You are here

Security breaches 2011

31 December 2011
To end the year on a high, wanted criminals also get Aadhaar numbers. Easily. Low grade, international ones. Not the hi-tech 'Mission Impossible' kind.

This is what the Times of India reports:
Suspected Afghan national Bashir Shah alias Ayub Khan was arrested by crime branch on December 31. This is the second arrest of Shah by city police. Shah was arrested by Lakadganj police in February 2006 for alleged act of staying in India without valid documents. He was then booked under the Foreigners' Act and for also violating the provisions of passport. Shah's younger brotherAmir Khan was also booked along with him. The case is still pending for trial. It was, however, not clear as to how Shah sneaked away from India despite being an accused. Earlier he held an Afghan passport, Shah has claimed to have destroyed his documents and was in the process to establish himself as an Indian when the security agencies zeroed in on him. The crime branch found that Shah had managed to procure a driving licence from Nagpur'sRegional Transport Office (RTO) in 2002. With the help of a local contact, Shah prepared a second driving licence in 2010 under the same name. He had also made an 'Aadhar' card for identification in May 2011 and was trying to make a passport when the cops caught him.

Police did not rule out possibility of others like him present in the city and further investigations are on in that direction.

24 December 2011
Stratfor who provides strategic intelligence on global business, economic, security and geopolitical affairs was defaced by Anonymous Group of Hackers who boasted that " Over 90,000 Credit cards from LEA, journalists, intelligence community and whitehats leaked and used for over a million dollars in donations". Private Clients List of Stratfor is also leaked on a Pastebin note.
Documents from the hack posted to date by both Anonymous and AntiSec, according to Identity Finder, include:
• 50,277 unique credit card numbers, of which 9,651 are not expired.
• 86,594 e-mail addresses, of which 47,680 are unique.
• 27,537 phone numbers, of which 25,680 are unique.
• 44,188 encrypted passwords, of which roughly 50 percent could be easily cracked.

23 December 2011
Hackers broke into Chinese websites and compromised the identity of 38 million users. Some of these were also published online (see screenshot after the break). The affected portals are gaming websites including hacking178.com, 7K7k, Duowan, etc. This also included an attack on the CSDN attack where user names and passwords of more than 6 million programmers were hacked. 7K7K lost as many as 20 million user details while 178.com is claimed to have lost 10 million accounts and even some social networking sites like Renren have reportedly been affected by the attack.

9 December 2011
The congress worthies Sonia Gandhi and Manmohan Singh released the first UID together. They cannot even protect their own website. Hackers broke into the official website of India's ruling Congress party Friday and defaced the profile page of party president Sonia Gandhi with a pornographic message. On her birthday.

So much for Communications Minister Kapil Sibal's pledge to crackdown on "unacceptable" online content earlier this week.

5 December 2011
Another direct goof up. UIDAI registrars have been found to be selling data collected for UID or Aadhaar number scheme to private firms, and worse, UIDAI knows about this and can do nothing about it.

According to media reports, in October, the UIDAI banned Madras Security Printers Pvt Ltd and Alankit Assignments for sub-contracting work to other vendors. The Andhra Pradesh state government also received several complaints against both the vendors for misuse and sale of data to private firms. Some sub-contractors of Madras Security and Alankit are also accused of collecting Rs200 to enrol and issue acknowledgement receipt from people in Ranga Reddy, Chittoor and East Godavari districts of the state.

Despite a confirmation of these allegations against these vendors in a report prepared by the AP government, there is no action and both Madras Security and Alankit continued to enrol people for Aadhaar numbering scheme.

Alankit Financial Services sub-contracted enrolling at Bangalore to another private company, ID Global Technology Solutions. The latter is alleged to have indulged in franchising enrolling business to many other private companies. ID Global Technology Solutions is alleged to have been taking deposits of Rs2.5 Lakh from the franchisees. Surprisingly the UIDAI chairman had stated that he was not aware of this illegal activity.

28 November 2011
OK, this is a direct goof up. Remember that we predicted that the lowest bidder would get the contract and put in unqualified illiterate people on the job. It has happened earlier than we thought (we thought Nilenkani would at least be smart enough to let that happen only after the pilot phase). But no. In Bangalore itself, the enrollers are mechanically ticking columns violating the privacy of those dumb enough to enroll.

