Biggest Hacks of 2012 – 7/28/12

The Biggest Hacks of 2012 — So Far

Cybercriminals and hackers had a big year in 2011, taking on everyone from Sony and the authentication-token maker RSA to the CIA and even a notorious Mexican drug cartel. During the Arab Spring, the headline-hounding hackers in the LulzSec and Anonymous groups showed just how vulnerable anyone’s online presence is, even that of major governments.

What can we expect in 2012? More of the same, or a dynamic shift in what crooks want? And how will they go about getting it?

It’s too early for the answers, but 2012 has already seen its share of cybercriminal incidents. Starting with the most recent targets, here’s a list of hackers’ most-daring exploits and the data breaches, compromises, data leaks, thefts, threats and privacy invasions that have made this a year to watch.


March 11: ‘Glee’ Star Heather Morris
Oh, celebrities: always taking naked pictures of themselves and always having those pictures stolen and leaked onto the Internet for the world to see. This week the Hollywood star caught up in the salacious spotlight was Heather Morris, the 25-year-old actress who plays the cheerleader Brittany Pierce on “Glee.” A slew of racy photos, some showing Morris fully nude in front of a webcam, hit the Internet March 11. They were reportedly stolen from her cellphone.

Morris’ stolen pics came just days after naked or near-nude photos of “Mad Men” star Christina Hendricks and actress Olivia Munn also found their way to the Web.

March 9: Digital Playground
Using the name “The Consortium,” a group of previously-unknown hackers claimed responsibility for breaking into the servers of DigitalPlayground.com, one of the world’s top adult-entertainment companies, and leaking the usernames and plaintext passwords of some of the site’s well known porn stars. In their data dump, the hackers also included a list of video files taken from the site along with directions on how to download them for free.

March 6: Sabu
Only three months in, but this may turn out to be the year’s biggest story.

On March 6, a federal court in New York unsealed the indictment against Hector Xavier Monsegur, a 28-year-old unemployed father of two better known by his hacking name, “Sabu.” The vocal, notorious and elusive leader of the LulzSec prankster cell, Sabu, it turned out, was arrested last August and, facing a two-year prison term, flipped and began working for the FBI.

For eight months, Monsegur, working out of FBI offices and at home on a continously monitored FBI laptop, fed FBI agents critical information to help arrest active members of the LulzSec and Anonymous hacking networks.

Monsegur’s cooperation also helped the FBI notify hundreds of government agencies around the world about vulnerabilites in their networks.

March 3: Michael Jackson
On March 3, the Sunday Times of London reported that the hackers who infiltrated Sony Music’s servers in 2011 may have made off with 50,000 music files consisting of Michael Jackson’s back catalog. Two men possibly connected to the incident appeared in a central England court on March 2 facing charges of computer hacking and copyright infringement. The men pleaded not guilty, and a court date was set for January 2013.

March 1: Monsanto
Monsanto is an international agricultural biotech company and the world’s leading producer of genetically engineered seed. Its business practices have long been the target of protesters, and on March 1, Anonymous, under it’s “AntiSec” banner, stepped up to bat against Monsanto, leaking a databsae of confidential company information. The database was outdated, but the hackers said it should serve more as a warning of future attacks.

Feb 29: NASA
This incident occured last year, but came to light Feb. 29, when NASA Inspector General Paul K. Martin, in his testimony before a House subcommittee, admitted that a laptop was stolen from NASA in 2011 that was unencrypted and contained command and control codes for the Inernational Space Station. The laptop, Martin said, was one of 48 NASA notebooks or mobile devices stolen between April 2009 and April 2011.

Feb 28: Interpol
On Feb. 28, law enforcement agents in Europe and South America arrested 25 suspected members of the Anonymous hacking group in an international dragnet called “Operation Unmask.” To show their outrage at the police action, Anonymous supporters took down Interpol’s main website, www.interpol.int, for about 30 minutes.

Feb. 27: Stratfor
WikiLeaks began publishing more than 5 million emails it obtained from the Austin, Texas-based global consulting firm Stratfor. The emails, WikiLeaks said, highlight Stratfor’s dubious financial dealings, global cover-ups as well as coordinated campaigns to subvert WikiLeaks and its founder, Julian Assange. It’s not known exactly how WikiLeaks obtained the emails, but signs point to Anonymous, which hacked Stratfor’s servers late last year and made off with emails and credit card numbers.

Feb. 14: Nortel
Valentine’s Day proved anything but romantic for Nortel, the Canadian telecom company currently in bankruptcy. It turns out that hackers, believed to be operating from China, had been spying on Nortel for at least a decade, the Wall Street Journal reported. Using seven passwords stolen from top executives, the cybercriminals infiltrated Nortel’s servers and downloaded technical papers, research-and-development reports, employee emails, business plans and other confidential data.

