Welcome to our fully functional beta site. We welcome all comments
informed!
The Informatica blog - Authored by Claudiu Popa

Got a Reputable Public Image? Here's How to Tarnish it in Three Easy Moves

Trojan Horse

Talk to anyone in the world of business about their biggest hacking fear and you’re bound to hear that “embarrassment” ranks right up there near the top. Everyone knows that to do a proper job of alienating clients and embarrassing your organization you need to not just be good at, but excel at three things:

1.    amateurish planning in preventing security problems
2.    boneheaded response once a breach has taken place
3.    abject failure to make sure it doesn’t happen again

I know what you’re thinking: “Hey! That sounds pretty difficult to pull off! I was hoping for an easy way to annihilate my audience and damage my credibility! I thought you were good! Can you at least give me an example?

Okay, if you’re gonna be like that, I’ll give you three!

Sony: Still tops

 
Not to harp on the now familiar PlayStation Network breach, but by many accounts, it wasn’t just one, but by some accounts some 18 different breaches that impacted over 77 million users. That’s more than twice the population of Canada plus all the bricks in the Empire State Building (that’s right, I did my homework, folks)!

If you’re looking for a perfect example, look no further:

#1.    poor or no protection for private information & confidential data (12 million unencrypted credit cards: exposed) Check!
#2.    weak, delayed, ineffective response to the breach: (this week, 93000 users were unpleasantly surprised to find that Sony has locked them out of their accounts as it still struggles to contain the breach) Check!
#3.    will it happen again? Yes, but only 17 times. Stay tuned. (the aforementioned figure was later revised to 101.6 million compromised records) Check!

My favorite stunt was around the gazillions supposedly spent on ‘thanking’ users for their loyalty by offering a couple of free games. The catch? You'll need to deal with your Internet provider's download caps and exercise (potentially infinite) patience as you strive to download the multiple DVDs worth of data. Thankfully, the load on the Sony servers was such that most users simply gave up trying.

Honorable Mention

RIM made a run for the top spot this month when it apologized for an extended blackout that left an estimated 17 million Blackberry – mostly business - users worldwide without data service for the greater part of a week. RIM’s CEO stated the obvious: “We've worked hard to earn [customer] trust over the past 12 years, and we're committed to providing the high standard of reliability they expect, today and in the future”. The predictability of this event notwithstanding, RIM has declined to offer any other compensation than, you guessed it, some downloadable time-wasters. And you guessed again, when trying to cash in on their stated $100 value of the (mostly) games on offer, the message predictably says: “Blackberry App World is having trouble connecting… verify your connection and try again…”  Ah yes, it's clearly my connection that's the issue. I can hear Steve Jobs laughing from here.

The U.S. Military: A good one, but not in a good wayVirus Infested Drone

You may have heard that the U.S. Air Force’s deadly unmanned drone program routinely employed in Iraq and Afghanistan was inadvertently infected with data-stealing malware. #1: check!

As it turns out, the malware wasn’t the highly targeted infection by an evil foreign nation that everyone suspected it to be. According to the Air Force, the 'virus' was simply designed to steal logins and passwords from regular users (not military personnel, you see), with a particular affinity for online games. So there you have it, nothing to worry about: it wasn’t so serious, just some plain old malware that happened to infect the Predator and Reaper drones’ ground systems. Thanks for the clarification. #2: check!

Will it happen again? "It's standard policy not to discuss the operational status of our forces" said a spokesperson but added: "The ability to fly the drones remained secure throughout the incident” (let's hope that by "fly" she meant "control"). According to some reports, the malware resisted several attempts to clean infected systems. In its statement, the Air Force did not name the threat or state whether it had been expunged from affected systems. #3: check!

The German Government: Still fans of - how you say - people watching

As the story goes, government officials have been spying on their citizens’ Internet use, e-mail, chat and their use of 15 Windows programs you’ve heard of. The 'undetectable' software was detected by the (in)famous Chaos Computer Club (CCC) whose savvy members upon dismantling it, found the names of the two famous Star Wars droids embedded within. Dubbed R2D2 (which is way better than the two alternatives currently in use: 0zapftis and Bundestrojaner), the software initially prompted the government to clam up, but in the face of public outrage, an investigation was initiated by the German Justice Minister. To date, four states have confessed to using the program for monitoring citizens. #1: check!

The four state authorities allege that the software was only used with court orders and specifically to conduct wiretaps on encrypted Internet telephony, however the forensic analyses performed by CCC and other companies indicate that its use was to broadly capture activity through all installed Internet browsers, keyboard and other input devices. It was also created to allow remote control, software updates and on-the-fly customization to add or modify its functionality, thus voiding any claims to its legality. To top it all off, it was found to have security vulnerabilities, further exposing the unsuspecting users. The state authorities have offered no explanation or clarification so far. #2: check!

When this all hit the fan, a German firm called DigiTask came forward and indicated that the software was likely theirs, having sold it to the government for the equivalent of millions of dollars back in 2007. The company also volunteered that it had sold it to other governments, such as Austria, Switzerland and the Netherlands. Given the European nation’s Nazi and Communist past, the degree of outrage and potential ramifications of this embarrassing event couldn’t be overstated, even by me. #3: check!

So there you have it, your very own FREE checklist with very real examples! The very complex process of damaging public trust and confidence made simple. I couldn’t make it any easier than this: it’s as easy as 1,2,3!

In the early 1920s, the Enigma machine was a portable encryption machine with rotor scramblers used for encoding and decoding confidential messages....
Bleeding hearts unite, the OpenSSL Heartbleed bug threatens to impact user privacy and business security online. There's a new security vulnerability in town. It's not even that new, we just didn't know about it until now. But it's a whopper and it threatens to i...
Independent risk assessments are the most basic best practice in business.Security is about risk. And risk is about numbers. Given the high probability of suffering data security and privacy breaches, is it any wonder compan...
Netflix just the latest brand used in wave of phone text support fraudEver wonder what the use of stealing millions of email addresses is? All those often downplayed, 'low sensitivity' data breaches have massive potent...
Layered SecurityI'm often surprised at the public's disappointment with the realization that security processes are not directly analogous to the medical notion of im...
Target breach will have serious consequencesThis past Christmas season hasn't been kind to the Target chain of retail stores nor to its brand. A brazen attack took place in December that affecte...

Welcome to Informatica

Be Secure.

Be Trusted.

Follow us on