'The Year of Shaken Trust': Looking at high-profile hacking in 2014

Article content

Perhaps more than any other, 2014 has been a year dominated by hacking news.

“The year 2014 will be remembered as ‘The Year of Shaken Trust,’” says Vincent Weafer, senior vice-president, at McAfee Labs, which is part of Intel Security.

“This unprecedented series of events shook industry confidence in long-standing Internet trust models, consumer confidence in organizations’ abilities to protect their data, and organizations’ confidence in their ability to detect and deflect targeted attacks in a timely manner.”

Here are some of the more notable cyber-security issues that grabbed the spotlight in 2014.

1. ebay gets hacked

In February, eBay reveals that hackers managed to steal the personal records of 233 million users of the popular online auction service. Records included, usernames, passwords, phone numbers and home addresses.

2. Heartbleed and the Canada Revenue Agency

In April, researchers disclose the HeartBleed vulnerability, which is a massive mistake in the software code that drives secure communication, Secure Socket Layer encryption, online. In July, Canada Revenue Agency reports its systems have been breached due to the HeartBleed vulnerability and tax information from an undisclosed number of Canadians has been stolen. Stephen Arthuro Solis-Reyes, a young man from London, Ont., has been charged in connection to the CRA attack.

3. NRC hit by sophisticated hackers

Also in July, highly sophisticated state-sponsored hackers from China are alleged to have targeted and attacked the National Research Council, making off with classified information from government computers.

4. Jennifer Lawrence and other celebrities targeted

In August, hackers gained access to Apple Inc.’s iCloud service, stealing thousands of personal photos of celebrities in various stages of undress, including photos of Hunger Games star Jennifer Lawrence, who referred to it in one media report as a “sex crime.”

5. About 70 million Home Depot customers victimized

In September, Home Depot announced its systems were compromised by hackers and personal banking information from more than 70 million customers throughout the U.S. and Canada was exposed.

6. You thought HeartBleed was bad? Meet Bash Bug

Also in September, researchers discover the Bash Bug (also called ShellShock), which is worse than HeartBleed. The bug allows an attacker to make a specific request through aprompt online that opens access to the operating system, giving the hacker access to any Unix-based system and leaving a gateway so the hacker can return at a later date.

7. Personal data stolen from J.P. Morgan customers — 76 million of them

In October, J.P. Morgan Chase & Co. revealed that hackers had stolen the personal information of more than 76 million customers and seven million small businesses.

8. Wirelurker preys on Apple iOS devices

In November, researchers at Palo Alto Networks found malware that attacks Apple Inc.’s iOS devices called Wirelurker. The program, which spreads to the device through an infected PC, is designed to collect call logs, contact information and other sensitive data from the devices.

9. Remember the dancing banana?

It was also in November that a hacker named Aerith tricked a network technician into redirecting visitors to the City of Ottawa’s home page to another address depicting a dancing banana. He then attacked the Ottawa police website as well as other websites with unsophisticated, yet problematic, denial of service attacks.

10. The Interview

In December, Sony Pictures was the victim of a massive hack on its systems by a group claiming to oppose the release of the motion picture The Interview, a film that depicts two journalists in their attempt to assassinate North Korean leader Kim Jong-un. Hackers made off with personal information and emails, corporate secrets (including upcoming screen plays) and reams of other communications and sensitive data.

vpilieci@ottawacitizen.com

Twitter/Vpilieci