Cybercrime Blotter: High-Profile Hacks of 2011
The 12 months of 2011 constituted a banner year for cybercriminals and "hacktivists," who managed to hack into or disrupt the websites of many high-profile organizations.
Here is a roundup of every cyberattack and data breach that made headlines in 2011. As cybercriminals find new targets in 2012, we'll be making up a new list.
Dec. 24: Strategic Forecasting, Inc.
Anonymous gave the U.S. global intelligence firm Strategic Forecasting, Inc. (Stratfor for short) a big batch of Christmas coal by infiltrating the company's network and stealing thousands of emails and credit-card details from its high-profile clients, with the goal of raiding the stolen accounts and donating $1 million to charity. Stratfor head George Friedman later apologized to his customers in a candid statement, while Anonymous posted internal emails for maximum embarrassment.
Dec. 13: Florida Family Association
A conservative Florida organization's opposition to the reality show "All-American Muslim" put it in the crosshairs of Anonymous, who defaced the group's website with a statement saying that the organization opposed free speech. The online takedown came after the Florida Family Association, citing what it called "All-American Muslim's" anti-American agenda and Islamic "propaganda," persuaded the home-improvement chain Lowe's to pull its ads from the TLC cable channel show.
Nov. 6: Adidas
The German shoe-manufacturing giant took down several websites as a result of what the company called "a sophisticated, criminal cyberattack." Adidas did not provide further details other than to state that "we have put in place a number of additional data security measures." Needless to say, something very serious had taken place.
Nov. 5: Banks, governments and tycoons
Anonymous celebrated Guy Fawkes Day — which holds special significance in the collective hearts of hackers — in style. It claimed an attack on Capital One Bank's website, published loads of personal information about high-profile corporate executives and billionaires such as New York City Mayor Michael Bloomberg and Mexican telecommunications baron Carlos Slim, and possibly took down several Israeli government websites.
Capital One said that its website disruptions were due to routine maintenance, and the Israeli government said its outages were the result of server errors.
Oct. 27-28: Oakland, Calif., Police Department
To protest the violent police crackdown on Occupy Oakland protesters a few days earlier, Anonymous took down the Oakland P.D. website. The next day, it posted online personal information about Oakland police officers, San Francisco County sheriff's deputies who assisted in the Occupy Oakland raid and Oakland Mayor Jean Quan.
Oct. 14-18: Dozens of secret child-pornography websites
Anonymous hackers claimed to have found and disabled 40 or so secret websites devoted to child pornography on a "darknet," a section of the Internet available only to users with special software. Realizing the websites used the same hosting server, Anonymous disrupted the server's network connection and posted names of more than 1,500 users of one of the largest sites.
Aug. 24: Bay Area Rapid Transit
Bay Area Rapid Transit (BART) spokesman Linton Johnson became a casualty of Anonymous' campaign against the commuter-rail system, which began with a controversial decision to shut down underground cellphone service to quell a planned protest. Anonymous leaked several compromising photos of Johnson, including one of Johnson giving a full-frontal view of his genitals to the camera.
Aug. 10-11: Hong Kong Stock Exchange
Hackers unknown pounded the website of the Hong Kong Stock Exchange with a distributed denial-of-service attack for two days, disrupting trading for several major Hong Kong-listed stocks, including HSBC, Cathay Pacific, China Power International and the stock exchnage itself.
Aug. 3: Operation 'Shady RAT'
Digital security giant McAfee makes headlines with a report disclosing a massive cyberattack , dubbed "Operation Shady RAT," against dozens of corporations, organizations and governments around the world. But the details — stealthy, persistent, state-sponsored skilled hackers — are actually nothing new, and in fact describe every long-term cyberespionage campaign against high-profile targets for the past several years.
July 11-14: Eliot, Maine
The small town of Eliot had its municipal bank account cleaned out of $28,000 by Eastern European cybercriminals. The town's comptroller, alerted to the process by security blogger Brian Krebs, contacted the town's bank about it early on, but the bank detected nothing and took no action.
July 11: Anonymous' AnonPlus social network
Just days after the prolific and shadowy Anonymous hacking group announced that it was setting up its own social networking website, a new Turkish hacking group emerged and defaced it .
July 11: Booz Allen Hamilton
Anonymous leaked a massive cache of emails belonging to Booz Allen Hamilton, a strategy and consulting firm that works with the U.S. government and military on defense and homeland security issues. The leak, called "Military Meltdown Monday: Mangling Booz Allen Hamilton," included 90,000 emails from military personnel.
