Online forums and blogs are among the most popular targets of hackers. A group calling itself Gnosis claimed responsibility for the attack, saying it had been launched because of Gawker's "outright arrogance" toward the hacker community. "They're rarely secured to the same level as large, commercial websites," says the KNOS Project's Kevin McAleavey, who adds that the main problem was that Gawker stored passwords in a format that was very easy for hackers to understand. "Some users used the same passwords for email and Twitter, and it was only a matter of hours before hackers had hijacked their accounts and begun using them to send spam," says McAleavey.
Impact: Stolen intellectual property
In an act of industrial espionage, the Chinese government launched a massive and unprecedented attack on Google, Yahoo, and dozens of other Silicon Valley companies. The Chinese hackers exploited a weakness in an old version of Internet Explorer to gain access to Google's internal network. It was first announced that China was trying to gather information on Chinese human rights activists. It's not known exactly what data was stolen from the American companies, but Google admitted that some of its intellectual property had been stolen and that it would soon cease operations in China. For users, the urgent message is that those who haven't recently updated their web browser should do so immediately.
Date: Throughout 2010
Impact: Undisclosed information stolen
Security experts are unanimous in saying that the most troubling thing about the VeriSign breach, or breaches, in which hackers gained access to privileged systems and information, is the way the company handled it -- poorly. VeriSign never announced the attacks. The incidents did not become public until 2011, through a new SEC-mandated filing. "How many times were they breached?" asks eIQnetworks' John Linkous. "What attack vectors were used? The short answer is: we don't know. And the response to that is simply: we should." "Nearly everyone will be hacked eventually," says Jon Callas, CTO for Entrust, in a post earlier this month on Help Net Security. "The measure of a company is how they respond." VeriSign said no critical systems such as the DNS servers or the certificate servers were compromised, but did say that, "access was gained to information on a small portion of our computers and servers." It has yet to report what the information stolen was and what impact it could have on the company or its customers. Linkous says the company's "failure to disclose until legally required to do so is going to haunt VeriSign for some time."
Date: June 2005
Sign up for Computerworld eNewsletters.