今年的奖项为“最大的安全天翻地覆”只能去国家安全局。6月以来,国家安全局的官员退缩作为前国家安全局承办斯诺登开始分发机密泄露给媒体如何NSA进行大规模监控在世界各地采用先进技术。
The NSA wasn’t using enough security technology internally to even begin to stop Snowden from roaming through its super-secret networks to fish out what’s now believed to be many thousands of sensitive documents related not only to NSA’s massive data collection practices across the Internet but also traditional spy vs. spy operations, much of which has not yet gone public.
Credit: REUTERS/Tobias Schwarz
在逃亡前美国情报机构承办斯诺登信的签名在柏林,2013年11月1,在新闻发布会上被描绘。
The Snowden revelations so far have产生对情报机构的强烈反对from privacy advocates everywhere as well as the U.S. high-tech industry, which has to cooperate with the NSA under U.S. law. And foreign leaders of countries considered friends to the U.S are enraged their private calls and data were intercepted for years. There’s no reason to think that there won’t be more on this score.
已经有大量的“安全混战”今年来绕去的。媒体也分别对接收端的纽约时报,华尔街Sreet杂志,CNN,华盛顿邮报and others all reported that networks used by their employees had been hacked by attackers from China, likely for cyber-espionage, or the Syrian Electronic Army, out of political anger. Also, the stability and security of a key part of the financial system, the electronic stock exchanges, was sometimes shaky.
+ MORE ON网有个足球雷竞技app络世界2013年最大的安全混战......至今+
There are so many SNAFUs, in fact, we listed details about the ones occurring the first half of 2013 in我们的故事六月。From there, we now pick up the trail of data breaches, cyber-espionage, cyber-extortion and infrastructure collapse. And sometimes it was simply just plain cyber-stupidity.
七月
The U.S. Department of Commerce’s Economic Development Administration (EDA) destroyed about $170,000 worth of IT equipment including computers, printers, keyboards and computer mice last year on the mistaken belief that the systems were irreparably compromised by malware. According to the Commerce Department’s Inspector General that looked into what happened, the bureau was poised to destroy an additional $3 million worth of IT equipment but was prevented from doing so by a lack of funding for the effort. EDA, whose computer network had been infected by viruses, thought it was under an intense cyber-attack, and employees there spent months without e-mail of access to Internet servers and databases as they sought to build a new network. The Inspector General, however, said the disruption was simply due to a common malware infection on six computers that could have been erased with anti-malware tools and other steps.
The Michigan Department of Community Health notified more than 49,000 individuals that a server was hacked, exposing their names, birth dates, Social Security numbers, cancer-screening test results and testing data.
纽约州的医疗补助监察长办公室宣布,雇员有送17,743记录医疗补助的到个人电子邮件帐户,一个动作由监事全部授权。
特拉华大学表示,其调查网络攻击判定上74,000多起个人的机密信息被利用网站漏洞的攻击窃取。数据泄漏预计耗资大学数百万美元。
圣玛丽银行,在新罕布什尔州信用社透露,恶意软件发现员工的计算机上可能已经扩散到二十几的其他计算机那里。该恶意软件被设计用来捕捉信息。信用合作社通知客户115775的个人信息可能已经暴露。
The U.S. Internal Revenue Service mistakenly posted tens of thousands of names, addresses and Social Security numbers — perhaps as many as 100,000 — on a government website, a discovery made by a group calledPublic.Resource.org。
游戏厂商育碧透露的帐户数据库被攻破,揭示用户的个人信息。
美国军方受阻于阿富汗,中东和南亚访问卫报的网站为军队,因为守护者充满了有关从斯诺登国家安全局披露新的故事。通过解释它为什么做这样一来,美国的陆军中校史蒂夫沃尔曼告诉卫报“,美国中央司令部是美国国防部组织例行地采取预防措施来保护机密信息泄漏的可能性上非保密计算机网络,即使信息的来源本身就是机密之一。其中一个目的为防止这种溢出的是保护中央司令部人员不经意间地放大披露,但分类信息。分类信息是从特定的非保密网络禁止的,即使信息已经公布在可供广大市民,如在线新闻机构未分类的媒体“。
康典公司同意支付卫生和人类服务$ 170万美国能源部解决潜在的违反与涉及对三年前发生的超过612,000投保人个人信息的数据泄露HIPAA数据安全规则。
规范,它保持在线Ubuntu论坛的Ubuntu操作系统,承认其中约182万名的登录名和电子邮件地址被盗数据泄露。
来源:路透社/罗伯特·加尔布雷思
芳草中心举办在旧金山苹果事件,2013加利福尼亚州10月22日。
苹果宣布入侵者闯入其开发者网站下载并在开发者中心注册用户的个人信息,提示该网站关闭了一个星期,而苹果生产安全性的变化。独立安全研究员,易卜拉欣巴利奇,对违反安全事件中,他似乎获得了进入10万苹果开发者中心账户,但说:“这绝对不是一个黑客攻击宣称对此事负责;我报告所有的错误。我不是黑客,我做安全研究“。
美国执法官服务,一个联邦政府机构,至少有2000名失去跟踪加密的双向无线电和价值数百万美元的其他通信设备,根据该调查报告华尔街日报。
French web hosting firm OVH disclosed that a hacker compromised the company’s European customer database and gained access to an installation server in Canada. OVH said the attacker gained access to a system administrator’s e-mail account, and from there used that account to gain access to another employee’s VPN credentials, and kept moving through the internal network.
