10 Biggest Information Security Stories Of 2012

  /     /     /  
Publicated : 22/11/2024   Category : security


10 Biggest Information Security Stories Of 2012


From John McAfees escape from Belize to the privacy debacle that compromised CIA director Petraeus career, 2012 had no shortage of security shockers.



Who Is Hacking U.S. Banks? 8 Facts (click image for larger view and for slideshow)
On the information security front, 2012 has featured nonstop takedowns and arrests, breaches and data dumps, and hacktivist-launched distributed denial-of-service (DDoS) attacks.
Early in the year, notably, hackers
breached Stratfor
, while the FBI arrested alleged Anonymous and LulzSec ringleaders. By years end, hacktivists were still out in force -- this time supporting Syrian rebels and
targeting picket-happy Westboro Baptist Church
. In between, there were a plethora of hacks, defacements, leaks, arrests, mass surveillance, privacy violations and numerous other high-profile information security happenings.
Here are the highlights from 2012:
1. Feds Bust Alleged LulzSec, Anonymous Ringleaders.
Hacktivist group LulzSec dominated headlines in 2011 for its 50-day hacking and defacement spree, as well as witty press releases. After those attacks, U.S. and U.K. law enforcement officials
began arresting alleged LulzSec participants
, many of whom were also accused of participating in attacks launched under the banners of Anonymous and AntiSec. But LulzSec leader Sabu appeared to elude the authorities.
[ Want to read about more 2012 security escapades? See
9 Ways Hacktivists Shocked The World In 2012
. ]
That turned out to not be the case, when in March 2012 the FBI arrested a handful of alleged LulzSec and Anonymous leaders -- accused of launching attacks against
PBS, Sony, Stratfor
and more. Court documents unsealed after those arrests revealed a stunning turn of events, and what many hacktivists would soon label as betrayal. In fact, Sabu -- real name Hector Xavier Monsegur -- had been cooperating with the FBI since being secretly arrested in June 2011. In short order, the former LulzSec leader apparently had helped the bureau identify his alleged former comrades, leading to their arrests.
2. DDoS Attackers Reach New Heights With Bank Attacks.
How do you define a DDoS attack? Many hacktivists label it as a form of online protest, while law enforcement agencies say disrupting websites remains a punishable offense, and have the arrests and convictions to prove it. Regardless, attackers have continued to push DDoS attacks to new levels of packet-overwhelming power, leading security experts to warn that so-called
Armageddon attacks
-- which disrupt not only a targeted site, but every service provider in between -- might soon become reality.
A glimpse of that new reality has been seen in the DDoS attacks launched by Muslim hacktivists against U.S. banks. After compromising numerous servers with DDoS toolkits, the attackers have been able to
overwhelm leading Wall Street firms websites
, despite the attackers revealing in advance which sites theyll target, and when. The bank attacks reveal that with advance planning and a good DDoS toolkit, attackers might soon be able to disrupt any website they choose.
3. Escape From Belize: AV Founder John McAfee Turns Fugitive.
The security-related world turned surreal in November, when eccentric security expert John McAfee, whod founded and later sold the McAfee antivirus firm, announced that he was on the run from
authorities in Belize
. McAfee claimed the government was trying to frame him for a murder after he refused to honor its shakedown request.
McAfees freedom proved short-lived when his
location was revealed
through an information security error: Journalists traveling with him posted an iPhone snap with McAfee, but failed to remove the GPS coordinates that had been automatically included in the image. Soon, the dual American and British citizen was
arrested by Guatemalan authorities
, requested asylum, faked a heart attack, had his asylum request refused, and was
deported to Miami
, wheres hes now reportedly
laying low
.
4. Espionage Malware Is All Around.
What do Stuxnet, Duqu, Flame,
Gauss
and Mini-Flame all have in common? Theyre all examples of espionage malware, and they were all designed at least in part by the United States. That conclusion can be drawn because unnamed U.S. government officials this year confirmed that
Stuxnet was the product of a U.S. cyber-weapons program
.
Because security researchers who studied Stuxnet have found
evidence that its related to Duqu
, as well as
to Flame
and Gauss, its clear that the United States hasnt shied away from using malware to spy on its opponents. Which means that the opposite, of course, is also likely to be true.
5. Attackers Turn To Wire Transfers.
Malware also has long been a favorite tool of criminals, because they can use it to make money, most often by stealing peoples bank credentials and transferring money to dummy accounts, from which
money mules withdraw the funds
via ATMs. Although such attacks arent new, the sophistication and success rate of the related malware appears to be on the increase. In September, notably, the FBI, Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center
released a joint warning
that criminals have been targeting bank account information using spam and phishing e-mails, keystroke loggers, and remote access trojans (RATs), as well as variants of the Zeus financial malware. Individual heists have bagged up to $900,000 in one go. U.S. officials have claimed that the Iranian government is sponsoring the attacks.
6. Privacy Bill Of Rights Lacks Force Of Law.
