12/26/2012

FEELING SAFE



Security SNAFU’s

of 2012


The year started off with the FBI raiding the cloud file-sharing and storage Megaupload site, based in Hong Kong and founded by 38-year-old New Zealand resident Kim Dotcom, on content piracy charges to the tune of $175 million. And that action, supported by the U.S industries which hailed it as bringing down a big fish that was devouring their intellectual property, has triggered a year's worth of lawsuits and retributions from all even remotely involved.

For February, right in the midst of a conference call the FBI was having with its agents and law-enforcement officials overseas at Scotland Yard, cybercriminals hacked their way into the phone conversation, recorded it and posted it online. The conversation was about hackers facing charges in the U.K. The group Anonymous took credit for the intercepted call. The FBI said it appeared likely the cybercriminals may have hacked into a law-enforcement official's email to get the information for the conference call dial-in.

Then in March, at least 228,000 Social Security numbers were exposed in a March 30 breach involving a Medicaid server at the Utah Department of Health, according to officials from the Utah Department of Technology Services and Utah Department of Health, which theorized that attacks from Eastern Europe bypassed security controls because of configuration errors. In May, Utah CIO Steven Fletcher resigned because of it.

In April, The Federal Communication Commission fined Google $25,000, asserting the search-engine giant impeded an investigation into how Google collected data while taking photos for its Street View mapping feature. The FCC maintained in a report that Google "deliberately impeded and delayed" the investigation for months by not responding to requests for information and documents.

As far as the month of May was concerned, hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank did not make an extortion payment of $197,000. Elantis confirmed the data breach but said the bank will not give in to extortion threats.

In June, The University of Nebraska in Lincoln acknowledged a data breach that exposed information of more than 654,000 files of personal information on students and employees, plus parents and university alumni. The information was stolen from the Nebraska Student Information Systems database; a student is the suspected culprit.


Now,

let’s take a look

 at the

second half

of the year.


July witnessed Symantec inadvertently crippled a large number of Windows XP machines when it shipped customers a defective update to its antivirus software. The security firm acknowledged the problem that impacted users of its Endpoint Protection software.

In  August, Knight Capital Group said electronic-trading glitches in its system caused wild price swings in dozens of stocks and would likely result in a $440 million loss to the brokerage firm, one of the biggest players in the U.S. stock market. The New York Stock Exchange canceled trades in six stocks that experienced the most pronounced price swings of more than 30% of their opening price one morning.

As far as September was concerned, websites of broadcaster Al Jazeera were knocked offline as its Domain Name Servers were attacked. A group called Al-Rashedon claimed responsibility, displaying a Syrian flag and large red stamp reading "Hack."

In October, typically the month for mischief, hackers again grabbed 300,000 records from Northwest Florida State College computer systems, including names, Social Security numbers and bank routing numbers of students, teachers, staff and retirees, the school disclosed, saying the data breach apparently occurred between May and September, resulting in the identify theft of at least 50 employees.

For November, Twitter sent notices of an attempted hijacking to China-based foreign journalist and analysts just hours before apologizing for resetting the passwords of more users than necessary in a recent break-in of accounts. Twitter provided no details on the hacking but some, including Voice of America, speculated it may have been a censorship crackdown associated with China's Communist Party.

And, so far in December, secret information on counter-terrorism shared among foreign governments may have been compromised in a massive data theft by a senior IT technician for Switzerland's intelligence service, known as the NDB. According to news reports, Swiss authorities said the IT technician, arrested last summer for alleged data theft, apparently downloaded terabytes of classified intelligence material onto portable hard drives, and carried them out in a backpack.  To read about all the SNAFUS


BOY,

DO I NOW

FEEL

REALLY  SAFE!



No comments: