Professional Documents
Culture Documents
Danbingwu Module4
Danbingwu Module4
Danbing Wu
CS 391
Introduction
Wherever there are going to be computers, there are going to be viruses and hackers.
Viruses work to install malware or other problematic software and programs on the computers,
which can be used to damage or corrupt the computer as well as to gain illicit information that is
stored on the computers. In this regard, we find that computers that are connected to the Internet
tend to be vulnerable to attacks from hackers as well. This means that people from outside can
illicitly access the computers and steal information. In this regard, we find that in the past few
years, there have been several cases in which security of large companies have been breached in
terms of hackers gaining access to sensitive information as well as other data. Two of these cases
include the Target Corporation as well as Sony Pictures. It would be useful to consider how these
Target
Target was hacked in 2013. In this data and security breach, the hackers worked to exploit
the third-party payment vendor and were able to steal millions of credit cards numbers as well as
the customers personal information. The hackers were able to gain access to Targets internal
network. They stole credentials from a third party heating and ventilation company called Fazio
Mechanical Services. This company had access to the network that Target used because they had
to monitor and maintain Targets systems. The reason for that was Target found it easier and
cheaper to outsource this to the contractor rather than hiring in-house employees to do the same
job. The hackers attacked Fazio with a phishing scam, which meant that the passwords and other
aspects were compromised. The hackers were then able to use Fazios credentials to install
malware on various point of sale (POS) devices in many different stores. They did that to test
COMPUTER SECURITY AND HACKING 3
their system at first. Later on, they were able to install the malware from most of other Target
stores.
The hackers hid the malware as an authorized app and this resulted in the Targets
defense system not being able to detect it as a malware. The malware then started to collect the
data and started to stream it out to Moscow. By the time the Federal law enforcement was able to
catch the breach and reach out to Target, it was too late. It was believed that Russian or
Ukrainian hackers were behind this security and data breach. An interesting thing to note is that
Targets security software did flag it as being a threat; however, it was overlooked and nothing
was done. Moreover, with regards to the installation of the software on the Target POS machines,
it was not detected because the company had recently started using different Malware detection
software, on which the automatic detection had been turned off (Winkler, 2014; Smith, 2016).
The hacking affected both the company as well as the customers extremely negatively. As
many as 40 million credit cards were stolen and about 70 million customers had their personal
information stolen. Target had to offer one year of free credit monitoring for all the customers
who had been affected. Additionally, it cost Target about $420 million in terms of reissuing the
cards, reimbursements to the banks, as well as the cost of credit monitoring and customer service
fees. Target also tried to attract more customers by offering a 10% discount on all the in-store
purchases but they still saw a drop in sales. Target had to lay off as many as 475 employees
because of this. In terms of the aftermath of the breach, we find that Target worked to make its
security stronger, which included more software and firewall protection as well as training the IT
employees to have a better understanding of the security system and what to do to make it work
(Winkler, 2014).
COMPUTER SECURITY AND HACKING 4
Sony
Sony Pictures was also attacked in 2014. In this breach, North Korean hackers were able
to infiltrate the companys computers and were able to wreak a lot of havoc in terms of the
companys emails and files. The hackers, who called themselves Guardians of Peace, leaked a
lot of confidential data from Sony Pictures. The data that was leaked included various aspects of
information, such as the personal information of various Sony Pictures employees as well as
their family members, as well as information regarding the salaries of the employees, the emails
between the employees, and also several unreleased Sony films (Goldsmith, 2014). One of the
demands of the hackers were that they do not release the movie The Interview, which was about a
plot to assassinate Kim Jong-Un, the North Korean leader. The hackers also threatened to attack
theaters that would play the movie. Sony had to cancel the movies release into theaters and it
It has to be noted that investigations into the hack revealed that the hackers had possibly
been copying the files from the company for as long as two months. Some reports also suggest
that the hackers had access at least a year earlier. It is depicted that the hackers took about a
hundred terabytes of data from Sony. The tool that was used was a malware, known as the Server
Message Block (SMB) Worm Tool. The hackers used several different components, including a
backdoor, a listening implant, a proxy tool, as well as destructive hard drive and target cleaning
tools. The main idea was that the perpetuators wanted to gain repeated entry and extract the
This hack affected a lot of different people. Firstly, it affected Sony Pictures in terms of
the data breach that had occurred. It resulted in films being leaked online, resulting in Sony
having to incur a lot of losses on the film. At the same time, it also affected various theaters
COMPUTER SECURITY AND HACKING 5
around the US as well. Since there was a threat of terrorism, the movie was not released in
theaters, which meant that several of the theaters had to incur losses as well (Bond, 2014).
Moreover, the thing to note is that the movie also negatively affected the companys employees.
This is because a lot of their personal information was revealed and their privacy was affected.
After the attack, Sony Pictures worked to install new security software on their computers and
they also had to make sure that their employees were aware of all the security protocols that they
Conclusion
In conclusion, it can be said that both Target as well as Sony were victims of hacking.
Data breaches and such attacks are quite common and they can easily be thwarted by using good
security. However, the security is only as good as the people operating it, as noted in Targets
case, where certain key and important aspects of the security were turned off. This is why even
though it is important for organizations to have such security programs installed on their
networks and devices, it is also important for the employees to know how to use such software
properly.
COMPUTER SECURITY AND HACKING 6
References
Bond, P. (2014). Sony Hack: Activists to Drop Interview DVDs over North Korea via Balloon.
Connor, J. D. (2015). The Sony Hack: Data and Decision in the Contemporary Studio. Media
Industries, 2(2).
Goldsmith, J. (2014). The Sony Hack: Attribution Problems, and the Connection to Domestic
Lee, T. B. (2014). The Sony hack: how it happened, who is responsible, and what weve learned.
Vox Technology.
Smith, M. (2016). Huge rise in hack attacks as cyber-criminals target small businesses. The
Guardian, 8.