Top 10 Security Nightmares of the Decade

Remember the good old days when you and your PC didn't know what botnets, phishing, and malware were?

Blame the Internet for the latest decade of security lessons. Without it, you probably wouldn't even recognize the terms phishing, cybercrime, data breach, or botnet. Let's revisit the top security horrors of the past ten years, and try to remember what we learned from each.

Top data breaches in the last 12 months

1. Cyberwar

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Blame the Internet for the latest decade of security lessons. Without it, you probably wouldn't even recognize the terms phishing, cybercrime, data breach, or botnet. Let's revisit the top security horrors of the past ten years, and try to remember what we learned from each.

Top data breaches in the last 12 months

1. Cyberwar

What started out small ended up pretty big. Back in February 2000, a Canadian teenager named Mafiaboy used automated floods of incomplete Internet traffic to cause several sites--including Amazon, CNN, Dell, eBay, and Yahoo--to grind to a halt, in what is called a distributed denial of service (DDoS) attack.

Michael Calce, aka Mafiaboy, pleaded guilty to 55 of 66 counts of mischief and was sentenced to eight months detention. Calce later wrote a book about his experience, entitled Mafiaboy: How I Cracked the Internet and Why It's Still Broken. Some experts say that all security threats progress through a cycle that moves from fun to profit to politics, and DDoS attacks were no different: Opportunist criminals next started using DDoS to hold various gambling sites for ransom.

In May 2007, DDoS attacks turned political, with hundreds of online Russian sympathizers blocking Estonian government Websites, all because a World War II memorial had been relocated. The attacks continued through the summer until Computer Emergency Response Teams (CERT) from various nations mitigated them. The following year, Russian organized crime targeted the government of Georgia with a DDoS attack.

While some people think the United States might not be ready for the upcoming cyberwars, experts from CERT are now advising the U.S. government on how better to protect its infrastructure based on the attacks we've seen thus far.

2. Malware Makes Strange Bedfellows

Viruses and worms have always been around, but in the summer of 2001 one aggressive worm threatened to shut down the official White House Website. Code Red, so named because the discoverer was drinking "Code Red" cola from Mountain Dew at the time, warranted an unprecedented joint press conference with the FBI's National Infrastructure Protection Center, the U.S. CERT, the Federal Computer Incident Response Center (FedCIRC), the Information Technology Association of America (ITAA), the SANS Institute, and Microsoft.

Two years later, Microsoft again teamed with the U.S. Secret Service, the FBI, and later Interpol to offer a $250,000 reward for information leading to the arrest of those responsible for SoBig, MSBlast, and other major viruses at the time.

Such public-private cooperation is rare, but it happened again in early 2009 when Conficker was poised to wreak havoc on the Internet at midnight on April 1. That didn't happen, thanks in part to a unique coalition of rival antivirus companies that collaborated with government agencies under the Conficker Working Group name. To this day, this group continues to monitor the worm. Organizations are stronger when they team up against a common enemy, and even security companies can put aside their differences for the common good.

For more PC news, visit PC World. Story copyright PC World Communications, Inc.