The Worst Security Snafus of 2012
By Ellen Messmer, Network World
Posted July 13, 2012
Could things really be this bad? From the embarrassing hack of a conversation between the FBI and Scotland Yard to a plethora of data breaches, security snafus have ruled the first half of 2012. Here’s a look at some of the worst snafus month-by-month.
The year started off with the FBI raiding the cloud file-sharing and storage Megaupload site, based in Hong Kong and founded by 38-year-old New Zealand resident Kim Dotcom, on content piracy charges to the tune of $175 million. And that action, supported by the U.S industries which hailed it as bringing down a big fish that was devouring their intellectual property, has triggered a year’s worth of lawsuits and retributions from all even remotely involved. It turned confrontational when outraged users of Megaupload were invited by hactivist group Anonymous to attack law enforcement and industry websites supporting the raid by downloading do-it-yourself denial-of-service software such as Slowloris.
But by March it was apparent some of this DoS advice came from hackers who were merely tricking users into downloading Trojan software, such as Zeus, from infected links. Another twist: A New Zealand judge in March ruled an order granted to law enforcement allowing them to seize luxury cars and other personal effects of Dotcom is invalid mainly because the local police commissioner applied for the wrong type of seizure order that was requested by the U.S. That ruling mean Dotcom has a chance to get back some of his enormous bling, like his Rolls-Royce and pink Cadillac, seized during his arrest at his mansion outside Auckland. But of course, attorneys for the U.S. are arguing otherwise,. Dotcom, free on bail but subject to electronic monitoring, is expected to undergo extradition proceedings in August.
Other January Snafus:
• Online retailer Zappos disclosed hackers had likely broken into its network and stolen information on Zappos.com customers, including name, address, billing and shipping address, phone number and the last four digits of credit-card numbers and cryptographically scrambled passwords stored in hash form. Zappos informed customers all passwords were expired and customers should create a new one.