Stuxnet: Industrial systems under attack
Security experts have been warning for years that industrial systems could be hit hard by a cyberattack. This year it finally happened, with the discovery of the first worm written specifically to disrupt large-scale industrial systems. Stuxnet first looked like it was created to steal industrial secrets. But in September researchers said the worm was probably built to sabotage Iran's nuclear program. One expert, noting that Stuxnet looks for specific Siemens settings on Programmable Logic Controller (PLC) devices, said it was probably targeting the Bushehr nuclear reactor. At the end of November, Iranian President Mahmoud Ahmadinejad acknowledged that Stuxnet had created problems for some of the country's nuclear centrifuges. The success of Stuxnet helps insure that the first worm that targeted industrial systems is not the last.
International teamwork breaks up Zeus botnet crime ring
Over the course of several days starting at the end of September, authorities in the U.K., the U.S. and the Ukraine arrested more than 100 people involved in a criminal ring that exploited the Zeus botnet. The Zeus Trojan horse program uses keystroke logging to steal online banking information. The crime ring utilized the Trojan to rake in more than US$200 million, police say. Those arrested in the Ukraine were supposedly the technical brains behind the gang. Those in the U.S. and U.K. were charged with creating bank accounts with fake passports and false names as well as receiving money transfers from victims' accounts. The Zeus arrests show that international cooperation will be needed to fight international gangs of online scammers. Later in October a take-down operation conducted by Dutch police, security experts and Armenian authorities resulted in arrests to break up a gang running the Bredolab botnet, a massive generator of spam.
Google Street View feeds privacy debate
In May, Google acknowledged that it had inadvertently recorded Web traffic data from unsecured Wi-Fi networks. The data had been transmitted by Google's Street View cars as they prowled cities and towns, taking pictures used by services such as Google Maps. The Street View cars were supposed to record SSIDs, or Wi-Fi network names, as well unique MAC addresses but also ended up logging email and Web sites users were visiting. The admission sparked outrage in the U.S , Europe and Asia. Private lawsuits were filed in jurisdictions in California, Washington, D.C., Oregon, Illinois, Massachusetts and Pennsylvania. Investigations were also launched by government authorities in the U.S., France, Germany, the U.K., Italy and France. The brouhaha caused Google to delay the launch of Street View services in some cities. With the privacy and online data security practices of other online giants, such as Facebook, also coming under public scrutiny, regulatory authorities are bound to keep a watchful eye on their next steps.
Sign up for Computerworld eNewsletters.