In-depth

Biggest hacks of 2014: From Apple to eBay, no-one is safe

On the heels of the Sony Pictures hack, we take a look at other high-profile targets

Banks, retailers and tech firms all succumbed to high-profile cyber attacks this year, proving that no company is invulnerable from hacking.

We take a look at the biggest hacks of 2014, which led to leaks of everything from films and private celebrity photos to payment details and addresses.

SONY PICTURES

The film studio has been the most recent victim of hackers, with the attack on its systems being so devastating, employees had to switch to pen and paper.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

What was leaked?

Hackers obtained over 100 terabytes of data ranging from employee passwords and credit card details to medical histories and executive salary details.

Unreleased movies including Annie, Fury, Still Alice, Mr Turner and To Write Love on Her Arms have been leaked as well as the social security numbers of celebrities such as Sylvester Stallone.

Who did it and how?

A group known as Guardians of Peace' or GOP' took responsibility for the attack. Upon turning on their computers employees were supposedly greeted with the following message:

Fingers have been pointed at North Korea, which is said to have carried out the state-led attack in retaliation for Sony's involvement in the upcoming movie The Interview'. This is a comedy where the plot revolves around a plan to kill the North Korean leader Kim Jong-Un.

Advertisement - Article continues below

North Korea has denied being directly involved and as the perpetrators have been taunting Sony online and posting information on Pastebin, it does appear to suggest it wasn't a state-led attack as these are usually clandestine.

A malware analysis has been carried out by security experts at Blue Coat and they claim that preparation for the attack began as early as May.

"The first sample reviewed is a worm that spreads via SMB. Inside was a text file that contained over 10,000 mappings between internal host names and IP addresses," the firm said.

"This indicates the attackers had already performed recon of the network, knew what machines they were interested in targeting and had already obtained previous access before this sample was deployed."

Advertisement
Advertisement - Article continues below

Interestingly, Blue Coat confirmed there was a Korean language resource section in the code, suggesting the perpetrators could be based in the country.

The fallout

Advertisement - Article continues below

So far the leaked movies have been downloaded an estimated 2 million times. A source also told Buzzfeed, the cost of fixing the IT systems is likely to outweigh any losses at the box office.

The FBI has been contacted to investigate the breach and Sony has offered past and present employees 12 months of fraud protection to help mitigate any impact.

Perhaps more worryingly for Sony was that this isn't the first major breach it has had to deal with and it seems to be a popular target. As of 8 December, Sony's online store was also taken down by a group known as the 'Lizard Squad'.

------------------------------------------------------------------------------------------

APPLE iCLOUD

This wasn't the biggest breach of the year, but it gained the most attention due to the sensitivity of the content that was released at the end of August.

Advertisement - Article continues below

What was leaked?

Hundreds of nude images of female celebrities including Jennifer Lawrence and Kate Upton were obtained from Apple's iCloud service and released on 4Chan in an event dubbed "The Fappening".

Credit: 'Sad iCloud' courtesy of Ben Cameron -http://strangepaul.com

Advertisement
Advertisement - Article continues below

Who did it and how?

A 4Chan user who referred to himself as "a collector" tried to shop around the images privately before they were released.

Reddit became a primary source of distribution through the TheFappening' sub-reddit, which was subsequently banned by admins. Images were also shared on Twitter.

Advertisement - Article continues below

Celebrity iCloud accounts are believed to have been accessed by using a combination of simple brute force password attacks and by answering basic security questions.

The fallout

Although Apple has always maintained it wasn't "hacked", there is no denying that the private content was obtained from its iCloud service. After the leaks, the firm did increase security.

Apple now sends out notifications when requests are made to access the iCloud through a web browser or restore data to a device.

All the victims condenmed the invasion of privacy. Actress Gabrielle Union, who had private pictures released, confirmed she had contacted the FBI over the incident.

Joy Corrigan, a 20-year old model who also had her pictures leaked, said she previously flagged suspicious activity on her account but no action was taken by Apple. She has mounted a class-action lawsuit against the firm and Apple could be forced to pay out substantial damages if it is found to be at fault in court.

Advertisement - Article continues below

------------------------------------------------------------------------------------------

Advertisement
Advertisement - Article continues below

JP MORGAN CHASE & CO.

Despite having an expected spend of $250 million on cyber security during 2014, America's biggest bank couldn't prevent hackers from gaining access to its network.

What was leaked?

Details of 76 million US households and 7 million SMBs were compromised.Stolen data included names, addresses, phone numbers and email addresses.

Who did it and how?

Advertisement - Article continues below

Sources told Bloomberg that the origins of the hack could be traced back to cybercriminals located in Russia, and even pointed to a possible state co-ordinated attack. However, the perpetrators remain unknown.

