Happy Halloween from the most malicious spooks on the Internet
As the calendar pages turn toward the end of October (which is National Cyber Security Awareness Month, as you may have heard), the thoughts of children around the nation drift to the spooky horrors that haunt the night. Zombies, werewolves and vampires haunt their young dreams. IT professionals also lay awake into the wee nighttime hours, but different kinds of terrors stalk them in their sleep. Hackers, spyware and advanced persistent threats lurk behind the dark corners threatening the confidentiality, integrity and availability of information and systems under their care.
The history of malicious actors in the world of computing is long and dark, dating back three decades and filled with the lore of history and deceit. Let’s take a look back through the rogue’s gallery of IT threats and dissect seven of the most notorious rogues to strike the Internet.
1) The Age of the Worm
In 1988, a young graduate student at Cornell University named Robert Morris penned the first page in the book of IT rogues. Morris created the Internet’s first worm, a piece of malicious code that spread on its own and infected a large number of Internet-connected systems. Morris’ worm spread quickly and gained widespread notoriety.
System administrators quickly extinguished this fire but Morris’ creation foreshadowed the outbreak of many other worms in the early part of this millennium. Malware with creative names like SQL Slammer, ILOVEYOU and Code Red scoured the Internet for several years seeking out new victims and spreading their destructive payloads.
2) Operation Aurora
In early 2010, Google publicly announced that they had been the victims of a widespread cyberattack of Chinese origin. This sophisticated attack breached servers belonging not only to Google but also other major technology companies including Adobe Systems, Rackspace and Juniper Networks.
These attacks, dubbed “Operation Aurora” by security researchers, opened the world’s eyes to the breadth of cyberattacks waged by nations against private companies in a quest to gain coveted intellectual property. Aurora sparked some of the earliest public conversations over Advanced Persistent Threats (APTs) and caused security professionals around the world to shift their focus toward protecting against sophisticated, determined attackers with access to advanced tools.
As the world’s attention focused on the Chinese-based Operation Aurora, the United States and its allies allegedly engaged in even more sophisticated attacks against their adversaries. The most striking of these attacks, Stuxnet, first appeared on the scene in 2009 but avoided detection and analysis for several years. After researchers gained access to Stuxnet’s code and reverse-engineered the malware, they discovered that it was an extremely sophisticated and highly targeted piece of malware designed for one purpose — destroying uranium enrichment centrifuges at the Iranian nuclear facility located at Natanz.
Although the United States never officially took credit, numerous investigations and anonymous sources indicate that the Stuxnet worm was jointly developed by the U.S. and Israeli governments. Stuxnet is notable because it was the first major attack to cross the virtual/physical barrier, using malicious code to cause the destruction of physical equipment in an act of cyberwarfare.
Stuxnet was only the first volley in a cyberwar brewing in the Middle East. In August 2012, the Saudi oil company Aramco announced that they were shutting down their computer systems due to a widespread cybersecurity breach. Details later surfaced revealing that the attack crippled thousands of computer systems and wiped out large quantities of data, replacing critical documents with the image of a burning American flag. U.S. government officials later attributed the attack to Iranian sources and security professionals around the world speculated that the attack was a direct response to Stuxnet.
During the 2013 holiday shopping season, Target stores made headlines for more than their Black Friday celebrations. They reported that they were the victims of a massive cybersecurity breach that disclosed sensitive personal information of up to 110 million customers. Later investigations revealed that the breach was the result of poor security practices related to third party vendors requiring access to Target systems.
Sources attributed the attack to the compromise of credentials used by a heating, ventilation and air conditioning (HVAC) contractor. Attackers used the HVAC vendor’s account to gain access to Target’s network and then leveraged that access to penetrate sensitive point-of-sale systems.
6) Sony Pictures
The 2014 holiday season came with an unwanted gift for executives at Sony Pictures. While the movie studio was preparing to release The Interview, a comedy about an attempt to kill North Korean dictator Kim Jong Un, hackers penetrated the studio’s cybersecurity defenses, stealing sensitive information and destroying company data.
U.S. government officials later attributed the attack to North Korean forces attempting to stop the release of the film. This attack wasn’t the first major embarrassment for the firm, which also suffered a breach of its Playstation network in 2011 and endured denial of service attacks that disrupted use of the gaming platform during the 2013 and 2014 holiday seasons.
7) Office of Personnel Management
This summer brought what many security experts consider the most significant breach of personal information ever to occur. The U.S. Office of Personnel Management reported the theft of records related to over 21 million current and former government employees as well as other individuals who received government security clearances.
The data stolen in this breach included fingerprints, background investigation forms and other incredibly sensitive information that far surpassed the extent of information stolen in earlier breaches. The full implications of this attack remain to be seen but it likely caused significant damage to government security efforts.
The history of cybersecurity is littered with examples of novel and sophisticated attackers who raised the bar for information security professionals charged with safeguarding information systems. For the past two decades, new attacks have surfaced almost every year that require thoughtful assessment and new controls to protect sensitive data.
While these attacks are quite concerning, particularly for the innocent third party victims of data breaches, they also amount to job security for those skilled in protecting organizations against attack. Take some time this Halloween season to protect your network against the villains of the Internet.