Privacy Roundup #0060 • July 2011
July 2011 was dominated by the AntiSec hacking spree against defence contractors and police, alongside the phone-hacking scandal that closed the News of the World.
1. Milly Dowler's voicemail was hacked by the News of the World
The Guardian revealed that the News of the World had intercepted the voicemail of murdered schoolgirl Milly Dowler in 2002. The disclosure triggered a national scandal over how far the tabloid press had intruded into private grief.
2. Fox News Twitter account was hijacked with fake Obama death tweets
A group calling itself the ScriptKiddies seized a Fox News Twitter feed on Independence Day and posted false claims that President Obama had been shot dead. The fake reports spread before Twitter suspended the compromised account.
3. Anonymous breached an Apple support server
Anonymous used a SQL injection flaw against an Apple technical support server and published a small list of usernames and passwords. The passwords were encrypted and no billing data was exposed, but the breach embarrassed the company.
4. AntiSec hackers ransacked FBI contractor IRC Federal
Members of the AntiSec campaign used a SQL injection flaw to dump databases and email archives from IRC Federal, a contractor serving the FBI, NASA and the Department of Defense. The stolen cache included contracts, internal documents and login credentials.
5. The News of the World published its final edition
After 168 years and an advertiser boycott over the hacking scandal, News International closed the News of the World on 10 July. The last issue carried the headline "Thank You and Goodbye" and cost around two hundred jobs.
6. Anonymous leaked 90,000 military emails from Booz Allen Hamilton
In an action it called "Military Meltdown Monday", Anonymous breached defence contractor Booz Allen Hamilton and posted around 90,000 military email addresses and password hashes. The group said it had found a server with almost no security measures in place.
7. Anonymous exposed personal details of 2,500 Monsanto staff
Under the banner of #OpMonsanto, Anonymous released names, addresses, emails and phone numbers of more than 2,500 Monsanto employees and affiliates. The group claimed it had also disabled the company's mail servers while extracting the data.
8. Appeals court ruled the TSA broke the law on body scanners
The D.C. Circuit Court of Appeals held that the Transportation Security Administration had deployed airport body scanners without the public notice and comment that federal law requires. The court acknowledged the scanners intruded on personal privacy and ordered the agency to take public comment.
9. Toshiba admitted a hack that exposed plaintext passwords
Toshiba confirmed that one of its US websites had been compromised, with hundreds of customer records taken and published. The breach was made worse by the fact that the affected passwords had been stored in plaintext.
10. LulzSec hijacked The Sun with a Murdoch death hoax
LulzSec breached The Sun's website and redirected visitors to a fake obituary claiming Rupert Murdoch had been found dead in his garden. Several other Murdoch-owned sites suffered outages during the same attack.
11. Rupert and James Murdoch were questioned by Parliament
The Murdochs faced a parliamentary committee over the phone-hacking scandal, with Rupert Murdoch calling it "the most humble day of my life". The hearing was briefly interrupted when a protester attempted to throw foam at him.
12. Sixteen suspected Anonymous members were arrested over PayPal attacks
Federal authorities arrested sixteen people accused of helping to flood PayPal with traffic in retaliation for the firm cutting off WikiLeaks donations. The indictment described their use of the Low Orbit Ion Cannon tool to overwhelm the servers.
13. Anonymous claimed a gigabyte of restricted NATO data
Anonymous said it had used a simple SQL injection to extract about a gigabyte of restricted material from NATO systems. The group released one restricted document but said publishing the rest would be irresponsible.
14. Pfizer's Facebook page was defaced by the Script Kiddies
A group calling itself the Script Kiddies took over Pfizer's official Facebook page and posted mocking messages. Security researchers concluded the attackers had simply guessed the password of a staffer at Pfizer's public relations firm.
15. Anonymous breached Italy's cybercrime unit CNAIPIC
A faction of the AntiSec campaign claimed to have stolen around 8GB of evidence and documents from Italy's National Anti-Cybercrime Center, CNAIPIC. The cache reportedly held material on foreign governments and private firms held as part of investigations.
16. Scotland Yard arrested the LulzSec spokesman Topiary
Police arrested a teenager in the Shetland Islands suspected of being Topiary, the public voice of LulzSec and Anonymous. His Twitter feed was wiped clean apart from one defiant post reading "You cannot arrest an idea".
17. EFF warned Congress against a mandatory data retention bill
The Electronic Frontier Foundation joined a coalition of civil liberties groups opposing H.R. 1981, which would force internet providers to retain customer IP address logs. The coalition argued that stockpiling such records would create a persistent assault on privacy.
18. Anonymous dumped data from FBI contractor ManTech
As part of its "Fuck FBI Friday" campaign, Anonymous posted a 390MB cache it said came from defence contractor ManTech International. The leak included material related to NATO, the US Army and staff records.
19. EFF documented the erosion of privacy across Latin America
The Electronic Frontier Foundation examined how communication interception had become a political tool in countries including Colombia, Peru and Mexico. The analysis described surveillance being used to identify and silence dissent.
20. House committee advanced the data retention mandate H.R. 1981
The House Judiciary Committee passed the Protecting Children from Internet Pornographers Act, which would require providers to retain subscriber records for a year. Privacy groups objected that the retained data would be available far beyond the child-protection purpose named in the bill.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: