Hack the Planet - 2014 the year hackers took control
The 1995 film Hackers may have been derided for its less-than-realistic portrayal of hackers but nearly 20 years later, 2014 is the year hackers took control. United Artists

From leaked celebrity nude pictures to the devastating Sony Pictures attack, the theft of millions of credit card details and the increasing use of state-sponsored malware, 2014 was the year when hackers, cyber-criminals, hacktivists and cyber-spies took control of the planet.

Looking back on the last 12 months, it seems that you couldn't go a week (and sometimes a day) without some new and devastating revelation from the world of cyberspace which showed just how much power those looking to steal your information, monitor your movement, or highlight a perceived wrong have, especially when compared to those attempting to protect you from those people.

Technological advancements like the internet, smartphones, and cloud computing are helping to make our lives better, but 2014 made it perfectly clear that these technologies are also hugely insecure and those looking to take advantage of that fact are winning.

Here we look at the stories that define the year in cyber-security highlighting the fact that hackers are leading everyone from celebrities to multi-national corporations on a merry dance, and things are unlikely to change any time soon.

Sony Pictures vs North Korea

Let's begin at the end. The fallout from the devastating cyber-attack on Sony Pictures' systems is still on-going. The Guardians of Peace hackers who carried out the attack crippled the company's systems, stole "tens of terabytes of data" only some of which has been leaked to date.

Of course, ultimately the hackers were able to pressure the studio into cancelling the release of controversial film The Interview. The implications for the security industry are huge, and while many see Sony Pictures as the victim, its weak security policies should be a warning to all other companies.

The big question is: who is behind the attack? While it would be a nice narrative if Kim Jong-un was to blame, that scenario seems highly unlikely.

The Fappening and The Snappening

While Sony Pictures may be what we are all talking about now, the biggest hacking story of the year was certainly the theft and publishing online of hundreds of explicit images of celebrities such as Jennifer Lawrence, Kim Kardashian, Kate Upton and Arianna Grande.

While reports initially said Apple's iCloud network was hacked, the truth was that those stealing the images and videos were taking advantage of weak security by testing the iCloud login against thousands of passwords to crack the accounts.

Jennifer Lawrence
Jennifer Lawrence is among dozens of celebrities who had explicit, personal photos stolen and leaked online Reuters

The breach in August, dubbed The Fappening, was followed by The Snappening, a breach which saw a 13.6GB file containing 85,000 images and 9,000 videos shared through forums on Reddit and 4chan. The hackers didn't breach the official Snapchat app, but accessed the file through a number of third party apps, such as Snapsave.

Both events show just how vulnerable we are to having our most intimate moments stolen, and clearly celebrity privilege doesn't guarantee that your data is any safer.

Your data belongs to us

Everyday, billions of people around the world hand over private, sensitive personal and financial information to websites, online banking or in person at retail stores.

More than anything else, 2014 highlighted just how dangerous this practice is. At the beginning of the year, the full extent of the cyber attack against US retailer Target was emerging. In total, 70 million customer accounts were stolen, 40 million of which included credit or debit card details.

This was just the beginning of a torrent of similar breaches around the world. Here is a small list of the more significant attacks and how many customers have been affected:

  • JPMorgan Chase: 76 million households and 7 million small businesses affected;
  • eBay: Over 145 million customers affected though no payment information was stolen;
  • European Central Bank: Small in scale (approximately 20,000 accounts affected) but worrying given the status of the organisation; and
  • Home Depot: A huge 109 million records stolen (including 56 million credit cards).

These are just a sample. There are hundreds of other examples of criminals targeting big and small businesses to steal customer information which they then sell on the underground markets accessed via the dark web. The Target hackers earned a huge $53 million (£34.3m) from selling 2 million credit cards according to security researcher Brian Krebs who who broke the story.

So it's clear that there is a huge financial incentive for hackers to steal this information, and they are getting more and more sophisticated in how they access business's systems.

Krebs says retailers need to reassess their security priorities:

The retail industry has long viewed physical security – including the prevention of theft by employees and contractors – as a more present and costly problem than cyber crime. But the distinction between physical and cyber security is quickly eroding, if indeed there ever was one.

Hacktivists unite

Anonymous has been around for a while now, and while 2014 didn't see it reach the heights of notoriety it did in 2011 when the LulzSec attacks took place, the last 12 months showed the online collective come to the fore in highlighting perceived injustices.

From the moment the story broke about the shooting of unarmed teenager Mike Brown by a police office in Ferguson, St Louis, Anonymous led an online campaign to have the officer named, and helped coordinated protests at perceived police corruption and brutality across the US.

The problems with the group's leaderless structure also continue and were highlighted when one rogue member published the wrong name of the officer who shot Mike Brown.

Sabu Returns to Twitter Anonymous protest
Former LulzSec hacker-turned-FBI-informant Hector Monsegur warns that there is no real security, and if they wanted, hackers could break into airports, phone systems, and water supplies, and shut them down. CBS

While most of Anonymous was focused on events like Ferguson, along with events such as the Israel-Gaza conflict and dozens of other ops around the world, one former member was making headlines of his own.

Hector Monsegur, aka Sabu, walked free from jail earlier this year for his "extraordinary cooperation" with the FBI in helping identify and arrest his former colleagues within Anonymous. Monsegur has slowly begun to make some public appearances, including one at Vice's 20th anniversary party and in his first television interview on CBS.

Regin and the rise of state-sponsored malware

Thanks to Edward Snowden we now have a much clearer idea of the depth and breath of government monitoring of online communications and the technology they have at their disposal.

2014 saw the continuing emergence of government-backed malware which is highly sophisticated and tailored to target very specific victims.

The highest profile piece of state-sponsored malware in 2014 was Regin, which was created and operated at least in part by the UK government's spying arm GCHQ. Regin targeted victims in Russia and Saudi Arabia predominantly, but also systems in Ireland and Mexico.

The malware is sophisticated and targets private individuals, small businesses and telecom companies, and in particular it was found to have infected Belgacom, a partly state-owned Belgian phone and internet provider - as well as being discovered on computers at the European Union.

Regin is the most high profile state-sponsored malware reported in 2014, but the worrying thing should be the ones that have not been reported or uncovered and will only be reported in 2015 and beyond, when they will have done their work and pilfered the data they are after.