2012's Worst Security Exploits, Fails and Blunders
Stolen social security numbers. Erased online identities. Pilfered payment information. Yep, 2012 was a banner year for the bad guys.
Fri, December 28, 2012
PC World — A fool and his feeble p@$$w0rd are soon rooted, but if 2012 has proven anything, it's that even the most cautious security-minded souls need to double down on their protective practices, and think about the best ways to mitigate damage if the worst happens in our increasingly cloud-connected world.
A solid security toolbox should form the heart of your defense, of course, but you'll also need to consider your basic behavior. For example, a leaked LinkedIn password does little harm if that particular alphanumeric combination only opens the door to that particular account, rather than every social media account you use. Two-factor authentication can stop a breach before it happens. And do your passwords suck?
I'm not trying to scare you. Rather, I'm interested in opening your eyes to the types of precautions that are necessary in the digital age--as evidenced by the biggest security exploits, blunders, and fails of 2012. 'Twas a banner year for the bad guys.
Honan hack attack
The highest profile hack of 2012 didn't involve millions of users or an avalanche of pilfered payment information. No, the security highlight--or is that lowlight?--of 2012 was the epic hacking of a single man: Wired writer Mat Honan.
Over the course of a single hour, hackers gained access to Honan's Amazon account, deleted his Google account, and remotely wiped his trio of Apple devices, culminating in the hackers ultimately achieving their end goal: seizing control of Honan's Twitter handle. Why all the destruction? Because the @mat Twitter handle's three-letter status apparently makes it a highly coveted prize. (The malcontents posted several racist and homophobic tweets before the account was temporarily suspended.)
The devastation was all made possible by security snafus on Honan's end--daisy-chaining critical accounts, a lack of two-factor authentication activation, using the same basic naming scheme across several email accounts--and conflicting account security protocols at Amazon and Apple, which the hackers took advantage of with the help of some good ol' fashioned social engineering.
The scariest part? Most people probably employ the same basic (read: lax) security practices Honan did. Fortunately, PCWorld has already explained how to plug the biggest digital security holes.
The Flame virus
Traced as far back as 2010 but only discovered in May of 2012,the Flame virus bears a striking similarity to the government-sponsored Stuxnet virus, with a complex code base and a primary use as an espionage tool in Middle Eastern countries like Egypt, Syria, Lebanon, Sudan, and (most frequently) Iran.