Skip Links

The worst security snafus of 2012 - so far

In the first half of this year, mayhem prevailed, from hacker exploits to bad corporate behavior

By , Network World
July 13, 2012 01:03 PM ET

Page 2 of 6

February

Right in the midst of a conference call the FBI was having with its agents and law-enforcement officials overseas at Scotland Yard, cybercriminals hacked their way into the phone conversation, recorded it and posted it online. The conversation was about hackers facing charges in the U.K. The group Anonymous took credit for the intercepted call. The FBI said it appeared likely the cybercriminals may have hacked into a law-enforcement official's email to get the information for the conference call dial-in.

Other February Snafus:

• Brazilian banks were targets for distributed denial-of-service attacks, with massive assaults against HSBC Brazil, Banco da Brasil, Itau Unibanco Multiplo SA and Banco Bradesco SA. Hactivists took credit for the DDoS spree.

• Whistleblowing website Cryptome.org, dedicated to exposing confidential information, was compromised by an intruder that loaded an attack code that tried to launch drive-by exploits at visitors to the site.

• The University of Florida had to notify 719 individuals that their Social Security numbers were improperly stored on a state website operated by the Bureau of Unclaimed Property for more than six years.

• Verizon had to acknowledge the Verizon 4G LTE network was knocked offline again just two months after its last serous outage. The outage on Feb. 22 lasted from about 10 a.m. to 1:20 p.m.

Microsoft's Azure cloud infrastructure and development service experienced a serious worldwide outage on Feb. 29. Microsoft later blamed the outage on a "Leap Year Bug" that was triggered in a key server housing a certificate that had expired on midnight on Feb. 28, and a time-calculation control hadn't taken into account the extra day in the month of February this year.

• Taiwan-based Apple supplier Foxconn was hacked by a hacker group calling itself Swagg Security, apparently in protest related to media reports about poor working conditions at the electronics manufacturer's factories in China. The hackers posted usernames and passwords that they said would allow attackers to place fraudulent orders under other companies' names, including Microsoft, Apple, IBM, Intel and Dell.

• The FBI arrested a computer programmer in New York and charged him with stealing proprietary software code from the Federal Reserve Bank of New York (FRBNY). The software is known as the Government-Wide Accounting and Reporting Program (GWA), which handles all kinds of U.S. government financial transactions, and it cost over $9 million to develop. The accused thief, Bo Zhang, a contract employee at FRBNY, used the GWA code in a private business he ran to train individuals in computer programming. Zhang, a Chinese citizen in the U.S. on a work visa since 2000, is also known as "Bryan Zhang," and in a plea agreement in April he pled guilty to theft of government property, admitting he'd copied the code onto an external hard drive and then transferred the GWA program to a home computer, knowing that was wrong.

March

At least 228,000 Social Security numbers were exposed in a March 30 breach involving a Medicaid server at the Utah Department of Health, according to officials from the Utah Department of Technology Services and Utah Department of Health, which theorized that attacks from Eastern Europe bypassed security controls because of configuration errors. In May, Utah CIO Steven Fletcher resigned because of it.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News