It has been a busy year for both hackers and security administrators as lot of new hacks and flaws came into lime light in 2010. There have been as big attacks as stealing gmail id's to small attacks like defacing 19th commonwealth website. Many countries have been the source to such attacks but China was the leader . They carried out massive war drive hacking attacks on various American government agencies and companies as well as Indian government bodies as well.
Here we have compiled the top attacks of 2010 . This list is not only based on the number of users affected but also the level of difficulty and technique used in the performing the attack.
Operation Aurora is a cyber attack which began in mid-2009 and continued through December 2009.The attack was first publicly disclosed by Google on January 12, 2010, in a blog post.In the blog post, Google said the attack originated in China.
The attack has been aimed at dozens of other organizations, of which Adobe Systems,Juniper Networks and Rackspace have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman and Dow Chemical were also among the targets.
As a result of the attack, Google stated in its blog that it plans to operate a completely uncensored version of its search engine in China "within the law, if at all", and acknowledged that if this is not possible it may leave China and close its Chinese offices. Official Chinese media responded stating that the incident is part of a U.S. government conspiracy.
The attack was named "Operation Aurora" by Dmitri Alperovitch, Vice President of Threat Research at cyber security company McAfee. Research by McAfee Labs discovered that “Aurora” was part of the file path on the attacker’s machine that was included in two of the malware binaries McAfee said were associated with the attack. "We believe the name was the internal name the attacker(s) gave to this operation," McAfee Chief Technology Officer George Kurtz said in a blog post.
According to McAfee, the primary goal of the attack was to gain access to and potentially modify source code repositories at these high tech, security and defense contractor companies. “[The SCMs] were wide open,” says Alperovitch. “No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways — much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting."
AT&T website hack
Black hat hackers have exploited a security flaw on AT&T's web servers which enabled them to obtain email addresses from the SIM card addresses of iPad 3G users. (Updated with statement from AT&T)
The breach, profiled in a report by Gawker, described the event as "another embarrassment" for Apple and outlined a variety of high profile individuals whose email addresses were obtained by automated script attacks on AT&T's web server based on their iPad 3G SIM addresses (ICC ID).
The publication claimed that the identifying information meant that thousands of iPad 3G users "could be vulnerable to spam marketing and malicious hacking," while also pointing out that many users have actually already published their iPad ICC ID numbers in Flickr photos. Presumably, many of them also have public email addresses and therefore already receive spam like the rest of us.
The attack on AT&T's web servers resulted in at least 114,000 iPad 3G users' emails being leaked to the hackers, who were coy about wether or not they were planning to enable others to access the data. The security leak, which returned a user's email address when their ICC-ID was entered via a specially formatted HTTP request, has since been patched.
The group automated requests of the email address information for a wide swath of ICC-ID serial numbers using a script. No other information was discovered.
XSS Attack on social network - ORKUT and Twitter
This year has been a tough one for various social network giants ; not in terms of attracting visitors but in terms of securing themselves. This year there was a series of attack, first it was on the microblogging website Twitter and few days later on Google's social network Orkut.
Hacknigalert provided fast solution for preventing against the threat.
Both these sites were made target through cross site scripting(XSS) attack called "BOM SABADO" in which orkut was most sevierly hit by a virus that spreaded from one friendlist to another through the message passing system of orkut called the "scrapbook".
The attack was officially announced the next day by google on its security blog and was soon removed from all the scrapbook and the flaw was fixed.
The information of 3.3 million people has been stolen from a student loan company that guarantees loans nationally.