by Matt Liebowitz
Cybercriminals and hackers had a big year in 2011, taking on everyone from Sony and the authentication-token maker RSA to the CIA and even a notorious Mexican drug cartel. During the Arab Spring, the headline-hounding hackers in the LulzSec and Anonymous groups showed just how vulnerable anyone’s online presence is, even that of major governments.
What can we expect in 2012? More of the same, or a dynamic shift in what crooks want? And how will they go about getting it?
It’s too early for the answers, but 2012 has already seen its share of cybercriminal incidents. Starting with the most recent targets, here’s a list of hackers’ most-daring exploits and the data breaches, compromises, data leaks, thefts, threats and privacy invasions that have made this a year to watch.
Feb. 27: Stratfor
WikiLeaks began publishing more than 5 million emails it obtained from the Austin, Texas-based global consulting firm Stratfor. The emails, WikiLeaks said, highlight Stratfor’s dubious financial dealings, global cover-ups as well as coordinated campaigns to subvert WikiLeaks and its founder, Julian Assange. It’s not known exactly how WikiLeaks obtained the emails, but signs point to Anonymous, which hacked Stratfor’s servers late last year and made off with emails and credit card numbers.
Feb. 14: Nortel
Valentine’s Day proved anything but romantic for Nortel, the Canadian telecom company currently in bankruptcy. It turns out that hackers, believed to be operating from China, had been spying on Nortel for at least a decade, the Wall Street Journal reported. Using seven passwords stolen from top executives, the cybercriminals infiltrated Nortel’s servers and downloaded technical papers, research-and-development reports, employee emails, business plans and other confidential data.
Feb. 14: Combined Systems Inc.
Proudly hoisting the hacktivist flag, the ever-present Anonymous hacking network took credit for knocking Combined Systems Inc., a Jamestown, Pa., security company, offline and stealing personal information from its clients. As reported by the Associated Press, Anonymous said it went after Combined Systems, which sells tear gas and other crowd-control devices to law enforcement and military organizations, to protest “war profiteers” and to commemorate the one-year anniversary of the bloody citizen uprising in Bahrain.
Feb. 14: Brazzers.com
A 17-year-old hacker said he tapped into an inactive forum run by the hard-core porn site Brazzers and used it to expose the personal information of more than 350,000 registered users. The site’s parent company, Luxembourg-based Manwin Holding SARL, said no credit-card data had been compromised. The hacker, based in Morocco, said he leaked the information not to embarrass the site’s customers or to make money, but simply to highlight how vulnerable popular websites are. Not surprisingly, the teen hacker said he had aligned himself with the Anonymous movement.
Feb. 10: Central Intelligence Agency
For the second time in less than a year, Anonymous launched a distributed denial-of-service attack that temporarily knocked the website of the Central Intelligence Agency offline. The CIA takedown capped a busy week for the hacktivist pranksters; in 10 days, the group went after Chinese electronics manufacturer Foxconn, American Nazi groups, anti-virus maker Symantec and the office of Syria’s president.
Feb. 8: Office of the Syrian President
During an especially active week of digital daring, Anonymous leaked a cache of emails from Syrian President Bashar Assad’s office, including one particularly candid email in which one of Assad’s media advisers preps him for an interview with Barbara Walters and tells him that the “American psyche can be easily manipulated.”
Feb. 8: Foxconn
With Apple facing worldwide scrutiny over the questionable working conditions at Foxconn, a Chinese company that assembles iPhones and iPads (as well as devices for Dell, Sony, IBM, Microsoft, Samsung and others), it was only a matter of time before hacktivists took up the cause. In this case, it wasn’t Anonymous but a group called Swagg Security (SwaggSec) that struck the first blow, making off with staff email logins and credentials that could allow an attacker to place a fraudulent order.
Feb 7: Hamas
The Israeli hacking group IDF Team launched an attack against a Hamas website, qassam.ps, knocking it offline to protest the site’s anti-Israeli stance. This was not an isolated incident; it was instead the latest strike in a calculated monthlong battle between Israeli and Arab hackers that began Jan. 3, when a Saudi Arabian hacker calling himself 0xOmar posted 15,000 Israeli credit-card numbers.
IDF Team (named for the Israeli Defence Force, in which most Israeli Jews must serve), quickly retaliated by stealing and posting Arabs’ credit-card credentials. This back-and-forth continued; on Jan. 16, 0xOmar and his crew, calling themselves first “Group XP” and then “Nightmare,” disrupted the Tel Aviv Stock Exchange, Israel’s El Al Airlines and two major Israeli banks. Two days later, IDF Team hit the Saudi Stock Exchange and the Abu Dhabi Securities Exchange.
Feb. 6. Symantec
A shadowy hacker, critical source code from a respected industry titan, an extortion plot and an attempted sting operation by law enforcement — it had all the makings of a big-screen espionage thriller, but this cybercrime incident was real.
