There is no denying that 2016 is widely regarded as a "bad year", culturally and politically. But what of the security world -- how did 2016 stack up? And what can we learn from the leaks, breaches, and surveillance increases?
Leak, After Leak, After Leak
While website hacks and data leaks have been a mainstay of our online lives for a number of years, 2016 was the year that everyone was forced to pay attention. Among the numerous casualties were cloud storage provider Dropbox and professional social network LinkedIn.
The Dropbox hack exposed 68 million accounts, with only half of all passwords being securely encrypted. LinkedIn managed to surpass this by losing 117 million credentials, or 73 percent of their userbase at the time. Despite this attack coming to light in May, Microsoft still acquired LinkedIn for $26.2 billion less than a month later. Continuing LinkedIn's bad year, it looks as though their online learning site, Lynda, may have been compromised too.
Spotify suffered a mysterious and still unexplained leak in April, resulting in hundreds of accounts leaked on Pastebin. The phenomenally popular game Minecraft was next in line but this time it wasn't from the company itself. Instead, Minecraft fansite Lifeboat was attacked exposing over 7 million accounts and the site's poor security practices.
To be fair to Dropbox and LinkedIn the main bulk of their data appears to have come from attacks that happened in 2012. In the intervening years the respective companies have largely improved their security efforts. However, this is of little comfort to the millions of users whose personal information ended up online.
They Weren't The Only Ones
U.K. internet provider TalkTalk was hacked by a 17-year-old, video sharing website Dailymotion lost 85.2 million usernames and email addresses, and San Francisco's transport system was held ransom to the tune of 100 Bitcoins ($80,000).
Last year's Ashley Madison leak was widely considered to be the worst adult website leak in history. The release of sexual preferences was particularly damaging as it was used as a tool for blackmail and reputation damage. Having found a useful way to exploit users, hackers attacked more adult websites, resulting in the Brazzers and AdultFriendFinder leaks.
These leaks in themselves are all fairly damaging if the attacker accesses the data inside the account. The problem is compounded as it became clear that many people still re-use login information across multiple sites. This culminated in look-like-hacks-but-weren't of high profile sites like TeamViewer, and Gmail.
It Happens to Us All
In a twist of irony, Twitter CEO Jack Dorsey's Twitter account was hacked by the group OurMine. The group also managed to deface Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts. Not content, they targeted other tech CEOs, including Google's Sundar Pichai, Uber's Travis Kalanick, and Spotify's Daniel Ek. After you've finished smirking, you can take satisfaction that these high-powered tech CEOs fall prey to the some of the same security mistakes as the rest of us.
The best advice is to start using a password manager. While offerings from LastPass and Dashlane are the most popular, there are plenty of open source alternatives. Once you have secured your passwords, you can enable two-factor authentication as an extra layer of security.
Yahoo's Year Went From Terrible to Worse
While we are on the subject of data leaks, Yahoo had an astonishingly bad year. After failing to turn the ailing internet company around, Marissa Mayer finally took the decision to sell. Having found a prospective buyer in Verizon, Yahoo then went on to damage its own chances of a sale by admitting that 500 million accounts were leaked two years ago. Oh, and they had been allowing the NSA to have unfettered access to your account.
Because 500 million accounts and government spying weren't shocking enough, Yahoo closed out the year reporting that a further billion accounts had been leaked. Go big or go home, right? If you are thinking now is the time to migrate away from Yahoo Mail, there are secure alternatives like ProtonMail.
Held Hostage by Malware
Viruses and malware have been a major headache for computer users the world over ever since we began connecting to the internet. Luckily, companies are getting better at catching and fixing security vulnerabilities so that the impact of any attack is much lower. Never ones to be left out, hackers have turned their attention to the comparatively weaker mobile operating systems like Android.
Two large exploits have been found on Android devices this year. Over the summer details emerged of a vulnerability in Qualcomm chipsets which are widely used in Android devices, known as Quadroot. The exploit uses one of four vulnerabilities to gain root access to your device. While security patches have been released, the timely distribution of system updates is poor at best, leaving many devices still susceptible.
The second also aims to take root privilege of your device by installing malware, dubbed Gooligan, on your device. This is done either through a malicious link or rogue app found on third-party marketplaces. This exploit only affects older versions of Android pre-Marshmallow 6.0. Although that accounts for roughly 75 percent of all devices currently running Google's OS.
The Rise of Ransomware
The most problematic malware has without a doubt been ransomware. Throughout the year the incidences of this incredibly vicious malware increased to previously unseen levels. Ransomware is a piece of software which will lock functionality on your device or even take your files and data hostage. Messages are shown on screen to prompt you into paying to unlock your machine and remove the software. Typically though, even if you do pay, the hackers will just make fraudulent charges on your card, and do nothing to remove the malware.
The attackers are also getting smarter with their distribution tactics. A new variation of the infamous Locky ransomware doesn't require you to agree to install any software. Instead, it uses JavaScript to download and run an embedded file, infecting you with the pernicious malware. The San Francisco transport hack we mentioned earlier was a form of ransomware, allowing commuters to travel for free until the ransom was was paid. This is likely to be a trend that will continue into 2017, with hackers using ransomware to hold cities, transport, and other infrastructure hostage for financial gain.
Your Privacy Was Further Eroded
It's been no secret that we leave a lot of our personal data lying around in the digital world. Some of that comes from information we choose to post on social media, while some is gathered in the background without our input.
