Goatse Security firm possible objectives when they hacked into AT&T’s Website
When Goatse security firm hacked AT&T website, their action was not malicious, the company did not intend to harm the image of AT&T. A member of Goatse security noted that, there was absolutely nothing wrong with their action. He further asserted that their access was authorized and legal. Though he admits that they did not directly contact AT&T after they had identified the problem; but they made sure that AT& T was informed of the potential security threat. Goatse also claimed that they sealed the security hole before the danger was published in the media. The company also noted that some of the sensitive information including clients’ personal information collected from the site was destroyed. Furthermore, the company denied allegations that they were not paid by Gawker, a media company which was the first to broadcast the issue.
Goatse security further claimed that they on basis of public interest. The American people had a right to know the status of the security of their personal information. It was very important to disclose this problem so that the users of iPad 3G had the right to know the status of their email addresses, their email addresses were a likely public knowledge and if need be, they take necessary steps in trying to find a solution to this problem even if it meant changing their email addresses. A member of Goatse security went on to say that corporate breaches should not be hid from the public, sooner or later, they were to find out and that they have been exploited.
He also claims that all data obtained from a public server, that is not password protected can be accessed by anyone, penetrated or invaded by anyone. The company also credited itself by bringing to light that iPads are now secure because of their effort. Goatse claimed that their disclosure was a service to the American people and they did exploit the situation. Goatse also claimed that AT&T had plenty of time to notify the public before they disclosed this breach but they failed to do so. Post-patch disclosure should be urgent, should be done within one hour of notification.
On the other hand, the AT&T claimed that Goatse’s action was an act of malice, pure witch hunting. AT&T then apologized to its customers and painted Goatse security negatively. However, some commentators claimed that AT& T move was dangerous and could backfire in the perception game. In their statement to the media, AT & T apology looked hollow and shallow.
Computer hacking as an ethical corporate strategy for computer security firms
Computer hacking is not an ethical corporate strategy as it may harm the cordial relationship between companies. As in this case, the hacking incident did hurt the already burdened relationship between AT&T and Apple. In as much as the most affected were the AT&T subscribers. Apple has the responsibility of guaranteeing its users that their email messages were safe from hackers, since the subscribers provide the company with their email addresses for activation of their iPads. Adding to the deteriorating relationship between AT&T and Apple, this violation will scare the potential iPad customers as well as AT & T subscribers. The incident occurred at a critical and premature moment, just when the tablet was in its initial sales circle. The market trend had indicated that the tablet was a profitable venture. With earlier accusation from its customers for bad service, this could be detrimental for AT&T with regard to its sales.
This act has also generated mistrust between the two companies, AT&T cannot fully trust the products of Apple, yet AT & T was accused of failing to seal the vulnerability hole. This compromise can affect future business between the two companies and the telecommunications industry as a whole. Few days after the news, The New York Times emailed its staff members to turn off their access to the 3G network on their iPad until there was clarification from AT & T.
Gawker Media responsibility/irresponsibility when it reported the security breach before Apple and/or AT&T had responded to the public
It is apparent that, corporate strategy affects corporate social responsibility in a number of ways. There are six strategic dimensions of corporate social responsibilities and tragedies to be considered. These are: Firm mission, Strategic issues, Markets, Customer needs, Resources; and Competitive advantage. These dimensions are influenced by the social aspects to a different aspect in each of them. For example, trying to satisfy customer’s needs has to be in tandem with fulfilling a social responsibility objective (Kurtz, 2010). In order to find the best strategy using CSR, the company should use the following remedies to achieve long term goals:
- Establish a responsible culture, holding everyone accountable for their deeds including the top managers.
- Championing for ethics and morals.
- Dropping offers to violate or discredit ethics and social responsibilities.
Externally, firms should consider strategies that will earn a good public image. This include having a good public image of being a socially responsible company in order to win customer’s loyalty and creating an environment within which social responsibility is obliged such as supporting the local community to live up to a better society.
With these factors in mind, one cannot agree with the action taken by Gawker Media to publish a report before AT&T and Apple made a public report. Gawker should have considered the social impact of the decision, like the anxiety it caused, whether it added value to the firm’s competitiveness. But according to Gilbert (1986), Gawker broke the second commandment of moral requirements, Consultation. “Thou shall consult stockholders in cases of morally significant decisions”. The management of the company should have made significant consultations with the owners of the company. The company further broke the seventh commandment; “Thou shall not commit externalities”. Reporting the incident before AT&T or Apple caused negative externalities to many firms not only in the industry but the entire economy (Gilbert, 1986).
As AT&T CEO, discuss how you would respond differently to this security breach
The first step would be to send a message to the media apologizing for the breach and trying to downplay the impact on our customers and potential customers.
The public message should take into consideration the consequence of the breach on the potential customers and what the consequences would be. In addition, the company should advice its subscribers accordingly on the safety measures being taken to guarantee safety in the future. Customers should also be cautioned on the vulnerable areas and which they should not do using the device. The company could also prepare for other safety alternatives while they are still working on the problem and if possible to advice customer to change their email addresses (Cabinet Office, 2009).
Furthermore, customers should be informed of the location of existing and newly created help centers. Another important step would be to involve all stakeholders accordingly and to ensuring that communications are robust and fit for purpose. The main idea here is to brief all stakeholders accordingly on the history of measures being taken as well as the progress. Customers should be assured that the risk is not exacerbating and that the breach is being sealed in a timely manner.
References
Cabinet Office (2009), Warning and Informing the Public, ‘Guidance on Reservoir Emergencies’, UK
Gilbert, D. R. (1986). “Corporate Strategy and ethics.”Journal of business ethics, vol. 5, no. 2, pp. 137-150.
Kurtz, D. (2010). Contemporary business: 2011 custom edition (13th ed.). Hoboken, NJ: John Wiley & Sons.