Anatomy of a Breach

Anatomy of a Breach: 2011 Year in Review — The Year Everything Was Hacked

> series: anatomy_of_a_breach —— part: 036 —— year: 2011 —— verdict: the_year_everything_was_hacked<span class="cursor-blink">_</span>_

Hedgehog Security 31 December 2011 14 min read
data-breach year-in-review 2011 stratfor anonymous sony rsa lulzsec diginotar series
Breach #036

2011: the year everything was hacked.

No year in the history of cybersecurity has matched 2011 for the sheer volume, diversity, and audacity of breaches. Authentication infrastructure was compromised (RSA SecurID) and used to breach the world's largest defence contractor (Lockheed Martin). A gaming platform with 77 million accounts went dark for 23 days (Sony PSN). A hacktivist group embarrassed the NHS, the CIA, and the US Senate in the same month (LulzSec). A certificate authority was destroyed overnight (DigiNotar). A 168-year-old newspaper was shut down over voicemail hacking (News of the World). And as a final flourish, Anonymous closed the year by hacking intelligence firm Stratfor on Christmas Eve — leaking 860,000 email addresses, 75,000 credit card numbers (stored unencrypted), and five million internal emails.

The Stratfor hack was vintage Anonymous: the stolen credit cards were used to make donations to charities including the Red Cross and Save the Children, the leaked emails exposed embarrassing details about Stratfor's intelligence operations and client relationships, and the attack exploited the same basic vulnerability — unencrypted credit card storage and weak authentication — that had defined breaches throughout the year. It was a fitting end to the year everything was hacked.

The Breaches
Recommended

Not sure where to start?

We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.

Free Scoping Call

Twelve months. The most intense year yet.

# Breach Key Lesson
025 HBGary Federal A security firm hacked through SQL injection and password reuse. Nobody is too expert to be hacked.
026 RSA SecurID One phishing email compromised the authentication tokens protecting the defence industry.
027 Comodo CA Fake SSL certificates for Google, Yahoo, and Skype. The padlock lied.
028 Sony PSN 77 million accounts. 23 days offline. The ICO said it 'could have been prevented.'
029 Lockheed Martin Stolen RSA tokens used to breach the world's largest defence contractor. Supply chain cascades are real.
030 LulzSec 50 Days NHS, CIA, Sony, PBS, Senate — all hacked 'for the lulz' using basic techniques.
031 News of the World Default voicemail PINs enabled industrial-scale phone hacking. A newspaper was destroyed.
032 Operation Shady RAT 72 organisations in 14 countries compromised over five years. Nobody noticed.
033 DigiNotar 531 fake certificates. 300,000 Iranians surveilled. The CA was destroyed in three weeks.
034 NHS Trust Fines Wrong-number faxes, hard drives on eBay, accidental publications. The NHS pattern would not break.
035 Steam / Valve 35 million accounts. But hashed passwords and encrypted cards limited the damage — proving that good storage controls matter.
036 Stratfor + Year in Review 860,000 emails, 75,000 unencrypted credit cards, stolen on Christmas Eve. The year ended as it began.
The Themes

What 2011 proved beyond doubt.

Supply Chain Attacks Are the New Normal
RSA → Lockheed Martin. Comodo RA → fake Google certificates. DigiNotar → Iranian surveillance. The <a href="/blog/sector-under-the-microscope-defence-supply-chain">supply chain</a> is the attack surface. Every organisation's security depends on the security of its vendors — and 2011 proved that vendors fail.
Basic Vulnerabilities Persist Despite Everything
SQL injection compromised HBGary, the NHS, Sony Pictures, and InfraGard. Unpatched software enabled the Sony PSN and DigiNotar breaches. Default credentials enabled the News of the World phone hacking. Unencrypted data enabled the Stratfor and Brighton NHS breaches. After three years of this series, the same basic failures recur in every article.
Hacktivism Became a Global Force
LulzSec and Anonymous demonstrated that ideologically motivated attackers can cause as much damage as financially motivated criminals — and that their targets are chosen for maximum embarrassment rather than maximum profit. Hacktivism added an unpredictable dimension to the threat landscape.
Trust Infrastructure Can Be Destroyed
DigiNotar's bankruptcy proved that a breach can destroy an entire company — and that the internet's trust infrastructure is only as strong as its weakest certificate authority. The PKI system that underpins HTTPS was shown to be fragile at its foundations.
Looking Ahead

2012 and beyond: the pace only accelerates.