一个ugust
微软Outlook.com的为期三天的停运后道歉,说这些问题从失败的Exchange ActiveSync的缓存服务朵朵。微软有其他烦恼这个月,也有退出的Exchange Server安全补丁,因为它是越野车,承认这一点未能充分测试的补丁。
Facebook创始人马克·扎克伯格有他的Facebook页面黑客入侵谁在试图报告安全漏洞给Facebook沮丧和生气的使用漏洞破解扎克伯格的Facebook墙上,而不是愤怒的安全研究员。
密苏里州总检察长克里斯·科斯特提醒消费者,在这种状态要保持警觉,因为欺诈被确定在密苏里州信用社是电脑的问题暴露在网上的个人信息。信用合作社本身通知有关数据泄露39000名成员和前成员。
Ferris State University in Michigan disclosed that names and addresses for about 39,000 individuals — mainly current, former and prospective students and employees alike — were inadvertently accessible “after an authorized person evaded network security.”
未加密的笔记本电脑是从共和国服务员工家中其中有在凤凰城的废物管理公司约82160现任和前任员工的个人信息被盗。
Healthcare provider Cogent Healthcare disclosed in August that information related to about 32,000 patients seen by its doctor groups had been compromised after a security lapse by vendor M2ComSy related to its firewall allowed this patient data to be exposed to the Internet and even indexed by Google.
飞机制造商诺斯罗普·格鲁曼公司透露去年11月间发生于今年五月到包含个人信息的数据库的未经授权的访问。此外,该公司的退休人员医疗计划报告4305名参保涉及运营商CVS Caremark纸质记录数据破坏受到了影响。
弗吉尼亚理工学院和州立大学y had a server in the human resources department illegally accessed, which held information on 114,963 individuals who had applied for jobs there. Associate vice president for university relations, Larry Hinckler, said, “The issue is someone on our staff goofed.”
The U.S. Department of Energy told its employees that hackers had gained personal information, including Social Security numbers on about 14,000 current and former employees. The DoE earlier in the year said computer systems were hacked to steal information on contractors.
八月下旬,中国是由什么描述为根据中国互联网络信息中心,国家机构管理国家.cn域名砸“在其历史上最大的网络攻击,”。在大规模分布式拒绝服务攻击,被说成是如此显着她们放慢了脚步,为国家的互联网用户访问与.cn域名一些有针对性的互联网网站的响应时间明显。
九月
德州电视台KXAN调查和报告如何,总部位于得克萨斯州的住房建筑商D.R.霍顿倾销了大量的相关贷款文件,支票复印件,采购订单和网站计划纳入学校校园大垃圾箱。该电视台的报道,D.R后霍顿说,它只是想帮它获取支付每生产一吨纸它收集了学校的重新循环程序。该公司最终又回到检索过时D.R.霍顿文件。
洛杉矶学校系统提供苹果的iPad,以学生威彻斯特和罗斯福高中,但决定带他们回来后,那里的学生设法地实施了封锁互联网的免费浏览裙子安全措施。学生们解释说,他们只是想赶快社交网络和音乐流网站。
来源:路透社/吉姆·厄克特
有些比特币的发烧友迈克·考德威尔的硬币在这张照片插图在他的桑迪,犹他,2013年9月17日的办公室。
比特币,今年的价值飙升基于加密的电子货币,看到越来越多的盗贼管理作出了与被盗比特币,该数字一般只存在密码保护的。一种流行的比特币论坛,Bitcointalk.org是由网络攻击中,攻击者自称打“洞探索者”留下了一个视频,然后消息,“这位朋友你好,比特币已经被联邦调查局被非法扣押。谢谢再见。”发生黑客刚过联邦调查局查获$ 3.6亿美元的数字货币,作为其关闭和所谓的丝绸之路,大多是非法物品的在线市场运营商被逮捕的一部分。
美国官员说,伊朗黑客入侵机密海军计算机作为一个不断升级的网络间谍行动的一部分,根据华尔街日报article based on unnamed sources.
一些NSA员工通过配偶,女友和在过去十年的男友至少12倍的电子间谍活动侵犯了他们的监控权限,根据NSA自己的监察长。
一名19岁的男子,贾里德詹姆斯·亚伯拉罕蒂梅丘拉,加利福尼亚州,被指控在美国妙龄小姐,卡西迪狼,以及其他妇女的家庭网络摄像头黑客从他们身上榨取的裸体照片和视频。根据美国联邦调查局的宣誓书,亚伯拉罕用恶意代码远程操作至少七名妇女的摄像头,因为他们换了衣服。有些他亲自知道等他发现通过黑客Facebook页面。亚伯拉罕,大一的学生主修计算机科学,据称威胁要张贴在黑客社交媒体的照片账户,除非他们把他的裸体照片或登录到Skype视频和跟随他的命令五分钟。一些未成年少女遵守。该亚伯拉罕情况如下最近类似的情况,包括卡伦“加里” Kazaryan谁在七月认罪侵入数百个社交媒体和电子邮件帐户,即可女人裸体构成对他的。
一个seven-month investigationby security reporter Brian Krebs revealed that an organization calling itself SSNDOB compromised networks associated with Dun & Bradstreet, LexisNexis and Kroll Background America which all aggregate personally-identifiable information on people for purposes that include credit reporting.
在其有关关闭公告,Nirvanix的,现在已经不存在云存储公司,给客户两个星期的时间得到他们的数据从云中。