Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

2012's worst security exploits, fails and blunders

Brad Chacos | Dec. 31, 2012
A fool and his feeble p@$$w0rd are soon rooted, but if 2012 has proven anything, it's that even the most cautious security-minded souls need to double down on their protective practices, and think about the best ways to mitigate damage if the worst happens in our increasingly cloud-connected world.

A fool and his feeble p@$$w0rd are soon rooted, but if 2012 has proven anything, it's that even the most cautious security-minded souls need to double down on their protective practices, and think about the best ways to mitigate damage if the worst happens in our increasingly cloud-connected world.

A solid security toolbox should form the heart of your defense, of course, but you'll also need to consider your basic behavior. For example, a leaked LinkedIn password does little harm if that particular alphanumeric combination only opens the door to that particular account, rather than every social media account you use. Two-factor authentication can stop a breach before it happens. And do your passwords suck?

I'm not trying to scare you. Rather, I'm interested in opening your eyes to the types of precautions that are necessary in the digital age--as evidenced by the biggest security exploits, blunders, and fails of 2012. 'Twas a banner year for the bad guys.

Honan hack attack

The highest profile hack of 2012 didn't involve millions of users or an avalanche of pilfered payment information. No, the security highlight--or is that lowlight?--of 2012 was the epic hacking of a single man: Wired writer Mat Honan.

Over the course of a single hour, hackers gained access to Honan's Amazon account, deleted his Google account, and remotely wiped his trio of Apple devices, culminating in the hackers ultimately achieving their end goal: seizing control of Honan's Twitter handle. Why all the destruction? Because the @mat Twitter handle's three-letter status apparently makes it a highly coveted prize. (The malcontents posted several racist and homophobic tweets before the account was temporarily suspended.)

The devastation was all made possible by security snafus on Honan's end--daisy-chaining critical accounts, a lack of two-factor authentication activation, using the same basic naming scheme across several email accounts--and conflicting account security protocols at Amazon and Apple, which the hackers took advantage of with the help of some good ol' fashioned social engineering.

The scariest part? Most people probably employ the same basic (read: lax) security practices Honan did. Fortunately, PCWorld has already explained how to plug the biggest digital security holes.

The Flame virus

Traced as far back as 2010 but only discovered in May of 2012,the Flame virus bears a striking similarity to the government-sponsored Stuxnet virus, with a complex code base and a primary use as an espionage tool in Middle Eastern countries like Egypt, Syria, Lebanon, Sudan, and (most frequently) Iran.

Once Flame sunk its hooks into a system, it installed modules that could, amongst other things, record Skype conversations or audio of anything happening near the computer, snag screenshots, snoop on network connections, and keep logs of all keypresses and any data entered into input boxes. It's nasty, in other words--and Flame uploaded all the information it collected to command and control servers. Shortly after Kaspersky researchers sussed out Flame's existence, the virus' creators activated a kill command to wipe the software from infected computers.

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.