If 2011 was the year everything was hacked, 2012 will bring the LinkedIn breach (117 million accounts), the Dropbox breach (68 million accounts), and the continued evolution of state-sponsored espionage. The attacks will grow larger, the techniques will grow more sophisticated, and the consequences — financial, regulatory, and reputational — will grow more severe. The Anatomy of a Breach series continues.

The controls that would have prevented every breach in 2011 are the controls we test and implement today: penetration testing to find the SQL injections and unpatched systems, Cyber Essentials certification to establish baseline controls, SOC in a Box to monitor continuously, and incident response capability for when prevention fails. Three years of this series have demonstrated one consistent truth: the organisations that test proactively survive. The organisations that do not become the next article.

The Year Everything Was Hacked

2011 spared no one. Not the NHS, not the CIA, not Sony, not Lockheed Martin. Will 2012 spare you?

<a href="/penetration-testing">Penetration testing</a>. <a href="/cyber-essentials">Cyber Essentials</a>. <a href="https://www.socinabox.co.uk">SOC in a Box</a>. <a href="https://www.cyber-defence.io">Incident response</a>. The four pillars. Start now.

Commission a Penetration Test Back to 2011 — Breach #025
Next Step

Not sure where to start?

We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.

Free Scoping Call
Keep Reading

Related Articles

Anatomy of a Breach 30 June 2011

Anatomy of a Breach: LulzSec — 50 Days of Chaos from the NHS to the CIA

Breach #030. Between May and June 2011, a small hacktivist group calling itself Lulz Security — LulzSec — conducted a 50-day rampage that targeted Sony, PBS, the US Senate, the CIA, the NHS, the UK's Serious Organised Crime Agency (SOCA), and dozens of other organisations. Their stated motivation was simply 'for the lulz' — for laughs. The campaign demonstrated that a handful of skilled individuals could embarrass governments, corporations, and law enforcement agencies worldwide using basic, well-known attack techniques.

data-breach lulzsec
14 min read
Anatomy of a Breach 31 December 2021

Anatomy of a Breach: 2021 Year in Review — Log4Shell, Colonial Pipeline, and the Year Ransomware Became a National Security Crisis

Breach #156 and the 2021 finale. The year Colonial Pipeline shut down America's fuel supply through a single compromised VPN password, the Irish HSE was devastated by Conti ransomware, JBS paid $11 million to REvil, Kaseya's supply chain attack hit 1,500 businesses, Hafnium compromised 250,000 Exchange servers, someone tried to poison Florida's water through TeamViewer, T-Mobile was breached for the fifth time, and — on 9 December — Log4Shell (CVE-2021-44228) was disclosed: a critical remote code execution vulnerability in Apache Log4j, a logging library embedded in hundreds of millions of systems worldwide. The vulnerability in everything.

data-breach year-in-review
16 min read
Anatomy of a Breach 30 September 2021

Anatomy of a Breach: Epik — 180GB of Domain Registrar Data Including WHOIS Privacy Records

Breach #153. In September 2021, hacktivist collective Anonymous breached Epik — a domain registrar and web hosting company — and published approximately 180GB of data including the company's entire customer database, domain purchase and transfer records, WHOIS privacy data, login credentials, employee emails, and internal system configurations. The breach was particularly significant because Epik offered WHOIS privacy protection — meaning customers who had paid to keep their domain registration details private had those details exposed. The data spanned over a decade of records and affected millions of domain registrations.

data-breach epik
12 min read
All Posts Get in Touch