Top 10 hacks of all time
Published 6:52 AM, 6 May 2011 Last update 10:30 AM, 6 May 2011
Efforts to stop hackers from breaking into the most sensitive corporate and government databases don’t seem to be working, with tech-related breaches on the rise. According to the latest annual report from Verizon on the subject, incidents of data breaches are at an all-time high and hacking is behind most of them. Hacking doesn’t just tarnish an organisation’s reputation but can burden them with an enormous cost. For hackers there’s a mix of fame and felony charges that awaits them and in some cases, fortune with a career as an internet security consultant. But who wins the fame? What are the top 10 hacks of all-time?
Sony Playstation’s Network Invasion
The consumer electronics giant has finally pointed to the internet vigilante group Anonymous for its data breach and is perhaps learning a lesson not just about internet security, but about what happens when you piss off a powerful group of people. On April 20, users of the Sony’s Playstation Network were hit with an outage and it took a few days for the company to even acknowledge the network was down. Two days after that Sony confirmed it had suffered a security breach. Finally, on April 26, Sony informed its customers that many user IDs and passwords had been stolen – 77 million to be precise – and advised that they should monitor their credit card statements for fraudulent transactions. Then, on May 3 the company prevented customer access to Sony Online Entertainment accounts because the original breach had gone beyond PS3 users and into other branches of the business. Sony stressed that contrary to media reports this wasn't a second breach, but a realisation that the original breach had gone further than they originally realised, which is arguably worse. What makes this attack interesting is it’s potentially an act of retribution. Two days before the attack, Sony settled a case with George Hotz, also known as Geohot, who posted a code that can jailbreak Playstation consoles. Whether this turns out to be a watershed event for US corporates and the way they interact with hackers remains to be seen.
Epsilon’s email address databreach
While it might not be an instantly recognisable company name, it’s the victim of one of the worst data breaches in corporate history that could have affected you. Here’s why. Epsilon is an email marketing company that delivers loyalty services for more than 2,500 companies, including seven of the top 10 on the Fortune 100 list. Epsilon sends over 40 billion emails each year on behalf of these clients and to do this, it’s estimated that it possesses 250 million email addresses. Epsilon hasn’t revealed anything about the nature of the breach, only that it was discovered on March 30. There’s no telling how many addresses were compromised and companies around the world, particularly financial institutions, have been warning their customers that their email accounts may be vulnerable to phishing attacks and changing them would be the best course of action.
Hacker Artillery…Titan Rain
The FBI gave the infamous title to a series of cyber attacks on US military assets in 2004, which emanated from China. The breaches were first discovered by an employee of Sandia Laboratories who noticed that sensitive computer networks at his company and one of its subsidiaries has been infiltrated – the subsidiary was Lockheed Martin, the world’s largest weapons maker. Many other military targets are thought to have been hit but the US government has been, understandably, tight-lipped about the whole episode. The attack perfectly encapsulates concerns for the security of sensitive and dangerous information to cyber attacks, no matter how determined the holder of that information is, and foreshadows the jostling between China and the US over the Gmail hack years later.
Google Versus China
There’s nothing about this hack that wasn’t big. The target was formidable, the world’s largest search engine, a security-savvy technical giant. The method was elegant, an unprecedented combination of encryption, stealth programming and an unidentified hole in Internet Explorer of a level of sophistication that only defence organisations have to deal with, according to Dmitri Alperovitch, vice president of anti-virus software company McAfee. The hackers remain unknown, but the attack was launched from somewhere in China. The drawn out censorship battle between Google and Beijing fed speculation that it was an arm’s length operation by the Chinese government, particularly because it was the Gmail accounts of Chinese human rights activists that were hacked. This hack sits high on the list not just because the target was a tech giant, but the implications for any company operating in sensitive jurisdictions, no matter how exemplary their security efforts.
The $39 billion Virus
First surfacing in January 2004, the Mydoom virus is estimated the have caused the most amount of damage of any virus ever written – $39 billion so far. What do you mean so far? The problem is newer variants of Mydoom have emerged since the 2004 attack – the last one was in July 2009. Mainly transmitted by email, Mydoom appears as an error similar to a fail send message. Once the unwitting email user opens the attachment the payload opens a backdoor into the computer through which it can be remotely controlled. The author of the virus remains a mystery to this day, but the first emails containing it emerged from Russia.
