Skip Links

The worst security snafus of 2012 - so far

In the first half of this year, mayhem prevailed, from hacker exploits to bad corporate behavior

By , Network World
July 13, 2012 01:03 PM ET

Network World - Could things really be this bad? From the embarrassing hack of a conversation between the FBI and Scotland Yard to a plethora of data breaches, security snafus have ruled the first half of 2012. Here's a look at some of the worst snafus month-by-month.

MORE: Worst Data Breaches of 2012 -- So Far

January

The year started off with the FBI raiding the cloud file-sharing and storage Megaupload site, based in Hong Kong and founded by 38-year-old New Zealand resident Kim Dotcom, on content piracy charges to the tune of $175 million. And that action, supported by the U.S industries which hailed it as bringing down a big fish that was devouring their intellectual property, has triggered a year's worth of lawsuits and retributions from all even remotely involved. It turned confrontational when outraged users of Megaupload were invited by hactivist group Anonymous to attack law enforcement and industry websites supporting the raid by downloading do-it-yourself denial-of-service software such as Slowloris.

But by March it was apparent some of this DoS advice came from hackers who were merely tricking users into downloading Trojan software, such as Zeus, from infected links. Another twist: A New Zealand judge in March ruled an order granted to law enforcement allowing them to seize luxury cars and other personal effects of Dotcom is invalid mainly because the local police commissioner applied for the wrong type of seizure order that was requested by the U.S. That ruling mean Dotcom has a chance to get back some of his enormous bling, like his Rolls-Royce and pink Cadillac, seized during his arrest at his mansion outside Auckland. But of course, attorneys for the U.S. are arguing otherwise,. Dotcom, free on bail but subject to electronic monitoring, is expected to undergo extradition proceedings in August.

Other January Snafus:

• Online retailer Zappos disclosed hackers had likely broken into its network and stolen information on Zappos.com customers, including name, address, billing and shipping address, phone number and the last four digits of credit-card numbers and cryptographically scrambled passwords stored in hash form. Zappos informed customers all passwords were expired and customers should create a new one.

• Researchers from Seculert discovered what they say is a botnet command-and-control server holding 45,000 login credentials Facebook users exploited by a pervasive worm, Ramnit, infecting Windows and designed to infect computers and steal social networking usernames and passwords.

• Source code used in older Symantec enterprise security products, Symantec Endpoint Protection 11.0 and Symantec AntiVirus 10.2, as well as older versions of pcAnywhere and Norton Internet Security, was exposed online by hackers calling themselves Lords of Dharmaraja with a leader named Yama Tough in Mumbai. The gang claimed to obtain the code from a third-party associated with the Indian military. Symantec, acknowledging the authenticity of the source code, also said the security firm had been subject to the hackers vainly trying to extract an extortion payment of about $50,000 in exchange for not posting the stolen code. Symantec engaged in a cat-and-mouse game to catch them, with help from law enforcement -- but so far without apparent success. Symantec said it isn't certain where the hackers obtained the stolen cache of source code, and the security incident did prompt Symantec to devise security patches it advised some customers using older software to apply, with additional outreach to customers around the incident related to the stolen source code.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News