Chop-chop: hacking moves up a gear
It was a year of ‘exploit kits’, high stakes espionage, activist attacks and teenage kicks
While hacking is often seen as an outlet for criminality, terrorism and protest in equal measures, perhaps 2012 saw teenage angst join the list of reasons to scan for network exploits and vulnerabilities. Just ask the 15-year-old Austrian boy who broke down in front of police this April when asked why he’d hacked into 259 company websites in the space of 90 days earlier this year.
His efforts – which saw him stealing masses of company data from businesses around the globe – were an attempt to impress friends in an online hacking forum. To be fair, the fact that Europol was investigating his activities before he’s even legally allowed to have a drink should reward him with a reasonable amount of respect among his peers.
Proliferation of threats
The ease however with which the teenager (who can’t be named) was able to gather the tools to go on his hacking spree weren’t a surprise to online security experts. “The challenge of 2012 was that so much happened,” says Sophos director of technology strategy James Lyne. “There’s been a continued massive escalation in the volume of malicious code and hacks across the board.”
Lyne is speaking about the proliferation of threats, such as “exploit kits”, which offer budding cybercriminals the ability to create, distribute and track malware. According to EMC Ireland country manager Jason Ward some cybercriminal forums offer “botnets to rent by the hour”, with hackers now buying “services on demand”.
Elsewhere, 2012 has seen headline-making hacks involving the White House’s networks, EU officials being spied upon in Azerbaijan and LinkedIn letting 6.5 million passwords slip out of their hands. In addition, 30 American banking institutions were lucky that RSA researchers halted a plot to steal millions of dollars via fraudulent wire transfers in October.
In that particular case a group of 100 “botmasters” had hoped to use relatively run-of-the-mill Trojan malware techniques – which went under the moniker of “Gozi Prinimalka”, derived from the Russian for “to receive” – to pull off what would have been the largest theft of its kind in history.
Cyber warfare has of course been a recurring theme in security conversations this year, and perhaps 2012’s most publicised hacking incident was the discovery in May of a two-year old piece of malware dubbed Flame by Kaspersky researchers. Targeting systems in Iran (including the nation’s main oil company) there were also instances of the virus in a variety of locations throughout the Middle East and north Africa.