Cybercrime Blotter: The Biggest Hacks of 2012 So Far
Cybercriminals and hackers had a big year in 2011, taking on everyone from Sony and the authentication-token maker RSA to the CIA and even a notorious Mexican drug cartel. During the Arab Spring, the headline-hounding hackers in the LulzSec and Anonymous groups showed just how vulnerable anyone's online presence is, even that of major governments.
What can we expect in 2012? More of the same, or a dynamic shift in what crooks want? And how will they go about getting it?
It's too early for the answers, but 2012 has already seen its share of cybercriminal incidents. Starting with the most recent targets, here's a list of hackers' most-daring exploits and the data breaches, compromises, data leaks, thefts, threats and privacy invasions that have made this a year to watch.
March 11: 'Glee' Star Heather Morris
Oh, celebrities: always taking naked pictures of themselves and always having those pictures stolen and leaked onto the Internet for the world to see. This week the Hollywood star caught up in the salacious spotlight was Heather Morris, the 25-year-old actress who plays the cheerleader Brittany Pierce on "Glee." A slew of racy photos, some showing Morris fully nude in front of a webcam, hit the Internet March 11. They were reportedly stolen from her cellphone.
Morris' stolen pics came just days after naked or near-nude photos of "Mad Men" star Christina Hendricks and actress Olivia Munn also found their way to the Web.
March 9: Digital Playground
Using the name "The Consortium," a group of previously-unknown hackers claimed responsibility for breaking into the servers of DigitalPlayground.com, one of the world's top adult-entertainment companies, and leaking the usernames and plaintext passwords of some of the site's well known porn stars. In their data dump, the hackers also included a list of video files taken from the site along with directions on how to download them for free.
March 6: Sabu
Only three months in, but this may turn out to be the year's biggest story.
On March 6, a federal court in New York unsealed the indictment against Hector Xavier Monsegur, a 28-year-old unemployed father of two better known by his hacking name, "Sabu." The vocal, notorious and elusive leader of the LulzSec prankster cell, Sabu, it turned out, was arrested last August and, facing a two-year prison term, flipped and began working for the FBI.
For eight months, Monsegur, working out of FBI offices and at home on a continously monitored FBI laptop, fed FBI agents critical information to help arrest active members of the LulzSec and Anonymous hacking networks.
Monsegur's cooperation also helped the FBI notify hundreds of government agencies around the world about vulnerabilites in their networks.
March 3: Michael Jackson
On March 3, the Sunday Times of London reported that the hackers who infiltrated Sony Music's servers in 2011 may have made off with 50,000 music files consisting of Michael Jackson's back catalog. Two men possibly connected to the incident appeared in a central England court on March 2 facing charges of computer hacking and copyright infringement. The men pleaded not guilty, and a court date was set for January 2013.
March 1: Monsanto
Monsanto is an international agricultural biotech company and the world's leading producer of genetically engineered seed. Its business practices have long been the target of protesters, and on March 1, Anonymous, under it's "AntiSec" banner, stepped up to bat against Monsanto, leaking a databsae of confidential company information. The database was outdated, but the hackers said it should serve more as a warning of future attacks.
Feb 29: NASA
This incident occured last year, but came to light Feb. 29, when NASA Inspector General Paul K. Martin, in his testimony before a House subcommittee, admitted that a laptop was stolen from NASA in 2011 that was unencrypted and contained command and control codes for the Inernational Space Station. The laptop, Martin said, was one of 48 NASA notebooks or mobile devices stolen between April 2009 and April 2011.
Feb 28: Interpol
On Feb. 28, law enforcement agents in Europe and South America arrested 25 suspected members of the Anonymous hacking group in an international dragnet called "Operation Unmask." To show their outrage at the police action, Anonymous supporters took down Interpol's main website, www.interpol.int, for about 30 minutes.
Feb. 27: Stratfor
WikiLeaks began publishing more than 5 million emails it obtained from the Austin, Texas-based global consulting firm Stratfor. The emails, WikiLeaks said, highlight Stratfor's dubious financial dealings, global cover-ups as well as coordinated campaigns to subvert WikiLeaks and its founder, Julian Assange. It's not known exactly how WikiLeaks obtained the emails, but signs point to Anonymous, which hacked Stratfor's servers late last year and made off with emails and credit card numbers.
