The week in security: In 2014, it's still the NSA's world
- 06 January, 2014 12:57
Welcome back, after what has hopefully been a restful break and respite from the never-ending onslaught of security issues. Get ready to hit the ground running, however: signs are that cybercriminals used the time to plan a very busy 2014 – which means it's time to carefully weigh up your strategies for bring your own device (BYOD) mobile rollouts and other elements of your security practice – including the cloud, which has [[xref:http://www.cso.com.au/article/535073/why_one_company_declined_cloud-based_crisis_communications_system_/ by the likes of Eastman Chemical Company.
Security researchers had a less than desirable present for Samsung after discovering a vulnerability in the company's Knox security software, which leads the company's efforts to secure BYOD rollouts.
Edward Snowden had a different Christmas message, warning that a child born today will grow up to have no idea of what privacy is and should be. That's a particularly chilling summation as 2013 is being widely regarded as the year of the personal data breach, with the situation unlikely to get much better.
As if to confirm that, a US court ruled that country's NSA is within its rights to collect phone records and tossed out a lawsuit from civil-rights group the American Civil Liberties Union (ACLU); the ACLU quickly appealed the decision, even as another judge validated the practice of searching the laptops of travellers when they cross US borders.
While that activity may be legal, however, there's been no ruling on German allegations that the NSA is intercepting computer deliveries to plant spyware on new computer equipment. At the same time, major networking equipment vendors were predictably unhappy about alleged NSA back doors built into iPhones and other equipment.
No wonder some people are calling the NSA the security industry's “dream enemy” – a moniker it will surely wear with pride if reported plans to use a quantum computer to quickly crack all encryption methods, are proved correct.
Google didn't have the same luck, with an appeals court rejecting Google's argument that it did not break wiretapping laws by collecting user data during its Street View mapping project.
Cybercriminals are having to go back to basics after the disappearance of the popular Blackhole exploit kit left them with, yes, a black hole in the roster of potential alternatives.
Yet others are continuing to find success through other methods, such as a hole in the Snapchat service that researchers say could allow attackers to quickly find the phone numbers of many users. As if to prove the point, hackers claimed they had done just that by exposing the phone details of 4.6 million Snapchat users, while Skype's social-media accounts were targeted by a hacker group.
Seemingly validating Snowden's point about online privacy, some argue that few users will be scared away from Snapchat after the breaches. Facebook was alleged to have been scanning users' private messages, although analysts believe the concerns won't stick.
Retailer Target was also counting the cost of a breach as it admitted customer PINs had been stolen in a high-profile hack but argued that customer data was still safe. Little wonder the government is seen as being trusted more for data protection than the private sector – despite revelations more than 1 million UK schoolchildren have been fingerprinted.
Meanwhile, a Russian cybercriminal took over a BBC server and tried to sell access to it. The online Steam game server was rendered unusable after a DDoS attack. And, perhaps signalling the way of things to come, security firm FireEye gave itself a $US1 billion Christmas present after snatching up incident-response vendor Mandiant.