27 November 2011
If you thought that the National Technical Research Organisation (NTRO) would protect you, here is some news you will not like to hear: When the CAG decided, in 2010, to go into the backgrounds of the staff of NTRO, it was surprised to see that most were not even technically qualified for the posts they occupied.
Every self-respecting nation harbouring threat perceptions always uses, as a rule, indigenously developed crypto systems. Algorithms are customised by each agency without sharing with others within the country. However, India, notwithstanding its history of four wars, victimhood to terrorism, and “IT superpower” and “emerging giant” claims, still depends on German and American intelligence software and, increasingly, Chinese hardware fitted with Chinese source codes.

22 November 2011
Not strictly a goof up of UIDAI, what one can expect, given the data with their registrars etc. The Power Finance Corporation published names, complete addresses, telephone or mobile numbers and email IDs of around 1.2 lakh individuals .

It is still there on 30 November--a week after they promised to "act upon the issue at the earliest". You can download them (as of 30 November 2011) at http://www.pfc.gov.in/Content/Bond_Holder_80CCF.aspx in the following 5 files:

PFC Infrastructure Bonds u/s 80CCF

1. Series-I.
2. Series-IIA.
3. Series-IIB.
4. Series-III.
5. Series-IV.

If you are a PFC bond holder, pray that the links are broken.

18 November 2011
Facebook was hit by porn spam attack which users' newsfeeds were unexpectedly flooded with graphic content, including images and videos showing pornography and violence. As usual, they said that no user data or accounts were compromised during the attack.

17 November 2011
UID data not secure . Home Minister P Chidambaram has said that the biometric census done by the Unique Identification project does not pass security criteria. He has called for an immediate meeting of the Cabinet Committee on the issue since “The possibility of fake identity profile in the UID data is real,” Chidambaram said in the recent letter to Montek Singh Ahluwalia, Deputy Chairperson of the Planning Commission.

Also on 17 November 2011, in another serious security breach, it has come to light that Indian government servers have been used by foreign entities to target the computer networks of third countries.

The finding comes at a time when a dispute rages within the government over who should be responsible for protecting India's critical IT infrastructure. According to sources, foreign entities have penetrated the servers of the National Informatics Centre in recent months and used them to launch attacks on countries, including China. Among other things, the NIC hosts the official websites and emails of the Indian government.

As is wont, a turf battle is raging within the government about who should be protecting it. The department of IT and the National Technical Research Organisation had laid claims to being responsible for safeguarding India's IT infrastructure. The department of IT believes the job should vest with the Computer Emergency Response Team while the NTRO says it must have the responsibility for both defensive as well as offensive cyber security.

Meanwhile, conventional cyber attacks from foreign entities to extract confidential data from Indian government systems are on.

This comes when there are reports that a U.S. water utility was hacked. Intruders compromised a water utility network last week and destroyed a pump. The water utility had noticed minor glitches in the remote access to the SCADA system for two to three months before it was identified as a cyber attack, Weiss said. This is similar to the 2000 hacking (PDF) in Queensland, Australia, in which a wastewater treatment plant failed to notice dozens of attempts to access the system. Using wireless radio and stolen control software, a consultant on the project who was angry over not getting a job was eventually able to get in and release up to one million liters of sewage into the river and coastal areas, killing marine life and turning a creek black.

10 November 2011
If you can't hack, you can get expert guidance from, where else?, a call centre. An underground call-centre for identity theft was uncovered by security researchers. Researchers from security vendor Trusteer have come across a professional calling service that caters to cybercriminals. The business offers to extract sensitive information needed for bank fraud and identity theft from individuals.

And not for the first time either, as the report notes.

7 November 2011
Websites of Israel, Finland, Portugal were hacked by Anonymous. The attacks affected websites of Israel’s Mossad and Shin Bet intelligence services as well as the Israel Defence Force.

6 November 2011
The 35 million user database of Steam users was accessed by hackers.
. In an IM to Steam users, Valve said, "Our Steam forums were defaced on the evening of Sunday, November 6. We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information." The company went on to say, "We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely." Steam has 35 million users who purchase digital copies of PC games.

