The 10 Biggest Security Stories Of 2010

Out With A Bang

Indeed, 2010 was a year that went big — big data breaches, big threats and bigger-than-big acquisitions. Major security players were gobbled up left and right by private equity firms or stack giants. Seemingly impenetrable multinational corporations scrambled to keep their data secure in the wake of sophisticated hacker attacks. And botnets evolved to incorporate search and destroy code that could target nuclear plants and other critical infrastructure.

So, in the spirit of the year's larger-than-life happenings, here's a look at what the 10 biggest security stories 2010 had to offer.

1. Intel's Surprise McAfee Move

In a blockbuster move Intel in August unveiled plans to buy McAfee for a whopping $7.68 billion, including $48 per share in cash.

Intel CEO Paul Otellini has said that he does not plan to change McAfee's business model, sales practices or products. However, Intel has also said that current security measures fail to address billions of new Internet-ready devices such as mobile and wireless devices, TVs, cars, medical devices and ATM machines. The marriage of security onto the chipset could better protect Internet-ready devices from a myriad of sophisticated malware threats.

Meanwhile, some partners have said that the merger, while potentially revolutionary, carries weighty implications that could significantly impact McAfee's channel program and lower-end offerings.

2. Google Blindsided By 'Operation Aurora'

Kicking off 2010, Google and more than 30 other corporations, including Intel and Adobe, suffered a serious malware attack, considered by some to be the most significant in corporate history. The attack, which appeared to be sourced from China, enabled hackers to infiltrate corporate networks to steal critical assets such as intellectual property.

During the attack, dubbed Operation Aurora, victims received a link delivered via e-mail or IM from what appeared to be a "trusted source." The victims clicked on the link, which redirected them to a malicious Web site hosted in Taiwan that exploited a zero-day Internet Explorer vulnerability to download malware onto their systems. The malware then set up a backdoor that connected the victims' computers to command and control servers in Taiwan, which turned the machines into drones and gave the attackers access to the crown jewels of all internal corporate systems.

3. Stuck By Stuxnet

Possibly the biggest malware threat of all time, Stuxnet rocked the security community in September when researchers found traces of malware on Siemens industrial software systems that operated Iran's Bushehr nuclear reactor. The attack, which exploited four zero-day Windows vulnerability, spread via infected USB devices inside the plant.

The worm differentiated itself from other malware with its "search and destroy" code, designed to target industrial facilities such as chemical manufacturing and power plants using Supervisory Control and Data Acquisition (SCADA) systems.

Prior to the Bushehr plant, the malware had spread throughout numerous targets in Asia, including Malaysia, India and the Middle East throughout the summer.

4. Symantec Buys The Stack

Well, almost. Symantec gave itself a huge leg up in the encryption space when it announced the dual purchase of encryption leader PGP and GuardianEdge in April. Executives contended that the move further solidified Symantec as a competitive player in the data protection and encryption space with access to an array of encryption technologies, including whole disk encryption, removable media, e-mail, file, folder and smartphone encryption, in addition to its existing endpoint security, data loss prevention and gateway security offerings.

The following month, Symantec announced that it would buy VeriSign's Identity and Authentication Business, including its Secure Socket Layer Certificate Services, for $1.28 billion in cash — a deal that would bring the security giant VeriSign's SSL Certificate Services, Public Key Infrastructure, VeriSign Trust Services and VeriSign Identity Protection Authentication Service.

5. Zeus Takedown

Continuing an ongoing investigation that occurred throughout the summer, federal officials issued 37 warrants to individuals for involvement in an international cyber crime ring that used the Zeus botnet to steal millions of dollars from U.S. bank accounts.

Members of the cyber ring, the majority of which were from Eastern Europe, used the Zeus botnet to send millions of spam messages to users' homes, businesses and government offices containing malicious embedded links or attachments. Malware was downloaded onto users' computers once they opened the Web pages or files, designed to record key strokes, capture bank account usernames and passwords, and then steal sensitive financial information.

Altogether, the hackers behind scheme were responsible for lifting tens of millions of dollars from U.S. bank accounts.

6. Security Consolidation Galore

Private equity firms seemed to gobble up security vendors in 2010, kicking off when Sophos announced in May that it was selling the majority of its business to private equity group Apax Partners for $830 million.

Executives said that they were leaving on a high note, given that the company had a strong cash flow and 19 percent cumulative annual growth. However, the company recently cut a reported 7 percent of its workforce, and closed two facilities in Massachusetts and Ohio.

Meanwhile, in June, SonicWall entered a deal to be acquired by investor group Thoma Bravo, valued at $717 million, that represented a premium of approximately 28 percent over the company's final closing price.

7. The Microsoft Waledac War

Microsoft doesn't lose many battles, even against giant global botnets. The software giant helped obliterate the remains of the botnet Waledac in September when a U.S. District Court judge recommended that the court issue a default judgment to permanently transfer ownership of 276 domains to the company in an effort to put a stop to their use by cybercriminals. The move essentially cut the botnet's communication with numerous affected computers and rendered the domains ineffective.

Bolstering its case, Microsoft said that it presented evidence to the court that indicated that the defendants actively tried to retaliate against the company by attempting to launch a distributed denial of service DDOS attack against the law firm that filed the suit, and also tried to threaten one of the researchers involved in the case.

8. McAfee DAT File Disaster

McAfee had its hands full in April when a buggy antivirus software update caused big problems for computers running Windows XP.

The issue stemmed from an infected McAfee DAT file version 5958, which caused Windows XP systems to somehow mistake a legitimate operating system for malware, causing them to enter a continual reboot cycle and lose network connectivity. Windows XP users who were affected by the error were subjected to the Blue Screen of Death and an almost unending loop of shutdown messages and reboots.

In an effort to remediate the disaster, McAfee told channel partners that it planned to fund an initiative that would include an up-front health-check, and online and onsite consulting best practices services, including travel expenses and time.

9. iPad Info Hack

Apple was the victim of a data breach in June when hacker group Goatse Security exploited a gaping security hole in AT&T's Web servers and published tens of thousands e-mail addresses of iPad 3G customers who utilize AT&T's data service.

Altogether, the hackers leaked the e-mail addresses of at least 114,000 iPad users from an exclusive Apple list that included New York Times CEO Janet Robinson, TV news anchor Diane Sawyer, movie producer Harvey Weinstein, NYC Mayor Michael Bloomberg, among others.

10. Facebook Privacy Dance

It would hardly be a year if Facebook didn't engage in its ongoing privacy mindgame with its 500 million users.

In an attempt to make nice with its critics, the social networking giant launched some reforms to the highly controversial "Connections" setting, which exposes users' profile data to search engines and other third-party applications, by giving users an easier way to completely "opt out" of sharing their personal information with everyone. The site also provided a new privacy settings page that allowed users to set their own "default privacy level."

Congress later scrutinized the social networking giant for a privacy loophole that allowed third-party apps such as Farmville and Mafia Wars to access and aggregate users' social networking identification numbers. The ID numbers could be linked to users' profiles and the profiles of their Facebook friends, which could potentially be used to track online behavior.