Information Technology IT Security Breaches Research Paper

Download this Research Paper in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Research Paper:

iPad Security Breach

Assessing the Impact of the Apple iPad Security Breach

Discuss Goatse Security firm possible objectives when they hacked into AT&T's Website.

Goatse Security and firms like them are on a mission to expose what they see as lies and misleading claims of companies who claim to have much greater levels of security and stability in their products than they actually do. While the accounts of the iPad incident have been dismissed as business development efforts on the part of Goatse by AT&T Chief Security Officers and the Wall Street Journal, the reality of it is Goatse and other firms like them perform a valuable service, ironically, for the companies who claim their activities are illegal (Wall Street Journal, 2010). Goatse is actually doing a series of audits on new products that may not have been completely tested before launch. Apple, who is known for having exceptional control and expertise in their new product development process, failed to coordinate and collaborate effectively with their service partner, AT&T on the launch of the iPad, and a massive security hole was found (Ante, Worthen, 2010). From this perspective, Goatse is actually doing the public a very big service as Apple would go on to sell over 1 million units in the first 28 days of the product being available (Carr, 2010). Imagine if this security breach or massive oversight on the part of Apple and AT&T had not been found. Millions of people would have their e-mail addresses compromised and have no idea, if it was not for Goatse, how it happened. They are in many ways a consumer advocate, looking to protect the public from the mediocre performance of Apple and AT&T working together. While the FBI completed a probe of the problems of lack of coordination and collaboration between Apple and AT&T the results showed that neither side had considered that pre-populating screens with e-mail addresses inside key influencer's accounts would lead to a major security breach (Ante, Worthen, 2010).

Those analysts and industry experts who are the most skeptical point to the Goatse success at hacking the AT&T site as a means for the security firm to gain new business and also underscore the value they deliver to their clients. This is may be true, yet the reason Goatse expends so much time, which is not billable and is very large in percentage to the dollars they would eventually generate from referral contracts, is because they see themselves on a mission to protect the uninformed and often too-trusting public of claims made by technology companies regarding security. AT&T and Apple, two of the largest brands in telecommunications and smartphone services and development, were humbled by the breach because it showed the new product development and launch process was not nearly as well orchestrated as Apple would have their loyal customers believe. Goatse may be demonized over it, but the fact remains without them finding this breach and releasing the results to Gawker and in effect plugging the hole immediately, literally tens of millions of consumers could have had their identities stolen (Ante, 2010). It was later discovered the entire 3G network that AT&T operates the Apple iPhones on could easily have been compromised, which would have been a goldmine for hackers and identity thieves (Shukla, 2011).

In conclusion, Goatse is being made out to be the evil one in the entire media spin on this breach, yet in reality they performed a very valuable service for AT&T and Apple. They in effect completed a thorough audit of their security policies, found them lacking, and made sure the world knew about it. Regardless of their motivations, they at least provided the information to Gawker and put tremendous pressure on AT&T and Apple to actually do what they had led the public to believe they had already done even before the launch of the iPad, which is to deliver a secure user experience (Shukla, 2011). The bottom line is Goatse sees itself as being on a mission to protect consumers, and are a group of professionals who specialize in auditing the security of websites, and now smartphones and tablets. They are on a mission to protect the public from claims of security that may in fact be massive areas of oversight, as AT&T and Apple, in their lack of coordination, show.

2. Argue for or against computer hacking as an ethical corporate strategy for computer security firms.

In arguing in favor of computer hacking as an ethical corporate strategy for computer security firms, the following several points need to be kept in mind. First, hacking is pervasive and the majority of it is originating outside the United States, including Russia, Ukraine, China and throughout Southeast Asia (Dwyer, 2009). The fact is that the best audit tools and techniques for security management of websites, smartphones, and tablet PC operating systems and platforms are evolving too rapidly to attempt to institutionalize them within a company's IT department. The security landscape is evolving so fast that it requires that external security firms concentrate on the latest threats and potential attack strategies and code, and then quickly test them out to evaluate how effective the defenses they have devised are. Without this continual and urgent development of defenses, any security company would over time become obsolete and eventually lose its technological edge. The pure speed that technologies develop with in the global security community necessitates that this approach be taken and continually refined over time (Dwyer, 2009)

Second, in arguing for the development of these advanced tools and the support of computer hacking as an ethical corporate strategy on the part of security firms, the incredibly valuable insights gained from unannounced security audits of corporate sites and accessible resources cannot be overstated (Carr, 2010). Too often corporations will carefully orchestrate their own security audits, and will also in so doing "harden" the outer areas of their systems and Internet-based communications architectures to increase the potential of passing the audit. This is in effect prepping for an audit to ensure compliance rather than truly testing the weakness of the actual system architecture to hackers (Carr, 2010). What these computer security firms do is bring the element of unpredictability and significant sophistication to their attacks, which make it extremely difficult for any corporation to anticipate and plan just for a specific type of threat. In so doing, these security firms catch areas in their hacking efforts that may have been unknown or completely overlooked on the part of the security experts inside the companies. The net result is that these companies now have even greater insight into how best they can manage threats and also being to see how rapidly changing the security landscape is. The case of the Apple iPad breach is a case in point, as the FBI investigation showed that there were significant lapses in how the workflows and security procedures would be used for the iPad launch (Ante, Worthen, 2010). Without the hacking completed by Goatse, it is very likely hackers from third world nations would have certainly found, exploited and eventually caused economic harm to Apple Pad early adopters including the influencers who received the first 100,000 units (Dwyer, 2009).

