Attacks/Breaches
12/21/2012
12:39 PM
50%
50%

10 Biggest Information Security Stories Of 2012

From John McAfee's escape from Belize to the privacy debacle that compromised CIA director Petraeus' career, 2012 had no shortage of security shockers.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
On the information security front, 2012 has featured nonstop takedowns and arrests, breaches and data dumps, and hacktivist-launched distributed denial-of-service (DDoS) attacks.

Early in the year, notably, hackers breached Stratfor, while the FBI arrested alleged Anonymous and LulzSec ringleaders. By year's end, hacktivists were still out in force -- this time supporting Syrian rebels and targeting picket-happy Westboro Baptist Church. In between, there were a plethora of hacks, defacements, leaks, arrests, mass surveillance, privacy violations and numerous other high-profile information security happenings.

Here are the highlights from 2012:

1. Feds Bust Alleged LulzSec, Anonymous Ringleaders.

Hacktivist group LulzSec dominated headlines in 2011 for its 50-day hacking and defacement spree, as well as witty press releases. After those attacks, U.S. and U.K. law enforcement officials began arresting alleged LulzSec participants, many of whom were also accused of participating in attacks launched under the banners of Anonymous and AntiSec. But LulzSec leader Sabu appeared to elude the authorities.

[ Want to read about more 2012 security escapades? See 9 Ways Hacktivists Shocked The World In 2012. ]

That turned out to not be the case, when in March 2012 the FBI arrested a handful of alleged LulzSec and Anonymous leaders -- accused of launching attacks against PBS, Sony, Stratfor and more. Court documents unsealed after those arrests revealed a stunning turn of events, and what many hacktivists would soon label as betrayal. In fact, Sabu -- real name Hector Xavier Monsegur -- had been cooperating with the FBI since being secretly arrested in June 2011. In short order, the former LulzSec leader apparently had helped the bureau identify his alleged former comrades, leading to their arrests.

2. DDoS Attackers Reach New Heights With Bank Attacks.

How do you define a DDoS attack? Many hacktivists label it as a form of online protest, while law enforcement agencies say disrupting websites remains a punishable offense, and have the arrests and convictions to prove it. Regardless, attackers have continued to push DDoS attacks to new levels of packet-overwhelming power, leading security experts to warn that so-called Armageddon attacks -- which disrupt not only a targeted site, but every service provider in between -- might soon become reality.

A glimpse of that new reality has been seen in the DDoS attacks launched by Muslim hacktivists against U.S. banks. After compromising numerous servers with DDoS toolkits, the attackers have been able to overwhelm leading Wall Street firms' websites, despite the attackers revealing in advance which sites they'll target, and when. The bank attacks reveal that with advance planning and a good DDoS toolkit, attackers might soon be able to disrupt any website they choose.

3. Escape From Belize: AV Founder John McAfee Turns Fugitive.

The security-related world turned surreal in November, when eccentric security expert John McAfee, who'd founded and later sold the McAfee antivirus firm, announced that he was on the run from authorities in Belize. McAfee claimed the government was trying to frame him for a murder after he refused to honor its shakedown request.

McAfee's freedom proved short-lived when his location was revealed through an information security error: Journalists traveling with him posted an iPhone snap with McAfee, but failed to remove the GPS coordinates that had been automatically included in the image. Soon, the dual American and British citizen was arrested by Guatemalan authorities, requested asylum, faked a heart attack, had his asylum request refused, and was deported to Miami, where's he's now reportedly laying low.

4. Espionage Malware Is All Around.

What do Stuxnet, Duqu, Flame, Gauss and Mini-Flame all have in common? They're all examples of espionage malware, and they were all designed at least in part by the United States. That conclusion can be drawn because unnamed U.S. government officials this year confirmed that Stuxnet was the product of a U.S. cyber-weapons program.

Because security researchers who studied Stuxnet have found evidence that it's related to Duqu, as well as to Flame and Gauss, it's clear that the United States hasn't shied away from using malware to spy on its opponents. Which means that the opposite, of course, is also likely to be true.

5. Attackers Turn To Wire Transfers.

Malware also has long been a favorite tool of criminals, because they can use it to make money, most often by stealing people's bank credentials and transferring money to dummy accounts, from which money mules withdraw the funds via ATMs. Although such attacks aren't new, the sophistication and success rate of the related malware appears to be on the increase. In September, notably, the FBI, Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center released a joint warning that criminals have been targeting bank account information using "spam and phishing e-mails, keystroke loggers, and remote access trojans (RATs)," as well as variants of the Zeus financial malware. Individual heists have bagged up to $900,000 in one go. U.S. officials have claimed that the Iranian government is sponsoring the attacks.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

CVE-2015-1950
Published: 2015-07-01
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report