International intrigue puts security on global stage
Jump to: Featured stories of 2010
From the attacks on Google that originated in China to the Stuxnet worm that experts say was written to sabotage Iran's nuclear program, 2010 was notable for international intrigue in the security world.
The year started out with a bang as Google announced in mid-January that its corporate network had been attacked by someone in China and intellectual property was heisted. The "highly sophisticated and targeted attack," which was mirrored at about 30 other companies, exploited a hole in Internet Explorer. Separately, attackers tried to get into Gmail accounts of human rights activists and managed to access other accounts, probably via phishing. China denied any involvement in the attacks.
China was also at the center of some odd Internet happenings a few months later. In March, network operation centers around the world started noticing that traffic to Facebook, Twitter, YouTube, and a host of other sites was being redirected to servers in China. One of the main DNS (domain name system) root servers was effectively sending Web surfers behind the Great Firewall of China, a strictly controlled network of servers and routers the People's Republic of China uses to filter the Internet and block its citizens from accessing content deemed politically sensitive.
Then, in April, something similar happened. In this case, Internet traffic was diverted through networks in China for about 17 minutes. This would have enabled operators of those servers in China to read, delete, or edit unencrypted e-mail and other communications passing through those servers during that time. China again denied any malfeasance in these cases, saying they were accidents.
This year also brought the first reported case of malware written specifically to target critical infrastructure and industrial control systems. Stuxnet showed up in June, spreading through Windows systems via a handful of holes in Windows. The worm drops its payload when it discovers a particular Siemens software. At first, security experts didn't know what the payload was. Symantec eventually figured out that Stuxnet uploads encrypted code to Programmable Logic Controllers used to control processes inside power, manufacturing, and other plants.
Later analysis, also by Symantec, uncovered another key to the mysterious malware. The malware specifically targets systems with a frequency converter that controls the speed of a motor like those used for uranium enrichment. The speculation that Iran's nuclear program was the intended target was bolstered when Iranian President Mahmoud Ahmadinejad accused enemies of the country of causing problems for some centrifuges with computer code. It's unclear who is behind the multi-faceted, extremely complex malware.
The summer brought intrigue of a more domestic sort when a controversial hacker group exposed a security flaw in an AT&T Web site that was exploited to reveal thousands of e-mail addresses of iPad users. AT&T issued an apology for the security incident, but still placed the blame on the hackers.
In the course of investigating the hackers, federal agents discovered drugs in the home of the leader, Andrew Auernheimer, and arrested him. Other members of the group have been called in for questioning by a federal grand jury, but so far no charges have been filed.
Featured stories of 2010
Behind the China attacks on Google (FAQ)
Here's what is known and what is not known about the China-related attacks on Google and the other Silicon Valley companies.
In their words: Experts weigh in on Mac vs. PC security
CNET asks a host of security experts which of the major operating-system platforms is more secure for consumers. Here's what they have to say.
Backdoor found in Energizer Duo USB battery charger
The battery maker says it doesn't know how the Trojan got into the software it offered via download for Windows-based computers.
Report: Memory card exposed 3,000 phones to virus
Malware found in HTC Magic phones has been traced back to memory cards that shipped in about 3,000 phones, according to report citing Vodafone.
IBM: We distributed malware-ridden USB drives
Company apologizes after visitors to the IBM booth at the AusCERT security conference get more than they bargained for with the freebies handed out.
Hacker turns in soldier in Iraq airstrike video leak
While sympathetic, former "homeless hacker" Adrian Lamo says the Army intelligence analyst who confided in him crossed the line by exposing compromising data on U.S. foreign policy.
AT&T Web site exposes data of 114,000 iPad users
Hackers exploit a hole in an AT&T Web site to get e-mail addresses of iPad early adopters, including top-level people in government, finance, and the military.
Money trumps security in smart-meter rollouts, experts say
The race to deploy smart meters poses security and privacy risks to consumers and threatens the infrastructure, according to experts.
Hacker in AT&T-iPad security case arrested on drug charges
A man whose group disclosed flaw in AT&T's Web site is arrested on felony and misdemeanor drug possession charges as result of FBI search, authorities say.
Details of the first-ever control system malware (FAQ)
Here is information about a new Windows worm that is targeting control systems around the world.
Researcher detained at U.S. border, questioned about Wikileaks
Jacob Appelbaum, who volunteers with Wikileaks, is questioned for three hours and has mobile phones confiscated on his way back to the United States for a hacker show.
With McAfee deal, Intel to bake in security
Intel acquisition of McAfee signals shift away from standalone software products toward security that is embedded in devices, sources tell CNET.
Bad flash drive caused worst U.S. military breach
Breach in 2008 was wake-up call for Defense Department to create new cybersecurity strategy, says U.S. Deputy Defense Secretary William J. Lynn III.
Cars: The next hacking frontier?
Efforts to make autos safer and more energy efficient with embedded computers and wireless technologies are also increasing security risks, experts say.
Web traffic redirected to China still a mystery
Two instances where Web traffic was "hijacked" to servers in China have Internet watchers still scratching their heads.
Symantec: Stuxnet clues point to uranium enrichment target
Worm looks for systems using a frequency converter and tries to speed up and slow down motors--in essence sabotaging them, expert says.