1 November 2011
Nitro hack steals R&D and defense secrets. Hackers used email scams distributing a notorious malware tool to steal research & development secrets from chemical manufacturers, defense companies and other targets in a huge industrial espionage attack dubbed Nitro, it has been revealed. Poison Ivy, a Windows-based trojan which allows covert remote access to infected PCs, was distributed among firms between April and September this year, according to a paper [pdf link]
from security firm Symantec, with 29 chemical sector companies and a further 19 – primarily in defense – in other sectors targeted.

31 October 2011
Pakistani hackers breached the security of the CID website. The hackers claimed themselves as members of the Muslim Liberation Army.

On 29 October Pak hacker "khanastic hoX Or" defaced the websites of Indian Meteorological Department, Jute Corporation of India, Bharat Sanchar Nigam Ltd and Chennai Metro Rail.

27 October 2011
A US congressional commission report blames China for hacking US satellites
in four attacks in 2007-2008. COMPUTER HACKERS from China could have interfered with two US government satellites between 2007 and 2008. The hackers, who allegedly were working on behalf of the Chinese military, gained access to the satellites on four occasions through a ground station in Norway.

Also today, the website of the Japanese Parliament was hacked. Two cyber-attacks have recently struck the Japanese government, the Chief Cabinet Secretary acknowledged. Media reports allege that the problem originated from China, since one of the hacked computers was forcibly linked to the mainland.

24 October 2011
The Biometrics of 9 Million Israelis' was hacked and leaked on to the web.

The personal information of 9 million Israelis living and dead included the birth parents of adoptees and sensitive health information. The stolen database contained the name, date of birth, national identification number, and family members of 9 million Israelis, living and dead. More alarmingly, the database contained information on the birth parents of hundreds of thousands of adopted Israelis--including children--and detailed health information on individual citizens.

18 October 2011
A Global Fraud report by Kroll and Economic Intelligence Unit said that 84% Indian firms hit by fraud and data theft most common.. Kroll is the world’s leading risk-consulting company. The report mentions that India has actually improved from 88% last year. Thank god for small mercies.

17 October 2011
CabinCr3w, which is affiliated with the Anonymous online activist group released the personal data of Citigroup CEO Vickram Pandit over protest arrests. The data includes phone numbers, address, e-mail address, family information, and some legal and financial information. The Register, a British newspaper called it Hackers expose Citibank CEO's privates: Revenge strike against cuffing of Occupy Wall St protesters. Previous victims include the CEOs of JP Morgan Chase, James Dimon, and Goldman Sachs, Lloyd Blankfein.

11 October 2011
CabinCr3w released personal data on bankers in support of Occupy Wall Street protests. Information was posted to the Web about Kerry Killinger who was removed as CEO of Washington Mutual shortly before it collapsed in 2008. Earlierthe target was Joseph Ficalora, CEO of New York Community Bancorp. The information released isn't all that sensitive--mostly phone numbers, addresses, compensation, legal and other information. The move is more symbolic than punitive.

7 October 2011
111 Indicted in One of the Largest Identity-Theft Cases in the U.S.: The identities of 'thousands' were stolen through forged American Express, Discover, MasterCard, and Visa cards with the stolen credit-card numbers. The details were stolen when the credit cards were used--and the similar thing can happen with the Aadhaar cards. "These weren't holdups at gunpoint, but the impact on victims was the same," New York Police Commissioner Raymond Kelly said. "They were robbed."

The $13 million theft enterprise has been running since 2010, and specialized in selling Apple Inc. products overseas. Police said they seized $850,000 worth of computer equipment that had been stolen from the Citigroup Building in Queens, $650,000 in cash, thousands of dollars' worth of Apple computer products, seven handguns, as well as designer watches, shoes, clothes, and bags.

"Thieves have an amazing knowledge of how to use technology," Kelly told Reuters. "The schemes and the imagination that is developing these days are days are really mind-boggling." 13 of the 111 indicted are Indian. And if you think that it cannot happen in India, scroll down to 21 July 2011.

4 October 2011
Computer Virus Hits U.S. Drone Fleet: A computer virus infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones. “We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.” Of course they kept it a secret and even the cybersecurity unit did not know about it till it was reported in the press.

Technicians at Creech are trying to get the virus off the GCS machines. It has not been easy. At first, they followed removal instructions posted on the website of the Kaspersky security firm. “But the virus kept coming back,” a source familiar with the infection says. Eventually, the technicians had to use a software tool called BCWipe to completely erase the GCS’ internal hard drives. “That meant rebuilding them from scratch” — a time-consuming effort.

