The Inquirer-Home

2013 was a very hacked year

More to come
Thu Dec 26 2013, 10:40
Security threats - password theft

THERE ARE BIG HACKS EVERY YEAR, and we had some real doozies in 2013 that hit a number of high-profile targets.

One of the biggest occurred just recently, in December, and saw some unknown – so far – parties walk off with the credit and debit card details of 40 million people.

Yes. More than the population of Canada lost details relating to their financial, personal and property in an assault on the store Target. Target is looking into it, and so are 40 million rather concerned people.

"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause," said Gregg Steinhafel, CEO of Target.

"We take this matter very seriously and are working with law enforcement to bring those responsible to justice."

That hack is big in terms of individual numbers, but other hacks have had larger impacts and more victims, despite initial appearances.

A hack on Adobe gathered together threads from a range of parties and set companies and their security falling like dominoes.

In October the firm said it had been hit in an attack that had affected tens of millions of customers, the firm settled on 38 million.

"So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users," said Adobe spokeswoman Heather Edel.

Adobe said first that Acrobat, ColdFusion and ColdFusion Builder source code had been plundered, and later added Photoshop to its list.

This was not the end of the debacle. Further fallout from the Adobe hack was the revelation that its users employ passwords that are as strong as rice paper. Popular among its users are such crackable classics, including Password, password, photoshop, and 1234.

The sticky mitts of the assault made a variety of grabs in a range of places. Social network Facebook, which has over a billion users, told some to change their passwords as a result.

It is, of course, always likely that people mirror their passwords across sites, particularly as so many sites need a password, but it seems that many can't remember anything more complex than QWERTY, and that is what makes these hacks worse than they necessarily have to be.

Adobe stuck firm to its 38 million count, but in some quarters numbers as high as 150 million have been mentioned.

The ripples from Adobe were still spinning out in November, when a concerned Evernote approached its users and said that "since that Adobe thing..." they ought to change their passwords for its services.

"The list of compromised Adobe accounts has been uploaded to the web. We compared this list to our user email addresses and found that the email address you used to register for an Evernote account is on the list of exposed Adobe accounts," the firm said.

"Evernote has not been compromised and is not connected to this incident, but if you used the same password for Adobe and Evernote, then you should change your Evernote password now."

Facebook was back and being discussed in security circles in relation to the Pony botnet, a security menace that re-entered the paddock this winter.

Security firm Trustwave said it had found the social media password-sniffing malware in sites including Facebook, Google, LinkedIn and Twitter. Again, the advice was to scorch earth user logins. The Pony malware code compromised as many as two million accounts.

For a different kind of, but still impactful, hack we must turn our eyes to web-based protest group the Syrian Electronic Army, and its assaults on the Twitter accounts of media companies.

In the last year the outfit has taken on, and taken down, accounts belonging to the BBC and the Associated Press, and many others, and has raised awareness about its cause with some high-profile messages.

In one the group spoofed an Associated Press message, claiming a bomb explosion at the White House. In another it made whimsical, but political weather reports.

The impact of the group is such that it has been singled out in threat reports from parties as heavy as the FBI. The FBI, which probably has been repeatedly asked questions about how the group was able to get its hooks into President Obama's social networks, made a memo that advised keeping an eye on anomalous traffic.

"Please maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security," said the FBI memo. "If you detect anomalous or malicious traffic or network behaviour, please contact your local FBI Cyber Task Force."

It's likely that we will see much more of the same in 2014, particularly if people insist on using poor passwords, and generally making a hash, and not the good kind of hash, of their security. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Dead electronic devices to be banned on US-bound flights

Will the new rules banning uncharged devices be effective?