As far as high profile hacking goes, 2011 picked up right where 2010 left off.Last year came to an end following Operation Payback, which targeted companies refusing to accept payments to WikiLeak’s like Visa and Amazon. Those attacks were carried out by Anonymous, a loosely connected group of Internet “hacktivists”.
This year companies, international agencies, and governments are now experiencing a flood of what is called Advanced Persistent Threats. APTs refer to a group of well-funded, highly capable hackers pursuing a specific agenda, often organised by a nation state. China alone has six “technical reconnaissance bureaus” where workers wage cyber-war on government selected targets.
There have also been new vigilante attacks. Sony somehow pissed off the hacking group LulzSec, which downloaded information for millions of users, while posting to Sony’s system: “LulzSec was here you sexy bastards! Stupid Sony, so very stupid.”
On March 4, 2011 Epsilon, the largest email marketing service company in the world, announced it was hacked by a group targeting the company's email lists.
Epsilon hosts over 2,500 customer email lists from Capital One to Wal-Mart and said about 50 of its clients were affected.
Those emails are expected to be used by 'spear phishing' hackers hoping to gather sensitive consumer data.
The computer security vendor RSA announced on March 17, 2011 that its network had been hacked by an Advanced Persistent Threat (APT).
An APT is an attack carried out by a highly skilled, well-funded group with a specific agenda.
RSA makes SecurID keys that are necessary to access many encrypted systems used by the U.S. government, intelligence agencies, defence contractors, and Fortune 100 companies
The SecurId keys turned out to be the reason for the attack which was pulled off using a malicious Excel spreadsheet sent as an email attachment.
On April 26, 2011 Sony Playstation announced its network and Qriocity had both been compromised by hackers between April 17 and April 19 allowing access to 70 million user accounts.
The trespassers got it all: users names, addresses, birth dates, email addresses, passwords, logins, handles, profile data, purchase/billing history, and password security answers. The company also admitted credit card information 'may' have been compromised.
The group LulzSec claimed responsibility and left this tweet: LOL @Sony, nice Japanese website dumbasses: http://pastebin.com/NyEFLbyX
Sony has been getting hacked so frequently, the website has Sony been hacked this week is now up and counting the days since the corporation was last attacked.
Hackers recorded the users credit or debit card information, created duplicate cards with the same information, and made ATM withdrawals in Nevada and California.
The thieves were able to get away with millions and officials are still not saying how they did it. Either they modified PIN pads, added 'skimmers' that electronically grab data as the card is swiped, or swapped out the entire PIN unit with a compromised pad.
On May 28, 2011 Lockheed Martin announced it was hit by hackers using the jacked SecurId codes they stole from the RSA break-in.
The attackers were still trying to figure out which token they needed to use to generate a one-time pass code to when they were detected.
The defence contractor said no data was compromised.
On June 2, 2011 Google announced that the gmail accounts of select members of the U.S. Government had been compromised by Chinese hackers.
China denied responsibility for the attack which originated in Jinan, where one of six technical reconnaissance bureaus belonging to the PLA are located.
Spear phising was also used in this attack where the attackers hoped to find sensitive emails on Department of defence employees personal computers where encryption is much less stringent.
Once a users account was compromised hackers would send emails to people in the contact list looking to fool others and gain access to their systems.
On June 9, 2011 Citi announced 200,000 accounts were compromised by a cyber-attack that was discovered in early May.
The hackers accessed account holders' names, email addresses, and account numbers, but bank officials maintained social security numbers, credit card codes, and expiration dates were not breached.
Regardless, Citi ordered new credit cards for 100,000 customers absorbing the $2 million it cost them to do it.
Citi said it stumbled upon the illegal access at Citi Account Online through routine monitoring and that one per cent of its 21 million North American customers were affected.
On June 11, 2011 the International Monetary Fund publicly announced it had been the target of an extremely sophisticated cyber attack.
The attack had been ongoing for the previous several months and while the degree of the compromise was not specified, unnamed IMF sources said the material would be 'political dynamite in many countries.'
Hackers used a 'spear phishing' technique the IMF now believes could have originated with an unknown nation to take over a PC and transfer the documents.
Spear phishing is the targeted emailing of infected links from people it seems the recipient can trust -- like people listed in their address book. The recipient would ideally click on the link and unknowingly infect their own computer.
Business Insider Emails & Alerts
Site highlights each day to your inbox.