Running head: COMPUTER SECURITY AND HACKING 1

Computer Security and Hacking

Danbing Wu

CS 391

The University of Alabama

COMPUTER SECURITY AND HACKING 2

Computer Security and Hacking

Introduction

Wherever there are going to be computers, there are going to be viruses and hackers.

Viruses work to install malware or other problematic software and programs on the computers,

which can be used to damage or corrupt the computer as well as to gain illicit information that is

stored on the computers. In this regard, we find that computers that are connected to the Internet

tend to be vulnerable to attacks from hackers as well. This means that people from outside can

illicitly access the computers and steal information. In this regard, we find that in the past few

years, there have been several cases in which security of large companies have been breached in

terms of hackers gaining access to sensitive information as well as other data. Two of these cases

include the Target Corporation as well as Sony Pictures. It would be useful to consider how these

breaches took place and what were some of their effects.

Target

Target was hacked in 2013. In this data and security breach, the hackers worked to exploit

the third-party payment vendor and were able to steal millions of credit cards numbers as well as

the customers personal information. The hackers were able to gain access to Targets internal

network. They stole credentials from a third party heating and ventilation company called Fazio

Mechanical Services. This company had access to the network that Target used because they had

to monitor and maintain Targets systems. The reason for that was Target found it easier and

cheaper to outsource this to the contractor rather than hiring in-house employees to do the same

job. The hackers attacked Fazio with a phishing scam, which meant that the passwords and other

aspects were compromised. The hackers were then able to use Fazios credentials to install

malware on various point of sale (POS) devices in many different stores. They did that to test
COMPUTER SECURITY AND HACKING 3

their system at first. Later on, they were able to install the malware from most of other Target

stores.

The hackers hid the malware as an authorized app and this resulted in the Targets

defense system not being able to detect it as a malware. The malware then started to collect the

data and started to stream it out to Moscow. By the time the Federal law enforcement was able to

catch the breach and reach out to Target, it was too late. It was believed that Russian or

Ukrainian hackers were behind this security and data breach. An interesting thing to note is that

Targets security software did flag it as being a threat; however, it was overlooked and nothing

was done. Moreover, with regards to the installation of the software on the Target POS machines,

it was not detected because the company had recently started using different Malware detection

software, on which the automatic detection had been turned off (Winkler, 2014; Smith, 2016).

The hacking affected both the company as well as the customers extremely negatively. As

many as 40 million credit cards were stolen and about 70 million customers had their personal

information stolen. Target had to offer one year of free credit monitoring for all the customers

who had been affected. Additionally, it cost Target about $420 million in terms of reissuing the

cards, reimbursements to the banks, as well as the cost of credit monitoring and customer service

fees. Target also tried to attract more customers by offering a 10% discount on all the in-store

purchases but they still saw a drop in sales. Target had to lay off as many as 475 employees

because of this. In terms of the aftermath of the breach, we find that Target worked to make its

security stronger, which included more software and firewall protection as well as training the IT

employees to have a better understanding of the security system and what to do to make it work

(Winkler, 2014).
COMPUTER SECURITY AND HACKING 4

Sony

Sony Pictures was also attacked in 2014. In this breach, North Korean hackers were able

to infiltrate the companys computers and were able to wreak a lot of havoc in terms of the

companys emails and files. The hackers, who called themselves Guardians of Peace, leaked a

lot of confidential data from Sony Pictures. The data that was leaked included various aspects of

information, such as the personal information of various Sony Pictures employees as well as

their family members, as well as information regarding the salaries of the employees, the emails

between the employees, and also several unreleased Sony films (Goldsmith, 2014). One of the

demands of the hackers were that they do not release the movie The Interview, which was about a

plot to assassinate Kim Jong-Un, the North Korean leader. The hackers also threatened to attack

theaters that would play the movie. Sony had to cancel the movies release into theaters and it

was released digitally only (Goldsmith, 2014).

It has to be noted that investigations into the hack revealed that the hackers had possibly

been copying the files from the company for as long as two months. Some reports also suggest

that the hackers had access at least a year earlier. It is depicted that the hackers took about a

hundred terabytes of data from Sony. The tool that was used was a malware, known as the Server

Message Block (SMB) Worm Tool. The hackers used several different components, including a

backdoor, a listening implant, a proxy tool, as well as destructive hard drive and target cleaning

tools. The main idea was that the perpetuators wanted to gain repeated entry and extract the

information as well as to destroy a lot of information (Connor, 2015).

This hack affected a lot of different people. Firstly, it affected Sony Pictures in terms of

the data breach that had occurred. It resulted in films being leaked online, resulting in Sony

having to incur a lot of losses on the film. At the same time, it also affected various theaters
COMPUTER SECURITY AND HACKING 5

around the US as well. Since there was a threat of terrorism, the movie was not released in

theaters, which meant that several of the theaters had to incur losses as well (Bond, 2014).

Moreover, the thing to note is that the movie also negatively affected the companys employees.

This is because a lot of their personal information was revealed and their privacy was affected.

After the attack, Sony Pictures worked to install new security software on their computers and

they also had to make sure that their employees were aware of all the security protocols that they

have to take in order to keep their system and network secured.

Conclusion

In conclusion, it can be said that both Target as well as Sony were victims of hacking.

Data breaches and such attacks are quite common and they can easily be thwarted by using good

security. However, the security is only as good as the people operating it, as noted in Targets

case, where certain key and important aspects of the security were turned off. This is why even

though it is important for organizations to have such security programs installed on their

networks and devices, it is also important for the employees to know how to use such software

properly.
COMPUTER SECURITY AND HACKING 6

References

Bond, P. (2014). Sony Hack: Activists to Drop Interview DVDs over North Korea via Balloon.

The Hollywood Reporter, 16.

Connor, J. D. (2015). The Sony Hack: Data and Decision in the Contemporary Studio. Media

Industries, 2(2).

Goldsmith, J. (2014). The Sony Hack: Attribution Problems, and the Connection to Domestic

Surveillance. Lawfare. December, 19.

Lee, T. B. (2014). The Sony hack: how it happened, who is responsible, and what weve learned.

Vox Technology.

Smith, M. (2016). Huge rise in hack attacks as cyber-criminals target small businesses. The

Guardian, 8.

Winkler, I. (2014). 6 Failures that Led to Target Hack. Computerworld.