Attacks/Breaches
12/21/2012
12:39 PM
50%
50%

10 Biggest Information Security Stories Of 2012

From John McAfee's escape from Belize to the privacy debacle that compromised CIA director Petraeus' career, 2012 had no shortage of security shockers.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
On the information security front, 2012 has featured nonstop takedowns and arrests, breaches and data dumps, and hacktivist-launched distributed denial-of-service (DDoS) attacks.

Early in the year, notably, hackers breached Stratfor, while the FBI arrested alleged Anonymous and LulzSec ringleaders. By year's end, hacktivists were still out in force -- this time supporting Syrian rebels and targeting picket-happy Westboro Baptist Church. In between, there were a plethora of hacks, defacements, leaks, arrests, mass surveillance, privacy violations and numerous other high-profile information security happenings.

Here are the highlights from 2012:

1. Feds Bust Alleged LulzSec, Anonymous Ringleaders.

Hacktivist group LulzSec dominated headlines in 2011 for its 50-day hacking and defacement spree, as well as witty press releases. After those attacks, U.S. and U.K. law enforcement officials began arresting alleged LulzSec participants, many of whom were also accused of participating in attacks launched under the banners of Anonymous and AntiSec. But LulzSec leader Sabu appeared to elude the authorities.

[ Want to read about more 2012 security escapades? See 9 Ways Hacktivists Shocked The World In 2012. ]

That turned out to not be the case, when in March 2012 the FBI arrested a handful of alleged LulzSec and Anonymous leaders -- accused of launching attacks against PBS, Sony, Stratfor and more. Court documents unsealed after those arrests revealed a stunning turn of events, and what many hacktivists would soon label as betrayal. In fact, Sabu -- real name Hector Xavier Monsegur -- had been cooperating with the FBI since being secretly arrested in June 2011. In short order, the former LulzSec leader apparently had helped the bureau identify his alleged former comrades, leading to their arrests.

2. DDoS Attackers Reach New Heights With Bank Attacks.

How do you define a DDoS attack? Many hacktivists label it as a form of online protest, while law enforcement agencies say disrupting websites remains a punishable offense, and have the arrests and convictions to prove it. Regardless, attackers have continued to push DDoS attacks to new levels of packet-overwhelming power, leading security experts to warn that so-called Armageddon attacks -- which disrupt not only a targeted site, but every service provider in between -- might soon become reality.

A glimpse of that new reality has been seen in the DDoS attacks launched by Muslim hacktivists against U.S. banks. After compromising numerous servers with DDoS toolkits, the attackers have been able to overwhelm leading Wall Street firms' websites, despite the attackers revealing in advance which sites they'll target, and when. The bank attacks reveal that with advance planning and a good DDoS toolkit, attackers might soon be able to disrupt any website they choose.

3. Escape From Belize: AV Founder John McAfee Turns Fugitive.

The security-related world turned surreal in November, when eccentric security expert John McAfee, who'd founded and later sold the McAfee antivirus firm, announced that he was on the run from authorities in Belize. McAfee claimed the government was trying to frame him for a murder after he refused to honor its shakedown request.

McAfee's freedom proved short-lived when his location was revealed through an information security error: Journalists traveling with him posted an iPhone snap with McAfee, but failed to remove the GPS coordinates that had been automatically included in the image. Soon, the dual American and British citizen was arrested by Guatemalan authorities, requested asylum, faked a heart attack, had his asylum request refused, and was deported to Miami, where's he's now reportedly laying low.

4. Espionage Malware Is All Around.

What do Stuxnet, Duqu, Flame, Gauss and Mini-Flame all have in common? They're all examples of espionage malware, and they were all designed at least in part by the United States. That conclusion can be drawn because unnamed U.S. government officials this year confirmed that Stuxnet was the product of a U.S. cyber-weapons program.

Because security researchers who studied Stuxnet have found evidence that it's related to Duqu, as well as to Flame and Gauss, it's clear that the United States hasn't shied away from using malware to spy on its opponents. Which means that the opposite, of course, is also likely to be true.

5. Attackers Turn To Wire Transfers.

Malware also has long been a favorite tool of criminals, because they can use it to make money, most often by stealing people's bank credentials and transferring money to dummy accounts, from which money mules withdraw the funds via ATMs. Although such attacks aren't new, the sophistication and success rate of the related malware appears to be on the increase. In September, notably, the FBI, Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center released a joint warning that criminals have been targeting bank account information using "spam and phishing e-mails, keystroke loggers, and remote access trojans (RATs)," as well as variants of the Zeus financial malware. Individual heists have bagged up to $900,000 in one go. U.S. officials have claimed that the Iranian government is sponsoring the attacks.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.