2010 was an interesting year, no doubt. If history is any indication of the things to come, we have a challenging year ahead of us. The New Year is a good time to stop what we’re doing and reflect. Looking back on 2010, we’ve identified our top 10 most impactful information security events. Here they are:
#1 – Wikileaks, a malicious insider disrupts global diplomatic ties and ongoing war efforts.
Wikileaks was founded in 2006, and posted their first “leaked“document in December of that year. It wasn’t until this year that Wikileaks became a household name. Wikileaks released a classified U.S. military video on April 5th that depicted an engagement where an Apache helicopter killed more than a dozen people in Iraq. In July, the “Afghanistan War Logs” were released. In October, the “Iraq War Logs” were released, and in November, “250,000 US Embassy Diplomatic Cables” were released.
The alleged source of the leak(s) was a military insider. On July 5th, Army Specialist Bradley Manning, 23, was charged with “transferring classified data onto his personal computer and communicating national defense information to an unauthorized source between November 19, 2009 and May 27, 2010”. Adrian Lamo, a former hacker, turned Manning in after Manning allegedly admitted that he stole the documents while he was in Iraq. While in Iraq, Manning allegedly had authorized access to SIPRNet.
The fallout from the Wikileaks “Cablegate” story is far from over, and it’s hard to quantify the true impact of the damage done.
There are rumors that Wikileaks is preparing to release internal (and/or confidential) information leaked from Bank of America soon.
This is the top information security story of 2010 in terms of interest and impact, bar none.
#2 – Operation Aurora, a state-sponsored Chinese attack?
Operation Aurora was an attack on high-tech, security, and defense contractor companies that actually began sometime during 2009, but wasn’t publicly disclosed until January. On January 12th, 2010 Google made the unusual move of announcing the successful attack on their blog. In the blog posting, Google stated that some of its intellectual property was stolen during the attack, and blamed sources in China as the culprits. Soon after the announcement, the media reported that other companies were also targeted including Adobe Systems, Juniper Networks, Rackspace, Yahoo, Symantec, Northrup Gruman, and Dow Chemical.
VeriSign’s iDefense Labs claimed that the attacks were perpetrated by “agents of the Chinese state or proxies thereof”, and the U.S. government got involved. U.S. Secretary of State, Hillary Clinton, issued a statement and called on China to respond, and there were calls for the U.S. Congress to investigate.
The attacks were allegedly made possible through a compromise of a vulnerability found in Microsoft Internet Explorer. News of this attack has since waned, but the threat of this occurring again is still very real.
#3 – Zeus, still alive and well.
Zeus (and/or variants) has been around since mid-2007, but it still morphs and continues to wreak havoc worldwide. Zeus is a Trojan-horse program that is aimed at stealing online banking information from victims through the use of keystroke logging. We first came across Zeus in 2007, when it was reported to have been used to steal confidential information from the U.S. Department of Transportation.
Zeus was still alive and well in 2010. The botnet, used by Zeus, is still estimated to be millions strong (est. 3.6 million in the U.S.). The Trojan targets Windows computers, with a majority of them running Windows XP Professional Service Pack 2 (you read that right, not Service Pack 3). Today, the botnet is targeting login credentials for online social networks, e-mail accounts, and financial services. Facebook, Yahoo, Hi5, Metroflog, Sonico, and Netlog are the top sites with stolen login information (according to Netwitness).
Zeus is available for purchase in underground forums, and can be used by anyone willing to pay $700 – $4,000 US for the software. The Trojan is very difficult to detect and clean, even with the latest virus definitions. In October, 2010 the FBI announced the arrest of more than 100 people worldwide for using Zeus to steal more than $70 million.
Zeus may be the single most successful Trojan/botnet in history in terms of the amount of financial gain gained by fraudsters. In the past 12 months alone, we have seen or read about more than a dozen small to medium-sized business that were forced into bankruptcy as a direct result of the losses encountered by Zeus. Even today we read about Zeus; Fake White House holiday e-card leads to loss of government docs
#4 – Big botnets fall – Mariposa, Bredolab, & Waledac gone?
In July, 2010 the FBI arrested the alleged mastermind behind the Mariposa botnet. At one point, it was believed that the Mariposa botnet affected more than 12 million computers worldwide, including those in more than 190 countries, half of the fortune 1000 companies, and as many as 40 major banks. Following the FBI’s arrests of mastermind (a Slovenian man) and another three men in Spain, the botnet is all but “dismantled”.
By some estimates the Bredolab botnet, which emerged in mid-2009, affected more than 30 million computers worldwide. The botnet was used to download malicious software onto victim computers, and steal login credentials. This botnet was unique in the fact that it spread through the compromise of legitimate web sites. In October, Dutch police announced the takedown of 143 Bredolab botnet control servers and the arrest of the alleged 27-year-old Armenian mastermind. The takedown and arrest have rendered the botnet operationally ineffective. According to Fortinet, “worldwide spam dropped 12%” following the Dutch actions taken against the botnet.
Waledac wasn’t the largest botnet, but it was capable of sending more than 1.5 billion spam messages per day. In March 2010, Microsoft won a court order that allowed the company to take control of 277 domain names used by the botnet for command and control. The actions by Microsoft essentially disconnected the infected computers from the command and control servers.
All in all, 2010 was a good year for taking down some very important criminal botnet operations. Unfortunately, when one goes away, it doesn’t take long for another to take its place.
