Hacking and hackers are the stuff of mythology, film, and often breathless headlines. From the attacks that brought down Mastercard and Visa’s websites in 2010 to the Xbox Live and PlayStation outages of Christmas 2014, it sometimes feels like our systems are under permanent assault from those who would take them offline.
And yet, none of these are true hacks – most simply involve overloading websites with requests until they cease to function.
Hacking, as first demonstrated in 1903 by magician John Nevil Maskelyne when he hijacked a public demonstration of Marconi’s telegraph, involves gaining unauthorised access to a computer or IT system and requires some skill.
While small-scale attacks, malware and botnets still do the rounds, large-scale disruptive hacks are rare. When they do happen, though, they can be spectacular.
Here we clear out the DDoS dross and minor acts of cyberhooliganism to bring you the five biggest hacks of all time.
The 5 biggest hacks of all time:
- 1. The virus that destroyed nuclear equipment
- 2. The bedroom hacker who made an entire US armoury disappear
- 3. The first cyber war
- 4. Bitcoin’s Black Monday
- 5. LulzSec costs Sony $171 million
Stuxnet
Stuxnet is one of the best known names when it comes to cyber attacks, and for good reason. The worm (a self replicating, self propagating computer virus) destroyed a fifth of Iran’s nuclear centrifuges in 2009, seriously hindering the country’s atomic plans.
But what makes Stuxnet really stand out among all the destructive malware out there was just how well crafted it was.
According to Trend Micro, the Stuxnet payload consisted of three parts: the worm itself (WORM_STUXNET), an execution .LNK file (LNK_STUXNET) that allowed the worm to auto-execute, and a rootkit (RTKT_STUXNET) that hid the worm’s existence.
It was also propagated by an unusual means. For four years, it was thought the virus was introduced into the Natanz uranium enrichment facility, the primary target of the attack about 1,000 centrifuges were damaged, via an infected USB stick. However, researchers at Kaspersky Lab discovered in 2014 that the vector of attack was in fact the plant’s supply chain.
Five organisations supplying Natanz were the initial victims of Stuxnet, including a company named NEDA, the lead supplier of the Siemens centrifuges that were the ultimate target of the worm. It’s now thought that these organisations, and NEDA in particular, were the real vector of infection.
So why wasn’t the worm detected at this initial point of infection? The answer lies in what Stuxnet did.
As Ralph Langner, one of the first people to decode the worm, described it, to describe it in an interview with the New York Times, Stuxnet was “a marksman’s job”. Unless you were running a uranium enrichment facility, it lay dormant, with the rootkit hiding its presence. There was no way for the Stuxnet Typhoid Marys to know they were being used by the attackers.
Speaking of whom, this leads us to the last question – whodunnit?
The sophistication of the Stuxnet program led many to believe it was created by a nation state and, given the target, that the US and Israel were probably involved.
Cables obtained by Wikileaks that were republished by The Guardian showed the US “was advised to adopt a policy of ‘covert sabotage’ of Iran’s clandestine nuclear facilities, including computer hacking and ‘unexplained explosions’, by an influential German thinktank”. The same thinktank informed US officials in Germany that this kind of undercover operation “would be ‘more effective than a military strike’ in curtailing Iran’s nuclear ambitions”.
Suspicions of the US’ involvement were bolstered by documents leaked to New York Times journalist David Sanger.
In the end, the only reason we even know of Stuxnet’s existence is thanks to a botched software update that led to the worm escaping into the wild, where security experts were able to analyse it.
Sanger’s sources told him this led to panic in the newly installed Obama administration for precisely the reason that analysts would be able to dissect the virus and determine its creators. Vice President Joe Biden allegedly blamed the incident on the Israelis, which all but confirmed the two countries collaborated on the virus.
Continue reading for hack number two: bedroom hackers blow a hole in NASA and DoD defenses
NASA and the Department of Defense hack
In the movies and on TV, when a young hackling manages to get into military or government computer systems, they are normally offered a job working for the FBI. The reality is quite different.
At the turn of the millennium, NASA and the US Department of Defense (DoD) were successfully compromised by two hackers, 15-year-old Floridian Jonathan James and 35-year-old Scot Gary McKinnon.
James was the first to have a crack at the American space agency in 1999, which he crawled into by compromising computers at the US Defense Threat Reduction Agency.
Among other things, he managed to make off with the source code for the life support systems on the International Space Station (ISS). The Register reported it cost NASA alone $41,000 to repair the damage he had done.
Gary McKinnon has the dubious honour of being accused by US prosecutors of perpetrating “the biggest military computer hack of all time”.
According to American authorities, between February 2001 and March 2002 he hacked into 97 computers, 16 belonging to NASA and 81 belonging to other parts of the DoD.
During his actions, which he claims were carried out in search of evidence of UFOs and the suppression of new energy technologies, McKinnon managed to paralyse munitions supplies to the US Naval Fleet in the Atlantic in the immediate aftermath of 9/11 by deleting weapons logs. He is also alleged to have stolen 950 passwords and dozens of documents in the course of his actions.
The cost of repairing the damage alleged to have been caused by McKinnon was in excess of £550,000, the US government claimed.
As the hacks were carried out against the military, it’s not been made public how exactly James and McKinnon gained access to the systems they did, but we do know what happened to the men in question.
McKinnon fought against extradition to the US for a decade, with Home Secretary Theresa May eventually blocking the motion in October 2012, stating that handing him over to the US raised “such a high risk of him ending his own life” that it would breach his human rights. The director of public prosecutions, Keir Starmer, announced that December that no prosecution would be brought in the UK, as all the evidence was in the US.
James, on the other hand, was convicted in September 2000 of hacking the DoD and NASA. However, as he was a minor when he carried out the crimes, he was sentenced to six-months house arrest, probation until the age of 18, and had to write letters of apology to NASA and the DoD.
Continue reading for hack number three: the first cyber war
Estonian cyber war
Yes, yes, we said we were clearing out the DDoS dross in the introduction, but what happened to Estonia in 2007 was no ordinary DDoS attack.
Kicking off at 10pm on 26 April, the Baltic state suffered three weeks of DDoS attacks, which completely crippled its IT infrastructure.
The attackers first targeted the website of the ruling Reform Party and, over the course of the first week, went on to take down the sites of most other political parties, the official site of the Estonian Parliament and other government entities.
In the second week, the attack spread to the websites of Estonian news outlets, universities, schools and businesses.
But it was in the third week that the real hammer blow fell. At the stroke of midnight, Moscow time, on 9 May a huge torrent of traffic – peaking at over 4 million data packets per second – slammed into Estonia’s banking infrastructure. This was a critical attack for a country that had pioneered online banking and where, at the time, around 97% of all banking transactions took place online.
Within 24 hours Hansapank, the country’s largest bank, took the drastic step of shutting off all its internet-based operations. This not only disrupted online transactions, but also severed the connection between the bank and its cash machines, rendering them inoperable. Perhaps worse, Estonians outside of the country suddenly found their debit cards wouldn’t work, as the bank’s actions cut it off from the rest of the world.
The attacks eventually subsided on 19 May.
Only one person has ever been charged in relation to what has since been termed the first cyber war, a 20-year-old ethnic Russian Estonian called Dmitri Galushkevich, who was fined the equivalent of £830. However, it’s suspected that all the perpetrators were either Russians or ethnic Russian Estonians, partly because security experts subsequently found chats and threads about the attack on Russian-language forums, partly because a significant amount of traffic from the first wave of the attack was traced to Russia, and partly because of timing.
The attack followed two days of rioting in the Estonian capital Tallinn over the relocation of a bronze war memorial dating from the Soviet era. Perhaps even more damningly, the third wave of the attack commenced on the Russian equivalent of VE Day.
Of all the lessons learnt from the Estonian cyber assault – and there were many – probably the most important was the need to put as much effort and money into protecting a country’s online systems as building them up. Estonia had earned the reputation of being “the most wired country in Europe” at the time of the attacks, with the country pouring vast amounts of money into growing its digital economy, but little into cyber defences. It was this, rather than dependence on online systems per se, that was the country’s downfall when the botnets came knocking.
Continue reading for hack number four: hackers crash Bitcoin
Mt. Gox hack
How can millions of dollars disappear without trace? This is the question Mt. Gox, the largest Bitcoin exchange in the world, was faced with in early 2014.
On 7 February, the exchange suddenly ceased trading, saying it had discovered a “transaction malleability” bug and locked customers out of their accounts. The organisation would later blame hackers for stealing $460 million-worth of Bitcoins over the course of three-to-four years, causing a crash in the value of the cryptocurrency.
Hacking, Distributed has done a good rundown of all the explanations given for what happened in 2014 – which may ultimately have been fraud or negligence, according to two lawsuits.
While this crisis led to the eventual bankruptcy of Mt. Gox, there was an earlier hack that foreshadowed what was to come in 2014.
On 13 June 2011, 478 Mt. Gox accounts were robbed of a total of 25,000 bitcoins (worth between $375,000 and $500,000 at the time), which were all transferred into a single account.
Mt. Gox largely blamed the victims for the theft, as the perpetrator had apparently used valid account passwords to gain access and carry out the transaction.
“As a reminder we assume no responsibility should your funds be stolen by someone using your own password,” said Mt. Gox CEO Mark Karpeles, using the alias MagicalTux.
However, the 25,000 bitcoin theft was just the beginning. Towards the end of the same week, it became apparent the reason the 478 accounts were compromised using their own passwords was because a hacker had managed to access the Mt. Gox database and steal the usernames and passwords of all 60,000+ customers.
