Christmas has just gone and here it is my personal way to wish you a Happy New Year: the second part of my personal chart (first part here) of Main 2011 Cyber Attacks covering the time window from August to November 2011 (December is not yet finished, and featuring remarkable events, so expect an update very soon). This memorable year is nearly over and is time, if you feel nostalgic, to scroll down the second part of the list to review the main Cyber Events that contributed, in my opinion, to change the landscape and the rules of the (information security) game. Many events in this period among whom, IMHO, the most noticeable is the one carried on against Diginotar. Since then our trust in conventional authentication models is not (and will not be) the same anymore.
Of course this is my personal selection. Suggestions are well accepted and if you need more details about the cyber events in 2011, feel free to consult my 2011 Cyber Attacks Master Index. As usual after the page break you find all the references…
Oops, they did it again! After the first attack to Law Enforcement Institutions, the AnonLulzSec (that is the Antisec campaign led by Anonymous and LulzSec), inside what they defined the ShootingSheriffsSaturday, leaked again 10 Gb of Data from the same Law Enforcement Agencies, releasing over 10gb of private police emails, training files, snitch info and personal info. The attack was made in retaliation for anonymous arrests (and for the declarations stating that no critical data had been compromised during the previous hack).
- Over 300 mail accounts from 56 law enforcement domains;
- Missouri Sheriff account dump (mosheriffs.com);
- 7000+ usernames, passwords, home addresses, phones and SSNs;
- Online Police Training Academy files PDFs, videos, HTML files;
- “Report a Crime” snitch list compilation (60+ entries);
- Plesk plaintext server passwords (ftp/ssh, email, cpanel, protected dirs);
I found particularly interesting this quote from their statement:
A recent DHS bulletin has called us “script kiddies” that lack “any capability to inflict damage to critical infrastructure” yet we continue to get in and out of any system we please, destroying and dropping dox on the mightiest of government systems that are supposed to be protecting their sick nightmare of “law and order”. GIVE UP. You are losing the cyberwar, and the attacks against the governments, militaries, and corporations of the world will continue to escalate.
The DHS bulletin was released several days ago to provide some information to sysadmin in order to correctly face the Anonymous and LulzSec attacks, but what really looks interesting is the mention to Cyberwar. Hard Times for Department of Security, really busy to face attacks in the fifth domain from external (read other countries) and internal enemies (read Antisec).