{"id":2809,"date":"2015-01-01T02:20:09","date_gmt":"2015-01-01T02:20:09","guid":{"rendered":"http:\/\/www.lifeandnews.com\/articles\/?p=2809"},"modified":"2016-08-14T21:29:38","modified_gmt":"2016-08-14T21:29:38","slug":"highlights-and-lowlights-of-2014-a-golden-year-for-cybercrime","status":"publish","type":"post","link":"https:\/\/www.lifeandnews.com\/articles\/highlights-and-lowlights-of-2014-a-golden-year-for-cybercrime\/","title":{"rendered":"Highlights and lowlights of 2014, a golden year for cybercrime"},"content":{"rendered":"

By Andrew Smith<\/a>, The Open University<\/a><\/em><\/p>\n

Looking back, 2014 was not a good year for keeping things safe under digital lock and key. If a score was being kept, it might seem that the cybercriminals are in the lead, despite the valiant efforts \u2013 and own goals \u2013 from the cybersecurity profession worldwide.<\/p>\n

Cast your mind back to March<\/strong>, everyone was panicking about the HeartBleed<\/a> bug. Based on an error in code upon which the majority of the world\u2019s secure servers relied, experts had plenty of time to fix the issue. Sadly there was an array of conflicting information about changing passwords, leading to widespread confusion. While most IT administrators made sure this was managed in a professional manner, it created a stir that seemed to set the tone for the year.<\/p>\n

In May<\/strong>, online auction giant Ebay<\/a> admitted to having been compromised. The site said its systems, with personal details of tens of millions of users, may have had been vulnerable for months. Everyone was advised, indeed forced, to change their password.<\/p>\n

In the same month, iPhones were hijacked and their owners blackmailed by the cunning Oleg Pliss<\/a> ransomware, locking phones and threatening to delete data unless cash was paid.<\/p>\n

In this case, the criminals managed to acquire a database of usernames and passwords, maybe via HeartBleed, and cracked the passwords. As it\u2019s well-known that many users reuse the same passwords for many accounts, the Oleg Pliss attackers searched for iCloud email accounts and simply stepped through their list of passwords until they were successful. Then they remotely locked the phones and demanded a ransom. What was clever about this attack is that it targeted the weak link \u2013 lax security among humans \u2013 rather than the tough target, the security of the iPhone itself.<\/p>\n

Already 3-0 to the cybercriminals by half-time, it wasn\u2019t looking too good for Team Cybersecurity. In June<\/strong> there was finally a score for law enforcement: Gameover Zeus<\/a>, a prolific botnet, was brought down through a combined operation from the FBI, UK National Crime Agency and other international agencies. It gave security experts time to hose down their systems, upgrade security measures and re-group, knowing that it would be weeks before this botnet could rally.<\/p>\n

The most popular mobile phone and tablet operating system, Android did not have a good year. With the most mobile malware<\/a>, Android is seen as a system that needs to clean up its act, with vulnerabilities exploited through text messages<\/a>, and potentially revealing intimate details<\/a> left behind on second-hand devices that had been supposedly wiped.<\/p>\n

In July<\/strong>, the focus was back on Apple\u2019s iOS phone operating system, in which a back door<\/a> was discovered, proving a major embarrassment for the company. It\u2019s interesting that the subsequent release of iOS, version eight, brought full encryption to the phone, suggesting that Apple has tried to fill this hole \u2013 much to the annoyance<\/a> of some national security agencies.<\/p>\n

September<\/strong> arrived with a bang, as dozens of celebrities found naked pictures of themselves<\/a> posted online. The issues earlier in the year that proved the potential to gain access to iCloud accounts had been realised, with the images stripped not from the phones themselves but from the iCloud accounts linked to them. Apple\u2019s response was to generate a notification following any access to an iCloud account \u2013 but that may be too little too late if an intruder has already copied your more intimate snaps.<\/p>\n

Later the same month, the discovery of the Shellshock<\/a> bug makes it 7-1. This was a another issue arising from decades old code in the Bash shell<\/a> software, since incorporated into millions of computers and embedded devices worldwide. It\u2019s ironic that, after years in which Microsoft Windows was regularly compromised, 2014 was the year in which the heat was turned on open source systems like Linux.<\/p>\n

As November<\/strong> came around we witnessed a spectacular own goal, when a particularly complex and aggressive malware, Regin<\/a>, was alleged to be the product of Western intelligence agency experts. Of course, nobody has come forward to take the credit \u2013 but it\u2019s clear that there are very capable cybersecurity or cybercriminal experts out there who have the time and resources to create bespoke attacks for their own ends.<\/p>\n

December<\/strong> brings the season for joy for many \u2013 but not for Sony Pictures<\/a>, which suffered an attack that leaked unreleased films online, posted embarrassing internal emails for all to see, and brought the company\u2019s internal systems to their knees. Perhaps most embarrassing is that this seems to be becoming a habit<\/a> for Sony Corporation.<\/p>\n

Come Christmas Day<\/strong>, the servers supporting the XBox and PlayStation online gaming platforms were hacked<\/a>.<\/p>\n

All in all, such a 10-1 thrashing points to an eventful year, and unfortunately leaves no doubt that the criminals have the edge, leaving the security experts nursing their own goals and playing catch up.<\/p>\n

\"The<\/p>\n

This article was originally published on The Conversation<\/a>.
\nRead the original article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

By Andrew Smith, The Open University Looking back, 2014 was not a good year for keeping things safe under digital lock and key. If a score was being kept, it might seem that the cybercriminals are in the lead, despite the valiant efforts \u2013 and own goals \u2013 from the cybersecurity profession worldwide. Cast your […]<\/p>\n","protected":false},"author":39,"featured_media":6162,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[38],"tags":[],"_links":{"self":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/2809"}],"collection":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/users\/39"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/comments?post=2809"}],"version-history":[{"count":2,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/2809\/revisions"}],"predecessor-version":[{"id":6163,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/2809\/revisions\/6163"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media\/6162"}],"wp:attachment":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media?parent=2809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/categories?post=2809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/tags?post=2809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}