Karpeles seemed initially quite relaxed about claims the entire Mt. Gox database had been compromised, saying : “Passwords are encrypted one way (+salt). Someone cannot be selling ‘user + pass’ unless he has some way to revert this.”
By 20 June, though, he was taking things a bit more seriously, when a huge Bitcoin sale from one of the compromised accounts caused the value of the cryptocurrency to crash to near zero.
In an official announcement on the Mt. Gox site, Karpeles explained that an admin account had been compromised and the attacker responsible had used the associated permissions to “arbitrarily assign himself a large number of bitcoins, which he subsequently sold on the exchange”.
In doing this, the hacker flooded Mt. Gox with more bitcoins than were actually in the exchange’s wallet, bringing the value of the cryptocurrency crashing down from $17.50/btc to $0.01/btc, while also relieving another account of 2,000 bitcoins.
In the same statement, Karpeles also confirmed the loss of the Mt. Gox database, stating this was likely how the hacker gained access to the admin account that caused the crash and the one that was robbed of 2,000 bitcoins.
The damage was undone by shutting down the exchange and rolling back the transactions that had taken place during the attack, while the lost 2,000 bitcoins were refunded at Mt. Gox’s own expense.
What made the attack possible and successful, though, wasn’t just the SQL injection vulnerability in the Mt. Gox code that gave hacker access to the user database, or the fact that usernames and email addresses were stored in plain text, or that it used the MD5 hashing algorithm rather than a more secure SHA-2 alternative, or even that about 1,600 of the passwords were hashed but unsalted. It was Karpeles’ own unique brand of hubris and naïveté. Failure to take seriously the complaints of the original 478 customers whose accounts were compromised – or even to consider it a bit weird that nearly 500 people were hacked on the same day – was a serious misstep; following it up by seemingly not caring that someone had stolen an entire user database is mind-blowing.
In light of what happened in 2011, Mt. Gox’s complete failure in 2014 was perhaps inevitable.
Continue reading for hack number five: LulzSec exposes Sony’s lack of security
PlayStation Network 2011 hack
Sometimes hackers manage to pull of something so audacious it becomes part of infosec legend: the 2011 LulzSec hack of the PlayStation Network is one such case.
In mid-April 2011, users trying to log in to the PlayStation Network (PSN) were greeted with a message stating the system was “currently undergoing maintenance” or simply that “an error [had] occurred”, preventing them from logging in.
On 20 April, Sony acknowledged there was a problem with “certain functions of PlayStation Network” and that it would report back with more information when it was available.
Instead, later that night, Sony shut down the network completely – an outage that would last a month.
One of the defining features of the early part of the PSN hack was Sony’s reticence to share information with the public. It took two days for Sony to give any kind of explanation as to why it shut down the PSN, and what information it did give was brief in the extreme.
A short post to the PlayStation blog on 22 April from then director of corporate communications, Patrick Seybold, said simply: “An external intrusion on our system has affected [the] PlayStation Network and Qriocity (now Sony Music Unlimited) services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off … [the] services on the evening of Wednesday, April 20th.”
It would be another four days until Sony revealed the extent of what had happened, and it was huge.
Between 17 and 19 April, LulzSec hackers managed to completely breach Sony’s security measures gaining access to all 77 million users’ real names, postal addresses, country, email address, date of birth, PSN and/or Qriocity username and password, and security answers.
While this would have been bad enough, it was compounded by the fact that 12,700 card details, along with billing addresses and purchase history, were also taken during the hack – although this wasn’t confirmed until early May.
This led to Sony advising users not only to change their PSN password once the service was online again, as well as that of any other service where they’d used the same username and/or password, but also “to be especially aware of email, telephone, and postal mail scams”.
It also advised customers “to remain vigilant, to review [their] account statements and to monitor [their] credit reports” in order to protect against identity theft and financial fraud.
By the time full service was resumed on 31 May, the 2011 PSN hack had cost Sony $171 million and was, by volume, one of the biggest hacks ever at the time.
Sony has never revealed exact details of how its servers were breached, however it’s thought a SQL injection and/or a modded PS3 may have been used. Once inside, the hackers were home free, because most non-financial details were stored in plain text. The only exception was the passwords, which were hashed using MD5, although they were not encrypted.
While Sony has been the victim of subsequent hacks and attacks – most recently the Christmas 2014 DDoS of the PSN and November hacking of Sony Pictures Entertainment – spring 2011 stands out as a beacon of poor crisis management and data security that won’t be forgotten anytime soon.
Related Posts
The Biggest Sized Hisense TVs
How to Change Netflix Region and Watch Any Netflix Country (Every Device)
How to Change Your Username on Fortnite
How to Install Mods in
How to Setup a VPN on an Xbox One
How to Add Mods to Minecraft
How to Make Your Profile Private On Facebook
How to Make Fireworks in Minecraft
How to Install Shaders in Minecraft Forge
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
