Welcome to 2011. Usually around this time of year, pundits guess what we'll be seeing in the year ahead.
On the computer security front, we're hearing that 2011 will be the year of mobile malware, that criminals will take to the cloud and that social network security is destined to become a bigger and bigger problem.
But if the past is any guide, nobody will see the top 2011 security stories coming. A look at the top news stories of 2010 shows that the incidents that really captured the public's attention were the ones that nobody predicted. Here are a five of the top, unpredicted stories from the past year.
1. Google gets hacked
In January, Google surprised everyone by admitting that it had been hit with a targeted cyber attack, now known as Aurora. Security insiders know that cleaning up hacked computers is just a cost of doing business today, but nobody predicted that a company like Google would voluntarily come forward and admit that it had been breached.
The Aurora incident wasn't a simple drive-by download. According to people familiar with the incident, hackers got deep inside Google's IT and were able to get control of critical internal systems. Nobody knows who pulled off the attack, but Google and the US Department of State seem to think that it came from China.
The Aurora hackers had also targeted at least 30 other major companies and Google's public admission put the cyber-espionage problem squarely on the corporate agenda.
2. A worm targets critical industrial systems
Security consultants had been warning about vulnerabilities in critical infrastructure systems for years now, but real-world bad guys have been too busy making money from hacked Windows desktops to pay much attention.
All of that changed in July 2010, when a little known Belarus company called VirusBlockAda discovered a strange and very sophisticated worm on computers in Iran. The more we learned about Stuxnet, the more incredible it seemed: a piece of malware that was written by people who could master both zero-day Windows vulnerabilities and obscure SCADA programming techniques, that sought out very specific industrial systems and then tried to destroy them.
There's a growing consensus that Stuxnet was built by a nation-state attacker aiming to damage Iran's nuclear program.
3. Russia busts hackers
Computer crime is a semi-legitimate business in countries like Russia and Ukraine. So long as the criminals don't harm locals, they've generally been allowed to operate with impunity, bringing millions of western dollars into local economies.
This year, though, Russian authorities took a few actions against a few high-profile criminals, busting the people responsible for a wildly successful Royal Bank of Scotland heist and charging the man thought to be responsible for a large chunk of the world's pharmaceutical spam.
Even the Ukraine, long considered one of the safest havens for computer criminals, rounded up some of the alleged leaders of one of the worst Zeus crimeware gangs.
NEXT PAGE: Hackers get off lightly
- No-one predicted thought these events would happen
- Hackers get off lightly