The Air Force declined to comment directly on the virus. “We generally do not discuss specific vulnerabilities, threats, or responses to our computer networks, since that helps people looking to exploit or attack our systems to refine their approach,” says Lt. Col. Tadd Sholtis, a spokesman for Air Combat Command. “We invest a lot in protecting and monitoring our systems to counter threats and ensure security, which includes a comprehensive response to viruses, worms, and other malware we discover.” However, insiders say that senior officers at Creech are being briefed daily on the virus.

7 October 2011
UIDAI website was down for 9h 27m and was up again at 04-10-2011 08:49:54AM. Since authentication of the UID has to be done via the website authentication was also down at this time. (See also 1 July 2011).

29 September 2011
The personal information of some 4.9 million US military clinic and hospital patients was lost by TRICARE and SAIC. The data was unencrypted, since the contractor wanted to save costs. The data covers the period 1992 to 7 September 2011--almost 20 years. The data may include Social Security numbers, addresses, phone numbers and personal health data such as clinical notes, laboratory tests and prescriptions.

27 September 2011
In what is at least the second time, the website of the Supreme Court of Pakistan was hacked presumably to force the SCP to shut down all pornographic sites in Pakistan.

Also today two online activist groups RevoluSec and Anonymous said they hacked several official Syrian websites in the latest tactic to oppose President Bashar Assad's authoritarian regime.

19 September 2011
The group 'Anonymous' attacked the websites of the Japan's defence industry .

Mitsubishi Heavy Industries Ltd said that its computers had been hacked into, with one newspaper saying the target was Japan's biggest defence contractor's factories for submarines, missiles and nuclear power plant components. The Yomiuri newspaper said about 80 virus-infected computers were found at the company's Tokyo headquarters as well as manufacturing and research and development sites including Kobe Shipyard & Machinery Works, Nagasaki Shipyard & Machinery Works and Nagoya Guidance & Propulsion System Works.

Kobe Shipyard currently builds submarines and makes components to build nuclear power stations, while the Nagasaki Shipyard makes escort ships. The Nagoya plant makes guided missiles and rocket engines, the paper said citing unnamed sources.

It is the country's biggest defense contractor, winning 215 deals worth 260 billion yen ($3.4 billion) from Japan's Ministry of Defense in the year to last March, or nearly a quarter of the ministry's spending that year. "The Japanese make large conventional submarines that are among the world's most sophisticated ... (they) have very nicely integrated solutions with their own mechanical, electronic and control systems, so it a pretty attractive hacking proposition, to get the design of a Japanese submarine," he added.

17 September 2011
The group 'Anonymous' attacked the websites of the Mexican government.

Predictably the Mexican government says that 'despite this attack, data security and the intranet used by federal government agencies "are not at risk"'. The Public Safety Department confirmed the attack and said that there occurred a "brutal and unusual number of hits by simulated users, causing the site's firewall defense system to activate".

12 September 2011
Intelligence and National Security Alliance (INSA) a "premier intelligence and national security organization" of the USA was hacked and then hundreds of intelligence officials, ranging from the NSA, FBI, CIA, the Pentagon, the White House, Office of Director of National Intelligence and the State Department , had their names, email addresses, some phone numbers and even home addresses posted on Cryptome.

The attack was within 48 hours after INS published a Cyber Intelligence report [PDF] about the need to develop better cyber intelligence sharing, analysis and defenses against the "cyber threat environment" where hackers are cracking into everyone's systems, from government agencies to private companies.

MSNBC reported that "in apparent retaliation, INSA's 'secure' computer system was hacked and the entire 3,000-person membership posted on the Cryptome.org." There were 95 email addresses belonging to the "supersecret National Security Agency, as well as scores of others in key positions at the White House, the Pentagon, FBI, CIA, the Office of Director of National Intelligence and the State Department." John Young who runs Cryptome said in a telephone interview with NBC that he had no reservations about publishing 'INSA Nest of Official and Corporate Spies.' Young said, "We would love to name every spy that lives on Earth."

In what should be a direct warning to to UID, The Daily Beast quoted Wired's Danger Room editor and cybersecurity expert Noah Shachtman as saying, "It used to be that if you wanted to steal secrets from the U.S. government, you would have to go to the Pentagon or Langley, Va. But now, because so much of what our military and intelligence agencies do is actually in private contractor hands, one of the easiest ways to get sensitive information is to break into these corporate and association networks." Wonder how secure the networks of all the 'registrars' and their subcontractors is.

