You never have to look too far to find a headline on a cyber-attack and they keep getting more serious and deadlier by the GB of data. There were several high profile hacks and cyber-attacks this year ranging from telcos to governments to consumer goods. These are five of 2015’s worst cyber-attacks.
Let’s start with the most recent. Hong Kong toy manufacturer VTech found itself knee deep in a serious hack at the end of November that put sensitive data about children at risk. The hack was first reported by Motherboard, which was contacted by the hacker when he made his discovery. Millions of parents were affected but most alarmingly, so were millions of kids.
The hacker was able to harvest data from VTech’s line of children’s tablets and its databases. This included images that children had taken of themselves and their parents and audio recordings of children fooling around with the device—190GB of data in total. Most shockingly, the toy company was not using SSL (Secure Sockets Layers) technology to secure the data, a pretty common standard, and passwords were not adequately encrypted, according to a researcher from Trend Micro.
VTech has been excoriated by security professionals since the breach was made public. The only lifeline it has right is the hacker. He or she decided against leaking the data online and instead went to the press, saying “I just want issues made aware of and fixed.”
The same cannot said for Ashley Madison, easily the year’s most salacious cybersecurity incident. During summer, the adultery site, which allowed people to seek affairs with other users, was hacked by a group calling itself the Impact Team. Data on more than 30 million users was held to ransom and eventually leaked.
The mass leakage of personal data that could technically reveal someone as a cheater provided much fodder for tech and gossip blogs alike. However the site had little in the way of verification processes for new accounts and searching through email addresses wasn’t exactly full proof that someone had been seeking an affair. In one case, a rather unconvincing Tony Blair email address was discovered.
There were some real life consequences though. Reports came of Ashley Madison users being blackmailed while leaked email detailed poor security practices at the company and even correspondences from the CEO hinting at hacking its competitors.
Most recently, there was the case of New Jersey school superintendent David Browne who was found to have an account on the site. He lost his job, his wife left him, and most strangely, was charged with arson after attempting to torch his garage, possibly in a fit of rage.
Hacking Team was long considered a dubious company, alleged to be selling surveillance software to repressive governments and having little qualms about doing so. For a company in the field of hacking, cybersecurity, and surveillance, it became quite a staggering story when the company was hacked this summer, leaking swathes of emails and company data, which gave us all a glimpse into how Hacking Team did business.
The main product that Hacking Team, an Italian company, sold was its Remote Control System (RCS), a piece of software that would allow government authorities or law enforcement to intercept or break the communications of their targets.
Data and leaked emails alleged that Hacking Team was selling software to, or in talks with, officials in Nigeria, Russia, Uzbekistan, Kazakhstan, Azerbaijan, and Saudi Arabia to name a few.
The leak also showed that Hacking Team had discovered significant vulnerabilities in Flash that could be exploited and led to Adobe scrambling for a patch.
Several months on from the hack, much of the furor has died down but little has been determined for sure about the alleged perpetrator, dubbed PhineasFisher, and what his/her/their motives and reasons were.
Image courtesy of Getty Images by Mark Wilson.
Also this summer we saw one of the largest politically motivated cyber-attacks when the US government’s Office of Personnel Management (OPM) fell prey to alleged Chinese hackers.
The hack dates back to March 2014 before being made public in June of this year as up to 18 million government employees were affected and 21.5 million records compromised. In July, Katherine Archuleta, the president of OPM, resigned. Hearings are ongoing to determine the cause of the hack but have been stifled by some government agencies refusing to participate.
Chinese hackers have been the prime suspects in the hack and since then both the US and China have conducted talks on the matter. Even recently, China said it arrested a number of hackers, with assistance from US intelligence, and levelled the blame clearly on them for attacking OPM.
In October, millions of T-Mobile customers were breached thanks to the operator’s credit monitoring firm Experian. We still know little about the reasons behind the hack. However while it is T-Mobile customers that are on the wrong end of this breach, it is in fact a hack at Experian that caused the issue. But that doesn’t leave T-Mobile totally blameless, either as it still entrusted the third party firm with this data.
Even beyond that, T-Mobile states that some of those affected aren’t even customers but rather people that may have signed up for services with T-Mobile but never followed through. “I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” said CEO John Legere at the time. Now more challenges lie ahead with both T-Mobile and Experian facing lawsuits over the breach.