2 of 15Image
Media Outlets: The New York Times, The Wall Street Journal
In January this year, The New York Times, having been the victim of persistent attacks, experienced a breach which lasted four months.
A sophisticated Chinese hacking team slipped past security systems in order to deploy 45 custom malware pieces and access the computers of 53 employees -- before moving on to a domain controller, breaching the system, and gaining the hashed password of every member of staff on The New York Times payroll. Eventually, once the breach was discovered, the hackers were dispelled.
The newspaper said that it may have to do with an investigation carried out in October 2012 concerning a story which said the Chinese Prime Minister had accumulated funds through business dealings. The government official said this accusation was "groundless." However, the publication also pointed the finger at security firm Symantec for failing to protect it against the security breach. In response, the security firm said:
"Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security.
Anti-virus software alone is not enough."
The Wall Street Journal then came forward, stating that the U.S. publication too had been a victim of attacks designed to monitor reports concerning China, and cyberattacks spanned several years. The WSJ said that "journal sources on occasion have become hard to reach after information identifying them was included in emails," and suggested that information gained by the attackers has worked its way to Chinese authorities, who then took action to silence whistleblowers.
The U.S. Federal Reserve
In February this year, the Federal Reserve acknowledged that hacktivist collective Anonymous had broken in to a number of government websites as part of "Operation Last Resort" -- and managed to both steal and post the sensitive credentials of 4,600 banking executives.
The compromised and exposed database belongs to The St. Louis Federal Emergency Communications System, the communication system used by seventeen states in a time of crisis, allowing financial institutions and government officials to talk through two-way channels.
The hacktivists posted both the login details and private information -- such as IP addresses and contact information -- in to a public dump, all the while demanding U.S. computer crime law reform. Just to further twist the knife, Anonymous used the government website itself to post the spreadsheet containing the stolen data.
In February this year, the world's largest social network suffered a sophisticated attack caused by a zero day vulnerability.
Facebook said there was "no evidence" that user data was compromised by the cyberattack, which was caused when a number of the social network's employees visited a mobile developer website infected with malicious code. Malware was then installed on these employee's laptops, and the Java-based zero day exploit was able to bypass security systems that keep applets away from system files. As a result, hackers may have been able to access the internal Facebook corporate network.
Law enforcement was notified and the hack investigation is ongoing.
However, this wasn't the end for Facebook's year of being a cyberattack target. Facebook said in a blog post on June 21 that as part of its White Hat scheme -- which rewards notices of system vulnerabilities -- a bug that may have allowed some of a person's contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them. Approximately 6 million Facebook users had email addresses or telephone numbers shared without their consent before the bug was fixed.