Earlier this year, the White House unveiled a pioneering
Consumer Privacy Bill of Rights
, building on FTC recommendations for increasing the transparency of how businesses use peoples personal information. Unfortunately, because the bill of rights hasnt been passed by Congress and become law, the White House has to encourage businesses to say theyll voluntarily abide by the recommendations.
Also this year, Californias attorney general began requiring that all mobile apps distributed to its residents -- and thus, really, any U.S. resident -- would need to
contain clear privacy policies
, or be in breach of California law. Later in the year, California carried through by warning and then
suing Delta Airlines
for failing to offer a privacy policy for its mobile apps.
Beyond the White House and California, however, the body thats most notably been absent from advancing consumer privacy protections has been Congress, which has so far failed to pass any laws aimed at protecting peoples online privacy.
7. How Girlfriends Stop Hackers.
What stops hackers from hacking? Simple: Jobs, relationships, children and other adult responsibilities. Some readers, perhaps not making it past the related story headline --
One Secret That Stops Hackers: Girlfriends
-- took offense at the suggestion that more hackers need girlfriends. Others suggested that the actual cost of procuring girlfriends for hackers might prove exorbitant, while other respondents reported that yes, in fact theyd
dropped hacking because theyd gotten a girlfriend
.
Based on research conducted by online psychology expert Grainne Kirwan, who lectures at Irelands Dun Laoghaire Institute of Art, Design and Technology, as do other criminals most law-breaking hackers simply age out of their life of crime after getting more responsibilities. But even with that knowledge, the next step toward preventing more teenagers from breaking the law by hacking remains an open question.
8. Revealed: Outsourced Brokerage Firm IT Meltdown.
Although the
downfall of brokerage firm GunnAllen
occurred in 2010, its demise arguably began a decade before, when one broker began running Ponzi schemes, followed by another concocting a trade allocation scheme that routed profits from profitable picks to his wife. But the firms demise could also be glimpsed by the manner in which the firms executives outsourced all IT responsibilities for at least several years to the Revere Group, and never looked back.
But former Revere employees revealed this year that numerous IT errors had remained unreported to regulators, and perhaps even GunnAllen management. Among other incidents, network traffic-handling trades were routed through a home network; unencrypted lost laptops remained unreported to regulators; and a rogue engineer apparently was sabotaging equipment and playing hero by fixing it. Also notable was the fact that the missteps remained undetected by regulators.
9. Designerware PC Rental Surveillance Tool Revealed.
Consumers who buy rent-to-own PCs, beware: A judge has ruled that its okay to spy on you and your children. That fact emerged during a court case against software developer Designerware, as well as multiple rent-to-own businesses that used the companys software for loss prevention purposes. Although many of the businesses claimed they only used the software to recover laptops from people who missed payments, former employees told a court that rent-to-own managers and employees regularly used the software to remotely activate webcams and spy on peoples intimate activities.
Those revelations led to FTC charges, which in September both DesignerWare and seven rent-to-own businesses
agreed to settle
, although Floridas attorney general
launched her own investigation
. Meanwhile, Designerwares two principals declared bankruptcy after seeing their court costs mount -- so some related privacy justice, while delayed, does seem to finally have been served.
10. FBI Investigation Snares CIA Director Petraeus.
Consumer advocates have long maintained that the privacy protections afforded to Americans, and their personal data, remain sorely lacking. Perhaps the best illustration to date of peoples poor privacy rights arrived in November via an FBI agent outing an affair between the director of the CIA, David Petraeus, and his biographer, Paula Broadwell.
Petraeus career was undone
by Broadwell sending anonymous emails of an allegedly threatening nature to Jill Kelly, a friend of Petraeus whom Broadwell viewed as a rival. Kelly showed the emails to an FBI agent, who alerted the bureaus cybercrime investigators, who traced them back to the sender, in part via a
Gmail account Broadwell shared with Petraeus
to coordinate their affair.
After the bureau found no evidence of wrongdoing that it wished to prosecute, the FBI agent friend of Kelly suspected that the White House was covering up the incident, and so leaked details to Rep. Dave Reichert (R-Wash.), who took it to Rep. Eric Cantor, the GOP majority leader, who -- not knowing that the FBI had dropped the investigation -- took the information to Petraeus boss, James Clapper, the director of national intelligence. Clapper told Petraeus to resign. One upside from the case is that the ease with which Petraeus affair was discovered and his career apparently wrecked has finally driven more members of Congress to weigh better consumer privacy protections for all.
Recent breaches have tarnished digital certificates, the Web security technology. The new, all-digital
Digital Certificates
issue of Dark Reading gives five reasons to keep it going. (Free registration required.)

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
10 Biggest Information Security Stories Of 2012