2014 was the year Kim Jong-Un watched you undress through your laptop web camera. Well, not quite, but at times it was almost as worrying. It did see some big plays from the black hats as they set out to pillage, obstruct and generally embarrass major corporations to entire countries, as well as hacktivists intervening as crusaders of social justice. The hacks ranged from petty DDoS attacks to politically charged hacking threats, to all out sex offences. There was also cross-fighting between hackers. The very real phenomenon has been the bane of security professionals’ existence, permeating the international consciousness in perhaps the most prominent hacking ‘wave’ in recent memory. One can’t deny the position of power the wily hacker possess right now, and we saw this in many different ways throughout the last year. Was there really a grand context behind it all? Let’s look back at the events of 2014, and what they meant, if anything at all.
It wasn’t exactly a hack, but the Heartbleed vulnerability to the security software OpenSSL was one of the major spooks of the year, prompting a hysteria of password changes and security experts on the breakfast news. Several major websites and applications using an implementation of OpenSSL were affected to varying degrees, including Facebook, Instagram, Netflix and Gmail, although what it amounted to erred more often than not on cautionary advice rather than ultimatums on password changes, as many sites rapidly rolled out security patches. The majority seemed to have experienced no serious security breaches or malicious activity, seemingly catching the bug before hacker groups could really go to town. However, perhaps the strongest underlining to the whole debacle was the resonance it had in the open versus closed source security software debate. That there was a vulnerability lurking within the code of OpenSSL for two years was a hugely embarrassing oversight, bookended with the flood of attacks on servers made possible by the Shellshock bug at the end of the year. In the immediate future there will be a long, hard look at open source security, ensuring that the way in which the software is developed is in itself secure, and weighing up a greater potential interaction between open source and corporate funding.
August was a turbulent month for hacking, for hugely different reasons and on separate parts of the spectrum (it ain’t just black and white, right?). The celebrity hacking scandal affectionately dubbed ‘the Fappening’ was responsible for the theft and leak of explicit media of several well known celebrities, and was a big kick in the teeth for Apple’s cloud storage service, iCloud. The internet was awash with panic as well as guidance about securing iCloud, putting the scare into people that malicious hackers could reach past the security mechanisms of technological corporations as sophisticated as Apple. It was also the month where hacktivism played a powerful role in real world, unfolding events, as Anonymous intervened in the tense stand off in Ferguson, USA, following the shooting of Michael Brown. As is Anonymous’ typical modus operandi, they threatened the police with the release of sensitive information to the public (a method known as doxing), should they not reveal the officer responsible for the killing. However, in the pursuit of social, moral and political justice, Anonymous had to deal with a splinter in its own ranks, as a member was found to have misidentified the officer, forcing the group to swiftly denounce the loose cannon and its misinformation. We saw last year hacking as yet again an activist vessel wielded in defence of justice, demonstrating how cyber space has become a significant dimension in real world events.
Finally, on to Christmas, Lizard Squad had their fun making Xbox and Playstation gamers cry ( subsequently triggering a war with Anonymous), but the obvious big story was the furore over Sony’s The Interview as its depiction of the North Korean leader’s demise wasn’t taken with the light hearted grace that I’m sure was previously shown for Kim Jong-Il’s even handed representation in Team America. Sufficiently terrified by a threat in broken English and following the overture of one of the worst corporate network hacks in history, Sony backed down and pulled the film, then partially reneged by making it available through VOD, even prompting some to suggest the whole thing was a deliberate conspiracy (which was of course a whole load of hash). Anonymous, the Guardians of Peace, Lizard Squad; 2014 was the year the hackers really pushed all the buttons and got (for the most part) what they wanted. How the world deals with the black hats, the white hats, the hacktivists, the trouble makers in the future will be intriguing for sure.