The most well-known data miner is Facebook. The social media giant has many different ways to capture information about you. It is then put to use either in their own products or sold to third parties. They are far from the only ones exposing your data all over the web though, as even fitness trackers are being used for less-than-virtuous reasons.
Our fitness trackers, wearable tech, and health apps generate a tremendous amount of useful data, that advertisers and insurance companies would love to get their hands on. In most countries around the world the privacy of medical and health information is closely protected. However, the tech market is outpacing regulation, so your supposedly private data isn't necessarily going to stay that way.
The Pokemon Go Debacle
Over the summer, the augmented reality game Pokemon Go became a surprise megahit, being downloaded more than 10 million times in the week following its release. However, a large debate raged in the first few days of release about the level of permissions the game required. When signing into the game on iOS you were forced to give the developers "full access" to your Google account, a privilege only really afforded to Google's own apps. Fortunately, it was caused by a mistake in the way Niantic implemented the sign in mechanism.
The debate at least showed that users are beginning to understand the implications of handing over their personal data. Our smartphones tend to be a major source of data leakage, but luckily both Android and iOS have ways to tweak your settings to protect your privacy. Windows 10 has suffered quite a lot of criticism for its heavy data collection. Happily, there are ways to minimize what you are sending back to Redmond.
The Rise of Big Brother
Digital surveillance isn't a new concept -- China has been doing it for over a decade. With the Snowden leaks in 2013 we learnt about an invisible network of intelligence agencies around the world who were tracking our every move. As public outrage grew, it seemed that there was a chance that governments would backtrack and minimize their surveillance tactics.
This year we learnt that the opposite was to be true. Around the world, governments and intelligence agencies are doubling down on their surveillance, and in many cases attempting to legitimize their practices. This includes the now-infamous Snoopers Charter in the U.K.. The bill passed into law in November, forcing ISPs to keep logs of all activity on their network for up to a year. This information can then be shared between a bewildering array of government agencies for... reasons.
Similar legislation is expected to legitimize the alarmingly wide-reaching surveillance practiced by the NSA. Unfortunately, public opposition to these privacy-destroying tactics is starting to collapse in the name of "national security". Sadly, social media has supported this narrative by allowing extremists and terrorists a platform to spread their message while the companies play whack-a-mole in defense.
Databases Galore
To their credit, Facebook, Twitter, Microsoft, and YouTube will be working together to create a database of terrorism related content for easy removal. However, the database may turn into yet another surveillance tool. This would go nicely with Twitter's potential censorship group the Trust & Safety Council.
The FBI is also developing a surveillance-friendly database known as Next Generation Identification (NGI). This system would be "the world's largest and most efficient electronic repository of biometric and criminal history information." This adds more strength to the argument that biometrics may not be the future of identification after all. It isn't just governments that are intent on spying on you, though. Private investigators and amateur sleuths are developing methods to track individuals across the web.
You may have missed it, but America had an election this year. The political parties were finding novel ways of collecting information on potential voters too. Worryingly, police departments have started using controversial software called Beware. The aim is to assign you a "threat score" based on your social media accounts. All of this sounds quite Minority Report-esque which should make you wary of what you share on social media.
Reasons to Be Cheerful
Looking back over such a tumultuous year can leave you with the impression that the world is collapsing around us, with our private data paraded in the open by governments and hackers.
However, there are some companies trying to improve the situation for all of us. This includes Mozilla, the developer of the web browser Firefox. Mozilla's Manifesto lists ten principles that are all about protecting the security and accessibility of the internet. To that end, they recently released Firefox Focus -- a privacy focused web browser for iOS.
The technologies that provide the backbone to the internet are undergoing change for the better too. Transport Layer Security (TLS) is gradually replacing Secure Socket Layer (SSL) to create a more secure connection between you and the website. There is also a push towards 100 percent HTTPS adoption. The security company Symantec is offering websites certificates for free along with paid add-on services. Then there's Let's Encrypt which also offers free certificates, operated by the public benefit corporation ISRG.
It's not yet clear what role Bitcoin will have in the future, but the blockchain will make our world more secure. There's a chance that it may be able to make electronic voting a reality. The movement to use blockchain to keep content creators in control of their work is edging closer to the mainstream. It may even make traditional banking more secure.
Keeping Control of Your Privacy
The Orwellian themes popping up in surveillance schemes around the world may be chilling. Fortunately, there are plenty of organizations fighting on your behalf to keep the internet from becoming a privacy blackhole.
Contrary to what some commentators say, encryption is the key to ensuring your security. You can even enable end-to-end encryption in Facebook's WhatsApp messaging service. If you want to protect yourself from the overzealous eyes of your ISP, then you could even make the switch to a logless VPN.
Tighten Your Security for 2017
You may feel like you've had enough of hearing that yet another of your accounts has been hacked. However, it's important that you beat your Security Fatigue if you want to stay safe. One of the best things you can do to protect your privacy is to change what you intentionally post on the internet. There are plenty of ways to protect your children too, so that they can make the most of the online world.
As we move into the new year it is a good idea to do an annual security checkup, to make yourself as secure as possible. Then take preventive action, like signing up to the website haveibeenpwned to get alerts if your accounts are ever compromised.
How did you find 2016? Were you affected by the mountains of hacks? Or did you get struck by Ransomware? Let us know in the comments below and have a safe, secure 2017!