Aurora attacks on Google
In what's come to be called the 'Aurora attacks', Google in January acknowledges valuable intellectual property was stolen via a network break-in during that past December, intimating China to be the origin of the cyberattack. About a dozen other high-tech and industrial companies appear to have been struck in similar fashion. The Chinese government says it doesn't know what they're talking about. Outraged over the cyber-intrusion, Google, which had been adhering to Chinese dictates regarding search-engine censorship, says it will defy them, putting its search-engine licence in China in jeopardy. But by year-end, under Chinese pressure, Google abandons its tactic of re-directing Chinese user traffic to its more liberal Hong Kong site and its renewed China license requires censorship.
China ISP takes internet for a ride
A small Chinese ISP called IDC China Telecommunication briefly hijacked the internet by sending out wrong routing data, which was re-transmitted by state-owned China Telecommunications, affecting service providers around the world. The event even made it into the '2010 US-China Economic and Security Review' commission report presented this November to US Congress, which pointed out for 18 minutes on April 8, China Telecom rerouted 15 percent of the internet's traffic through Chinese servers, affecting US government and military web sites. Widely reported, media attention raised the question of whether China was somehow testing a cyberattack capability, but China Telecom rejected those claims, calling the April traffic re-direction an accident.
McAfee goofs up by issuing a faulty anti-virus update - the now-infamous McAfee DAT file 5958 - which wreaked havoc on PCs of countless McAfee customers by causing malfunctions like the Microsoft 'Blue Screen of Death' and creating the effect of a denial-of-service. With CEO and President Dave DeWalt apologised profusely, McAfee worked to rush out various fixes for mistake, but some irate McAfee customers felt it all could have been done better.
Showtime for Cisco
Not the biggest data breach to be sure, but embarrassing for a networking company that wants the world to consider it a leader in security, having the sales to show for it -- and that's Cisco. Someone hacked into the list of attendees for the Cisco Live 2010 users' conference, a security breach that led Cisco to notify the customers as well as a broader group with dealings with the company. Though Cisco prefers to keep mum on some details, it appears a vendor told Cisco that someone had made "an unexpected attempt to access attendee information through ciscolive2010.com", the event site. Cisco said the breach was closed quickly, "but not before some conference listings were accessed". The compromised information consisted of Cisco Live badge numbers, names, title, company addresses and email addresses. Cisco apologised by email to both attendees and those who were invited but didn't attend.
NEXT PAGE: Google sniffing
- The issues that plagued the tech giants
- Google sniffing
2010 has been a big year for security stories. We've put together a list of the biggest security problems that hit tech giants including Google, Cisco and McAfee.
Google apologises for wirelessly sniffing and collecting data from individuals on unencrypted Wi-Fi networks during its Street View car projects around the world to collect information for its map service. Amid outrage from privacy advocates and regulatory authorities in Europe and the US, Google says it was all done"'mistakenly", vowing to destroy the data it collected, as explained in a blog post http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html from Google's senior vice president of research and engineering, Alan Eustace. In a related case, Google acknowledged trespassing when it photographed a Pittsburgh-area house for its StreetView service and wound up paying a single dollar in damages to a couple who sued.
An iPad surprise
A group calling itself 'Goatse Security' exploits a security flaw in an AT&T web application to expose the email addresses of over 100,000 iPad customer records. The FBI arrests one of the Goatse iPad hackers on felony drug charges after a home raid.
The South Shore Hospital, in Massachusetts in the US, announces it's lost about 800,000 files related to 15 years worth of health and financial information on patient, business associates and staff, but after initially saying it would contact those affected individually, changes its mind and chooses not to reach out to notify the individuals affected by the data breach. The Massachusetts Attorney General objects and says that has to be done.
Anna Chapman, who was rounded up by the FBI with about a dozen other Russian spies in the US and returned to Moscow in a spy swap, poses provocatively in black lingerie in a Moscow magazine, and lands a job as an information technology innovator for a Russian bank, despite the glaring gaps in her technical knowledge that helped the FBI nab her. Not only did the FBI during surveillance routinely sniff her wireless network, but Chapman also turned her laptop over to a US undercover agent for repairs. Nevertheless, Russian bank FondServisbank hired Chapman upon her return to her country "to bring innovation to its information technologies."
Stuck with Stuxnet
First noticed in June, though it likely existed way before that, the Stuxnet worm surfaces as a highly-sophisticated piece of malware aimed at industrial Supervisory Control and Data Acquisition (SCADA) systems, primarily targeting Iranian nuclear facilities - possibly as a cyberwar weapon intended to stop suspected Iranian attempts to build a nuclear bomb. In October, Iran confirmed the worm had affected up to 30,000 systems in the country, and in November Iranian President Mahmoud Ahmadinejad went further saying that enemies of Iran had "succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts," adding, "They did a bad thing."
Return of WikiLeaks
A massive theft of US State Department cables - more than 250,000 messages of various diplomatic correspondence related to relations with foreign nations and the shared confidences of world leaders - is begun to be published on WikiLeaks. Secretary of State Hilary Rodham Clinton calls it 'an attack', and rushes to apologise for the data breach to her counterparts around the world. Among the nuggets found in the quarter million State Department messages is one that cites an unnamed Chinese contact telling the State Department that the Chinese Politburo ordered the cyber-intrusion into Google. China says it doesn't know what they're talking about. China also blocks access to WikiLeaks, the website posting the leaked State Department cables.
- The issues that plagued the tech giants
- Google sniffing