We look back on a year which has seen the world’s view of how the internet works changed forever thanks to Edward Snowden.
The last 12 months have seen the rise of mobile malware, the pernicious CryptoLocker ransomware and the emergence of Stuxnet’s little sister.
We look at 10 stories which encapsulate the turbulent and dramatic year that 2013 was in cyber security:
1. The hunt for Red October
Revealed in January of this year, Red October was a piece of espionage malware gathering highly-classified and sensitive information from diplomats, government employees and scientific research organisations, mostly in eastern Europe.
Red October was compared to Flame in terms of complexity by Kaspersky Labs which first discovered the malware in October 2012. However Red October had at that stage been working undetected for more than five years.
2. CyberBunker – The attack that ‘almost broke the internet’
It was breathlessly reported as “the biggest attack in the history of the internet” which was “like a nuclear bomb going off” and almost “broke the internet.”
The truth was somewhat different.
The attack in March saw Spamhaus, an anti-spaming group, hit with a DDoS attack of 300Gbps in size, which was at the time the largest reported attack of its kind.
The attack was attributed to CyberBunker, a web-hosting service based in Holland and Stophaus, a group whose goal it is to shut down the anti-spam Spamhaus operation.
The claims that the attack almost broke the internet were wildly innacurate and emanated from CloudFlare, a company employed by Spamhaus to provide defences against DDoS attacks. We simply can’t imagine why such a company would make such wild claims.
3. The rise of mobile malware
The personal computer is not dead, it is just getting a whole lot more personal. The smartphone has replaced the traditional PC for many people and as we move to a mobile computing world, so are the cyber-criminals.
In August, Trend Micro reported that we were on course to hit one million instances of mobile malware on Android before the end of the year while the first six months of this 2013 saw a doubling of Android malware.
Android, being the biggest and least secure of the major mobile phone operating systems, is the obvious target for cyber criminals looking to deploy malware.
iOS is yet to see its first incidence of malware, but there is no doubt the criminals are trying.
4. Mandiant Report: The pervasive Chinese threat
In February, security experts Mandiant published a report which revealed a sophisticed Chinese hacker group, embedded deep within the Communist Party of China and linked to its military wing, had been infiltrating a huge number of organisations around the globe stealing masses of sensitive data.
The report, APT1: Exposing One of Chin’s Cyber Espionage Units, details Mandiat’s work in tracking the group for the past seven years and monitoring their attacks on 141 organisations around the globe, with the vast majority based in the US.
The group, which was based in a non-descript 12-storey building in Shanghai, is “one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen” and it has stolen “hundreds of terabytes of data” over the past seven years. Among the companies attacked were the New York Times and Wall Street Journal newspapers.
The Chinese authorities denied all knownledge of the hacking.
Of course, in the light of the Edward Snowden revelations later in the year, APT1’s operation seems a little less insidious.
5. Bitcoin: An opportunity and a threat
While the rapid rise of bitcoin in the last 12 months has been a boon to many, it has also been fruitful pickings for criminals.
Bitcoin by its very nature is ideal for cyber criminals. It is anonymous and once stolen, impossible to track. In 2013 we have seen crooks set up a fake bitcoin exchange in China before disappearing overnight with more than £2.5 million.
Just last month, criminals stole $1m from a Danish bitcoin exchange in a third attack in a week saw the crooks walk away with 1,295 bitcoins.
Of course 2013 also showed that there are other ways of losing your bitcoins, including having them seized by the FBI or throwing them away in a landfill in Wales.
6. Stuxnet’s older sister emerges from the shadows
Stuxnet has long been held up as a marker of what could be achieved by a piece of software. It was the first (and possibly still the only) case of cyber sabotage, where the centrifuges at the Natanz nuclear facility in Iran were forced to spin out of control causing damage.
However in November we learned that Stuxnet, which was created by Israel and the US, was the second wave and that an older, stealthier piece of malware in the Stuxnet family had been in operation since 2007, three years before Stuxnet was deployed.
While it may have done it in a slightly different manner, Stuxnet Mark I as it is called, was also designed to target centrifuges at nuclear enrichment facilities. Mark I could only be spread by being physically installed and it is not clear whether it was successful or not.
7. International Space Station – the final cyber frontier
In November we also learned that orbiting 370km above the earth is not enough to prevent being compromised by malware. Russian security expert Eugene Kaspersky revealed that the International Space Station was infected by a USB stick carried into space by a Russian astronaut.
It is unclear if there was any impact on the operation of the space station, but it goes to show how easy it is to spread malware.
The ISS has now switched over to Linux systems to make it more “reliable and stable.”
8. CryptoLocker – the new ransomware threat
CryptoLocker first emerged in September 2013, but it wasn’t until December that the UK’s National Crime Agency felt the need to issue a warning that tens of millions of people were under threat.
Just a couple of weeks ago, research revealed that up to 250,000 PCs had been infected and that the gang behind the ransomware was earning millions of pounds from the piece of malware.
In short, once installed on your PC, CryptoLocker encrypts all files on your hard drive, USB drives connected to your computer or even files in cloud folders such as Dropbox. It then gives you an ultimatum: Pay up (in bitcoins of course) or your files will be lost forever. And this is no hoax, once the time expires, the criminals behind the malware follow through on their threats.
9. The continued rise of the hacktivist
2012 was certainly the year when we saw groups like Anonymous emerge from the dark corners of the internet and make a major splash, and while hacktivists may not have captured as many headlines in the last 12 months, the movement continues to grow.
Just last month we saw Anonymous move from the internet and into the public gaze once again with its Million Mask March, which took place in dozens of cities around the world, highlighting the global appeal of the movement, and that millions of people still need an outlet like hactivism.
The easy-to-use Distributed Denial of Service (DDoS) attack continues to be the tool of choice for hacktivists.
10. Edward Snowden – He changed everything
Reviled by some, hero worshipped by others, Edward Snowden has changed the way we will view the internet forever.
The former NSA contractor’s theft of a treasure trove of top secret documents relating to the widespread surveillance of phone calls, emails and pretty much all online activity around the world caused huge headaches for the US and UK governments in particular and led to questioning of the practices taking place.
Snowden, currently in hiding in Russia, faces the threat of imprisonment if he ever returns to the US but 2014 is likey to see the impact of his whistle-blowing grow, and details of even more governmental spying being published.