4 September 2011
When a bank robber was asked why he robbed banks, he said 'coz thats where the money is'. So well here it is... attacking the protector: In a daring attack of unknown duration, hackers stole SSL certificates used for CIA, MI6, Mossad, Microsoft, Yahoo, Skype, Facebook, Twitter and Microsoft's Windows Update service. They acquired over 500 DigiNotar digital certificates, prompting Mozilla and Google issue 'death sentence' for all sites with digital certification from DigiNotar.

Google and Mozilla will permanently block all the digital certificates issued by DigiNotar. The Netherlands's Minister of the Interior, said the government could not guarantee the security of its websites because of the DigiNotar hack, and told citizens not to log into its sites until new certificates had been obtained from other sources. Mozilla will update Firefox 6 and Firefox 3.6 to permanently block all DigiNotar-issued certificates, including those used by the Dutch government. Google updated Chrome to do the same.

Helsinki-based antivirus company F-Secure said it had found signs that DigiNotar's network had been compromised as early as May 2009. DigiNotar went public only after users reported their findings to Google.

1 September 2011
The ultimate irony... wikileaks itself came on the receiving end of a security breach when a journalist put out the full archive and passwords into the internet and entire stash of documents could be accessed online to its former partners' dismay. The blame game could be comic, but only a curtain-raiser to the deadly implications of UID.

11 August 2011
McAffee, the security firm says that the National Informatics Centre has been National Informatics Centre (NIC), backbone of the government's IT network, has borne the brunt of sustained cyber attacks by Chinese hackers.

The report in The Times of India goes on to add that NIC, according to cyber security experts, is a sitting duck... that it's almost open season, where Indian government data is concerned.

Last year, when the CBI website was attacked, which is hosted by NIC, the government, led by national security adviser Shivshankar Menon, set up a committee of secretaries to work out a defensive plan to secure government networks. But there is still no integrated cyber security plan. Cyber security analyst Ravi V. Prasad said, "The '.in' registry is not well guarded, so sites hosted in this domain remain vulnerable."

He avers that India and the US remain favourite targets for Chinese hackers. Earlier, he said, hackers would indulge in what is known as "distributed denial of service" (DDOS). "But, now its large-scale mining of data. You could call it national espionage, business espionage."

7 August 2011
Anonymous stole 10 gigabytes worth of data from 70 police websites in the US. The data breach included leaked information about an ongoing investigation, e-mails stolen from officers, tips that appeared to come from members of the public, credit card numbers, and other sensitive information.

5 August 2011
Just when you thought that it couldn't get worse. Read how Operation Shady RAT a five-year, high-level global cyber-espionage hacking campaign infiltrated computer systems of more than 70 governments, corporations and public and private organizations in 14 countries (including India) and how Hackers Take $1 Billion a Year from Company Accounts Banks Won’t Indemnify

21 July 2011
The innovative Indians! Even before the full roll out, we have the fakes, and in Bangalore itself.
Not only were fake UIDs issued but they even had the gumption to sell franchisees for Aadhar enrolment by charging a non-refundable sum of Rs 250,000 per enrolment kit.

17 July 2011
Rupert Murdoch's media house hacked into the mobile phones of victims of murder and kidnapping for those exclusive 'scoops' for years on end. Finally the CEO was forced to resign and was arrested on 17 July in a scandal that reached up to the British prime minister's office. The scandal also claimed the top two policemen for being complicit in the affair. This was only a media organisation, but they had the politicians and the policemen in their pockets....

13 July 2011
The US military's emails were hacked and about 90,000 email accounts were compromised.

6 July 2011
Oh dear. Yet another, and this time the website of India's premier anti-terror probe body The National Investigation Agency (NIA) is shutdown following reports of security breach. This site is under maintenance. Sorry for inconvenience. The government claims that the move was aimed at tightening safety mechanism following recent incidents of hacking of government websites like the National Security Guard and the Central Bureau of Investigation. On 11 July 2011 the site still says "This site is under maintenance. Sorry for inconvenience."

