For the nostalgic streak in us, here is a rundown of the most memorable international cybersecurity fails over the past decade …
Back in the days before climate change stretched frigid winter months directly into the insta-sweat of summer, there was a saying about March: in like a lamb, out like a lion. The same might be said about the last decade in cybersecurity fails.
What kicked off with a handful of stories about niche hacks ballooned into daily splashy headlines about massive data breaches, dangerous outbreaks, and increasingly sophisticated attack campaigns. The game has truly changed, generating a multi-billion-dollar industrial complex, and inspiring millions to stock up on tinfoil hats while saving trendy rumpus room designs to their Pinterest boards.
To comment on the sweeping changes brought on by the last 10 years of hacks, breaches, privacy debates, and evolutions in malware, Malwarebytes has taken a look at the most noteworthy, mind-blowing, and sometimes chuckle-inducing cybersecurity fails that defined the decade.
2011: Game over, PlayStation
It all started with the gamers. Gaming is nearly as genre-defining as porn when it comes to testing, adopting, and embracing early tech evolutions. The two go hand-in-hand, so to speak.
In 2011 the world got its first glimpse at the power of a good hack to not only steal data, but also bring operations to a grinding halt. The 77 million members of the Sony PlayStation Network, including minors under the age of 18, had their personal data exposed to hackers. But worse for the gamers, they were locked out of their accounts for 23 days, unable to play online, purchase, or otherwise indulge in their favorite pastime.
For the sheer number of users alone, this hack is noteworthy, but more, it was a foreshadowing of the ways in which cybersecurity fails could do more than just steal information—they could disrupt lives.
2012: Mat Honan’s digital life torched
PlayStation was significant for sheer cultural impact, if not actual affected numbers, given the size of recent breaches. We usually groan when looking at yearly lists of cybersecurity fails because we know 90% of it is going to be the same generic breach that we have all seen a hundred times over. Yes, it is bad that six million customer records were swiped from a web-facing database. No, it does not make for interesting reading.
Instead, we’re much more interested in specific examples of personal ruination. One such example is from 2012, when technology writer Mat Honan found his entire digital world torn in half. We would argue that this is one of the most spectacular digital demolition jobs ever seen. The crooks had no interest in him, his data, or his devices. They just wanted that sweet, sweet three-character Twitter handle. If everything important to him was torched along the way? Too bad, so sad.
This guy pretty much lost everything of real, singular importance to him in the attack. All those photos of his kid as a baby? Bam, gone. Google account taken over and deleted. iPhone and iPad data erased. Anything still on his MacBook drive was locked away behind features designed to make his life more secure, like the four-digit PIN. The worst feeling in the world is not just the compromise; it is knowing that those helpful systems are a gigantic pain in the backside once someone who is not you is in the driving seat.
Some basic actions—enabling 2FA on Gmail and making backups—would have essentially made this a non-event. Did Honan miraculously manage to get his photographs back? Sure. It was a lucky escape, and we generally do not get that lucky. This was one of those landmark, hot knife-through-butter cybersecurity fails.
2013: Snowed under
Edward Snowden jolted the world out of its collective ostrich pose and demonstrated how very much the book 1984 got it right.
Depending on which side of democracy you stand on, Snowden, a former CIA contractor-turned-whistleblower, is either a hero or a war criminal for his 2013 revelations about the extent and reach of NSA-sponsored surveillance systems set up in the aftermath of 9/11. Global telecommunications systems, Internet watch lists, international cooperation, the works. In the list of cybersecurity fails, this may be the Holy Grail.
Regardless of political stance, Snowden’s reveal was a real eye-opener for the public, and it sparked a massive worldwide debate that rages on to this day. They call it “the Snowden effect.”
Just ask anyone what is more important to them: national security or personal privacy? Do they have “nothing to hide” or is their right to stay off the grid of upmost importance? If you can easily answer this question and guarantee everyone in the room with you agrees, then you must be reading this from far in the future, when this list will look positively quaint in comparison to yours.
2013: Cryptolocker ransomware changes the game
Snowden is a double-edged sword. We wonder if the significance of his findings made that much of an impact outside the USA, considering lots of folks just shrugged and carried on regardless.
If you want actual global impact on a scale you can feel, ransomware is where it’s at. Cryptolocker ransomware, specifically.
Ransomware was all fun and games until Cryptolocker came onto the scene and dashed users’ hopes by being the first widespread malware to encrypt files and hold them hostage until ransom was paid. Ransomware prior to Cryptolocker mostly relied on cheap tricks instead of encryption, but its arrival in 2013 cemented this method’s popularity forever, spawning clones and higher encryption stakes by the bucketload.
2013 again: Target hack
The next breach is the quintessential lesson in “it only takes one time,” the Occam’s razor of cybersecurity fails. It also happened to be the splashiest, loudest security news of the decade (so far). Why? Because everyone loves Target. Everyone.
In 2013, Target screwed up big time. Its HVAC vendor had been hit with malware via lowly phishing email, but the technician remained dubiously unaware of that infection, which went ahead and stole Target’s network credentials. Hey, kids! What happens when you give third parties access to your VPN without thoroughly vetting them or their equipment for threats? You get hacked.
Also, note to businesses of all sizes: Free scanners do not proactively block threats. (Yes, we know, the HVAC people were using the free version of Malwarebytes.) They detect and clean malware only when you run a scan. Had the vendor been using our real-time anti-malware technology (or any other antivirus platform with always-on protection), this attack would have been erased from history.
2014: Sorry, celebs! The Sony Pictures hack
Step forward for the second time today, Sony! The long version of the Sony Pictures hack can be read here. The short version? A hacker group called Guardians of Peace pilfered massive amounts of data from Sony servers, and in the years that have followed, it is now tricky to remember where conspiracy theories and documented facts cross paths. A shady North Korean conspiracy, FBI and NSA involvement, multiple unreleased movies dumped online, thinly-veiled references to terrorist acts unless The Interview was pulled from theatres, and more all happened in the space of a month.
This cybersecurity fail is the equivalent of a Fast and Furious movie where the small-time family of car heisters somehow ends up stealing nuclear footballs and taking down Russian submarines in their spare time. Also, hurling insults at someone who starred in a film called Hackers seems like a great way to invoke the Gods of dramatic irony.
2015: Not sorry, cheaters
This was a year where one of the decade’s worst cybersecurity fails was actually a good thing: The Ashley Madison hack.
Bringing to public conscious the term “hacktivism,” these do-gooders breached the database of the website dedicated to helping married people find true love by cheating on their partners. Some 32 million adulterers’ credentials and credit card information were dumped online, after which they themselves were likely dumped by their angry spouses. There is not much else we can say here except “you guys are assholes and deserved this one.” The end.