3. Discuss whether or not Gawker Media acted socially responsible when it reported the security breach before Apple and/or AT&T had responded to the public.

By virtue of the First Amendment, Gawker could do whatever it wanted with the findings. From a socially responsible position, it did do the right thing, because it forces both companies to confront a major lapse in security in the largest and most expensive new product introduction Apple had made in nearly five years (Ante, 2010). A visit to any Apple Store globally at this time showed crowds lingering around tables full of iPads, and many people lined up at cash registers to buy on. Imagine all that customer data being compromised by a hacker or for that matter an entire hacking organization potentially sponsored by a third world government, getting all that transaction data due to the breach being undiscovered. It would have been catastrophic for consumers and would have eventually killed the product if left unchecked. Gawker did the most socially responsible act of all; they made it very public and forced urgency and an apology from both Apple and AT&T. In so doing they most likely saved tens of millions of dollars for consumers of the first iPads that had been compromised.

4. As the AT&T CEO, discuss how you would respond differently to this security breach.

I would first apologize to the AT&T customers and immediately get my best security teams on it. I would also immediately begin random security audits of all AT&T online properties and sites, and write a letter to shareholders and the general public. I would publish the letter as a full page ad in the Wall Street Journal, explaining that security is critical to our ability to serve customers. I would also announce that this had…[continue]

Cite This Research Paper:

"Information Technology IT Security Breaches" (2011, May 28) Retrieved December 8, 2016, from

"Information Technology IT Security Breaches" 28 May 2011. Web.8 December. 2016. <>

"Information Technology IT Security Breaches", 28 May 2011, Accessed.8 December. 2016,

Other Documents Pertaining To This Topic

  • Information Technology IT Security Implementation

    Computer IT Security Implementation Provide a summary of the actual development of your project. Because small corporations have to work under conditions of conflicting information technology in many instances, the requirement of maintaining these systems details entails far too many time-consuming processes that have to be carried out. This allows for the business to work in a logical order and promotes a more logical approach to the making of business decisions. The end

  • Information Technology It Hope to

    Even if the vendor himself were honest, further character requirements should include professionalism, and punctiliousness with his tasks so that damaging errors, abuse, and misuse are not perpetrated due to sloppiness. An example, here, would be the password falling into the wrong hands due to the vendor's negligence in sufficiently protecting it (White Paper, 2004). The vendor, also, has to demonstrate concern for his client's objectives; there have been too many

  • It Security Plan & Implementation

    Second, the specific connection points throughout the network also need to be evaluated for their levels of existing security as well, with the WiFi network audited and tested (Loo, 2008). Third, the Virtual Private Networks (VPNS) and the selection of security protocols needs to be audited (Westcott, 2007) to evaluate the performance of IPSec vs. SSL protocols on overall network performance (Rowan, 2007). Many smaller corporations vacillate between IPSec

  • Information Technology Holds Great Promise for Improving

    Information Technology holds great promise for improving the way a government serves its citizens in various services it conducts to the citizens. This rapid adoption of information technology has produced substantial benefits to the citizens, tax payers, and businesses alike. It is therefore recommended for every particular government to develop digital services to streamline all its operations. One area where governments should enhance its key functions is the establishment of

  • Information Technology Refuting the Claims

    Linux Kernel Analysis Much has been written in praise of the Linux (Crandall, Wu, Chong, 359), (Parnas, 112), (Baliga, Iftode, Chen, 323), and its use of preemptive multitasking memory architectures to manage process control, file management, device management, information maintenance and communications subsystems securely and effectively. The Linux modular design, lack of reliance on Remote Procedure Calls (RPC), and use of UNIX-based system administration all are often cited as factors in how

  • Information Technology Hilcorp Energy Company

    Remote access controls. Network security management. Password policies. Compliance with the policies and procedures of the company is very vital to the organization, and the policies and procedures should be clearly communicated to the appropriate business teams. Intruder: The suggested treatment for the attack by the external intruder such as hacker is to ensure that all communication within the organization is encrypted to deter the unauthorized access to the company data. Moreover, the organization

  • Information Systems & Information Technology

    The company's consistent top line revenue growth also illustrates it has been successful in transforming its supplier network into one that operates more on knowledge, less on purely price or product decisions. As a result the company is capable of competing more at the process level and less at the purely price-driven one (Reese, 2007). In terms of the company's factors for success, the greater opportunities is to move into

Read Full Research Paper
Copyright 2016 . All Rights Reserved