The man who hacked corporate America
The question isn’t which American corporate heavyweights did Adrian Lamo hack, but which ones didn’t he hack. Lamo became a hacking idol by infiltrating the networks of Microsoft, Yahoo!, Bank of America, Cingular and Citigroup to name a few. What set Lamo apart is that his invasions weren’t, by and large, malicious, quite the opposite in fact. He often left behind anonymous clues about how these often feckless corporate giants should improve their security systems. Lamo would have driven the authorities crazy because he never launched his most controversial attacks from a home computer, instead he quietly unraveled expensive corporate computer systems from internet cafes and libraries, earning him the nickname the ‘homeless hacker’. However his run came to an abrupt end in 2003 when he pled guilty to one count of computer crimes relating to his hack on the New York Times and its LexisNexis account, which contained confidential information about NYT employees and partners. For his body of work, he makes the list.
Note: Lamo, who is now a threat analyst, was the person responsible for dobbing in Bradley Manning, the US soldier who leaked the Iraq war files to WikiLeaks.
The Morris worm – the original hack
Just as Mitnick was the first real superstar of hacking, Robert Tappan Morris was the creator of the genesis of internet worms, although it was by accident. When Morris was a graduate student at Cornell University he sought to measure the size of the internet, which was comparatively small in 1988. On November 2, Morris released the worm from the Massachusetts Institute of Technology and while it wasn’t designed to overburden computers in order to avoid being blocked by certain systems he programmed the worm to copy itself onto a particular computer even if the target indicated that there was already an existing copy – once every seven times. That 1-7 ratio not only increased the speed with which the worm spread beyond Morris’ imagination but also resulted in many computers copying the worm multiple times, ultimately resulting in up to $100 million worth of damage. What makes Morris so crucial is he demonstrated in a very public fashion the havoc that can be reaped when you look for weaknesses in computer systems and many hackers will use worms either to disable a system, or gain access to it. He is now a professor at MIT.
Wikileaks and the credit card giants
In the weeks following the WikiLeaks US cables release two crucial things happened. Firstly, efforts across international jurisdictions to prosecute editor-in-chief Julian Assange for sexual misconduct in Sweden were stepped up and he ultimately turned himself in to British authorities to face the initial stages of extradition attempts. Secondly, major financial companies that once associated themselves with the whistleblowing site, particularly Paypal, Visa and Mastercard, severed all ties with WikiLeaks amid increasingly hostile overtones from Washington. The reaction was electric. Hackers launched a series of relatively simple but effective cyber attacks on Visa, Mastercard, Paypal along with a number of other financials that distanced themselves from WikiLeaks, for their apparent indifference towards freedom of speech and their implicit support of American power. While the term ‘hacktivist’ has been around since 1995, this time it gained universal recognition attached to a cause that was enormously popular worldwide.
Kevin Mitnick – Take Your Pick
From tapping into private conversations in the 1970s via the Los Angeles digital central office as a child, Mitnick went on to become synonymous with the word hacking. He was arrested by the FBI in 1995 as the most wanted cyber criminal in the United States, thanks to his hacks into Motorola, Nokia, Sun Microsystems, NEC and Fukitsu systems, amongst other achievements. Contrary to popular belief, however, Mitnick didn’t crack NORAD (North American Aerospace Defense Command) or wiretap the FBI. It’s not so much the nature of his achievements but the place they hold in hacker history. Mitnick was the first cracker posterboy, a beginning of sorts for aspiring hackers like Mafiaboy to look up to and for that, he belongs on the list.
Teenage Rampage… Mafiaboy
Michael Calce’s alias became legendary in February 2000 when he managed to bring down Yahoo!, which was the world’s dominate search engine at the time, for an hour – he was 15. He then went on a hacking rampage that brought down Ebay, CNN, Amazon and Dell. Due to his age he was sentenced to 8 months “open custody” (whatever that means), one year probation restricted use of the internet and a minor fine. He has since penned columns and a book about his experience. For the scale of his achievements juxtaposed against his youth, Mafiaboy makes the list.