The Greatest Computer Hacks
Vandalism, Theft, and Cleverness on a Large Scale
Hacking is about manipulating and bypassing systems to force them to do the unintended. While most hackers are benign hobbyists, some hackers inflict terrible widespread damage and cause financial and emotional injury. Victimized companies lose millions in repair and restitution costs; victimized individuals can lose their jobs, their bank accounts, and even their relationships.
Ashley Madison Hack 2015: 37 Million Users
The hacker group Impact Team broke into the Avid Life Media servers and copied the personal data of 37 million Ashley Madison users. The hackers then incrementally released this information to the world through various websites. The effect on people’s personal reputations rippled across the world, including claims that user suicides followed after the hack.
This hack is memorable not only because of the sheer publicity of the aftermath, but because the hackers also earned some fame as vigilantes crusading against infidelity and lies.
The Conficker Worm 2008: Still Infecting a Million Computers a Year
While this resilient malware program has not wreaked irrecoverable damage, this program refuses to die; it actively hides and then copies itself to other machines. Even more frightening: This worm continues to open backdoors for future hacker takeovers of the infected machines.
The Conficker worm program (also known as the Downadup worm) replicates itself across computers, where it lies in secret to either convert your machine into a zombie bot for spamming or to read your credit-card numbers and your passwords through keylogging then and transmit those details to the programmers.
Conficker/Downadup is a smart computer program. It defensively deactivates your antivirus software to protect itself.
Conficker is noteworthy because of its resilience and reach; it still travels around the Internet eight years after its discovery.
Stuxnet Worm 2010: Iran’s Nuclear Program Blocked
A worm program that was less than 1 MB in size was released into Iran’s nuclear refinement plants. Once there, it secretly took over the Siemens SCADA control systems. This sneaky worm commanded more than 5,000 of Iran’s 8,800 uranium centrifuges to spin out of control, then suddenly stop and then resume, while simultaneously reporting that all is well. This chaotic manipulating went on for 17 months, ruining thousands of uranium samples in secret and causing the staff and scientists to doubt their own work. All the while, no one knew that they were being deceived and simultaneously vandalized.
This devious and silent attack wreaked far more damage than simply destroying the refining centrifuges themselves; the worm led thousands of specialists down the wrong path for a year and a half and wasted thousands of hours of work and millions of dollars in uranium resources.
The worm was named Stuxnet, after a keyword found in the code’s internal comments.
This hack is memorable because of both optics and deceit. It attacked the nuclear program of a country that has been in conflict with the USA and Israel and other world powers and it also deceived the entire Iranian nuclear staff for a year and a half as it performed its deeds in secret.
Home Depot Hack 2014: Over 50 Million Credit Cards
By exploiting a password from one of its stores’ vendors, the hackers of Home Depot achieved the largest retail credit card breach in human history. Through careful tinkering of the Microsoft operating system, these hackers managed to penetrate the servers before Microsoft could patch the vulnerability.
After they entered the first Home Depot store near Miami, the hackers worked their way throughout the continent. They secretly observed the payment transactions on more than 7,000 of the Home Depot self-serve checkout registers. They skimmed credit card numbers as customers paid for their Home Depot purchases.
This hack is noteworthy because it was launched against a large corporation and millions of its trusting customers.
Spamhaus 2013: The Largest DDOS Attack in History
A distributed denial of service attack is a data flood. By using dozens of hijacked computers that repeat signals at a high rate and volume, hackers will flood and overload computer systems on the Internet.
In March of 2013, this particular DDOS attack was large enough that it slowed the entire Internet across the planet and completely shut down parts of it for hours at a time.
The perpetrators used hundreds of domain-name servers to reflect signals repeatedly, amplifying the flood effect and sending up to 300 gigabits per second of flood data to each server on the network.
The target at the centre of the attack was Spamhaus, a non-profit professional protection service that tracks and blacklists spammers and hackers on behalf of Web users. The Spamhaus servers, along with dozens of other Internet exchange servers, were flooded in this attack.
This DDOS hack is noteworthy because of the sheer scale of its brute force repetition: It overloaded the Internet’s servers with a volume of data that had never been seen before.
eBay Hack 2014: 145 Million Users Breached
Some people say this is the worst breach of public trust in online retail. Others say that it was not nearly as harsh as mass theft because only personal data was breached, not financial information.
Whichever way you choose to measure this unpleasant incident, millions of online shoppers have had their password-protected data compromised. This hack is particularly memorable because it was public and because eBay was painted as weak on security because of the company’s slow and lacklustre public response.