Feb. 14: Combined Systems Inc.
Proudly hoisting the hacktivist flag, the ever-present Anonymous hacking network took credit for knocking Combined Systems Inc., a Jamestown, Pa., security company, offline and stealing personal information from its clients. As reported by the Associated Press, Anonymous said it went after Combined Systems, which sells tear gas and other crowd-control devices to law enforcement and military organizations, to protest “war profiteers” and to commemorate the one-year anniversary of the bloody citizen uprising in Bahrain.

Feb. 14: Brazzers.com
A 17-year-old hacker said he tapped into an inactive forum run by the hard-core porn site Brazzers and used it to expose the personal information of more than 350,000 registered users. The site’s parent company, Luxembourg-based Manwin Holding SARL, said no credit-card data had been compromised. The hacker, based in Morocco, said he leaked the information not to embarrass the site’s customers or to make money, but simply to highlight how vulnerable popular websites are. Not surprisingly, the teen hacker said he had aligned himself with the Anonymous movement.

Feb. 10: Central Intelligence Agency
For the second time in less than a year, Anonymous launched a distributed denial-of-service attack that temporarily knocked the website of the Central Intelligence Agency offline. The CIA takedown capped a busy week for the hacktivist pranksters; in 10 days, the group went after Chinese electronics manufacturer Foxconn, American Nazi groups, anti-virus maker Symantec and the office of Syria’s president.

Feb. 8: Office of the Syrian President
During an especially active week of digital daring, Anonymous leaked a cache of emails from Syrian President Bashar Assad’s office, including one particularly candid email in which one of Assad’s media advisers preps him for an interview with Barbara Walters and tells him that the “American psyche can be easily manipulated.”

Feb. 8: Foxconn
With Apple facing worldwide scrutiny over the questionable working conditions at Foxconn, a Chinese company that assembles iPhones and iPads (as well as devices for Dell, Sony, IBM, Microsoft, Samsung and others), it was only a matter of time before hacktivists took up the cause. In this case, it wasn’t Anonymous but a group called Swagg Security (SwaggSec) that struck the first blow, making off with staff email logins and credentials that could allow an attacker to place a fraudulent order.

Feb 7: Hamas
The Israeli hacking group IDF Team launched an attack against a Hamas website, qassam.ps, knocking it offline to protest the site’s anti-Israeli stance. This was not an isolated incident; it was instead the latest strike in a calculated monthlong battle between Israeli and Arab hackers that began Jan. 3, when a Saudi Arabian hacker calling himself 0xOmar posted 15,000 Israeli credit-card numbers.

IDF Team (named for the Israeli Defence Force, in which most Israeli Jews must serve), quickly retaliated by stealing and posting Arabs’ credit-card credentials. This back-and-forth continued; on Jan. 16, 0xOmar and his crew, calling themselves first “Group XP” and then “Nightmare,” disrupted the Tel Aviv Stock Exchange, Israel’s El Al Airlines and two major Israeli banks. Two days later, IDF Team hit the Saudi Stock Exchange and the Abu Dhabi Securities Exchange.

Feb. 6. Symantec
A shadowy hacker, critical source code from a respected industry titan, an extortion plot and an attempted sting operation by law enforcement — it had all the makings of a big-screen espionage thriller, but this cybercrime incident was real.

The hacker, calling himself “YamaTough,” posted the source code to Symantec’s pcAnywhere software, a flagship product that allows customers to access remote PCs. The leak came after YamaTough lost patience with what appeared to be a backroom ransom deal— actually a stall by a law-enforcement agent posing as a Symantec employee.

The ransom talks began Jan. 18; in the discussions, which were also leaked, the agent calling himself “Sam Thomas” said Symantec would pay YamaTough $50,000 not to release the source code. On the night of Feb. 6, YamaTough, frustrated with Symantec’s stalling, gave up talking and posted the source code to The Pirate Bay.

Feb. 3: Scotland Yard and the FBI
Anonymous’ sects and supporters are familiar with the long arm of the law. Cops have busted several high-ranking Anonymous-affiliated hackers, including Ryan Cleary, a British teen charged with launching denial-of-service attacks against major British and U.S. targets. It probably didn’t please Scotland Yard and FBI agents, though, when Anonymous intercepted and posted the audio from a 17-minute conference call the two law enforcement agencies had scheduled to discuss — what else — plans to track down and prosecute Anonymous hackers.

Read More