This was an exciting/anxious year in the Internet security community, with big tech firms like Sony and RSA getting hacked, putting consumer data and corporate networks at risk, and with reports of attacks on utilities.
Scary things that go bump in the night are actually happening to computer systems that matter and it's only going to get worse. Here's what I think will happen in 2012.
Android apps will increase
As a target for malicious software, Android is the Microsoft of the mobile platform. Android has more than 50 percent of the smartphone market, eclipsing all others, so it's the most attractive platform for scammers to target. While iPhone apps get vetted by Apple, Google's open apps store model, which lacks code signing and a review process, makes it easy to distribute malware in apps.
The numbers bear this out. In the last six months, the number of malicious Android apps has doubled to 1,000, a report from mobile security firm Lookout says. Granted the vast majority of the malware--often disguised as legitimate apps--is found on third-party sites. But some malicious apps have made it to the Android Market. Google yanked about two dozen apps containing malware in May and nearly 60 malicious apps in March. (That's not counting the nearly 30 apps pulled in December that appeared to be designed for fraud.)
Google moves quickly when problems are reported, but removing apps after-the-fact means there may be users who have downloaded them already. To be fair, the likelihood that the average Android user will encounter malware is very, very slim because most people avoid third-party sites where they are required to allow apps from unknown sources to be downloaded, and are thus assuming the risk. The hot apps market, in general, is problematic because mobile developers typically don't have experience creating secure software. So keep your eye on this space.
A(nother) utility will get hacked
Hacking of corporate and government networks happens all the time. Now that SCADA (supervisory control and data acquisition) systems used in utilities and other critical infrastructure environments are being connected to the Internet, without the built-in security that traditional information technology networks have, it should come as no surprise that hackers will make their way in to areas where they conceivably could cause real harm to the environment and people.
The first wake-up call for the industry was the Stuxnet malware that emerged last year that appeared to have been designed to sabotage Iran's nuclear program. Then a leaked report in November appeared to be the first acknowledgement of a cyberattack on a U.S. critical infrastructure system, but the Department of Homeland Security denied that there had been an attack and ultimately it turned out to have been a false alarm.
However, an unnamed hacker claimed to have remotely breached a system at a Texas water plant, as well as systems in Europe. That investigation was pending. It's clear hackers are targeting these sensitive and critical systems, for whatever reason. Given how easy it is to find SCADA equipment with just a Google search, all the holes the SCADA systems seem to have, and that researchers say it is relatively easy to exploit the weaknesses, you can expect more attacks on critical infrastructure systems in the coming year. Whether they will make it to the news or be kept a secret, is another thing.
E-voting machines will have security hiccups
We're heading into an election year so that means get ready for the quadrennial voting snafus. Previous national elections have seen their share of problems with e-voting machines--votes not being recorded accurately and not allowing for adequate auditing, among other problems.
Even in the last election in 2008, a security flaw deleted votes from a computer database in one county in California, and there were reports of machine malfunctions in Pennsylvania and Virginia and mis-recorded votes in Ohio. Despite the problems , the machines may not be all that much improved by this coming election. Researchers warned in September that it is still possible for fraudsters to sneak hardware into an e-voting system that could be used to remotely change votes after they have been cast. If that fails, there's always the Supreme Court.
People will continue over-sharing despite the privacy ramifications
This next prediction is a no-brainer, but it touches so many of our lives that to ignore it would be silly. We have become a society of sharing to the detriment of our personal privacy.
Social media provides a way for me to share every aspect of my life with people, from where I went to school to what restaurant I'm dining at tonight to who my friends are and what my pet looks like. The ego prompts us to accept all the friend requests and seek more followers, and to bombard them with more details of our lives than anyone needs to know. We also are unknowingly revealing sensitive information, such as when we post photos containing GPS coordinates without realizing that the shot of my home can easily lead strangers' to my doorstep.
Companies like Facebook are offering increased integration so that my activities on the site and elsewhere are automatically shared with others. So now I can see what music my friends are listening to and what articles they are reading right now. But advertisers are privy to more information about us collectively, and me individually as well. Many people don't care if they see ads targeted to their tastes and lifestyle, but I doubt most of them really want to be blasting their commuting route, work hours, and up-to-the-minute whereabouts to the world.
Companies need to better explain the privacy implications of the new features they offer, but consumers need to be asking themselves questions before they push "post," such as "Do I care if people I don't know or enemies are able to see this?"
Hacktivists will form a new 99 Percent Party
There's no doubt that 2011 can be called the Year of the Hackers. The Anonymous movement and its offshoots, notably LulzSec, gained fame and notoriety for their denial-of-service attacks and data breaches on a host of targets. From Sony and the CIA to bankers, police officers, and Fox News, the attacks were a daily occurrence for months. With the emergence of the Occupy Wall Street protests, Anonymous actions became more organized and focused on a cause--political protest of financial inequality and corporate influence--and inclusive, online and offline.
The faceless hacktivists in Anonymous joined scores of everyday people to demonstrate in squares throughout the world and put a face, many faces, on the crisis of poverty and economic injustice. The Anons, as they call themselves, have ownership in the larger political movement and could provide the technical skills and online organization needed to create a new party that appeals not just to the tech-savvy Gen Y-ers, but to their parents and grandparents who are struggling to make ends meet.