December 02, 2010, 5:59 PM — That old phrase SNAFU ("Situation Normal, All F---ked Up!") certainly describes our choices for 2010's top 10 security screw-ups.
Not surprisingly some of the biggest names in technology - Google, Cisco, McAfee, AT&T - are prominent on the list, either because they're obvious hacker targets or because whenever they make a security mistake, it's big news. Without further ado, the list:
Aurora attacks on Google. In what's come to be called the "Aurora attacks," Google in January acknowledges valuable intellectual property was stolen via a network break-in during that past December, intimating China to be the origin of the cyberattack. About a dozen other high-tech and industrial companies appear to have been struck in similar fashion. The Chinese government says it doesn't know what they're talking about. Outraged over the cyber-intrusion, Google, which had been adhering to Chinese dictates regarding search-engine censorship, says it will defy them, putting its search-engine license in China in jeopardy. But by year-end, under Chinese pressure, Google abandons its tactic of re-directing Chinese user traffic to its more liberal Hong Kong site and its renewed China license requires censorship.
China ISP takes Internet for a ride. A small Chinese ISP called IDC China Telecommunication briefly hijacked the Internet by sending out wrong routing data, which was re-transmitted by state-owned China Telecommunications, affecting service providers around the world. The event was noted in the "2010 U.S.-China Economic and Security Review" commission report presented this November to Congress, which pointed out for 18 minutes on April 8, China Telecom rerouted 15% of the Internet's traffic through Chinese servers, affecting U.S. government and military Web sites. Widely reported, media attention raised the question of whether China was somehow testing a cyberattack capability, but China Telecom rejected those claims, calling the April traffic re-direction an accident.