July: Qwest Center
Online crooks made off with $217,000 from the Metropolitan Entertainment & Convention Authority (MECA), a nonprofit organization that manages the Qwest Center and other public venues in Omaha, Nebraska.
The criminals first sent a rigged email, which had a password-stealing piece of malware as an attachment, to a MECA employee. Once they infiltrated MECA's computer network and gained access to the organization's banking credentials, the thieves hired six unwitting money mules, who accepted the fraudulent transactions and helped launder the stolen funds.
June 30: Amy Winehouse
The English torch-singer's website, amywinehouse.com, was hijacked by a group calling itself Swagger Security, which put up a banner reading: "Winehouse = No Swag | AntiSec = No Swag." Less than a month later, Winehouse died of alcohol poisoning.
June 28: MasterCard
A previously unknown hacker calling himself Ibom Hacktivist took down the MasterCard website for a few hours. Confusingly, he did it to protest MasterCard cutting off credit-card processing the previous fall, which Anonymous punished them for at the time.
June 23 & 29: Arizona Department of Public Safety
LulzSec twice hacked into the Arizona Department of Public Safety (AZDPS) and leaked hundreds of confidential law-enforcement documents, including personal information on highway patrol officers, as well as hundreds of private intelligence bulletins and training manuals. It was all done ostensibly to protest SB1070, an Arizona law that makes it a misdemeanor for foreigners in Arizona to be in the state without carrying registration documents.
June 15: Central Intelligence Agency
On a dare from a rival hacker, who challenged them to take on a real target such as the CIA, the jokesters of LulzSec took him up on his word. Fifteen minutes later, the CIA website fell to a distributed denial-of-service attack " href="/cms/articles/1456-google-privacy-policy-affect">fell to a distributed denial-of-service attack.
June 13: U.S. Senate
The jokers of LulzSec broke into the website of the U.S. Senate , posting the usernames and IP addresses of two people holding Senate.gov email addresses.
June 9: Britain's National Health Service
LulzSec put on the "white hat" for this intrusion. It alerted the NHS that its network security was inadequate and publicized the hack without revealing any compromising information. The group's @lulzsec Twitter feed also solicited bone-marrow donors in honor of a 15-year-old English girl dying of cancer whose "bucket list" blog had drawn attention.
June 9: Citigroup
The banking and insurance giant announced that unknown hackers had penetrated its network security and made off with the personal identification information of some 200,000 clients.
June 8: International Monetary Fund
In an internal memo, the global lending institution informed staffers of a major, sophisticated cyberattack designed to steal confidential, valuable information. The New York Times implied that the hackers apparently orchestrated the IMF attack using spear-phishing emails — carefully crafted messages addressed to specific employees and made to appear to come from a trusted source.
June 8: Canada's Conservative Party
Hackers apparently upset by Prime Minister Stephen Harper's moves to regulate the Internet in Canada -- and by his re-election -- broke into his party's servers, planting a bogus story about how he had to be rushed to the hospital after choking on hash browns at breakfast.
June 6: Nintendo
Nintendo became LulzSec's second major target of the first week of June. On June 6, LulzSec compromised the U.S. servers of the gaming giant Nintendo. The hack, however, was more a prank than anything else. No information was stolen, and LulzSec admitted on its Twitter page that it "didn't mean any harm."
June 3: InfraGard
LulzSec strikes again! On June 3, the hacktivist group defaced the website of InfraGard, an Atlanta-based firm that provides IT security to the FBI. In addition to defacing the site, LulzSec leaked 700 megabytes of emails from InfraGard, as well as the personal information of 180 employees.
June 1: L-3 Communications
Just days after hackers penetrated the networks of Lockheed Martin, U.S. defense contractor L-3 Communications admitted that it had suffered a network intrusion. Again, compromised authentication tokens from RSA were behind the breach.
June 1: Google Gmail
Chinese identity thieves used "spear phishing" to take over hundreds of Gmail accounts , including those belonging to senior American officials, Chinese political activists, military personnel and journalists.
May 29: PBS
LulzSec didn't waste any time after hitting Fox in early May; on May 29, the hacking group defaced the PBS website with a phony news story claiming that slain rapper Tupac Shakur is alive and living in New Zealand. LulzSec perpetrated the attack in retaliation for the PBS show Frontline airing a WikiLeaks documentary called "WikiSecrets."
May 27: Lockheed Martin
Lockheed Martin , the largest provider of IT services to the U.S. government and military, suffered a network intrusion stemming from data stolen pertaining to RSA's SecurID authentication tokens.