5 July 2011
Oh, oh! In a bizarre case of the pot calling the kettle black the department of information technology of Maharashtra conducted a 'surprise inspection' at a centre in Fort on Friday. The inspection revealed violations that could jeopardise the security of the information stored... and it would be more dangerous as the details of millions of citizens are stored in one machine.

The officials found that the IT company Tera Software had violated the norms and sub-contracted the enrolment process to another firm, M/S Infotech, which could potentially endanger the security of the entire process. Predictably, Umamaheshwara Rao, project manager, Tera Software denied sub-contracting.

4 July 2011
Hackers took control of the FoxNews.com twitter account to claim thatObama was shot dead.

1 July 2011
The website of the country's elite National Security Guards was hacked anonymous programmers according to a report by The Times of India. Apparently the e-mails of certain officers were also hacked. All officers and the NSG unit posted at the Palam headquarters were ordered to avoid using internet services.

Also on 1 July 2011
UIDAI website was down for around 8 hours, and about 3 to 4 hours on 24 June. Remember, uidai.gov.in is not just a website. As per Aadhar authentication API doc available on uidai.gov.in website (when it is up!) , authentication of the UID has to be done via the website. So, one can safely conclude that authentication was also down at these times.

After spending billions, uidia.gov.in cant keep a mere website up where they have all the facilities of back up and 24x7 power supply etc. And these guys are going to maintain identity for a nation of more than a billion? Oh well, thank god for the small mercies. Better down and even better down and out.

29 June 2011
Groupon says India users' data leaked . The passwords were posted in plain text on the net. This is a minor leak (only 300,000 in comparison to Sony's 100 million)

27 June 2011
Anonymous steals data from world governments . Hacktivist group Anonymous dumped onto the Web data that it claims was taken from the government servers of "Anguilla, Brazil, Zimbabwe and Australian Government Servers." The group indicated this was part of its AntiSec operation, to steal data from governments it did not agree with.

26 June 2011
Anonymous Puts US Counter Terrorist Program Online . Anonymous released a set of files which includes documents and links to security and hacking resources on the internet, many of them free, various template letters, hacking and counter hacking tools as well as the addresses of FBI bureaus in the US.

The 625MB file (SENTINEL Security Utilities - Cyberterrorism Defense and Analysis Center) is now widely available online and seems to have come from the US FEMA (Federal Emergency Management Agency) Counter Terrorism Defence Initiative training program.

23 June 2011
Bathinda UID agency may have violated norms in sensitive data collection. This is a direct goof up of UIDAI.

7 June 2011
Hackers steal info on military, defense personnel. Email addresses and names of subscribers to DefenseNews, a highly-regarded website that covers national and international military and defense news, were accessed by hackers and presumed stolen, Gannett announced yesterday.

16-19 April 2011
Details, including credit card details, of 100 million--yes 100 million--customers of Sony hacked.

4 April 2011
Epsilon email hack: Computer hackers stole the names and email addresses of millions of customers in one of the largest internet security breaches in US history. The names and email addresses of customers of Barclaycard US, Capital One and other large firms were taken in an attack on the marketing email provider Epsilon.

17 March 2011
RSA, a security solutions company that sells SecurID tokens that are used by corporations and government agencies, shocked the security world when it announced that it was victimized by an "extremely sophisticated cyberattack" in which sensitive data related to the SecurID technology had been pilfered and could be used by attackers to get access to networks of RSA customers who rely on the technology.

SecurIDs are the industry standard for two-factor authentication.

Though RSA in an open letter tried to say that nothing of importance was stolen--"While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers"--it soon become evident that security was compromised. Two defense contractors--Lockheed Martin and L-3 Communications--reported attacks on their systems that exploited data stolen from RSA. Another, Northrop Grumman, unexpectedly shut down remote access to its network last month, which led to speculation that it had had a SecurID-related incident. Following news stories about the incidents, which experts speculate may have a tie to China, RSA said it would replace SecurIDs for customers concerned about the risks.

About 250 million IDs, at the very minimum were compromised.

17 December 2010
Iraqi insurgents Intercept Drone Video in King-Size Security Breach that was known to the Pentagon for over 10 years. In Iraq insurgents tapped into the drones’ broadcasts, to see what the flying robot spies see. The U.S. military found pirated drone video feeds on militant laptops. Using cheap (US$26), downloadable programs like SkyGrabber, militants were apparently able to watch and record the video feed — and potentially be tipped off when U.S. and coalition forces are stalking them.

