The sheer complexity and varying design of attacks often makes it very difficult to create a catch-all defense in fighting terrorism. To improve the disruption of terrorist activities by government agencies in the United States many laws needed to be updated to include the latest areas of electronic communications.
In this case study, I aim to present the recent issue about Cyber security, protecting client’s private data and information through the controversial Apple and
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]