In 2016 data breaches and hacks have now become more common than ever before. It is no longer surprising to find millions of personal credentials compromised or leaked online – and personal data has never seemed more vulnerable.
This year has so far been dubbed the year of the 'mega-breach' – with cloud storage firm Dropbox the latest victim. Hack attacks have affected social media giants, technology firms, intelligence agencies and banks. What is more, the frequency of such incidents shows no sign of slowing.
IBTimes UK went through the biggest stories of the year (so far) to access the digital chaos caused by cybercriminals, hackers, hacktivists and online fraudsters.
The National Security Agency (NSA)
On 13 August, a hacking collective called the Shadow Brokers announced it had stolen – and leaked – a slew of computer exploits used by a secretive NSA-linked team called The Equation Group. The hackers released one file as proof of legitimacy before 'auctioning' the other for a hefty 1m bitcoins – equivalent to over $550m. The leak was confirmed to be legitimate by previously unreleased NSA documents disclosed by Edward Snowden and at least three major US technology firms – Juniper, Cisco and Fortinet – were forced to rush out statements and bug fixes as a result.
The World-Check database
The World-Check database, which is managed by Thomson Reuters, contains profiles on millions of suspected terrorists and individuals linked to organised crime. It is used by banks, businesses and intelligence agencies – and it was leaked this year. According to Chris Vickery, the security researcher who found the database online, it contained over 2.2 million records and profiles. Despite Reuters claiming to have plugged the leaky database, copies later appeared on an underground marketplace hosted on the Dark Web.
The Qatar National Bank (QNB)
In April this year, a 1.4GB trove of documents and internal financial data was uncovered online that was compromised from the Qatar National Bank (QNB). The data dump, which was confirmed to be legitimate by IBTimes UK, contained customer transaction logs, personal identification numbers and credit card data. However, it was the inclusion of folders containing compiled data on Al Jazeera journalists, the Al-Thani Qatar Royal Family and alleged spies that really made this leak explosive.
The Bangladesh Bank heist
In a cybercrime scheme that has since been branded the largest recorded case of financial hacking, a massive $81m (£56m) was stolen from the Bangladesh central bank back in February. In a complex attack, hackers were able to compromise the firm's connection to the Swift messaging network and place transfer requests worth a gargantuan $951m from bank's account at the Federal Reserve in New York. Luckily for the bank, the large scale fraud was foiled by a typo. After the news broke, similar incidents were reported across multiple locations include Vietnam and Ecuador.
The Democratic National Committee (DNC)
The infiltration of the DNC at the hands of two suspected hacking teams affiliated with the Russian state has ramped up election rhetoric across the US political system. At the time of writing, at least two groups linked with the Democratic Party and 100 government officials are believed to have been targeted by hackers linked to the Kremlin. A mysterious figure called Guccifer 2.0 emerged to leak documents relating to Hillary Clinton and her staffers, while multiple cybersecurity firms produced evidence of Russian involvement. WikiLeaks waded into the picture by leaking 20,000 DNC emails and has promised to release more data before the 8 November election. Ultimately, this was the hack that set an entire mainstream political system on edge.
The voting system hacks
Mexico, Turkey and the Philippines each suffered massive leaks of citizen voting registration data this year. The Mexico breach featured an unprotected database that contained 93.4 million records including names, home addresses and personal ID numbers. In the Turkey leak, a hacktivist published details of almost 50 million citizens. In a 6.6GB file, data included first and last names, national identifier numbers, mother and father's first names, gender, city of birth, date of birth, full address, ID registration cities and districts of 49,611,709 voters. Meanwhile, a group linked to Anonymous leaked data on 55 million voter records in the Philippines, hacked from the Commission on Elections (Comelec).
Hundreds of millions of personal credentials hacked around the period of 2012/13 appeared online this year – affecting firms like MySpace, LinkedIn, Twitter and Yahoo. Each were uploaded in some fashion by a hacker dubbed 'Peace' to The Real Deal, a marketplace only accessible via the Tor network. The leaks included 360 million account credentials from MySpace, 117 million LinkedIn user records, 200 million Yahoo accounts and 32 million Twitter passwords. Dropbox can now be added to this growing list.
The Panama Papers
The Panama Papers data leak was bigger than anything released by WikiLeaks or Edward Snowden and lifted the lid on how a slew of high-profile officials and world leaders employ offshore accounts to hide cash and allegedly evade paying taxes. It contained roughly 11.5 million records consisting of offshore documents from a Panamanian law firm, Mossack Fonseca. In the aftermath, the source of the leak came forward and said: "I decided to expose Mossack Fonseca because I thought its founders, employees and clients should have to answer for their roles in these crimes, only some of which have come to light thus far. It will take years, possibly decades, for the full extent of the firm's sordid acts to become known."