Worst security snafus of 2012

By , Network World |  Security

" In a dubious stunt to promote his anti-DDoS kit, 28-year-old Tse Man-lai, owner of Pacswitch Globe Telecom, had launched cyberattacks against Hong Kong Exchanges and Clearing news sites, but in October a Chinese court sentenced him to nine months in jail.

" Adobe said it was investigating how user names, email addresses and encrypted passwords were stolen from a company database after an Egyptian hacker called "Virus_HimA" posted 230 of them on Pastebin.

" South Carolina disclosed a massive data breach in which about 3.6 million Social Security numbers and 387,000 credit and debit card numbers belonging to taxpayers were exposed after a server at the state's Department of Revenue was breached by what was thought to be an international hacker, according to state officials.

" A crippling series of distributed denial-of-service attacks over the course of the month struck the websites of about a dozen U.S.-based banks, including Bank of America, Wells Fargo and JP Morgan Chase, effectively cutting online bank customers off from their services for extended periods. Some U.S. authorities, including Defense Secretary Leon Panetta, openly accused Iran of being behind the cyberattacks, though no specific evidence has yet been made public and Iran rejected the charges.

" Barnes & Noble, emphasizing its working with the FBI on the case, disclosed a data breach associated with compromised PIN pad devices used in some stores located in California, Florida, Illinois, Massachusetts, New Jersey, Pennsylvania and Rhode Island may have resulted in an unspecified amount of fraud against shoppers there.

" Amazon Web Services storage service, known as Elastic Block Storage, experienced performance degradation that resulted in some downtime for certain sites, including social-media site Reddit and photo-sharing site Imgur, among others.

" A 20-year-old Arizona man, Raynaldo Rivera of Tempe, arrested in August by FBI agents, pled guilty in a California court to intentionally causing damage to the website of Sony Pictures Entertainment in an attack carried out in May 2011. A former member of the hacker group Lulzsec, Rivera also admitted to launching a SQL injection attack against sonypictures.com that allowed him to extract confidential and personal information from the website's database, which was published online. The plea agreement noted this had resulted in losses of about $605,000 to Sony to cope with the attack, including computer forensics and staff call centers and credit monitoring for individuals whose personal information was compromised. In exchange for his guilty plea, Rivera, though facing 15 years in prison, could get a reduced sentence, with that decision expected to be determined at a hearing scheduled for March 14, 2013.


Originally published on Network World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question