Loopholes were exploited and security barriers toppled as hackers reigned in 2014. Multinational corporations, celebrities and government websites all fell victim to cyberattacks.
Let鈥檚 face it, nowadays it takes more than run-of-the-mill password protection to stay secure -- especially when the most common is "123456" -- to keep private data safe.
Here are the cyberattacks of significance this year.
Heartbleed infects the CRA
With a name like Heartbleed, it is hard to picture anything but the all-too-common Hollywood trope of a "nerd" typing frantically at a Matrix-esque black and green screen.
Last April, the that exploits a flaw in widely-used encryption software was responsible for allowing a hacker to access taxpayer data from the Canada Revenue Agency.
The breach saw around 900 SINs stolen from the CRA鈥檚 system over a six-hour period, and the agency鈥檚 website was down for four days as a ""
On April 15, the RCMP charged 19-year-old . Solis-Reyes is a computer science student at Western University, where his is also a computer science professor specializing in data mining.
----
NRC gets caught phishing
In December, the Canadian government said that were responsible for a cyberattack against the National Research Council back in July.
The feds claimed the Chinese government baited employees to install malware on government computers, allowing them to get access to valuable data, such as usernames and passwords.
This allowed hackers to connect the research council system to their computers abroad.
Although it wasn鈥檛 quite on the same level of government-versus-government cyber warfare as when the U.S. and Israel teamed up to create which roughly a fifth of Iran鈥檚 nuclear centrifuges in 2011, Chinese hackers may have been attempting to steal sensitive information from the council.
The NRC carries out advanced research in fields including aerospace, health, mining and physics.
----
The "Fappening"
In September, nude photos of more than 100 celebrities, including Oscar-winning actress Jennifer Lawrence, model Kate Upton and actress Mary Elizabeth Winstead were leaked online and posted to social media websites such as Reddit and 4Chan.
This was only the beginning as there were reportedly another two waves of similar incidents in the months to follow of the so-called "Fappening." The name is a reference to the 2008 film "" combined with the term "fap", which colloquially means to masturbate.
Other celebrities like singer Rihanna, reality TV star Kim Kardashian, model Emily Ratajkowski, and actresses Vanessa Hudgens, Mary-Kate Olsen, Gabrielle Union, Anna Kendrick and Hayden Panettiere were also affected.
The fallout from attack was massive.
Google was threatened with a $ by celebrity lawyers for allegedly circulating the photos and "making millions from the victimization of women."
The hack also sparked a debate around Internet privacy, as Reddit banned the subreddit "TheFappening." Jennifer Lawrence and many others urged authorities to step in, calling the incident "."
The identity of the hackers responsible for the leaks have yet to be determined and the FBI is reportedly . But we do know that the infamous hacker .
----
Home Depot springs a leak
Just by activating security software, the data of as many as 56 million credit cards may have been protected from a cyberattack.
Instead, credit card data as well as email addresses of Home Depot customers in the U.S. and Canada was put at risk when their systems were compromised. The data leak was revealed in September, but may have begun as early as April.
The U.S.-based retailer, which has more than 2,000 locations across five countries and nearly $79 billion in annual revenue, the breach on Sept. 8, almost a week after customer credit card data was put up for sale on Rescator.cc.
According to Business Week, internal Home Depot suggested that security contractors told the company to beef up its cyberdefences by activating a security key, which may have added an extra line of defence against malicious software designed to target retail terminals.
However, the company chose to keep the security measure deactivated. Internal documents suggest that the program sometimes generated false positives.
Home Depot wasn鈥檛 the only major U.S. retailer to report a large compromise in 2014, the list includes: Michaels, Neiman Marcus, UPS, Goodwill, P.F. Chang's and Sally's Beauty Supply.
----
Ottawa goes bananas for hacktivists Aerith
Web users who visited Ottawa.ca on Nov. 21st were treated to an impromptu performance by a "" and a note that read ""
Aerith claimed to be responsible for a string of attacks on government websites in response to the arrest of an Ottawa teen accused of "swatting," or calling 9-1-1 and faking emergencies in order to lure tactical police teams.
The group alleged the 16-year-old is innocent, and said it had proof that evidence was "manufactured" by police investigators.
In a series of attacks over the next three days, Aerith also took down the Ottawa police website, the Toronto Police Services website and Laval.ca.
----
An 'act of war'?
In December, a group of hackers referring to themselves as the Guardians of Peace infiltrated Sony Pictures Entertainment and leaked an estimated of data.
The incident came months after North Korea called the release of the 鈥淭he Interview鈥 an "," and promised "stern" and "merciless" retribution.
The FBI pointed its finger at North Korea, saying there are similarities between the Sony cyberattack and past "malicious cyber activity" connected directly to North Korea.
Speculation was rampant that the break-in was perpetrated by the isolated nation in response to the Sony-produced comedy "The Interview," about a CIA plot to assassinate Kim Jong Un.
Pyongyang , but also referred to the attack as a "righteous deed."
Sony initially shelved the Christmas Day release of "The Interview" due to threats of a terrorist attack, but later made the film available on a number of .
Hackers praised Sony鈥檚 decision to pull the plug on the film's theatrical release, telling the studio in an that the decision was "very wise" and saying its data would be safe "as long as you make no more trouble."
The breach has been followed by a firestorm of controversy, which has proven to be "Nazzo Good," like the alias of Rob Schneider whose fake name, along with that of a , was made public in the hack.
Five movies, four of them unreleased, were leaked to pirating websites: "," "," "," "" and "."
A list of Sony executives' salaries and private email exchanges were also made public.
The details of several of these exchanges have put people like Sony鈥檚 co-chair, Amy Pascal, and Oscar-winning producer Scott Rudin in hot water over their remarks. Pascal for "insensitive and inappropriate" comments in her emails about U.S. President Barack Obama鈥檚 presumed taste in movies. While Rudin was criticized for calling Angelina Jolie a ""
Perhaps to surface in the aftermath of the attack was that Sony kept a trove of company passwords, virtually gift wrapped and tied with ribbon for hackers with the label "Password" in their system鈥檚 file directory. The directory contained files with thousands of passwords to Sony鈥檚 internal computers, social media accounts and web service accounts.