Feb. 14: Nortel
Valentine's Day proved anything but romantic for Nortel, the Canadian telecom company currently in bankruptcy. It turns out that hackers, believed to be operating from China, had been spying on Nortel for at least a decade, the Wall Street Journal reported. Using seven passwords stolen from top executives, the cybercriminals infiltrated Nortel's servers and downloaded technical papers, research-and-development reports, employee emails, business plans and other confidential data.
Feb. 14: Combined Systems Inc.
Proudly hoisting the hacktivist flag, the ever-present Anonymous hacking network took credit for knocking Combined Systems Inc., a Jamestown, Pa., security company, offline and stealing personal information from its clients. As reported by the Associated Press, Anonymous said it went after Combined Systems, which sells tear gas and other crowd-control devices to law enforcement and military organizations, to protest "war profiteers" and to commemorate the one-year anniversary of the bloody citizen uprising in Bahrain.
Feb. 14: Brazzers.com
A 17-year-old hacker said he tapped into an inactive forum run by the hard-core porn site Brazzers and used it to expose the personal information of more than 350,000 registered users. The site's parent company, Luxembourg-based Manwin Holding SARL, said no credit-card data had been compromised. The hacker, based in Morocco, said he leaked the information not to embarrass the site's customers or to make money, but simply to highlight how vulnerable popular websites are. Not surprisingly, the teen hacker said he had aligned himself with the Anonymous movement.
Feb. 10: Central Intelligence Agency
For the second time in less than a year, Anonymous launched a distributed denial-of-service attack that temporarily knocked the website of the Central Intelligence Agency offline. The CIA takedown capped a busy week for the hacktivist pranksters; in 10 days, the group went after Chinese electronics manufacturer Foxconn, American Nazi groups, anti-virus maker Symantec and the office of Syria's president.
Feb. 8: Office of the Syrian President
During an especially active week of digital daring, Anonymous leaked a cache of emails from Syrian President Bashar Assad's office, including one particularly candid email in which one of Assad's media advisers preps him for an interview with Barbara Walters and tells him that the "American psyche can be easily manipulated."
Feb. 8: Foxconn
With Apple facing worldwide scrutiny over the questionable working conditions at Foxconn, a Chinese company that assembles iPhones and iPads (as well as devices for Dell, Sony, IBM, Microsoft, Samsung and others), it was only a matter of time before hacktivists took up the cause. In this case, it wasn't Anonymous but a group called Swagg Security (SwaggSec) that struck the first blow, making off with staff email logins and credentials that could allow an attacker to place a fraudulent order.
Feb 7: Hamas
The Israeli hacking group IDF Team launched an attack against a Hamas website, qassam.ps, knocking it offline to protest the site's anti-Israeli stance. This was not an isolated incident; it was instead the latest strike in a calculated monthlong battle between Israeli and Arab hackers that began Jan. 3, when a Saudi Arabian hacker calling himself 0xOmar posted 15,000 Israeli credit-card numbers.
IDF Team (named for the Israeli Defence Force, in which most Israeli Jews must serve), quickly retaliated by stealing and posting Arabs' credit-card credentials. This back-and-forth continued; on Jan. 16, 0xOmar and his crew, calling themselves first "Group XP" and then "Nightmare," disrupted the Tel Aviv Stock Exchange, Israel's El Al Airlines and two major Israeli banks. Two days later, IDF Team hit the Saudi Stock Exchange and the Abu Dhabi Securities Exchange.
Feb. 6. Symantec
A shadowy hacker, critical source code from a respected industry titan, an extortion plot and an attempted sting operation by law enforcement — it had all the makings of a big-screen espionage thriller, but this cybercrime incident was real.
The hacker, calling himself "YamaTough," posted the source code to Symantec's pcAnywhere software, a flagship product that allows customers to access remote PCs. The leak came after YamaTough lost patience with what appeared to be a backroom ransom deal— actually a stall by a law-enforcement agent posing as a Symantec employee.
The ransom talks began Jan. 18; in the discussions, which were also leaked, the agent calling himself "Sam Thomas" said Symantec would pay YamaTough $50,000 not to release the source code. On the night of Feb. 6, YamaTough, frustrated with Symantec's stalling, gave up talking and posted the source code to The Pirate Bay.
