Skip Links

The worst security snafus of 2012 - so far

In the first half of this year, mayhem prevailed, from hacker exploits to bad corporate behavior

By , Network World
July 13, 2012 01:03 PM ET

Page 3 of 6

Other March snafus:

• The Vatican found its websites and internal email servers subject to a weeklong attack after the Anonymous collective said it was felt justified in this by the fact that the Vatican Radio System has powerful transmitters in the countryside outside Rome that allegedly constituted a health risk, including supposedly "leukemia and cancer," to people living in the vicinity. Another justification given were claims the Vatican allegedly helped the Nazis, destroyed books of historic value and that the clergy sexually molested children.

• Hackers in the LulzSec group associated with the broader Anonymous movement found the tables turned when they were arrested by the FBI and European law-enforcement agencies -- and it was LulzSec leader Hector Xavier Monsegur, alias "Sabu," who turned in his friends as part of a deal to work as a stooge for the FBI after being arrested in New York City last year.

• By the end of March, LulzSec claimed to be "reborn" and took credit for hacking a dating website for military personnel, MilitarySingles.com, leaking more than 160,000 account details from its database.

• Dutch police arrested a 17-year-old suspected of compromising the account data on hundreds of servers belonging to telecommunications operator KPN. The teenager, arrested in the Dutch town of Barendrecht, "made a confession," according to Dutch authorities. In the wake of the hacking spree, KPN said it would appoint a chief security officer and set up a permanent control center to monitor its systems.

• A flaw was discovered in Barclays contactless bank cards that could allow customers' data to be stolen and used fraudulently with them knowing about it, according to an investigation by ViaForensics in conjunction with Channel 4 News. But Barclays dismissed the claims as inaccurate.

• Security firms knew there was trouble when Kaspersky Lab identified code-signed Trojan malware dubbed Mediyes that had been signed with a digital certificate owned by Swiss firm Compavi AG and issued by Symantec. Symantec said it found out that the digital certificate's private key held by Compavi had indeed been stolen; whether by an insider or an outside attacker wasn't known.

• A security firm based in Slovakia, ESET, asserted a website operated by the country of Georgia has been used as part of a botnet to conduct cyber-espionage against that country's residents. But ESET researchers admitted they aren't sure whether the Win32/Georbot they have been monitoring is being directly operated by the Georgian government or by cyber-spies through a compromised Georgian agency.

April

The Federal Communication Commission fined Google $25,000, asserting the search-engine giant impeded an investigation into how Google collected data while taking photos for its Street View mapping feature. The FCC maintained in a report that Google "deliberately impeded and delayed" the investigation for months by not responding to requests for information and documents. But the FCC also said it won't take action against Google over its data collection because it still has questions it wants answered. The FCC had subpoenaed an unnamed Google engineer -- now known to be Marius Milner -- but he had apparently declined to testify, invoking his Fifth Amendment rights against incriminating himself.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News