The hackers are believed to have exploited flaws in one of the bank's websites and then used zero-day malware to gain access to the network and manipulate records.

The fallout

The FBI and US Secret Service have been investigating the cause of the breach. JP Morgansaid customers would not be liable for any unauthorised transactions carried out on their account.

It's unclear what the financial impact of the hack has been, but the reputational damage experienced by the firm could take more time to overcome.

Advertisement
Advertisement - Article continues below

------------------------------------------------------------------------------------------

Advertisement - Article continues below

WEBCAM HACK

One of the more bizarre and voyeuristic hacks of 2014 came to light last month when it was revealed that live feeds were being broadcast online from webcams around the world.

What was leaked?

A Russian website called Insecam was found to be streaming live video from thousands of webcams (excluding laptops) in a huge invasion of privacy.

In the UK, around 584 webcams were originally available to view, (135 as of writing) including feeds fromoffices, factories and even a pub in Egham. At one point, children and babies could be seen sleeping.

Who did it and how?

Advertisement - Article continues below

As mentioned the website was set up in Russia. The firm claims it does not hack into security cameras, instead they are accessed because they are not password protected or because they use default login credentials.

The fallout

The website is still up and running and provides a stark warning about networked cameras. Users of such devices are urged to make sure they use a secure password.

Advertisement
Advertisement - Article continues below

------------------------------------------------------------------------------------------

EBAY

The popular auction website had one of the biggest breaches of all time, when data of all its users was stolen.

Advertisement - Article continues below

What was leaked?

Personal details including addresses, phone number and dates of birth belonging to all 145 million customers were stolen.

Who did it and how?

Cyber criminals are believed to have compromised a small number of employee log-in credentials. These were then used to gain unauthorised access to eBay's corporate network.

The fallout

eBay was criticised for telling users about the hack two weeks after it found out. However, despite sitting on news of the breach, the firm claiming there was no evidence of increased fraudulent activity.

Advertisement - Article continues below

All users were advised to change their passwords after the breach was made public.

Advertisement
Advertisement - Article continues below

The US states of Connecticut, Florida and Illinois joined forces to investigate the company's security policies, along with the country's Federal Trade Commission.

The UK data protection watchdog, the Information Commissioner's Office (ICO), initially said it would launch a probe into the breach. However, after establishing eBay was registered as a data controller in Luxembourg, it told IT Pro no further action would be taken.

------------------------------------------------------------------------------------------

HOME DEPOT

Yet another well-known US brand was added to the list of hacking victims this year in what was the biggest retail breach to-date.

Advertisement - Article continues below

What was leaked?

The DIY giant had 53 million email addresses and 56 million payment details stolen from its servers.

Who did it and how?

No group has claimed responsibility for the hack.

The cybercriminals are believed to have used third-party vendor credentials to access Home Depot's network.

Advertisement
Advertisement - Article continues below

Zero-day malware was then deployed on Home Depot's self-checkout systems in the US and Canada, which gathered customer payment details.

Advertisement - Article continues below

The fallout

The hack highlighted the dangers when enterprises are slow to upgrade their security systems.

Since the hack, Home Depot enhanced encryption of payment data in all US stores and pushed out EMV chip-and-PIN technology, which has been used in the UK since 2004.

Featured Resources

Report: The State of Software Security

This annual report explores important trends in software security

Download now

A fast guide to finding your cloud solution

One size doesn't fit all in the cloud, so how do you find the best option for your business?

Download now

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Small & Medium Business Trends Report

Insights from 2,000+ business owners and leaders worldwide

Download now
Advertisement

Recommended

Visit/business-strategy/33311/apple-launches-new-tv-gaming-and-finance-services
Business strategy

Apple launches new TV, gaming and finance services

25 Mar 2019
Visit/business-operations/supply-chain-management-scm/354667/apple-closes-wuhan-store-in-anticipation-of
supply chain management (SCM)

Apple closes Wuhan store in anticipation of coronavirus infection

29 Jan 2020
Visit/business/business-strategy/354666/apple-reports-all-time-sales-records
Business strategy

Apple reports all-time sales records

29 Jan 2020
Visit/hardware/laptops/354509/apple-macbook-pro-16in-review-a-little-bigger-a-lot-better
Laptops

Apple MacBook Pro 16in review: A little bigger, a lot better

10 Jan 2020

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/operating-systems/microsoft-windows/354739/windows-7-bug-blocks-users-from-shutting-down-their-pcs
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020
Visit/hardware/354723/coronavirus-starts-to-take-its-toll-on-the-tech-industry
Hardware

Coronavirus starts to take its toll on the tech industry

6 Feb 2020