Hackers have had a bonanza in April, May and June (so far). Nary has a day gone by without news of yet another major attack. Here’s a partial list of some of the most publicized hacks of the last 10 weeks:
RSA Security: On April 1, in a move akin to raiding Fort Knox, RSA’s Secure ID technology (one of the industry’s gold standards in security software) was hacked. RSA executives described the hack as “very sophisticated.” They characterized it as an advanced persistent threat (APT)-type targeted attack. It used a routine tactic – a phishing Email that contained an infected attachment that was triggered when opened.
Epsilon: This Irving, TX –based company handles customer email messaging for over 150 firms, including large banks and retailers like Best Buy, JPMorgan Chase, Citigroup and L.L.Bean. In April, millions of consumers learned that Epsilon’s networks were breached when they received Emails from their banks and credit card companies informing them that the hack might have exposed their names and Email addresses to the hackers. Epsilon released a statement assuring consumers that only Email addresses and names were compromised and that no sensitive data was disclosed.
Sony: Sony’s PlayStation gaming network suffered a series of massive security attacks in April/May that affected more than 100 million online accounts and shuttered the site for days. Sony executives estimate the hacks cost the Japanese electronics firm $170 million.
Lockheed Martin: On May 21, the aerospace giant released a statement saying its internal information systems network had been penetrated by what it called a “significant and tenacious” attack. The company declined to divulge details other than stating that “no customer, program or employee personal data had been compromised.”
Public Broadcasting System: the PBS website was hacked in mid-May and the perpetrators planted an erroneous story stating that deceased rapper Tupac Shakur was alive in New Zealand. The group that claimed credit for the hacking was apparently unhappy about PBS’ recent “Frontline” investigative news program on WikiLeaks.
Google: At least 84 instances of malware have been discovered in the company’s Android Market app store in the last three months. In March Google removed 50 applications from the store that contained malicious code embedded in legitimate applications. Over the Memorial Day weekend Google was forced to pull an additional 34 smart phone applications off Android Market because of suspected malware infections. Google’s security woes don’t stop there. In early June, Google disclosed that Chinese hackers targeted the email accounts of top U.S. officials and hundreds of other prominent people in a fresh computer attack certain to intensify growing concern about the security of the Internet. The victims, including government and military personnel, Asian officials, Chinese activists and journalists, were tricked into sharing their Gmail passwords with “bad actors” based in China, according to a Google blog post. The attack’s goal was to read and forward the victims’ email.
Apple (yes, Apple!): The Mac OX X 10.x OS has been under attack for the last month from the malicious Mac Defender/Mac Guard malware. A few days ago, Apple engineers released a fix and 24 hours later the hackers struck again with a new virus variant called Mindinstall.pkg which is specifically designed to bypass Apple security.