Hacking into websites is not orthodox in the least but it has certain advantages if looked upon in a certain light. For one, it removes the illusion of the perfect security environment and keeps the competitive standards of firewalls in the current environment up to par. The companies that brag of their prowess and security standards might become careless and slack. This will leave enough room for a huge breach depending on the timing. By the time, that the company collects itself again to regroup from the attack it may be too late to make a quick recovery and the damage may turn into grievous financial loss.
Is hacking justifiable within a company?
The breach in iPad is one such example of a security break in because of lapse in adequate measures. Steve Jobs cast the company giant as one of pristine in the field of technology, as well as security (Tate, 2010). This statement hit a dead end in the face of the breach stating that the policy of apple is to seek and to make sure that they get user permission in order to know what you are going to do with their data. Thus, one can let the customer know what they are signing up for in the simplest language possible.
This statement was not just referring to how the company uses the private data information of iPad information. It also referred to how the company created policies on the use of private data by other iPad experience providers. This obviously did not reflect in the breach. Thus, it gave customers a chance to know the truth instead of putting false hopes into a system that could be easily compromised. This time, only information on the email addresses got out. If this had continued and the attack had been more precise, information that is more pertinent would have gotten out.
This could be leaked files on a government official’s phone conversations, emails, and data. This would be quite dangerous in the wrong hands. This was a warning, and it would be justifiable if the incident were a test run. This is quite common in intelligence agencies where they frequently train for worst-case scenarios that could happen. They use these standard raining operations to simulate what would happen if a real life situation if the worst happened. This is the same case, with the hacking incident. Companies could make their computer department design a firewall to the best of their ability.
This firewall would then be subjected to testing, as it would be by hackers. These hackers would be in the company’s payroll, and their objective would be to try to penetrate the defenses. Of course, the situation would be quite a risk because this was unexpected and there was no way of knowing how far the breach was intended to go. In this case, if there were a computer security firm that was to use this method to better their security then there should be a corporate ethics statement to keep them in line.
Corporate ethics statement
When daring the code, there must be a few considerations depending on the company. The reason for this would be to regulate the company’s behavior. Firstly, the code should be divided into two sections. The first section would entail the aspirations that the organization wants to live to maintain. This are the hopes that it wants to maintain. The second part of the statement would contain the rules and regulations of that specific company. These principles should include what would be illegal inside the organization.
These are crimes against the company from within as well as the crimes omitted when hacking into the privacy of another firm on unsanctioned basis. Other rules should include regulations on which personnel in this department would have access to certain levels of information of other companies that hire the corporation in question on a security check basis. This distinguishing of hierarchy would allow for order and decrease the amount of incidences that happen that could compromise the security of the firm. On the other hand, there should be an enforcement procedure to make sure the rules are followed.
These include measures of punishment and disciplinary action to violations of the regulations. The rules will be listed in the order of priority for the organization by importance and the enforcement measures would follow in a corresponding manner as well as disciplinary action for violation of each rule. Finally, there will be provisions for revisions of these rules and regulations if need be depending on changing ethical situations. In the mean time, it would be helpful to establish relationships with media companies on information discretion. The coming out of certain information that would be as harmful to the consumer psychologically as it is to the manufacturer needs to be taken into consideration.
The breach in apple caused a lot of fear in users of the new iPad and probably affected forth-coming sales of the product. The move by Gawker to publicize the information may be a good and bad decision, at the same time. It was good because it gave the users something to think about the security situation of the firm. As it reported that AT&T, operated the web server, using weak security controls. The company gets a jump-start and stops slacking off where they should have been ahead of the game.
Social responsibility of Gawker
On the other hand, Gawker should also read the ground situation before making any hasty decisions on publicizing the matter. As with the security data, that the company had and was compromised there is a risk that the breach would cause widespread panic as the information belonging to certain government officials, even in the white house became compromised. Matters on these levels should be treated a little more sensitively because they could explode in everyone’s face. There is a reason for media blackouts because the last thing that everyone would want is widespread panic that would cause more damage than necessary.
When there is a security breach the CEO and executives must considers the facts on the table. They must first evaluate the extent of the problem. This happens by ordering an all-inclusive inspection of the systems to determine the extent of the damage. Secondly, they must remove the hostile or destructive code. The next step is to reload the necessary operating systems software and configure the test operations accordingly. They should then patch the system in order to avoid any vulnerability. They should then test the functionality and restore the files from backup if indeed necessary.
The files that passed the test of determination of damage would undergo through that process of restoration. As for the damaged files if there is no backup available at the time, then replication would be necessary. The system should be back on track at this point, and the executives would have reason to believe that everything is proceeding according to plan. However, the bottom line would be that theory does not always have a correlation to reality. Thus, things on the ground may not be what the statistics project. The company has to confirm with the users that the data has been completely restored.
Email script to would be customers
We as the board of AT&T want to inform you as our customers of an impending situation that we are currently experiencing in our technical department. This has to do with the security issues in the IT department with one of our products. There is a potential exposure risk to the iPad ICC IDS. Several of you have purchased the device and before you start to worry, the situation is already under control. The only information that could be derived from the device is the email address attached to it.
There is an ongoing investigation now to determine the source of the breach and the perpetrators. As a result, all of the customers, whose information may have been compromised, that is their email address and so forth will receive notification as soon as possible. If there is anything sacred to the company, it is privacy of information. We do not take customer privacy very lightly. However, in light of the damage that the incident did to the company’s name and the inconveniences that this caused our customers, we would like to apologize.
Now that is settled we would also like to point out that we received the information from a business customer recently who pointed out the potential exposure. This issue went to the highest levels of the organization where it had top priority, and was dealt with expeditiously. In this way, the feature that gave access to email addresses has essentially been turned off. To be specific, amount of data that was compromised in the breach summed as the following. The subscribers email addresses that was coupled with the associated ID used to authenticate the subscriber on the network was utilized on AT&T network.
However, we managed to close the security hole within days of the breach. The victims had been unaware of any development in the breach that is the symptoms had not revealed themselves to them. This gives an idea how much we need to be vigilant to stop future incident. This is because the device had been shipping for barely two months. It had been shipping in the cellular configuration for only a month. This is a relatively time for such compromising situations to arise and suggests that the security needs to be looked into seriously.
The security, in fact, will receive reviews in this light. A group known as Goatse security obtained the subscriber data. It seems the group specializes in showing faults in web applications. It highlighted weaknesses in the Firefox as well as the safari web browsers. It obtained the data it needed through the AT&T's website. This information was available to anyone using the internet. However, it was the company’s hospitable nature with information, which did it in the end.
In response to this attack, the company called in the help of the FBI to look into the investigation. The FBI also contracted Gawker media recently and served them with a formal perseveration notice. On this note, there will be a review on most sectors to determine the full extent of the damage done because of the incident. This includes those that were totally unrelated to the occasion. The reason is that it could affect sales in other department because of bad publicity. These effects are a ripple effect and need to be anticipated in advance, and in this way, the company will not be caught off guard again.