2016 has come and gone and now we can look back at the year that was and say with complete confidence that it truly was a watershed year for cyber security. Each day brought new reports of data breaches and threats of epic proportions — and every time we figured we had heard the last of it, more tales were just around the corner.
And those data breaches affected every possible sector of society – from beleaguered home users pulling out hair due to ransomware attacks, to huge companies reeling from exposed customer credentials, to governments using malware exploits as tools of manipulation and machination — in 2016 every single person, in one way or another, felt the effects of the years’ security incidents.
Let’s have a look at the most noteworthy, highest profile and very worst security events of 2016 (to help you out, we have arranged them in alphabetical order, to placate our inner neat-freak tendencies). Here they are:
Apple vs FBI: Though not a hack per se, the Apple vs the FBI standoff emerged as one of the most major data incidents of 2016. After the San Bernardino terrorist attack in December 2015, the FBI asked for the tech giant’s help in decrypting the terrorist’s iPhone. Apple declined, stating they felt that they would be compromising security on all iPhones by creating the decrypt tool the FBI wanted. The FBI took Apple to court but eventually figured out how to open the device with the help of an outside firm. There were murmurings that there wasn’t anything of any value of the device anyway but more importantly, the hack proved that the iPhone can be hacked with the right toolset and enough perseverance, subsequently putting all iPhone owners at risk.
Bitfinex Bitcoin Exchange Breach: In August, the Hong Kong-based Bitfinex, one of the largest bitcoin exchanges in the world, was hacked to the tune of 71 million dollars, causing all users to lose 36 percent of their deposits. Users were given tokens to be redeemed at a later date in place of their lost money.
Cisco/ShadowBrokers: In September, a group of unknown, but presumably Russian, hackers going under the name of ShadowBrokers, used hacking tools created by and stolen from a (supposed) branch of the NSA known as The Equation Group and used them to breach routers, switches and firewalls made by Cisco. Cisco quickly alerted customers that some of its firewalls had publicly exposed vulnerabilities. The exploit allowed the hackers to breach companies behind those firewalls and the extracted data was put up for sale on The Dark Web for about 1 million BTC.
The Dyn DDoS/Mirai Botnet: In October Dyn, the company responsible for providing domain name systems to some of the world’s largest and most trafficked web sites experienced a massive Distributed Denial of Servce attack (also known as a DDoS attack). The hack took down much of the Internet on the Eastern coast of the US, including Spotify, Twitter, Github, Reddit, Etsy and more. The game-changing hack was conducted by a million-strong botnet army of Mirai-infected, internet-connected DVRs and cameras, clearly demonstrating the dire consequences that can come with the Internet of Things.
Election Fraud Fears: If there was one topic that was more all-consuming than the constant flow of data breaches in 2016, it was the US Presidential Election, buoyed by fears of Russian tampering. So did the Russians hack the election or not? We can speculate but we may never know for sure — The much anticipated Joint Analysis Report (The JAR), a new government-sponsored report says it’s still unclear whether or not hackers backed by the Russian government played a significant role in the election result and provides few answers. For now, all we can do is hypothesize.
Fancy Bear/DNC: Also known as ATP 28, Pawn Storm and Sofacy, these Russian baddies have been around for a while carrying out hacks on the World Anti-Doping Agency, The White House, NATO and France’s TV5 LeMonde, but they really went all out in 2016 with the spear phishing attack perpetrated against the Democratic National Convention. The hacked emails, revealing much about financial contributions and donor’s personal information were put on Wikileaks and prompted the resignation of key members of the DNC staff, further fueling questions about Russia’s involvement in the elections.
Guccifer 2.0: Or maybe it was Guccifer 2.0, the person/persona who came out as a representative of whichever group it was who did hack and release emails from the DNC to the media. According to Guccifer, the Russians had nothing to do with the hack to the DNC, expressing indignation that they would be given all the credit for the attack. Then again, according to many sources in the media, Guccifer is a total liar and has no real connection to the hacks. As with all things election-related, we may never know the entire truth.
