Sign up now to get free exclusive access to reports, research and invitation only events.
From online bank heists to Chinese hackers, 2013 is adding up to be a security mess
The year in security started off badly with the FBI in January taking down group of scammers who had pilfered millions through stolen online banking credentials. Add to that the ongoing Chinese hacker threat, the Edward Snowden/NSA debacle and other evils and you have quite a security mess. Here we take a look at just some of the more egregious hits.
A computer is seen down after hacking at main office of broadcaster YTN in Seoul in March. South Korean authorities were investigating a hacking attack that brought down the servers of three broadcasters, including YTN, and two major banks. The army at the time raised its alert level due to concerns of North Korean involvement.
A researcher of Hauri, an IT security software company investigating computer viruses, works at a lab of the company in Seoul. The March cyber-attack on South Korean broadcasters and banks may not have originated in China after all as the IP address has been traced to one of the victim banks, the communications regulator said.
Australian Federal policemen arrest the self-proclaimed leader of the international hacking group LulzSec, the collective that claimed responsibility for infiltrating and shutting down the CIA website, in this photo released by the Australian Federal Police in April 24. Police said the 24-year-old IT worker, who held a position of trust at an international company, was arrested in Sydney and charged with hacking offences that carry a maximum penalty of 10 years. Glen McEwen, manager of cybercrime operations at Australian Federal Police, said the man was detained at work, where he had access to sensitive information from clients including government agencies.
A man passes Communications House, a building listed as containing an office of the Spamhaus Project Ltd, in London in March. Steve Linford, chief executive of Spamhaus, told the BBC at the time that the company had been subjected to attacks on an unprecedented scale for more than a week.
Images taken from the phone of a suspect, who was one of the eight individuals charged with using data obtained by hacking into two credit card processors in a cybercrime scheme, are presented at a news conference in May. The individuals formed the New York-based cell of a global cyber-criminal organization that stole MasterCard Inc. debit card data from two Middle Eastern banks, the Justice Department said. The information was used to make more than 40,500 withdrawals at automated teller machines in 27 countries, prosecutors said.
A map showing where eight members belonging to a New York-based cell of a global cyber-criminal organization withdrew money from ATM machines, during a news conference in May. The U.S. government charged eight individuals with using data obtained by hacking into two credit card processors in a worldwide scheme that netted some $45 million within hours, a crime prosecutors described as one of the biggest bank heists in history.
The EnStage Inc. Office is seen in the southern Indian city of Bangalore in May. The Indian government's cyber watchdog is investigating how the computer systems of EnStage, one of the two companies which were breached in a global ATM heist that saw $45 million stolen from two banks in the Middle East.
A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin in May. The Financial Times' website and Twitter feeds were hacked May 17, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify. The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter's 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news.
Fallout from Edward Snowden's bombshell accusations about spying and cyber-attacks carried out by the NSA sent agency director Gen. Keith Alexander to defend the outfit's surveillance practices before the House Intelligence Committee in June. Alexander was accompanied by high-level officials from the NSA, the U.S. Department of Justice and Office of the Director of National Intelligence who also answered questions from Congressional lawmakers who were mainly worried about how NSA mining of data on phone records collected and held by the NSA might impact the privacy of American citizens.
The suspected China-based hackers known as the "Comment Crew" were back at it again in June, a development likely to contribute to continued tensions between the U.S. and China over cyber-attacks. The security community has had the group under its watch for a number of years, but in February, its activity was exhaustively detailed in a report from computer security vendor Mandiant. Mandiant's report said a specific Chinese military unit called "61398" waged a seven-year hacking spree that compromised 141 organizations. The report added to other long-running research from security companies and organizations into suspected state-sponsored hacking. Mandiant Founder & CEO Kevin Mandia (L) and Mandiant CSO Richard Bejtlich (C) participate in the Reuters Cyber security Summit in Washington May 13, 2013.
A general view of 'Unit 61398', a secretive Chinese military unit, in the outskirts of Shanghai, February 19, 2013. A secretive Chinese military unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking.
In June a targeted attack that used Chinese malware compromised over 1,000 computers belonging to dozens of South Korea organizations, according to researchers from Israeli security firm Seculert. The main malware tool used in the attack is called PinkStats and has been used by several Chinese-language groups to target different organizations and nation states from around the world during the past four years, the Seculert researchers said. PinkStats is designed to download and install additional malicious components after it infects a computer and then report successful installations to its command and control server.
A tablet with one of the pictures posted in the official North Korean Flickr account is seen in this photo illustration taken in Singapore. North Korea's official Flickr and Twitter accounts were targeted by hackers in April. Some of the pictures in the Flickr account were replaced by a caricature of North Korea's leader Kim Jong-un as "Pigsy" from the classic Chinese novel "Journey to the West."
Boldizsar Bencsath from Hungary's Laboratory of Cryptography and System Security, or CrySyS, works at his computer at the Budapest Technical University in February. The two are leaders of the team that identified the "MiniDuke" virus, which infiltrated government and agency systems worldwide on Wednesday. The MiniDuke hackers attacked their victims by exploiting recently discovered security bugs in Adobe's Reader and Acrobat software. They sent their targets PDF documents tainted with malware, an approach that hackers commonly use to infect PCs.
Anonymous hit the U.S. Sentencing Commission website in retaliation for the suicide of computer programmer and Internet free-information advocate Aaron Swartz. Swartz faced a trial related to his arrest by MIT police on state breaking-and-entering charges for systematic downloading of academic articles. Swartz poses in a Borderland Books in San Francisco in 2008.
George Venizelos of the Federal Bureau of Investigation (L) and Preet Bharara, U.S. Attorney for the Southern District of New York, hold a news conference on the Gozi Virus in New York. In January federal prosecutors charged three people in as many countries with creating and distributing the computer virus known as "Gozi Virus" that infected more than a million computers around the world, including some operated by the U.S. space agency and others by banks. It infected at least 40,000 computers in the United States and caused millions of dollars in losses by stealing online banking credentials.