Worst security snafus of 2012, part 2

2012 opened with hacks and data breaches, and the second half of the year saw Symantec's antivirus update mess and attacks from Anonymous

1 2 Page 2
Page 2 of 2

• A crippling series of distributed denial-of-service attacks over the course of the month struck the websites of about a dozen U.S.-based banks, including Bank of America, Wells Fargo and JP Morgan Chase, effectively cutting online bank customers off from their services for extended periods. Some U.S. authorities, including Defense Secretary Leon Panetta, openly accused Iran of being behind the cyberattacks, though no specific evidence has yet been made public and Iran rejected the charges.

• Barnes & Noble, emphasizing its working with the FBI on the case, disclosed a data breach associated with compromised PIN pad devices used in some stores located in California, Florida, Illinois, Massachusetts, New Jersey, Pennsylvania and Rhode Island may have resulted in an unspecified amount of fraud against shoppers there.

• Amazon Web Services storage service, known as Elastic Block Storage, experienced performance degradation that resulted in some downtime for certain sites, including social-media site Reddit and photo-sharing site Imgur, among others.

• A 20-year-old Arizona man, Raynaldo Rivera of Tempe, arrested in August by FBI agents, pled guilty in a California court to intentionally causing damage to the website of Sony Pictures Entertainment in an attack carried out in May 2011. A former member of the hacker group Lulzsec, Rivera also admitted to launching a SQL injection attack against sonypictures.com that allowed him to extract confidential and personal information from the website's database, which was published online. The plea agreement noted this had resulted in losses of about $605,000 to Sony to cope with the attack, including computer forensics and staff call centers and credit monitoring for individuals whose personal information was compromised. In exchange for his guilty plea, Rivera, though facing 15 years in prison, could get a reduced sentence, with that decision expected to be determined at a hearing scheduled for March 14, 2013.

• Twitter sent notices of an attempted hijacking to China-based foreign journalist and analysts just hours before apologizing for resetting the passwords of more users than necessary in a recent break-in of accounts. Twitter provided no details on the hacking but some, including Voice of America, speculated it may have been a censorship crackdown associated with China's Communist Party.

• Until it made changes that were needed to fix the problem, Skype temporarily disabled the account password reset option on its website after reports surfaced that this feature can be abuse to hijack Skype accounts if the attackers know the email addresses associated with them.

• NASA disclosed how a stolen laptop taken Oct. 31 from a locked car contained "personally identifiable information" on a large number of NASA employees. Although password-protected, the laptop didn't have whole-disk encryption, according to the email to NASA employees from Associate Deputy Administrator Richard Keegan, who gave orders to ramp up disk encryption at once.

• The hacktivist collective Anonymous inserted its own online firepower into the raging battle between Hamas in Gaza and Israel, which traded rocket bombardments for several days prior to a cease fire. Coming out on the side of what it said were the "innocent people of Gaza," Anonymous started its so-called "Operation Israel" campaign by organizing attacks on Israel Defense Forces, the Prime Minister's Office, Israeli banks, airlines, media outlets and security companies.

• Hackers compromised two servers used by the FreeBSD Project to build third-party software packages, and the project's team warned that anyone who has installed such packages since Sept. 19 should completely reinstall their machines.

• E-commerce giant eBay fixed two vulnerabilities in its U.S. website, a critical SQL injection hole that gave potential attackers unauthorized read and write access to one of the company's databases, and a cross-site scripting vulnerability that could have been exploited to steal other eBay users' access credentials.

• Criminals managed to hack the DNS records of an unknown number of GoDaddy-hosted websites, inserting ransomware and hacking the DNS records of the site. GoDaddy said its own DNS management systems were not compromised and said the attacks were likely caused by phishing attacks on the victims or other exploits and recommended U.S. and Canada-based customers "enable 2-Step Authentication to help protect their accounts."

• Printers manufactured by Samsung have a backdoor administrator account hardcoded in their firmware that could enable attackers to change their configuration, read their network information or stored credentials and access sensitive information passed to them by users, the U.S. Computer Emergency readiness Team (US-CERT) said in a security advisory. "Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices," US-CERT stated.

• Secret information on counter-terrorism shared among foreign governments may have been compromised in a massive data theft by a senior IT technician for Switzerland's intelligence service, known as the NDB. According to news reports, Swiss authorities said the IT technician, arrested last summer for alleged data theft, apparently downloaded terabytes of classified intelligence material onto portable hard drives, and carried them out in a backpack. Authorities aren't sure if he tried to sell this classified information or pass it on, but they describe the suspect, whose name hasn't been released yet, as a "very talented" technician who had "administrator rights" that granted him access to vast government resources. They think he may have been "disgruntled" because his advice on operating the network "wasn't being taken seriously."

• Retired Adm. Mike Mullen, who keeps an office at the Naval Institute, is cooperating in an investigation undertaken by the FBI that involves suspected foreign cyber-espionage on his computer, according to The Wall Street Journal.

• The International Telecommunication Union's meeting in Dubai to discuss its role in the Internet was disrupted by hactivist group Anonymous, which attacked an ITU server and cut off access to information the group made available for the meeting. Anonymous said it instructed its adherents to attack the website because it opposes the ITU, the United Nations standards-setting body for global telecom, from taking any control over Internet regulation.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.

This story, "Worst security snafus of 2012, part 2" was originally published by Network World.


Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2