IRS Tax Fraud: On the heels of 2015’s massive “Get Transcript” IRS hack, which led to the theft of hundreds of thousands of taxpayer data, the IRS PIN system was hacked in July of this past year. Ironically, the PIN system was created to help victims of the first hack continue to file their returns as usual, bypassing their now-hacked Social Security Numbers. Using the same flawed premise as the “Get Transcript” hack, scammers were able to game the system and access tax payer’s accounts once again.
JPMorgan Chase Criminals Finally Busted: True, the largest theft of bank customer data occurred in 2014, but the last of its perpetrators, Joshua Aron Samuel, was apprehended and arrested in early December 2016. Samuel had been living in Moscow and agreed to return to the US to face 16 charges including securities fraud, wire fraud, computer hacking and ID theft.
Kiev Power Grid and SCADA: Hackers across the world continue to demonstrate their ability to collectively affect large groups of people by taking down utilities, including power grids, like the one attacked in the Ukraine in early December. On a quiet Saturday night in the Pivnichna area of Kiev, the local substation was cut off from the main grid for over an hour. Though analysts are not fully convinced that the outage was the result of a hack, they do assert that hacks to power grids and utilities, known as SCADA networks, are growing in frequency and can cause a whole lot of damage.
LinkedIn Leak: Again, this hack itself goes back to 2012, but only this year were the scope and depth revealed to the public. The details of more than 117 million accounts were put on sale on Dark Web trading forums, going for the low price of about $2200 and may affect more than 167 million accounts on the networking platform. The hacker responsible for posting the dump on the Dark Web goes by the name Peace_of_Mind and was involved in similar Dark Web dumps for Yahoo, MySpace, Russian networking site VK and Tumblr.
Medstar Ransomware Woes: Ransomware took some nasty new turns in 2016, perhaps most notably by targeting healthcare networks. In late March, employees of the Medstar Washington healthcare system were informed via popup message that their network had been infected with a powerful ransomware variant with the hacker demanding a ransom fee of about $20000 to unlock the data. The attack affected everything from surgery to scheduling and helped spur on a hospital-Ransomware trend that plagued at least 14 different hospital networks over the course of the year.
NSA Contractor Breach???: They may say lightning doesn’t strike twice but apparently that doesn’t hold true at the NSA. In October it was revealed that contractor Harold Martin has (possibly) spent over 16 years stealing thousands of classified documents from the NSA. Investigators first took note of Martin’s massive collection of highly sensitive documents as they began to study the incredibly damaging ShadowBroker incident mentioned above. But he may not be the missing link the NSA is looking for, as he claims he brought material home to learn how to do his job more effectively and investigators are seriously considering his claim, as outlandish as it may seem.
Oracle POS (Point of Sale)/Carbanak Gang: You might not be familiar with the Carbanak Gang but these Russian hackers are responsible for the theft of over $1 billion in a string of hacks to ATM and Point of Sale support systems. In July, Oracle’s MICROs Point of Sale software, (used by more than 35% of vendors in the US alone) which allows businesses to accept credit card payments, was breached by the Carbanak Gang, potentially affecting more than 330000 vendors and their customers in 180 countries.
OurMine CEO Hacks: Are they good guys? Are they really bad guys? Or how about a little bit of both? Having a field day in 2016, the hacking group known as OurMine was responsible for the hacking of social media accounts for Mark Zuckerberg, Twitter CEO Jack Dorsey, Buzzfeed, Google’s Sundar Pichai and many other high-profile tech exec types. The OurMine team claims to have the leaders’ best interests in mind, demonstrating how their social media accounts are vulnerable before “the real bad guys” get the chance to touch them. Their website offers security checks and website scans but it’s tough to imagine that anyone would want to trust them after all they have done.