May 17: NASA
A Romanian hacker calling himself "TinKode" took to Twitter on May 17, boasting that he had breached a computer server at NASA's Goddard Space Flight Center and gained access to confidential satellite data used to aid in disaster relief.
May 17: Massachusetts Executive Office of Labor and Workforce Development
Hackers used a Trojan to get into the network of the state labor agency, exposing the names, addresses, email addresses and Social Security numbers of an estimated 210,000 people. Banking information may also have been taken.
May 16: Her Majesty's Treasury
Britain's Chancellor of the Exchequer, George Osborne, announces that the British treasury ministry has been under sustained cyberattack for months . He tells a conference that the ministry was receiving about 20,000 "spear phishing" emails per month, rigged with malware to open backdoors into the organization's networks, but that none had gotten through.
May 13: Fox Broadcasting Company
LulzSec breaks into a server hosting Fox.com and publish about 400 email addresses and passwords belong to employees of the Fox Broadcasting Company and local affiliate stations. If LulzSec was aiming at the Fox News Channel, it missed -- that's a separate division of News Corporation.
May 9: Anonymous
A disgruntled follower of the hacktivist movement turned on the group and took over message boards where Anonymous members chatted and planned attacks.
May 5: Sony
In what Sony called a third attack on its servers, an Excel spreadsheet showing the names and hometowns of entrants in a 2001 Sony-sponsored prize contest was posted online. But it turned out Sony itself had left the document exposed on a public website for 10 years until two different researchers found it using Google searches.
May 4: "The X Factor"
The hacking group LulzSec burst onto the scene on May 4 by stealing the names, emails and phone numbers of a quarter-of-a-million contestants of Fox's Simon Cowell-hosted singing competition "The X Factor ." A week later, LulzSec would admit to hacking Fox Broadcasting Network and stealing the usernames and passwords of nearly 400 Fox employees.
May 2: Sony Online Entertainment
Sony suddenly disconnects the network linking players of massive multiplayer games. It turns out the network's back end was breached at the same time as those of the PlayStation Network and Qriocity networks were, bringing the total number compromised accounts to 102 million.
April 25: New York Yankees
Major League Baseball's most successful (and sometimes most-hated) team struck out on user privacy when a team employee accidentally emailed an Excel spreadsheet containing the contact information for more than 21,000 season-ticket holders. The attachment went to about 2,000 business contacts, but the Yankees were quick to state that no birth dates, Social Security numbers or financial information were among the data.
April 20: PlayStation Network and Qriocity
As a result of possibly the largest data breach ever, Sony suddenly took its PlayStation Network and Qriocity on-demand entertainment services offline on April 20. Two days later, Sony explained that there had been an "external intrusion" that had forced the shutdown of the networks. On April 26, it announced that intruders had accessed the user records of up to 77 million users, whose real names, email addresses, passwords, home addresses and telephone numbers had all been stored in unencrypted text. Sony said the associated credit-card numbers had been encrypted, even as hackers offered purported Sony-associated credit-card numbers in online bazaars and anecdotes came in of mounting credit-card fraud among PlayStation Network users.
April 17: Oak Ridge National Laboratory
One of the main servers at the Department of Energy-run research facility near Knoxville, Tenn., was taken offline after administrators noticed large amounts of data in the process of being stolen. Officials at the lab suspected a "spear-phishing" campaign had opened backdoors into the servers. The lab was originally built to process plutonium for nuclear weapons, but now focuses on civilian nuclear, biological, chemical and information-technology research.
April 17: European Space Agency
A Romanian "gray hat" hacker — one who takes things mainly to embarrass their owners — got into the servers of the European Space Agency outside Paris, then posted user names, account information and passwords on his own website after letting ESA administrators know.
April 13: WordPress.com
WordPress.com, which makes and distributes the popular WordPress blogging platform, announced on April 13 that hackers had broken into the servers of Automattic, which host WordPress-based blogs. The intruders potentially made off with sensitive information such as source code and user passwords of WordPress' 25 million bloggers. This is the second major attack on WordPress.com in the past two months. In March 2011, WordPress.com was hit by a massive distributed denial-of-service attack .
April 4: Sony
Anonymous-affiliated hacktivists use DDoS attacks take down several PlayStation-related websites in retaliation for Sony's lawsuit against hacker George Hotz , who discovered the internal password to "jailbreak" the PlayStation 3 and posted the password online. Anonymous calls off the attack after a few days after gamers complain; attacks against other Sony sites fizzle out. UPDATE: On April 11, Hotz calls for a boycott of all Sony products. On the same day, Sony announces it had settled the lawsuit against Hotz nearly two weeks earlier — before the Anonymous attacks began.
