Other
Hacks, Phreaks, Worms, Tigers
and Bears--Oh My
The top eight events that changed the history of internet security (and two that didn’t)
By Dave Gradijan
a two-and-a-half-year hacking spree, during which time he broke into and stole files from corporations including Motorola and Sun Microsystems. He was arrested after breaking into the system of a computer scientist who helped the FBI track Mitnick down.
Why significant: Put a hacker into the spotlight. A slew of media coverage (but don’t blame CSO, we weren’t born yet) made Mitnick the most notorious and well-known hacker in U.S. history. His attacks also brought into the public eye the concept of social engineering--using manipulation and deception instead of technical approaches to gain access to an organization.
2004: Witty Worm
This computer worm attacked the firewall and other security products from Internet Security Systems. The worm spread rapidly after the announcement of the vulnerability, infecting 12,000 machines in 45 minutes, according to Bruce Schneier, CTO of BT Counterpane. It also infected smaller and harder-to-infect hosts than previous worms.
Why significant: The first major piece of malware that took advantage of vulnerabilities in a specific set of security products--ISS’s BlackICE and RealSecure. “It was one of the first worms to utilize a pre-loaded hit-list of target systems,” says Mudge. “It was also interesting as it targeted security software on systems, and there were rumors that it was released by an employee of a rival company.”
2005: Titan Rain
The U.S. government’s code name for a series of hacking incidents via Chinese websites which started in 2003. Targets included computer networks at the Department of Defense and other U.S agencies.
Why significant: The first widely-suspected incident of nation-based espionage. But the details of Titan Rain are controversial. While some believe the Chinese government was involved in cyber espionage, others think that the attacks were the work of hackers using Chinese websites to cover their tracks.
2005: ChoicePoint Debacle
ChoicePoint, one of the largest data aggregators and resellers in the country, announced that thieves establishing fake businesses were able to gain access to 145,000 consumer records. The company failed to thoroughly vet the identities of individuals and businesses who purchased information, willingly handing over personal records and Social Security numbers to people who should not have been authorized to have them.
Why significant: A major security breach that underscored risky business processes, not hacking, and led to increased regulation of consumer data. At the time, California was the only state with a data breach notification law. SB 1386, which gained widespread attention after the ChoicePoint incident, “gave rise to almost all the
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
