Malware, Hacks and Leaks: The Top 10 Security Stories of 2010

by Brian Prince

In January, Google announced it fell victim to a cyber-attack that also impacted dozens of other companies. Immediately, the finger-pointing began, with China playing the role of chief suspect. Although the Chinese government officially denied involvement, the speculation remains.

The controversy over WikiLeaks publishing diplomatic cables has dominated the news in recent weeks, but that was not the only time the site had been the focus of attention in 2010. There was also the release of a video of a 2007 U.S. air strike in Baghdad that killed 12 people, as well as thousands of documents related to the U.S. war in Afghanistan. The releases raised concerns about insider threats, particularly following the arrest of U.S. Army Private First Class Bradley Manning.

Stuxnet was written about arguably more than any other piece of malware since Conficker. Stuxnet caused waves because it was designed to target industrial control systems, and many experts feel it was meant to disrupt operations at nuclear facilities, including those in Iraq.

A hacker going by the name “Iraqi Resistance” made national news with a mass-mailer worm that disrupted e-mail systems at a number of high-profile companies and institutions, including Wells Fargo and NASA. The hacker said he was not a terrorist and launched the attack in response to plans by a Florida pastor to burn the Quran on the anniversary of the Sept. 11, 2001, terrorist attacks.

An onslaught of calls for Facebook to address its privacy practices produced a number of changes in the past 12 months. From redesigning the security controls to adding features such as remote logout and one-time passwords, Facebook executives spent much of the year crafting—and then recrafting—their approach to security.

The sheer size of the deal—$7.68 billion—was enough to turn heads. According to both companies, the acquisition will enable them to combine software and hardware security to better protect users and their devices. The deal is expected to close in mid-2011.

Google has become virtually synonymous with Internet search, but gathering information and protecting people’s privacy are two different things. During the year, the company found itself in the middle of privacy flaps involving both Google Buzz and Google StreetView, drawing the ire at various times of consumers and governments alike.

Goatse Security touched off controversy in June when it reported obtaining 114,000 e-mail addresses belonging to Apple iPad 3G owners by exploiting a vulnerability on AT&T’s Website. The situation triggered an FBI investigation, as well as discussions about responsible disclosure.

With an eye on VeriSign’s identity and authentication business, Symantec spent some $1.28 billion to acquire the company. According to Symantec, the acquisition??íwill help businesses build identity security into a comprehensive framework.

Even putting aside the hype and hyperbole, cloud computing was one of the overarching IT stories of the year. Cloud security—from what vendors had planned to best practices for enterprises crafting their own clouds—was top-of-mind for many organizations this year.