Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

2011's biggest security snafus

Ellen Messmer | Dec. 2, 2011
Perhaps it was an omen of what was to come when the city of San Francisco on New Year's Eve 2010 couldn't get a backup system running in its Emergency Operations Center because no one knew the password.

- The once-obscure marketing firm Epsilon in April disclosed a hacker had stolen an estimated 2% of the customer names and addresses of its client base, impacting Walgreens, Best Buy, Citibank, JPMorgan Chase, Kroger's supermarket chain and more.

- When a string of SSL digital certificate providers, including Comodo, DigiNotar and GlobalSign, were breached, some of them allegedly by a 21-year-old Iranian student calling himself "Comodohacker," the fallout included the creation of a fake Google certificate (since revoked) that allowed the attacker to capture login details of a person's Gmail account without a warning from the victim's browser the site might not really be Google. DigiNotar, owned by Dutch-based Vasco Security Systems, went bankrupt as a result of the hack, especially after the Dutch government banned use of DigiNotar certificates.

- U.S. government research labs, long a target for attack, were hit, with Oak Ridge National Laboratory in Tennessee forced to shut down its email and Internet access in April following a cyberattack in which phishing email was sent to some 573 lab employees. The Department of Energy's Pacific Northwest Laboratory also shut down email and Internet connectivity after a similar type of spear-phishing attack in the summer.

- In June, Citigroup acknowledged that hackers broke in and managed to steal credit-card numbers from about 360,000 affected clients. The fraud loss: $2.7 million.

- The Texas State Comptroller's Office fired its heads of information security and of innovation and technology after an inadvertent data leak that exposed Social Security numbers and other personal information on more than 3.2 million people in the state.

- In November, a flood of porn -- like photoshopped images of Justin Bieber in unmentionable acts -- hit Facebook in what's believed to be a "clickjacking exploit" against users. Facebook got to cleaning it up.

- Romanian authorities arrested a 26-year-old hacker accused of breaking into multiple NASA servers and causing $500,000 in damages to the U.S. space agency's systems. Robert Butyka, said to use the handle "Iceman," is expected to be tried in Romania.

Who's minding the app stores?

It was something of a shock when Google in March was forced to yank down about 50 Android apps from its Android Market after finding out they were actually malicious applications. Dubbed the DroidDream malware episode, it was far worse than anything that had hit Google Android Market before.

Big year for Anonymous

Last but hardly the least, 2011 was a banner year for the shadowy hactivist collective Anonymous, which generally targets business and government organizations around the world whose practices are despised for one reason or another, typically by hacking into networks to steal data and post it, or launching attacks to take sites offline. In addition to the high-profile attack last winter against security firm HBGary, which was trying to track the hacker group, Anonymous is believed to have led attacks on Koch Industries, Bank of America and NATO, plus what ended up being a weak DDoS attack on the New York Stock Exchange. Anonymous played a role in spurring on the Occupy Wall Street movement demonstrations around the world, not to mention San Francisco's "Operation Bart." 


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.