Those who intercept could potentially start to conduct ‘battles of persuasion’; that is, hacking with the intent to disrupt or change the content, or even ‘persuade’ the system to do their own bidding,” says Peter Singer, author of Wired for War. This has long been the nightmare scenario within Pentagon cybersecurity circles: a hacker not looking to take down the military grid, but to exploit it for his own purposes. How does a soldier trust an order, if he doesn’t know who else is listening — or who gave the order, in the first place? “For a sophisticated adversary, it’s to his advantage to keep your network up and running. He can learn what you know. He can cause confusion, delay your response times — and shape your actions,” one Defense Department cybersecurity official tells Danger Room.

3 December 2010
The Pakistan Cyber Army hacked the website of the Central Bureau of Investigation (CBI) supposedly one of the "most secure" ones in the country. The also claimed to have hacked 270 more. This was apparently in response to the 'Indian Cyber Army's' hack on their website.

28 November 2010
The United States diplomatic cables leak (also known as Cablegate) in which 251,287 documents were published by WikiLeaks—an international new media non-profit organization that publishes submissions of private, secret and classified information from anonymous news sources, government whistleblowers, and news leaks—started to publish classified documents of detailed correspondence between the U.S. State Department and its diplomatic missions around the world, releasing further documents every day. WikiLeaks forwarded diplomatic cables to five major newspapers around the world, which have been publishing articles by agreement with WikiLeaks.

The publication of the U.S. embassy cables is the third in a series of U.S. classified document "mega-leaks" distributed by WikiLeaks in 2010, following the Afghan War documents leak in July, and the Iraq War documents leak in October. The contents of the cables describe international affairs from 300 embassies dated from 1966–2010, containing diplomatic analysis of world leaders, an assessment of host countries, and a discussion about international and domestic issues.

22 October 2010
The Iraq War documents leak
disclosed 391,832 United States Army field reports, also called the Iraq War Logs, of the Iraq War from 2004 to 2009 to several international media organizations and published on the Internet by WikiLeaks on 22 October 2010.

September 2010
Stuxnet attack on Iran's uranium enrichment facility at Natanz – where the centrifuge operational capacity has dropped over the past year by 30 percent.

28 July 2010
Like most (all?) US Companies, Google partners with the CIA to Invest in ‘Future’ of Web Monitoring. It’s not the very first time Google has done business with America’s spy agencies. Long before it reportedly enlisted the help of the National Security Agency to secure its networks, Google sold equipment to the secret signals-intelligence group. In-Q-Tel backed the mapping firm Keyhole, which was bought by Google in 2004 — and then became the backbone for Google Earth.

25 July 2010
Afghan War Diary, 2004-2010
Perhaps the most famous of them all. WikiLeaks released a document set called the Afghan War Diary, a compendium of over 91,000 reports covering the war in Afghanistan from 2004 to 2010. The reports, while written by soldiers and intelligence officers, and mainly describing lethal military actions involving the United States military, also include intelligence information, reports of meetings with political figures, and related details.

November 2009
Shadows in the Cloud Hacking by the Chinese on the Dalai Lama’s offce between January and November 2009. The compromised computers included National Security Council Secretariat, India, The National Security Council Secretariat (NSCS) (including the Joint Intelligence Committee, the National Security Council) Embassy of India, Kabul, Moscow, the Consulate General of India, Dubai, and the High Commission of India in Abuja, Nigeria, Military Engineer Services, India (MES-Bengdubi, MES-Kolkata, MES(AF)-Bangalore, and MES-Jalandhar) 21 Mountain Artillery Brigade in Assam, the Air Force Station, Race Course, New Delhi and the Air Force Station, Darjipura Vadodara, Gujarat, Army Institute of Technology in Pune, Maharashtra and the Military College
of Electronics and Mechanical Engineering in Secunderabad, Andhra Pradesh, Institute for Defence Studies and Analyses, India.

13 November 2009
The confidential plan for the UID in India of the UID authority of India. It was leaked even before it was available to the citizens of India, and when Nilenkani was reluctant to share it. Do note that the UID team at the time was fully hand picked by Nandan Nilenkani.

If he cannot ensure security with his handpicked team, how he will when the cheapest contractor does it.... we leave to your imagination.