Top 10 security stories of the year

What wormed its way onto the security scene in 2007?

What wormed its way onto the security scene in 2007?

If you had to sum up 2007's security scene in a couple of words, those words would probably be 'data breach'.

This year has seen a shift from viruses, botnets and spam swamping the security headlines, to the loss of personal information by private and public organisations - leading to calls for better data protection and privacy laws.

Other topics to hit the security headlines in 2007 included wi-fi piggybacking, encryption technology and calls for a standalone police unit to tackle the ever more sophisticated world of cyber crime.

Here's the year's top 10 security stories:

1. Missing: 25 million child benefit records Oops, they did it again. After losing an unencrypted CD containing the personal pension details of 15,000 people, HM Revenue & Customs (HMRC) went on to lose the details of 25 million child benefit recipients after two password-protected CDs were sent unrecorded and unregistered by a junior HMRC official through the post to the National Audit Office on 18 October - but the CDs never arrived and have still not been found.

The breach was the largest ever seen in the UK and the HMRC has subsequently offered a £20,000 reward to anyone who finds the missing disks.

The private sector also suffered from high-profile security breaches, most notably the TJX Companies which admitted to 45.7 million accounts being compromised over nearly a two-year period - making it the world's largest security breach.

2. Q&A: Bruce Schneier, CTO of BT Counterpane Security expert Bruce Schneier is well-known for his candid views on the security industry and when silicon.com caught up with him both at the beginning and end of the year, he was as outspoken as ever.

Schneier questioned the very existence of the security industry in his first interview and when silicon.com caught up with him again at the RSA Conference Europe 2007, Schneier went on to give his opinions on the security of biometrics, how Counterpane has fared since it was acquired by BT and tips on how CIOs can fight cyber criminals.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

3. Top 10 weird data disasters Ant infestations, oil and failed parachute jumps were some of the bizarre fates which befell a range of innocent data storage devices this year, according to Kroll Ontrack's list of the most unusual data recovery jobs it has faced in the last year.

Ontrack also challenged silicon.com to 'do our worst' to two drives and send them off to be resurrected in the company's labs. Find out if the data could be raised from the dead by clicking here.

4. Police: There's no piggybacking crackdown Despite wi-fi piggybacking hitting the headlines this year, the police said the arrest of a man for piggybacking on someone else's wi-fi-enabled broadband connection was not part of a wider crackdown.

And wi-fi piggybacking is one crime the public don't seem overly outraged about, with research suggesting more than half of computer users have used someone else's wi-fi without permission and a number of silicon.com readers claiming it shouldn't be a crime in the first place.

5. ID cards will be secure, insists Home Office The UK ID cards scheme has had a rocky ride this year, with the Home Office defending the scheme after security expert Frank Abagnale - a one-time confidence trickster made famous by the Steven Spielberg film, Catch Me If You Can - said the scheme should be scrapped if the government cannot ensure it is secure.

The government faced fresh criticism in light of the HMRC data blunder, with some silicon.com readers claiming the ID card scheme should be scrapped entirely and Whitehall's own data protection minister calling for a review of the national ID database.

The ID cards scheme is predicted to cost more than £5.6bn to set up and run over the next 10 years, according to the latest Home Office figures.

6. Full Disclosure - silicon.com launches data breaches campaign silicon.com's Full Disclosure campaign launched this year calling for a rethink of the UK law to force organisations to report breaches of their data security which could put their customers' sensitive personal details at risk.

The campaign gained support from the likes of the police, the House of Lords and security experts - including individuals such as Bruce Schneier, to the CEOs of organisations such as content and document protection company Workshare and data encryption company PGP and the National Consumer Council.

And following on from the campaign's online petition - hosted on the 10 Downing Street website - the government responded to the silicon.com Full Disclosure campaign claiming that organisations will get guidance from data protection watchdog the Information Commissioner on notifying their customers of a security breach.

7. Nasa hacker granted Law Lords appeal Gary McKinnon, the Briton who admitted hacking into Nasa's computer systems, was given leave to appeal again against his extradition to the US, after the Court of Appeal turned him down once already at the beginning of the year.

In the latest from the case, McKinnon was granted leave in October to appeal to the Law Lords on the grounds of the nature of plea agreement discussions with representatives of the US authorities.

8. Businesses call for police cyber crime unit UK businesses are calling for a standalone national police unit to deal with the growing cyber crime threat posed by hackers and international gangs of criminals - after the National Hi-Tech Crime Unit was essentially disbanded in 2006 and rolled into the Serious Organised Crime Agency.

And the corporate world is not a lone voice - the police want more information on e-crime attacks and a recent Downing Street e-petition is calling for a dedicated cyber crime unit.

9. Cyber criminals turn pro Cyber crime is moving out of the geeks' bedrooms and becoming an increasingly professional business with malware toolkits sold on the internet and confidential details being traded in an underground economy, according to security company Symantec.

And 2007 has seen security threats evolving as these hackers find new targets for malware - with businesses being urged to improve their internal communications to combat threats.

At the end of this year the UK's security service MI5 also wrote to the CEOs of hundreds of UK businesses warning them of espionage attacks against their computer systems by spies in China.

10. Warning over 'Storm Worm' email This year was not without some old security chestnuts as 2007 kicked off with some malware dubbed the "Storm Worm" - which baited people with timely information about the bad weather which was hitting Europe at the time.

But the malware was more than just a storm in a teacup (pardon the pun) with security company Symantec claiming the Storm Worm had evolved again towards the end of the year, with the malware authors shedding key functionalities in the malicious code to streamline the worm and make it more stable.