4 of 20Image
Java zero-day exploit led to spate of Silicon Valley hacking
While the NSA was not able (that we know of... yet) to gain "direct access" to Silicon Valley servers — with the exception of Google and Yahoo, hackers successfully infiltrated the internal networks of Apple, Facebook, Microsoft, and Twitter.
The story broke at the start of the year in a tale of two parts. Hackers had rigged a popular iPhone development site with malware. When developers at the named companies accessed the site from a work machine, an unpatched Java zero-day exploit allowed attackers into their internal networks.
While no company data was taken, with Microsoft et al admitting that only a few machines were affected, it came at a time where many companies were on their guard from a recent spate of China and Syria-based hackers.
Even the U.S. Dept. of Homeland Security warned users to disable or uninstall Java as a result of the flaw, which ultimately went on to affect hundreds of millions of Windows, Mac, and Linux machines — including mobile devices, embedded systems, Web applications, and servers.
Image: ZDNet/Internet Archive
Controversial cyber-security data sharing law passes the U.S. House
The Cyber Intelligence Sharing and Protection Act, commonly referred to as CISPA, was a controversial security bill that eventually passed the U.S. Senate, despite being scrapped more than a year earlier.
Many considered the bill to be a major threat to Fourth Amendment rights, which protect against unreasonable searches and seizures. It would have allowed private sector firms to search personal and sensitive user data of ordinary U.S. residents to identify "threat information," which can then be shared with other opt-in firms and the U.S. government without the need for a court-ordered warrant.
It was hoped that the data could be used in real time to stop cyberattacks in their tracks, or even trace back to the source of the attack.
Despite the uproar and the concern by many, the fact that senators still passed the bill — even if it failed in the House — represented a disaster for citizen representation, as hundreds of thousands protested the bill.
Anonymous rages on: Hacks prevail, leaks continue
If you thought hacktivist group Anonymous had been relatively quiet this year, think again.
In January, the hacking group attacked the U.S. Sentencing Commission in an operation dubbed "Operation Last Resort." This led to the distribution of government files in apparent retaliation of hacktivist Aaron Swartz, who committed suicide after facing a lengthy jail sentence many considered disproportionally large.
The federal authorities were left "stumbling" after the attack, which resulted in a number of government websites being down for days.
Later in the year, the loose-knit collective went on to attack networks that led to the publication of more than 4,000 separate bits of login information, credentials, IP addresses, and contact information of American bank executives.
It was a public relations nightmare for the U.S. government, which had already faced heavy criticism for its handling of the Swartz case. It was a show of force that led the government and others to realize the hacking collective may have been quiet during the year, but they haven't gone away — while at the same time pushing for changes to the law that would ultimately legally avenge the death of Swartz in a namesake law.