Update December 26: 2011 is nearly gone and hence, here it is One Year Of Lulz (Part II)
This month I am a little late for the December Cyber Attacks Timeline. In the meantime, I decided to collect on a single table the main Cyber Attacks for this unforgettable year.
In this post I cover the first half (more or less), ranging from January to July 2011. This period has seen the infamous RSA Breach, the huge Sony and Epsilon breaches, the rise and fall of the LulzSec Group and the beginning of the hot summer of Anonymous agsainst the Law Enforcement Agencies and Cyber Contractors. Korea was also affected by a huge breach. The total cost of all the breaches occurred inthis period (computed with Ponemon Institute’s estimates according to which the cost of a single record is around 214$) is more than 25 billion USD.
As usual after the page break you find all the references.
This awful infosec July is over, and finally we can sum up the Cyber Attacks reported during this month. I collected all the available information and inserted it inside the following chart. Where possible (that is enough information available) I tried to estimate the cost of the attacks using the indications from the Ponemon’s insitute according to which the average cost of a Data Breach is US $214 for each compromised record. The total sum (for the known attacks) is around $7.6 billion, mainly due to the “National Data Breach” of the South Korean Social Network Cyworld.
Approximately 16 attacks were directly or indirectly related to Antisec or Anonymous, they promised an hot summer and unfortunately are keeping their word…
Useful resources for compiling the (very long) chart were taken from:
- 2011 Cyber Attacks (and Cyber Costs) Timeline (Updated) (paulsparrows.wordpress.com)
- 2011 CyberAttacks Timeline (paulsparrows.wordpress.com)
- 50 Days of Hunt (paulsparrows.wordpress.com)
- LulzSec hacking: a timeline (telegraph.co.uk)
- Anonymous Denies Paternity For the CNAIPIC Hack (paulsparrows.wordpress.com)
Update July 14: Database Re-leaked
A couple of hours ago Anonymous re-leaked the info of 2,500 Monsanto employees enriched with further data. The reasons are explained in the following statement:
We previously leaked 2551 emails and names of MonsantoCo employees and associates for the whole internets to see.
Immediately following this, attacks were made attempting to access/change the password on the OpMonsanto Twitter account as well many failed login attempts on 2 corresponding email accounts.
The paypal account used to finance the operation was reported and all assets frozen. Somebody, most certainly, is mad at us
We didn’t appreciate that very much, so we updated the leaked database to include
the previously redacted city/state/country and phone numbers.
Operations remain unaffected, this is just the beginning.
In response to some attempts to hack the #OpMonsanto Twitter account, Anonymous decided to disclose further information about the leaked records (Cities and Phone Numbers). The last phrase of the statement sounds particularly threatening: This is just the beginning… And it is further confirmed by a gloomy tweet. A warning for Exxon (#OpExxon) as well, the next alleged target?
Few hours after the attack to consulting firm (and military contractor) Booz Allen Hamilton, Anonymous has performed another resounding operation. As part of their #OpMonsanto, the Anonymous have leaked info of 2500 employees belonging to Monsanto, including their home address.
The reasons behind the attacks have been explained with a subsequent tweet:
are an aftermath of the WikiLeaks affair and concern the alleged strategy used by Monsanto to push GMO. Few days ago Anonymous warned Monsanto to expect something “more serious than a DDOS” after the company filed lawsuits against organic farmers for labeling their product as not containing growth hormones. At the end something more serious than a DDOS happened…
- Another One Bytes The Dump (paulsparrows.wordpress.com)