December 18, 2013 — CSO — Data loss, privacy violations, stolen source code, malware development, and more. In hindsight, 2013 was busy year for security professionals, as well as a costly one for the organizations and individuals targeted by criminals.
As mentioned, 2013 was a busy year with regard to security incidents. While there's still a month left, the fact remains that one-hundred million plus records have been compromised during the past eleven months. The source of this loss has been blamed on everything from nation state attacks and activists, to hackers with an agenda.
No look back at 2013 can skip Edward Snowden, and given the scale of news related to him, an entire retrospective could be dedicated to the topic. The former NSA contractor leaked anywhere from 50,000 to 200,000 documents to the press (Glenn Greenwald and Laura Poitras). His actions exposed the expansive data collection and surveillance operations of the NSA and their partners, including Britain's GCHQ. Specifically, the materials leaked by Snowden exposed programs with names such as PRISM, Boundless Informant, and Tempora. These programs are now known to have been managed with little to no oversight, and to have overstepped their mandate in some cases.
Snowden's saga is on going, and the government's reaction to his disclosures has sparked countless debates in Congress. These debates carried over to the public, where some call him a traitor, while others call him a hero. In June, federal prosecutors charged Snowden with theft of government property, as well as unauthorized communication of national defense information, leveling the 1917 Espionage Act against him. Currently, he resides in Russia where he was granted asylum for one year in August.
Additionally, Snowden's disclosures have also had a ripple effect in the private sector. Silent Circle and Lavabit closed their email services out of concerns over government surveillance. However, the upside to the Snowden saga is that the public has started experimenting and adopting secure communication standards, including using Off-the-Record for chatting, PGP for email, and Tor for browsing. While these options are not wide-spread, general discussions about them and how to use them are taking place more frequently, which is viewed as a good thing by privacy advocates.