looking back in 2014As the year draws to a close there has certainly been a spike in criminal cyber activity. In a sense, events this year are no different than previous years except the scale of activity is increasing and the damage more widespread. There’s also the irrevocable sense that the cyber and physical worlds are now so finely entangled that actions in one inevitably echo loud and clear in the other.

2014 was certainly a momentous year in terms of cyber incidents, hacks and law enforcement swoops. We’ve had pictures of naked celebrities hacked from Apple’s iCloud and posted on sites like 4chan, and a major hack on a US bank widely believed to be message from Russia to stop meddling in the Ukraine. And there was also unprecedented cooperation between 17 law enforcement agencies to close down 400 sites on the dark web peddling everything from guns, drugs and counterfeit currencies to pornography, credit card numbers and killers for hire. But in this case, and given the nature of the dark web, it might be a case of whack-a-mole where one site goes down and another one pops up.

The infamous  Silk Road 2.0 was taken down in the sweep, but  Agora, a rival deep net drug-dealing website is chipping along healthily, evading the swoop.

January

The year got off to an almost predictable start when prosecutors in Germany in the ancient medieval town of Verden revealed that 16 million account details had been hacked including email addresses and passwords. This was followed in April by news from the same prosecutors that   18 million further accounts had been hacked. The accounts were compromised by hackers in the middle of January and there was a suggestion that the same group of hackers is responsible for both thefts and that they may be based in one of the Baltic countries. Some of the accounts were used to send spam emails and others for online shopping portals.

February

It seems like a major email provider is hit by a big hack every few months or so and this time it was   Yahoo!, and not for the first time. The company admitted to a massive email password hack – it won’t say how many accounts have been compromised but the company is believed to have 273 million worldwide. If you hold a Yahoo! account and haven’t changed your password you receive an insistent message telling you to do so. Just following this announcement a series of ‘industry’ reports revealed some startling figures; every 12 seconds someone in the world becomes a victim of cybercrime; in 2013 an estimated £1 billion was stolen from UK residents by cyber bandits.

March

Occasionally a software vulnerability hits the mainstream news because it’s a big story. The first one of the year surfaced in March involved a vulnerability in open-source software used to encrypt web communications which has been discovered. Dubbed  Heartbleed, it was widely thought to affect the majority of servers that drive internet traffic. Understandably it sent seismic shock waves through the technology industry and particularly among Internet Service Providers. It was a glaring hole that had been in existence for a long time and the effect was akin to finding a hole in    Fort Knox big enough to drive a truck through.  Attacks have taken place using Heartbleed but not on the scale first anticipated.

April

Everyone’s favourite online market place and the granddaddy of auction sites, eBay admits it   user database has been attacked by hackers. The database contains encrypted passwords and email addresses, physical addresses, phone numbers and dates of birth. It urges all 148 million users to change their passwords.

May

In late 2104, US retailer Target was hacked; over 40 million customer card details were stolen. The shock waves reverberated for months with some banks diving into the dark web and buying up the stolen details on hackers’ sites to avoid reputational damage. The company didn’t come clean about the hack for some time and in May over six months after the wholesale plundering, Gregg Steinhafel, the CEO of Target, fell on his sword  holding himself personally accountable. It was a rare move for a CEO and signified the scale of damage that had been done.

June

In a rare move, the UK’s National Crime Agency  launches a media blitz warning of Gameover Zeus and Cryptolocker. The move illustrates how big the malware problem can be with all major news media outlets covering the story. Gameover was believed to be responsible for the loss of hundreds of millions of pounds globally, while Cryptolocker freezes computers and demands a ransom. This was a particularly nasty piece of software with unbreakable encryption. But that said, a fix has now been created for it, but not after it caused a lot of damage.

July

An enormous but almost benign hack hit JP Morgan Chase  in the US. It affected the accounts of 76 million households and about seven million small businesses, making it one of the largest of its kind. Curiously, the hackers weren’t after profit and were content to sit back and watch jaws drop at the audacity and scale of the hack. It wasn’t long before the finger was pointed at the Russian government. The hack was traced to Ukraine and was believed to be a message to the US; if it didn’t back off from political meddling in the Ukraine, there would be consequences.

August

The internal records of up to  25,000 employees of America’s Department of Homeland Security are exposed during a computer hack at a contractor that handles security clearances. The contractor USIS said the intrusion had “all the markings of a state-sponsored attack,” without adding any further detail. Could it be the Russians again?

September

Images of naked celebrities leak on the internet following a  password hack of Apple’s iCloud. Those affected reads like a who’s who of stars in the female celebrity firmament including Jennifer Lawrence, Jenny McCarthy and Rihanna. However, some of the images were fabricated while some were also genuine.  While clearly a violation of privacy and a salutary lesson in the importance of online security, it was also greeted with wry irony in some quarters as celebs that live by the camera also squirm with embarrassment by the camera.

October

Another headline hitting bug hits the headlines. This one is about a bug called Bash and   Shellshock. It’s a family of security bugs in the widely used Unix Bash shell. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. It is also widely used in critical national infrastructure causing both the UK and US governments to issue red flag alerts.

November

US and European law enforcement join hands to shut down 400 deep net web sites  trading in everything from drugs to guns. The ‘bust’ included Silk Road 2.0. The joint operation between 16 European countries and the US saw 17 arrests. The sites operated on the Tor network which as well as providing anonymous access to legitimate sites, also lets people hide their visits to thousands of illegal marketplaces, trading in drugs, child abuse images as well as sites for extremist groups. It was the taking down of the original Silk Road last year that signalled a ramping up in the fight against cybercrime and this much bigger operation saw the battle taken to a new level. It also signalled that the authorities seem to have developed new techniques to track down the origins of these networks and those behind them. But that said with 400 sites closed and just 17 arrests there seems to be a lot of work left to do.

Stay safe, stay secure

Written by Steve Bell (106 Posts)

Steve has a background in IT and business journalism and in the past has written extensively for both the UK national and trade press including The Guardian, Independent-on-Sunday, The Times, The Register, MicroScope and Computer Weekly. He's also worked for most of the world's largest IT companies in a copy and content producing capacity. He has a particular focus on IT security and has been involved in writing about the industry at various levels ranging from magazine launches to producing newsletters. He also runs a small copy writing business called Art of Words. When not bashing away at a keyboard he can sometimes be found in a boxing gym making futile efforts to keep fit or marveling at the works of Sufi poets such as Jalaluddin Rumi and Hafiz of Shiraz.


Leave a Reply


*