March 30: Epsilon
At least 26 companies, including BestBuy, Capitol One Bank, Citi, JPMorgan Chase, TiVo and Walgreens, have their customer email lists stolen during a data breach at Epsilon, which handles e-mail communications for 2,500 companies worldwide. Passwords or other sensitive data was not taken, but security experts warned of an upsurge in spam and phishing attacks in the coming months.
March 29: European Parliament
In a continuation of the previous week's attack on the European Commission and the European External Action Service, highly skilled hackers penetrated the network of the European Parliament in Strasbourg, France.
March 29: Australian Parliament
Sydney's Daily Telegraph learns that sophisticated hackers, thought to be working for Chinese intelligence, had for nearly two months been intercepting messages sent over the federal parliamentary email system. Ten members of Parliament, including Prime Minister Julia Gillard and Australia's foreign and defense ministers, had their parliamentary computers compromised. The Australian security services were reportedly tipped off to the breach by U.S. CIA and FBI.
March 27: MySQL.com
MySQL.com, the main website promoting the open-source database-management software suite, is hacked into by two Romanian "gray hat" hackers using, ironically, a SQL injection. SQL injections are common but powerful Web-based attacks that exploit overlooked "holes" in a website's database communications. The hacked caused no damage but did embarrass Oracle Corp., which owns and distributes MySQL.
March 25: RIAA.com
Anonymous-affiliated hacktivists use a DDoS attack to bring down the website of the Recording Industry Association of America for about five hours. Anonymous said the attack was to protest a new RIAA lawsuit against the shuttered file-sharing service LimeWire, which demanded damages of $150,000 for each download of some 11,000 copyrighted songs -- a claim estimated at $75 trillion dollars. The federal judge tossed out the claim, noting that the amount was "more money than the entire music industry has made since Edison's invention of the phonograph in 1877."
March 24: New Zealand Department of Internal Affairs
Anonymous-affiliated hacktivists had promised to punish New Zealand's civil-service department for a new law that mandated Internet censorship of possible child pornography. The attack was supposed to take place March 28, but someone jumped the gun and took down the DIA's website for several hours.
March 24: TripAdvisor.com
The popular travel-planning website revealed that network intruders had made off with part of the membership email list. No passwords or financial data were compromised, according to the company, but it did warn members to be ready for an uptick in spam.
March 23: European Commission, European External Action Service
On the eve of a major summit of European leaders to discuss the escalating crisis in Libya, the executive and diplomatic bodies of the European Union in Brussels came under sophisticated attack . Internet access to the bodies was blocked, and staffers were asked to change their passwords. Officials privately said the attack resembled the network intrusion on the French finance ministry two weeks beforehand. Once again, Chinese government-sponsored hackers were suspected.
March 17: RSA
RSA, maker of SecurID authentication tokens, said its networks had been penetrated , and data stolen, by an "advanced persistent threat" (i.e., hackers likely sponsored by the Chinese government). The company would not say if the breach affected the 40 million SecurID tokens used by employees of large corporations and government agencies to log into secure networks and systems, or the 250 million smartphones that use a similar system.
In August, the security firm F-Secure found the surprisingly simple phishing email used to penetrate RSA. And in October, blogger Brian Krebs revealed that RSA breach had not been a targeted attack, but was just part of a larger campaign that attacked nearly 20 percent of the Fortune 100 list of top global corporations. Almost all the hacker servers used in the campaign were located in China.
March 17: Hollywood Starlets
Up to 50 young female celebrities had nude photos stolen from their email and smartphone accounts. "High School Musical" star Vanessa Hudgens was said to be talking to the FBI. The gossip website TMZ said the feds were closing in on the hackers, who were said to be motivated less by money than by the thrill of it. Others who had nude photos circulating reportedly included Scarlett Johansson, Miley Cyrus, Jessica Alba and Christina Aguilera.
March 7: French Finance Ministry
Sophisticated hackers used "spear phishing" attacks to penetrate and steal sensitive documents from the French finance ministry. Most of the stolen documents pertained to to France's presidency of the Group of 20 association of leading-economy finance ministers. Some of the data was forwarded to Chinese websites, but as an unnamed official told Paris Match, which broke the story, "that doesn't mean much."
March 4: South Korea
Directed denial-of-service (DDoS) attacks hit various websites in South Korea, including the presidential residence the Blue House and the country's two largest search engines. Most withstood the onslaught. Suspicion immediately fell upon North Korea, which was almost certainly behind a similar, though more powerful, attack in July 2009.
