The Worst Security SNAFUs of 2013

This year's award for "Biggest Security SNAFU" can only go to the National Security Agency. Since June, NSA officials have winced as former NSA contractor Edward Snowden began dispensing secrets to the media about how NSA carries out massive surveillance around the world using advanced technology.

By Ellen Messmer
Tue, December 17, 2013

Network World — This year's award for "Biggest Security SNAFU" can only go to the National Security Agency. Since June, NSA officials have winced as former NSA contractor Edward Snowden began dispensing secrets to the media about how NSA carries out massive surveillance around the world using advanced technology.

[ The NSA Quiz ]

[ The NSA Security Quagmire ]

The NSA wasn't using enough security technology internally to even begin to stop Snowden from roaming through its super-secret networks to fish out what's now believed to be many thousands of sensitive documents related not only to NSA's massive data collection practices across the Internet but also traditional spy vs. spy operations, much of which has not yet gone public.

The Snowden revelations so far have generated a backlash against the intelligence agency from privacy advocates everywhere as well as the U.S. high-tech industry, which has to cooperate with the NSA under U.S. law. And foreign leaders of countries considered friends to the U.S are enraged their private calls and data were intercepted for years. There's no reason to think that there won't be more on this score.

There have been plenty of "security SNAFUs" to go around this year. The media, too, were on the receiving end as the New York Times, Wall Sreet Journal, CNN, Washington Post and others all reported that networks used by their employees had been hacked by attackers from China, likely for cyber-espionage, or the Syrian Electronic Army, out of political anger. Also, the stability and security of a key part of the financial system, the electronic stock exchanges, was sometimes shaky.

+ MORE ON NETWORK WORLD The biggest security SNAFUs of 2013...so far +

There are so many SNAFUs, in fact, we listed details about the ones occurring the first half of 2013 in our June story. From there, we now pick up the trail of data breaches, cyber-espionage, cyber-extortion and infrastructure collapse. And sometimes it was simply just plain cyber-stupidity.

July

The U.S. Department of Commerce's Economic Development Administration (EDA) destroyed about $170,000 worth of IT equipment including computers, printers, keyboards and computer mice last year on the mistaken belief that the systems were irreparably compromised by malware. According to the Commerce Department's Inspector General that looked into what happened, the bureau was poised to destroy an additional $3 million worth of IT equipment but was prevented from doing so by a lack of funding for the effort. EDA, whose computer network had been infected by viruses, thought it was under an intense cyber-attack, and employees there spent months without e-mail of access to Internet servers and databases as they sought to build a new network. The Inspector General, however, said the disruption was simply due to a common malware infection on six computers that could have been erased with anti-malware tools and other steps.

Continue Reading

Originally published on www.networkworld.com. Click here to read the original story.
Our Commenting Policies