The Panama Papers: You may have missed this one, and it’s not exactly a cyber security issue in the strictest sense of the term, but it was one of the largest data leaks of the year, possibly ever. The Panama Papers are a huge trove of documents procured from the Mossack-Fonseca law firm in Panama, which just happens to be one of the most powerful law firms in the world. The leaked documents outline how the firm’s incredibly high profile clients, with some of the most powerful people and companies in the world among them, offshore and launder billions of dollars each year. Mentioned in the papers are world leaders and their family members, some of whom have now quit their posts due to the fallout, as well as some former country leaders who stole millions from their very own countries. The leaked data is a full 2500 GB larger than the famed Wikileaks data dump of 2010 and more than 2000 GB larger than the next-largest data dump, termed “Offshore Secrets” from 2013.
Rampant Ransomware: As we have mentioned elsewhere, 2016 was the year of ransomware. Everyone and everything was vulnerable to this rotten method of choice. With new variants like Locky, Cerber, and Petya and the perennial players like Cryptowall and its cousin Cryptolocker, ransomware affected 40% of businesses in the US and more than 50% of businesses in the UK in 2016, running up a tab of more than $1 billion.
SWIFT Messaging/Banking Breaches: In early 2016, The Central Bank of Bangladesh was hacked via its SWIFT system. Swift is a messaging platform used by banks across the world to transfer billions to trillions of dollars each day and it was successfully used to target at least 3 banks in 2016. Each of the victims had failed to install the proper current security patches that SWIFT provided each facility with and starting in 2018, they will investigate all their clients to ensure that the proper safety procedures are being implemented.
Tesco Banking Theft: In the largest attack of its kind in the UK,Tesco Bank experienced a breach that pilfered money right out of the the accounts of more than 10000 customers this past November. The bank has pledged to repay all victims but the attack sheds light on the rapidly arising dangers of upcoming FinTech platforms.
Ubuntu Unpacked: For the uninitiated, Ubuntu is an open-source operating system for Linux computers, tablets and mobile devices.
In July, their forum was hacked via an SQL injection vulnerability that gave hackers access to over 2 million IP addresses, usernames and email addresses of forum users.
Verizon Gets its Very Own Attack: In March, Verizon Enterprise Solutions, the telecom giant that also helps companies respond to data breaches, revealed that its own database had been compromised and over one million user’s contact information was put up for sale on The Dark Web. Incidentally, Verizon publishes a yearly Data Breach Investigations Report that’s chock full of stats and figures dealing with the state of cyber security. Will they mention themselves in the 2017 report? Only time will tell.
Wendy’s POS Problem : In July, fast food chain Wendy’s revealed that more than 1000 locations had been compromised by Point of Sale malware that exposed customer credit card information. The chain is offering any potentially affected victims one year of free credit monitoring and they have set up a special site where people can check if they have patronized an affected branch.
Yahoo – The Motherload: As if to put a nice big bow on the entire year, in mid-December, Yahoo admitted that it had found another, truly behemoth breach on its servers which comprised over 1 billion user accounts and exposed names, email addresses, phone numbers, birthdays, passwords and security question answers. This makes it the single largest hack ever, affecting over one third of internet users. The trouble-beset tech giant is/was about to be purchased by Verizon but this may affect things just a wee bit.
Zuckerberg, As in Mark: Yes, we mentioned him above as part of the OurMine-orchestrated hacks, but Zuck deserves special mention for having some of the very worst passwords around in 2016. After the OurMine hack got to his Twitter account, it was revealed that his password was “dadada”. Did he think his celeb status could excuse such a poor choice of passwords? He was clearly mistaken.
Sure, there were other huge and/or significant “security events” in 2016 — Dropbox, Adult Friend Finder, Trump Towers, MySpace, Weebly, Lynda.com, just to name a few. So what does 2017 hold? There’s no way to know just yet, but judging from this past year, things aren’t looking great. But perhaps there is a silver lining amid all the doom and gloom — at the very least, we can take a lesson from the year’s biggest blunders and mistakes that lead straight to some of the most significant breaches by using smarter security habits than the ones we used in 2016 — then maybe something good can come out of it.