In three days, 2009 will officially come to a close. The year saw its share of security incidents, from the dramatic rise of the Conficker worm to the hacking of military drones to massive data breaches. Then there was the security industry itself, which saw a number of acquisitions around security software as a service as vendors such as McAfee and Cisco sought to build out their capabilities.
With the year almost done, we take a look back at some of the major stories that shifted the security landscape in 2009. In no particular order, here are the top security stories of 2009:
1. Conficker Countdown: The April 1 doomsday many predicted may not have materialized, but it certainly made good fodder for discussion among mainstream media and tech press outlets alike. Speculation surrounding just what the worm’s update would be set off a flurry of stories and blogs. In the end, the day passed relatively quietly-and even now as the year closes mystery still surrounds Conficker’s origins and purpose. But the mystery has not slowed the number of infections, and according to statistics from the Shadowserver Foundation, China and other Asian countries are now home to the largest number of Conficker-infected PCs.
2. Cyber Security Coordinator: U.S. President Barack Obama finally made good this month on his promise to appoint a cyber coordinator to help develop a cyber-security strategy for the United States. The appointment of Howard Schmidt follows not only the release of a sweeping review of the nation’s cyber-infrastructure but also reports of a number of high-profile security incidents ranging from hackers hitting the country’s electric grid to attacks on government networks.
3. Gonzalez and His Gang Taken Down: Hacker Albert Gonzalez and his crew were tied to some of the biggest breaches in recent memory, including Heartland Payment Systems, Hannaford Bros. and TJX. “The case was a rare win: an actual arrest and conviction in a cybercrime/hacking case,” opined Paul Roberts, an analyst with The 451 Group. “The lesson: Moderately sophisticated criminals, with a bit of determination, can breach even the most sensitive of corporate and financial networks by ‘hitting the ball where they ain’t,’ so to speak.”
4. Social Networking Security and You: There was an increasing awareness of privacy and security issues affecting popular sites such as Facebook, which touched off controversy in recent weeks with changes to its privacy controls. Though intended to improve user security, the changes resulted in a backlash that caused several consumer and privacy advocacy groups to file a complaint with the Federal Trade Commission. Meanwhile, officials in the U.S. military went back and forth trying to decide just how much social networking they were going to allow.
Apple iPhone Worm Hits Jailbroken Phones
5. Apple iPhone Security Woes: Owners of jailbroken iPhones couldn’t catch a break this year. It started with a Dutch teenager exploiting the fact that many jailbroken iPhones are running OpenSSH with a default root password. In the ensuing weeks, a worm and an attack tool popped up that also took advantage of the situation. To address this, users were advised to change their passwords-and to think carefully before jailbreaking their phone.
6. Hacktivists Stay Busy: There were a number of notable examples of hacktivism in 2009. From the recent attack on Twitter that redirected users to a site by the “Iranian Cyber Army” to a denial-of-service attack in August targeting a pro-Georgian blogger to a series of DDoS attacks against the United States and South Korea, hacktivists took the blame for a growing share of incidents this year.
7. Electric Grid Security Lights Out: Reports that foreign spies had allegedly penetrated the U.S. electric grid spawned a new level of public discourse on the security of the country’s critical infrastructure. This conversation over securing the infrastructure got even more tense later in the year when it was alleged on “60 Minutes” that hackers had caused a blackout in Brazil.
8. F-35 Fighter Plans Hijacked by Hackers: When the Wall Street Journal broke the story that hackers took advantage of network vulnerabilities to get their hands on data tied to the Pentagon’s $300 billion Joint Strike Fighter project, it provided another example of cyber-threats facing the United States. Though the Pentagon did not officially answer many questions-such as the extent of the damage to the program and who was responsible-sources familiar with the situation reportedly told the Journal the fighter program had been repeatedly broken into.