Feb. 3: Scotland Yard and the FBI
Anonymous' sects and supporters are familiar with the long arm of the law. Cops have busted several high-ranking Anonymous-affiliated hackers, including Ryan Cleary, a British teen charged with launching denial-of-service attacks against major British and U.S. targets. It probably didn't please Scotland Yard and FBI agents, though, when Anonymous intercepted and posted the audio from a 17-minute conference call the two law enforcement agencies had scheduled to discuss — what else — plans to track down and prosecute Anonymous hackers.
Jan. 28: American Nazi Party
Anonymous does not stand for hate speech. To prove it, hackers from the group defaced and took down the website of the American Nazi Party as well as a white supremacist site, Whitehonor. The attacks were part of Anonymous' "Operation Blitzkrieg" campaign, which started in early January with attacks against several German neo-Nazi and extremist groups. Anonymous also set up Nazi-Leaks, a Wikileaks-style website on which hackers posted the names and email addresses taken from German and American white-supremacist online groups.
Jan. 23: OnGuardOnline
In yet another protest against the controversial Stop Online Piracy Act (SOPA), Anonymous took down OnGuardOnline.gov, the U.S. government's website for providing cybersecurity guidance. Prior to the takedown, Anonymous defaced the site with a message threatening to destroy dozens of government and corporate websites if SOPA was passed.
Jan.19-23: Megaupload enemies (CBS, Polish government, Universal Music, DOJ)
Hackers from Anonymous lashed out in grand fashion for several days to show their disdain for the government's crackdown on file-sharing site Megaupload and the arrest of its eccentric founder, Kim Dotcom. This stretch of four days was especially busy, as the hacktivists launched attacks against the websites of the Department of Justice, the FBI, CBS.com, Universal Music, the Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA), and pop star Rihanna's website.
Other websites that felt Anonymous' wrath in the wake of the Megaupload bust included the French media conglomerate Vivendi, the official website of the French government, and several Polish government websites, hacked to protest Polish President Bronislaw Komorowski's support of Europe's equivalent of SOPA, the Anti-Counterfeiting Trade Agreement (ACTA). Click here to read the wild tale of Megaupload and its founder, and what happened when cops busted down the doors to the company's New Zealand headquarters.
Jan. 16: Zappos
Cybercriminals kicked off a busy 2012 by breaking into online shoe retailer Zappos and compromising the personal data of 24 million customers. The massive data breach potentially exposed customers' names, email addresses, billing and shipping addressees, phone numbers and the last four digits of their credit cards. Nobody's full credit card data or was stolen in the hack.
Jan 13: Recipient of Nigerian Email
You've probably received a Nigerian scam email; they usually tell you you're eligible to collect some ludicrous amount of money from a deceased relative you didn't know you had — because you don't — and all you have to do to set the process of becoming a multimillionaire in motion is wire over some cash. These are easy enough to avoid and laugh at, but not to a South Korean man and his daughter who had a frightening encounter. The 65-year-old man flew to South Africa with his daughter to collect what he thought was a multimillion-dollar fortune, and when he landed at the airport in Johannesburg, he was kidnapped and held hostage in a home by a Nigerian gang demanding a $10 million ransom. Police raided the home after a four-day standoff and nobody was harmed.
Jan. 10: Smart Electric Meters
This one wasn't a specific incident, but rather a revelation that could lead to many cybercrimes. Researchers at a German cybersecurity conference discovered that the smart meter devices belonging to Discovergy, a major German provider of smart meters — devices used to provide utility companies with accurate data for controlling a home's power usage — transmitted unencrypted data from the home devices back to the company's servers over an insecure link. Analyzing this transmission, and the fingerprint of power usage it provided, the researchers were able to determine whether or not the homeowners were home, away or even sleeping.
Jan. 6: Japan Aerospace Exploration Agency
A computer virus compromised a data terminal at the Japan Aerospace Exploration Agency (JAXA), causing a leak of potentially confidential and sensitive information. Officials found the malware on the computer of a JAXA employee who worked on the H-2 Transfer Vehicle, an unmanned vessel that shuttles cargo to the International Space Station.