No year passes without incident, and that’s especially true for a 12-month period equally blighted with COVID-19 as it was with tech-related mishaps and mix-ups.
From public sector IT blunders to catastrophic cyber security failings, here’s our pick of the most eye-catching and alarming incidents to grace the headlines.
Government-funded laptops arrive in schools loaded with malware
The UK government welcomed us into 2021 with a major IT blunder that saw it issue malware-infested laptops to vulnerable children. A number of these devices were found to be infected with a "self-propagating network worm", and also appeared to be communicating with Russian servers.
The Windows-based laptops were, specifically, infected with Gamarue.1, a worm Microsoft first identified in 2012. At the time, the Department of Education said it was “urgently investigating” the issue that had only affected a “small number of devices.”
Slack kickstarts 2021 with a major outage
Slack, meanwhile, also started 2021 on the wrong footing, with the now Salesforce-owned business communications platform suffering a major outage on 4 January as employees across the globe began to log back onto their systems to start their working year afresh.
The outage saw team members unable to reliably send or receive messages, with some users also struggling to log into the service altogether.
Home Office wipes 15,000 police records
Back in February, the Home Office was forced to admit it had inadvertently deleted the records of more than 15,000 people from the Police National Computer (PNC).
A total of 209,550 offence records that related to 112,697 individuals were wiped from the system, including crucial evidence such as fingerprint scans, DNA and arrest records. This "critical incident" was later blamed on a combination of "human error" and failures at the management level.
SolarWinds blames intern for weak ‘solarwinds123’ password
Following the devastating supply-chain attack towards the tail end of 2020, SolarWinds admitted a former intern had leaked a weak company password that was publicly accessible on the internet for more than a year.
The top 12 password-cracking techniques used by hackers
The password ‘solarwinds123’ – a critical lapse in password security – was publicly accessible through a private GitHub repository from June 2018, before this was finally addressed in November 2019.
It wasn't immediately clear whether the password played a role in the major cyber attack the company sustained, although spokespeople for the company have repeatedly insisted this lapse was unconnected. This aforementioned incident saw up to 18,000 businesses compromised by a version of its Orion security platform loaded with malware. Of these businesses, less than 100 were hacked using the Sunburst malware. The incident, nevertheless, serves as a reminder for businesses to stay on top of information security as we transition on into a more dangerous than ever 2022.
Australia’s Channel Nine interrupted by cyber attack
In March this year, an unknown assailant took down a live broadcast by Australia's Channel Nine TV station. This ransomware attack locked staff out of emails, internet access and print production systems.
This incident, which serves as a concise visual metaphor for the disruptive effects of cyber crime, has since been described as the largest cyber attack to hit a media company in Australia's history. The incident itself affected several shows, including the Weekend Today programme, and forced the Sydney-based organisation to shift to its Melbourne studios.
Cause of the OVH data centre fire won’t be revealed until 2022
March played host to a series of incidents, as we also saw a fire erupt at an OVH data centre in the French city of Strasbourg. The destruction resulted in both the loss of data and service outages across Europe.
The incident was first reported on 10 March and the firefighters, although they responded almost immediately, were unable to stop a blaze inside the SBG2 building. Four rooms inside SBG1 were also destroyed, although two other data centres owned by OVH were not affected. The company, however, did have to switch off every one of its servers.
The official root of the blaze still hasn’t been revealed – and likely won’t until 2022 with OVHCloud’s chairman and founder Octave Klaba apologising for the incident, but remaining tight-lipped on the cause.
Gmail "more secure" than Parliamentary email, claims MP
In April, Conservative MP Tom Tugendhat faced a litany of questions after claiming GCHQ advised him Gmail is safer to use than the UK’s own Parliamentary email system.
During a radio interview, he said he’d been the subject of numerous cyber attacks, adding GCHQ had informally advised him he would be better off using Gmail rather than the Parliamentary system as it was "more secure".
“Frankly, that tells you the level of security and the priority we’re giving to democracy in the United Kingdom,” he said at the time. The incident echoed the poor security hygiene practices of the now digital secretary Nadine Dorries, when she admitted only a few years ago that she routinely shared her passwords with office staff.
Train firm slammed over 'bonus' phishing test
West Midlands Railway found itself in hot water in May after it dangled the prospect of a company-wide bonus for workers as part of a lure in a phishing simulation test.
Julian Edwards, the train operator’s managing director, emailed the company's 2,500 employees with a message saying the firm wanted to thank them for their hard work during the COVID-19 pandemic, promising a one-off payment. Those who clicked the link for the bonus, however, received a message telling them this was merely a "phishing simulation test" designed by the firm's IT team to entice employees.
The email was described as “crass and reprehensible” by the leader of the Transport Salaried Staffs Association, Manuel Cortes. Others in the cyber security community, meanwhile, struck a more diplomatic tone, suggesting this was exactly the type of lure cyber criminals would deploy.
Researchers leak Windows zero-day exploit in fatal misunderstanding
The PrintNightmare fiasco that raged through the summer perhaps became most widely-known for Microsoft’s failure to quash the bug – with a handful of faulty patches released for several flaws. The origins of the first exploit’s initial disclosure, however, will go down in cyber security infamy.
The comedy of errors began when Microsoft upgraded the status of an already-patched PrintSpooler component vulnerability, rated 8.8 on the CVSS threat severity scale, from privilege escalation to remote code execution. This prompted the firm Sangfor, which was conducting its own research into PrintSpooler flaws at the time, to publish research into an RCE PrintSpooler flaw, including a fully usable exploit.
The company believed the two bugs – the recently-upgraded flaw and that it had just published research on – to be the same, but they had in fact just published a working exploit for an entirely different, undiscovered, flaw.
Kaspersky generates passwords that can be ‘cracked in seconds’
In July we learned that Kaspersky Password Manager (KPM) was embedded with several problems that meant the passwords it generated could be cracked using brute force techniques “in seconds”.
The password generator created passwords from a given policy, with users able to set parameters to change password length and include uppercase letters, lowercase letters, digits and special characters. By default, KPM generated 12-character passwords with an extended chart set.
The generation process is a complex method but effectively meant letters such as q, z and x were more likely to appear than in the average password manager. Once any given letter was generated, it skewed the probability of other letters appearing in the same string.
‘Faulty configuration change’ takes Facebook, and others, offline
In October, Facebook suffered one of the worst outages in its nearly 20-year history. The outage, which the social network has since been blamed on a “faulty configuration change” took Facebook, Instagram and WhatsApp offline for more than six hours.
The outage cut off all internal communications, and even prevented employees from accessing critical data on third-party services such as Google Docs. Worse yet, it was reported at the time that Facebook sent engineers to one of its main data centres in California to remedy the issue, but the outage prevented staff from physically accessing company buildings and conference rooms with their badges.
Mark Zuckerberg’s personal wealth falling by $6 billion, by way of consequence, might seem a harsh result. This paled in comparison, however, to the impact the outage had on users in the developing world who are dependent on Facebook’s Free Basics programme for essential communication, business and humanitarian activities.
