The biggest security snafus of 2013 (so far)

From Verizon FIOS hack to the National Security Agency debacle, it's been one busy year in the security snafu arena

1 2 3 Page 3
Page 3 of 3

- In London, four British men associated with the LulzSec hacker group received prison sentences of up to 32 months for their roles in cyberattacks launched by the group against government and corporate websites in 2011. Ryan Cleary, Jake Davis, Ryan Ackroyd and Mustafa Al-Bassam had pled guilty to charges of carrying out unauthorized acts with the intention of impairing the operation of computers. Some of LulzSec’s targets included Sony, Nintendo, News Corp., Bethesda Game Studios, the CIA, the FBI, the Arizona state Police and the U.K.’s Serious Organized Crime Agency. Another LulzSec member, Cody Andrew Kretsinger from Decatur, Ill., had been sentenced in April to one year in federal prison for his role in LulzSec’s attack against Sony pictures.

- The New York Times website came under a denial-of-service attack that made it unavailable for some users.

- Neither admitting nor denying wrongdoing, LPL Financial Holdings, Inc. agreed to pay a fine associated with failure to keep track of what brokers told clients by email and also agreed to create a $1.5 million compensation fund for clients, in order to end allegations by the Financial Industry Regulatory Authority, Wall Street’s self-regulator, that LPL had “systematic email failures” it did not adequately fix.

- The Department of Homeland Security warned employees and others that a years-old database hole since 2009 in software used by an unnamed contractor for background investigations for security clearances had put their personally identifiable information at risk.

- The CEO of pizza-delivery company Papa John’s apologized to a Sanford, Fla., customer after a delivery man accidentally dialed the customer and left a racist rant on the man’s voicemail as he complained about tips. In a video that later went viral, the customer played a recording of the voicemail and showed a receipt that he had given a $5 tip on a $15.26 delivery The driver was fired from his job.

- A New York Police Department detective, who thought his girlfriend was involved with another officer, was charged illegally using a restricted federal database and using an email hacking service to pry into others’ lives. Edwin Vargas, 42, is accused of buying more than $4,000 worth of illegal services between 2011 and 2012 in order to obtain email login credentials and cell phone numbers belonging to at least 30 individuals, including 19 current NYPD officers, to try and spy on them. He faces a two-year sentence on computer hacking if convicted.

- A former Anonymous member, Jeremy Hammond, 28, of Chicago, pled guilty to participating in more than a half dozen attacks carried out in 2010 and 2011 by Anonymous and affiliated groups. According to the U.S. Attorney for the Southern District of New York, Hammond pled guilty to one count of conspiracy to engage in computer hacking and has agreed to pay a $2.5 million fine in restitution. Hammond admitted to participating in the attack on Stratfor in which information on 860,000 subscribers, plus emails, credit-card numbers and encrypted passwords, were released. The card data was used to make $700,000 in purchases, according to prosecutors. Hammond is due to be sentenced Sept. 6.

- The University of Florida sent letters to 5,682 pediatric patients or their parents telling them they may be victims of identity theft after learning a former employee at a pediatric care facility in Gainesville compromised patient information.

- A medical facility run by Idaho State University was fined $400,000 by the U.S. Department of Health and Human Services after thousands of patient records were left unsecured when firewall monitoring was disabled for several months.

JUNE 2013

- Back in May, CBS newswoman Sharyl Attkinsson revealed that her computer had been compromised, and in June, a cyber security expert hired by CBS News determined her computer had been accessed by “an unauthorized, external, unknown party on multiple occasions late in 2012,” and that the “intruder had executed commands that appeared to involve search and exfiltration of data.” The intruder also sought to remove traces of unauthorized activity and altered system times to cause further confusion, CBS said.

- Pirate Bay co-founder Gottfrid Svartholm Warg was sentenced to two years in prison by a district court in Sweden for multiple data intrusions, attempted aggravated fraud and aggravated fraud. The data-intrusion charge is related to the hacking of a mainframe belonging to Logica, now CGI, an IT firm that provided tax services to the Swedish government, and a mainframe of Nordea banks. The fraud charges stem from a number of attempted money transfers from accounts at Nordea, of which one was successful. Warg and his co-defendant in the case never disputed the intrusions were carried out from their computers but denied involvement, saying the computers were either remotely controlled or other people used them.

- A bug on Facebook leaked email addresses and phone numbers provided by some 6 million people on the site to certain other users, Facebook revealed, adding it had no information that this flaw had been exploited maliciously. The bug had been live for a year before it was discovered by Facebook’s security team, which fixed the problem.

- Southwest Airlines had a major glitch in its computer systems that forced the grounding of more than 60 flights for almost two days but did say it had straightened out its computer systems.

- The French government’s accounts payable system, based on SAP, finally was brought back online after a four-day outage, the French State Financial Computing Agency said on June 24. The difficulty was blamed on an error at a data center operated by services company Bull where a sub-contractor accidentally triggered the server room’s fire-extinguishing system. It wasn’t possible to recover all the data, the agency said.

- State regulators are warning virtual-currency exchanges and companies that deal with bitcoin that they could be closed down if their activities run afoul of state money-transmission laws, according to a Wall St. Journal article.

- Opera Software acknowledged that hackers stole from its internal systems at least one code-signing certificate that was used to sign malicious software. The Oslo-based company, which makes a mobile and desktop web browser, said it believes a few thousand Windows users may have automatically installed malicious software on June 19, the day the attack was detected and halted.

- South Korea suffered a volume of DDoS cyberattacks that coincided with the 63rd anniversary of the start of the Korean War. South Korean government websites were hit, which some security firms, including Symantec, traced to the DarkSeoul gang.


Credit: REUTERS/Bobby Yip

A poster supporting Edward Snowden, who leaked NSA secrets, on display in Hong Kong.

- In what we can easily call the biggest SNAFU for the first half of 2013, the super-secretive National Security Agency (NSA) found its spying methods on display as Edward Snowden, the former Booz Allen Hamilton contractor who worked at the NSA for three months, blabbed about its surveillance methods to the media. The world learned that not only does the NSA collect phone records from the U.S. telecom firms, it can get user data from Microsoft, Google, Yahoo, Facebook, PalTalk, YouTube, Skype, AOL and Apple, including e-mail, chat, video, photos, stored data, VoIP, file transfer and other material under what’s called its PRISM program. The NSA’s massive global surveillance effort is done with help from Great Britain’s Menwith Hill facility as well as The Guardian’s journalist Glenn Greenwald, a main contact for Snowden, described. 

Image Alt Text

Credit: REUTERS/Jonathan Ernst

Gen. Keith Alexander testifying before Congress in June about NSA spying

NSA director Gen. Keith Alexander had to go before Congress to defend the NSA’s operations. The U.S. government is now in pursuit of the 29-year-old Snowden as a traitor. Snowden had earlier shown up in Hong Kong, saying he wanted to defend his actions in a court of law. But he has now been on the run, as WikiLeaks supporters helped him fly to Moscow, where he’s holed up in an airport (his passport has been revoked) while negotiating asylum somewhere, perhaps Ecuador or Cuba. President Obama said he wouldn’t engage in “wheeling, dealing and trading,” or scrambling jets, to get Snowden extradited to the U.S., but he’s concerned over what other classified information Snowden may still try to disseminate. Obama said the fact that Snowden had these documents revealed significant vulnerabilities at the NSA. Clearly, this story, worthy of a Cold War spy novel, is spilling over into the second half of 2013!

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2013 IDG Communications, Inc.

1 2 3 Page 3
Page 3 of 3
SD-WAN buyers guide: Key questions to ask vendors (and yourself)