March 3: WordPress
The popular blogging service got taken down for several hours by what company founder Matt Mullenweg called the "largest and most sustained" DDoS attack in its six-year history. Mullenweg suspected it may have been "politically motivated against one of our non-English blogs."
Feb. 24: Westboro Baptist Church
On Feb. 24, Anonymous took down several websites associated with the controversial Westboro Baptist Church . A small but vocal Christian group that loves publicity and hates almost everything else, the Westboro Baptist Church pickets military funerals with signs reading "God Hates Fags" and "Thank God for Dead American Soldiers."
Feb. 22: Voice of America
On Feb. 22, pro-Iran hackers went after Voice of America the official news service of the United States government. This one was by a group calling itself the Iranian Cyber Army (ICA). In its hack on www.voanews.com, the ICA denounced what it saw as U.S. involvement in the ongoing revolutions in the Muslim world. The ICA manipulated the VOA homepage to read: “Mrs. Clinton Do you want to hear the voice of oppressed nations from heart of USA? Islamic world doesn’t believe USA trickery. We call on you to stop interfering in Islamic countries.”
Feb. 18: Canada
In mid-February, it was revealed that the Treasury Board, Finance Department and Defence Research and Development operating in China . The hackers were seeking confidential information pertaining to financial and weapons information and data about oil and gas resources.
Feb 11: Iran
As antigovernment protests spread throughout the Middle East, so did cyberattacks aimed at crippling oppressive government regimes. On Feb. 11, Anonymous took action against several Iranian government websites , standing in solidarity against what it called in a press release “the chains of oppression, tyranny and torture.” The distributed denial-of-service (DDoS) attacks were levied against the websites of IRNA, Iranian’s semi-official news agency, President Mahmoud Ahmedinejad and Ayotollah Ali Khomenei, but none were entirely successful.
Feb 6: HBGary Federal
Anonymous was involved in this next hack, and this one added a bit of intrigue and espionage to the mix. On Feb. 5, Aaron Barr, chief executive of the Washington, D.C.-based security firm HBGary Federal , announced that he had unmasked the members of Anonymous, and would reveal their identities at a security conference later in the month. Wasting no time, Anonymous the following day took down the website of Barr’s company, hijacked Barr’s personal Twitter account and his boss’s LinkedIn profile, and posted more than 70,000 of Barr’s personal e-mails. In a brazen show of defiance, Anonymous even posted the dossier of secret Anonymous identities Barr was planning to make public. While Anonymous was just flexing its muscles, it turned out those 70,000 e-mails told a scandalous story of espionage and dastardly closed-door dealings. Barr’s leaked e-mails revealed that his company was planning to launch cyberattacks and public smear campaigns of its own against WikiLeaks.
Feb. 5: Nasdaq
Next up to go down: the Nasdaq . As reported in a Feb. 5 Wall Street Journal article, hackers for the past year had been targeting computer networks belonging to the Nasdaq stock exchange. But these online crooks weren’t after money. The hackers’ real target was Directors Desk, a cloud application owned by Nasdaq that stores financial records and reports for hundreds of Fortune 500 companies and more than 10,000 corporate board members.
Jan. 26: Utah, Michigan, Albania, Italy, the U.S. Army, etc.
A few weeks passed before another high-profile organization was targeted, but when the next hit came, it was a big one. In late January, a hacker hijacked more than a dozen top military, government and education websites . Among the hacker’s haul were the websites of the states of Utah and Michigan, the Italian government, the Albanian military, Singhania University in India and the U.S. Army’s Communications-Electronic Command (CECOM). The hacked websites were being sold for $55-$499 each on an underground market.
Jan 26: Egypt
On Jan. 26, Anonymous struck again, this time against Egyptâ??s official government websites . The attacks on the websites of the cabinet, Ministry of the Interior and Ministry of Communications and Information Technology were carried out after then-President Hosni Mubarak blocked citizens’ access to Twitter. Following Egypt’s five-day Internet blackout, Anonymous launched a second wave of digital protests, taking down sites in Egypt as well as in Yemen.
Jan 2: Tunisia
The first notable digital disruption of the year occurred just two days in, when the hacktivist group Anonymous launched massive DDoS attacks against at least eight Tunisian government websites
Unfortunately for prominent organizations — and even worse for controversial ones — the year is only half over, and if the first six months are any indication, there are most certainly plenty of cyberattacks still to come.