JPMorgan Chase Hack 2014: 83 Million Accounts
In the middle of 2014, alleged Russian hackers broke into the largest bank in the United States and breached 7 million small-business accounts and 76 million personal accounts. The hackers infiltrated the 90 server computers of JPMorgan Chase and viewed personal information on the account holders.
Interestingly enough, no money was looted from these account holders. JPMorgan Chase will not share all the results of their internal investigation. What they will say is that the hackers stole contact information like names, addresses, email addresses and phone numbers. They claimed that there is no evidence of Social Security, account number, or password breach.
This hack is noteworthy because it struck at where people store their money, raising questions about the security of the U.S. banking system.
The Melissa Virus 1999: 20 Percent of the World’s Computers Infected
A New Jersey man released this Microsoft macro virus into the Web, where it penetrated Windows computers. The Melissa virus masqueraded as a Microsoft Word file attachment with an email note alleging an “‘Important Message from [Person X].” After the user clicked the attachment, Melissa activated itself and commanded the machine’s Microsoft Office to send a copy of the virus as a mass mailout to the first 50 people in that user’s address book.
The virus itself did not vandalize files or steal any passwords or information; rather, its objective was to flood email servers with pandemic mailouts.
Indeed, Melissa successfully shut down some companies for days at a time as the network technicians rushed to clean their systems and purge the pesky virus.
This virus/hack is noteworthy because it preyed on people’s gullibility and the then-current weakness of antivirus scanners on corporate networks. It also gave Microsoft Office a black eye as a vulnerable system.
LinkedIn 2016: 164 Million Accounts
In a slow-motion breach that took four years to reveal, the social networking giant admits that 117 million of its users had their passwords and logins stolen in 2012, to later have that information sold on the digital black market in 2016.
The reason this is a significant hack is because of how long it took for the company to understand how badly they had been hacked. Four years is a long time to realize you’ve been robbed.
Anthem Health Care Hack 2015: 78 Million Users
The second-largest health insurer in the United States had its databases compromised through a covert attack that spanned weeks. Anthem refuses to disclose details of the penetration but the company claims that no medical information was stolen, only contact information and Social Security numbers.
No harm has been yet identified for any of the compromised users. Experts predict that the information will one day be sold through online black markets.
As a response, Anthem provided free credit monitoring for its members. Anthem is also considering encrypting all its data.
The Anthem hack is memorable because of its optics: Another monolithic corporation fell victim to a few clever computer programmers.
Sony PlayStation Network Hack 2011: 77 Million Users
April 2011: Intruders from the Lulzsec hacker collective cracked open the Sony database at their PlayStation Network, revealing the contact information, logins, and passwords of 77 million players. Sony claims that no credit card information was breached.
Sony took down its service for several days to patch holes and upgrade their defences.
There has been no report that the stolen information has been sold or used to harm anyone yet. Experts speculate that the weakness was exploited through a SQL injection attack.
The PSN hack is memorable because it affected gamers, a culture of people who are computer-savvy fans of technology.
Global Payments 2012 Hack: 110 Million Credit Cards
Global Payments is one of the several companies that handle credit card transactions for lenders and vendors. Global Payments specializes in small-business vendors. In 2012, their systems were breached by hackers and information on people’s credit cards was stolen. Some of those users have since experienced fraudulent transactions.
The signature-based system of credit cards in the United States is dated, and this breach could have easily been reduced if credit card lenders would invest in using the newer chip cards that are used in Canada and the UK. Since the attack, the United States has migrated to a chip-and-pin or chip-and-sign approach for processing point-of-sale card transactions, although migration has been largely voluntary by retailers.
This hack is noteworthy because it struck at the daily routine of paying for goods at the store, shaking the confidence of credit card users around the world.
So What Can You Do to Prevent Getting Hacked?
Hacking is a real risk that all of us must live with, and you will never be 100-percent hacker-proof.
You can reduce your risk, though, by making yourself harder to hack than other people and by mitigating your risk by following basic best-practice security standards:
1. Check to see if you’ve been hacked and outed at this free database.
2. Make the extra effort to design strong passwords as we suggest in this tutorial.
3. Use a different password for each of your accounts; this practice will substantially reduce how much of your life a hacker can access.
4. Consider adding two-factor authentication to your Gmail and other primary online accounts.
5. Consider subscribing to a VPN service to encrypt all of your online traffic.