Other
Hacks, Phreaks, Worms, Tigers
and Bears--Oh My
The top eight events that changed the history of internet security (and two that didn’t)
By Dave Gradijan
encryption requirements you see today,” says Katz. Today, 38 states have disclosure laws pertaining to the public, and one state has implemented a government specific law. It also prompted the Federal Trade Commission to impose its largest fine to date--ChoicePoint was required to pay $15 million to settle charges that it violated privacy rights and failed to protect customer information.
2007 Storm Worm
This Trojan horse includes an executable file as an attachment. When the e-mail recipient opens the attachment, he or she unknowingly becomes part of a botnet, (aka a collection of infected computers, which are controlled by a “bot herder” to spread viruses and spam.
Why significant: Not only one of the largest Trojan horses in the last several years, but an ongoing saga that shows no signs of letting up any time soon as variants continue to periodically flood the Internet. It also may be difficult to isolate because it has the ability to infect a computer without showing signs of infection for a long time. “Storm is really much more than just being subtle--it’s an amazing illustration of the new generation of adaptive malware,” says Christofer Hoff, chief architect of security innovation at Unisys.
---
The Ones That Weren’t
2006: Veterans Affairs Theft
The records of 26.5 million veterans and active duty National Guard and Reserve troops were stolen from an agency employee who took his laptop home. Unencrypted data that included Social Security numbers and dates of birth of the veterans and their spouses were compromised.
Why not-so-significant: The then-largest data security breach in U.S. history and one that highlighted the need for greater scrutiny on information security practices in the government. However, the event didn’t actually force the V.A. to improve its security. “The V.A. took the tactic of offering people identity monitoring services after the fact, rather than to focus on their internal issues that led to this in the first place,” Mudge says. So what came of the uproar surrounding the loss of information and the government’s slowness to alert those who were affected? Not much. “[The department] is not much better off, and the laws and regulations have not changed much from before this event,” Mudge says.
2007: TJX Hack
The retail giant (whose chains include TJ Maxx, Home Goods and Marshalls) initially disclosed that 46 million accounts had been compromised through hacking that involved the company’s wireless networks. Hackers were able to penetrate the network and access data being transferred b
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
