I just read an article in the Financial Post (a Canadian paper) highlighting some of the major cyber security events of 2011. Clearly these are not all the events and perhaps they are not even the most significant in some cases…but they serve to remind us of the pervasive and ubiquitous nature of the threats we face. “Shields up, Mr. Spock.”
Dec 28, 2011 – 8:29 AM ET
Early January — Canadian Department of Finance/Treasury Board
Hackers believed to have been based in China breached the security of Canada’s two primary economic nerve centres, gaining access to classified data before they were discovered. The same hackers were also believed to be responsible for failed attempts made against the systems of several noted Bay Street law firms several months later.
Early February — Nasdaq Stock Exchange
America’s largest electronic stock exchange was revealed to have been repeatedly penetrated by computer hackers over 12 months. While the trading platform itself was never breached, subsequent investigations found relatively lax security allowed hackers to gain access to other Nasdaq systems.
February/March — Online dating and travel advice sites
Plenty of Fish and eHarmony, among the world’s two largest sources of people digitally searching for dates, had some of their user accounts exposed over a two-week period, allegedly by the same hacker. Weeks later, TripAdvisor, the world’s largest travel Website, had email addresses belonging to some of its 20 million-strong user base stolen.
April/May — Sony PlayStation Network
More than 100 million users of Sony Corp.’s online gaming platform had their accounts breached in what remains the most widespread cyber attack of the year. The potential cost to Sony has been estimated to range as high as US$24-billion.
Late May — Weapons producers
Lockheed Martin Corp., the world’s largest producer of military-grade weaponry, narrowly managed to thwart what it described as a “significant and tenacious” attack on its systems. Other major defence contractors such as General Dynamics Corp, Northrop Grumman Corp and Raytheon Co. were also targeted.
May 26 — U.S.-Stuxnet connection made
William Lynn, deputy Secretary of Defence of the United States, refused to deny U.S. involvement in the creation of the Stuxnet worm used against the Iranian nuclear program in 2010 during an interview on CNBC.
Early June — International Monetary Fund
A cyber attack described as “sophisticated” and “very major” by senior IMF officials struck the global economic stabilizer at some point over the last several months, the New York Times first reported on June 12. The Washington D.C.-based fund contains a treasure trove of highly sensitive economic data.
Early August — Operation Shady RAT exposed
McAfee Labs uncovered details of a coordinated five-year cyber warfare campaign against the networks of 72 organizations including the United Nations, governments and companies around the world. Dubbed ‘Operation Shady RAT’, the company called it the ‘biggest series of cyber attacks’ in history and many fingers pointed to China as the culprit.
Late October — “Nitro Attacks” revealed
Symantec Corp. released details on a series of attacks launched against “multiple” Fortune 100 companies involved in the industrial chemical production sector. A total of 48 companies around the world were believed to have been victimized by that single coordinated attack. The world’s largest maker of security software also revealed a survey finding controllers of critical infrastructure were growing complacent with their own security procedures.
Early November — Biggest cyber criminal takedown in history
Working with members of the Estonian police, the U.S. Federal Bureau of Investigation executed what has since become known as the rgest single takedown of a cybercrime syndicate in the history of the Internet, arresting the alleged ringleaders of a US$14-million cyber crime spree. Known as ‘Operation Ghost Click’, the victory was heralded as a sign law enforcement was finally beginning to overcome a key obstacle in digital crime investigations: Actually tracking down the perpetrators in the real world.
Mid-November — Canada commits nearly half-a-billion to cyber defence
Recognizing the growing digital threat, made clear and brought close to home by the attacks against two federal departments in early 2011, Ottawa earmarked $477-million for access to U.S. cyber defence capabilities. Known as Global Mercury, the new capabilities are expected to come into force before the start of 2012.