The hacker, calling himself “YamaTough,” posted the source code to Symantec’s pcAnywhere software, a flagship product that allows customers to access remote PCs. The leak came after YamaTough lost patience with what appeared to be a backroom ransom deal— actually a stall by a law-enforcement agent posing as a Symantec employee.
The ransom talks began Jan. 18; in the discussions, which were also leaked, the agent calling himself “Sam Thomas” said Symantec would pay YamaTough $50,000 not to release the source code. On the night of Feb. 6, YamaTough, frustrated with Symantec’s stalling, gave up talking and posted the source code to The Pirate Bay.
Feb. 3: Scotland Yard and the FBI
Anonymous’ sects and supporters are familiar with the long arm of the law. Cops have busted several high-ranking Anonymous-affiliated hackers, including Ryan Cleary, a British teen charged with launching denial-of-service attacks against major British and U.S. targets. It probably didn’t please Scotland Yard and FBI agents, though, when Anonymous intercepted and posted the audio from a 17-minute conference call the two law enforcement agencies had scheduled to discuss — what else — plans to track down and prosecute Anonymous hackers.
Jan. 28: American Nazi Party
Anonymous does not stand for hate speech. To prove it, hackers from the group defaced and took down the website of the American Nazi Party as well as a white supremacist site, Whitehonor. The attacks were part of Anonymous’ “Operation Blitzkrieg” campaign, which started in early January with attacks against several German neo-Nazi and extremist groups. Anonymous also set up Nazi-Leaks, a Wikileaks-style website on which hackers posted the names and email addresses taken from German and American white-supremacist online groups.
Jan. 23: OnGuardOnline
In yet another protest against the controversial Stop Online Piracy Act (SOPA), Anonymous took down OnGuardOnline.gov, the U.S. government’s website for providing cybersecurity guidance. Prior to the takedown, Anonymous defaced the site with a message threatening to destroy dozens of government and corporate websites if SOPA was passed.
Jan.19-23: Megaupload enemies (CBS, Polish government, Universal Music, DOJ)
Hackers from Anonymous lashed out in grand fashion for several days to show their disdain for the government’s crackdown on file-sharing site Megaupload and the arrest of its eccentric founder, Kim Dotcom. This stretch of four days was especially busy, as the hacktivists launched attacks against the websites of the Department of Justice, the FBI, CBS.com, Universal Music, the Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA), and pop star Rihanna’s website.
Other websites that felt Anonymous’ wrath in the wake of the Megaupload bust included the French media conglomerate Vivendi, the official website of the French government, and several Polish government websites, hacked to protest Polish President Bronislaw Komorowski’s support of Europe’s equivalent of SOPA, the Anti-Counterfeiting Trade Agreement (ACTA). Click here to read the wild tale of Megaupload and its founder, and what happened when cops busted down the doors to the company’s New Zealand headquarters.
Jan. 16: Zappos
Cybercriminals kicked off a busy 2012 by breaking into online shoe retailer Zappos and compromising the personal data of 24 million customers. The massive data breach potentially exposed customers’ names, email addresses, billing and shipping addressees, phone numbers and the last four digits of their credit cards. Nobody’s full credit card data or was stolen in the hack.
Jan 13: Recipient of Nigerian Email
You’ve probably received a Nigerian scam email; they usually tell you you’re eligible to collect some ludicrous amount of money from a deceased relative you didn’t know you had — because you don’t — and all you have to do to set the process of becoming a multimillionaire in motion is wire over some cash. These are easy enough to avoid and laugh at, but not to a South Korean man and his daughter who had a frightening encounter. The 65-year-old man flew to South Africa with his daughter to collect what he thought was a multimillion-dollar fortune, and when he landed at the airport in Johannesburg, he was kidnapped and held hostage in a home by a Nigerian gang demanding a $10 million ransom. Police raided the home after a four-day standoff and nobody was harmed.
Jan. 10: Smart Electric Meters
This one wasn’t a specific incident, but rather a revelation that could lead to many cybercrimes. Researchers at a German cybersecurity conference discovered that the smart meter devices belonging to Discovergy, a major German provider of smart meters — devices used to provide utility companies with accurate data for controlling a home’s power usage — transmitted unencrypted data from the home devices back to the company’s servers over an insecure link. Analyzing this transmission, and the fingerprint of power usage it provided, the researchers were able to determine whether or not the homeowners were home, away or even sleeping.
Jan. 6: Japan Aerospace Exploration Agency
A computer virus compromised a data terminal at the Japan Aerospace Exploration Agency (JAXA), causing a leak of potentially confidential and sensitive information. Officials found the malware on the computer of a JAXA employee who worked on the H-2 Transfer Vehicle, an unmanned vessel that shuttles cargo to the International Space Station.