#5 – Operation Payback, Cyberactivism and cyberriots go mainstream
Operation Payback came into existence in 2010, largely in response to Bollywood’s hiring of Aiplex Software to launch DDoS attacks against sites hosting pirated software. Operation Payback is a coordinated, but decentralized group of Internet activists. They attack opponents of the “free flow of information” (in their view).
Operation Payback gained notoriety this year by conducting DDoS attacks against Gene Simmons (SimmonsRecords.com and GeneSimmons.com), Sarah Palin (sarahpac.com and conservativesforpalin.com), Mastercard (mastercard.com), Amazon (amazon.com), PayPal (paypal.com), Bank of America (bankofamerica.com), and Visa (visa.com), among others. Many of these DDoS attacks were made in protest of the stand taken by their operators against Internet piracy or against Wikileaks.
What made Operation Payback unique was their widespread use of willing volunteers. Anyone who wanted to participate in the attacks could do so by downloading a modified version of the Low Orbit Ion Cannon (LOIC) software, in essence making their computers botnet participants. Cyberactivism (or Hacktivism/Cyberriots) went mainstream in 2010, more so than any time before. We should expect more of this in 2011.
#6 – Facebook scams, people are people so why should it be?
In 2010, Facebook surpassed Google as the most popular site on the Internet, in terms of the number of daily visitors. Where the masses go, so do the criminals. Facebook became a criminal’s playground in 2010 with scams ranging from a fake friend who lost their wallet while travelling abroad to spear-phishing to tricking users into installing malware.
Scams propagated across the social media giant’s population at a blinding rate in 2010.
As long as Facebook remains popular (which it will), and as long as Facebook takes a half-hearted approach to protecting its users (which it probably will), we fully expect the number of scams to increase throughout the coming year.
#7 – Stuxnet, cyber warfare weapon?
We wonder how many people outside of information security circles have heard of Stuxnet. Chances are very good that you home computer escaped a Stuxnet infection. That’s because it targets, spies on, and reprograms industrial control systems. What made Stuxnet so intriguing in 2010, was its uniqueness. It is the first know worm to target, spy on, AND reprogram programmable logic controllers (PLCs). Stuxnet can reprogram the PLC and hide all changes that it made.
OK, maybe you’re not a geek and you could care less. How about this. This worm may have been created to specifically target the systems used within the Iranian nuclear facilities. According to news reports, the worm probably damaged the country’s nuclear facilities at Natanz, and delayed the start up of the Bushehr Nuclear Power Plant. On November 29th, Iran confirmed that the worm had damaged its nuclear program.
According to Kapersky Labs (a Russian security company), the Stuxnet worm is “a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world.” Furthermore, according to many information security experts, based on the complexity and effectiveness of the worm, it is likely that it was developed with “nation-state support”.
According to some estimates, the Iranian nuclear program could have suffered a setback of as much as two years. We are not conspiracy theorists, but we are also not naïve. Cyber warfare is real.
#8 – Intel buys McAfee, for a lot of money
On August 19, Intel formally announced their intentions to purchase the information security giant McAfee for $7.68 billion. This was surprising news to us, but maybe it shouldn’t have been. According to the news release, “McAfee will operate as a wholly-owned subsidiary, reporting into Intel’s Software and Services Group.”
Also according to Intel, “The acquisition reflects that security is now a fundamental component of online computing.” Really?! “Now”?! It always has been (or should have been).
This is the first large (multi-billion dollar) acquisition of a security company by a non-security company. We think that this trend will likely continue as security becomes more and more of a hot commodity.
#9 – McAfee DAT File, Oops!
Wow! #8 and #9 both concern McAfee. This one wasn’t good though.
McAfee releases updated “DAT” files daily (and sometime multiple times a day). In most cases, it’s a good practice for us to download and apply these DAT files to our anti-virus installations when they become available. All was good until McAfee released “DAT” file version 5958. In April, McAfee DAT file version 5958 caused widespread problems with Windows XP SP3, including false positives, loss of network access, blue screens, and reboot loops. Both corporate, and consumer users were affected by the flub.
To make matters worse in the opinions of many users was McAfee’s less than stellar response to the affair. Although McAfee isn’t the only anti-virus vendor to have released a faulty update before, it was the only one who significantly affected users this way in 2010. McAfee recovered and now reports to Intel.
#10 – iPad user information hacked, so what?
It seems as though Apple can do no wrong, even when they clearly do wrong. It’s weird. In 2010, Apple suffered (not really) from the leaked details of its iPhone 4, and “antennagate” when it was discovered that the iPhone 4 design was flawed and resulted in reception issues. The one security-related news item that caught our attention is 2010 came in June, when it was announced that personal details belonging to 114,000 iPad users had been exposed. The list included dozens of CEOs’, military officials’, and top politicians’ email address and ICC-ID (used to authenticate devices on the AT&T network). Although the lost information doesn’t pose a huge risk to customers, it did increase their risk of being targeted by spammers and phishers.
AT&T confirmed the breach, and the FBI opened an investigation. We don’t know where things went from there, but we do know that the untouchable Apple suffered little or no consequence.
Well, there you have it. This is our list of the most significant information security news items of 2010. What will 2011 bring? We might take a shot with some predictions soon.
About FRSecure
Formed in 2008, FRSecure LLC is a full-service information security consulting company dedicated to information security education, awareness, application, and improvement. FRSecure helps clients understand, design, implement, and manage best-in-class information security solutions; thereby, achieving optimal value for every information security dollar spent.
Regulatory and industry compliance are built into all of our solutions.
Pingback/Trackback
FRSecure Blog » Blog Archive » FRSecure’s 2011 Predictions