“What are the top 10 hacks of all time?” is the question often asked by most of the cyber security enthusiasts. The emergence of an inter-connected world due to birth of cyberspace changed the entire dynamics of geopolitics. Nowadays you will find most of the times a country responds through cyber attacks and not eloquent and brash comments or borderline belligerence. Not only countries, but the availability of infinite information also acts as an attraction for hackers who quickly want to make big bucks. But there are also documented cases which are best exemplified by the quote “Some men just want to watch the world burn” said by Alfred Pennyworth to Bruce Wayne in the movie The Dark Knight Rises.
Today, we present to you Top 10 Hacks of All Time
Touted as the world’s first digital weapon, the Stuxnet worm is believed to be a joint creation of US and Israel. It was deployed against Iran’s nuclear facility especially the most secret one at Natanz. The first symptoms of the worm were discovered by the team of inspectors from International Atomic Energy Agency (IAEA) who paid a visit to Iranian nuclear facilities in 2010. Over there they observed that centrifuges used to enrich Uranium gas were failing at a very high rate. The erratic behavior of centrifuges could be explained neither by the Iranian scientists nor the experts from IAEA. Later a team of computer experts from Belarus was called by Iranian government to look into the weird behavior of few computers and it was only then Stuxnet worm was unearthed. The worm was designed to infect Siemens Industrial Controllers which were being used in Iranian nuclear facilities. It is said that US also tried to plant a version of Stuxnet in North- Korea’s nuclear plants but failed because of utter secrecy and extreme isolation of Pyongyang’s communication systems.
2. Operation Shady Rat
Whenever someone talks about Cyber Warfare, the first name that comes to mind is Operation Shady RAT. It is an on-going series of cyber security attacks which started in 2006 but were reported only in 2011 by Dmitri Alperovitch, Vice President of Threat Research at Internet Security company McAfee. Along with Operation Aurora (the attack on the Google and other companies in 2010) it is considered as one of the largest damaging cyber security attacks that has ever taken place. No wonder why year 2011 is popularly called as “Year of the Hack” among cyber security professionals. The modus operandi of the attack starts with Social Engineering which is followed by planting a Remote Access Trojan (RAT) in the targeted system. The attack employs the sophisticated method of “Steganography” which is used to embed the malicious codes in images. Shady RAT is said to have hit at least 71 organizations, including defense contractors, businesses worldwide, the United Nations and the International Olympic Committee. The widely assumed actor behind the attack is the People’s Republic of China.
3. Operation Get Rich or Die Tryin’
Well, we are not talking about the American rapper 50 Cent but the single largest credit card and debit card numbers theft in the entire human history. Albert Gonzalez, an American hacker who once worked for the Secret Service has stood multiple trails for being accused of stealing and reselling around 170 million credit card and ATM numbers between the year 2005 and 2007. Gonzalez started by an SQL injection to deploy backdoor vulnerabilities on several corporate networks. He later used these backdoors to employ Address Resolution Protocol (ARP) snooping in order to steal data from the internal corporate networks. It is said that Gonzalez threw himself a birthday party worth $75,000 and complained of getting tired because of manually counting cash above $350,000 after his cash-counting machine broke down.
4. When China compromised US weapon systems
Not much details are available about this but in 2013 Washington Post published an article as per which Defense Science Board had prepared a detailed confidential report for the Pentagon citing compromise of designs for the most sensitive advanced weapon systems. As per the report around two dozen weapon systems whose designs were breached were programs critical to U.S missile defenses and combat aircrafts and ships. The breaches have been in sync with the espionage hacks being carried out by Chinese hackers against US defense contractors and establishments. If true, this attack would have given China an insight into the super secret technologies of US which it could use to fasten its own weapons development programmes.
5. Spamhaus DDoS Attack
Spamhaus is one of the largest anti-spam service provider across the globe. However, they invited trouble when they put Cyberbunker, an Amsterdam based hosting provider on email filtering list. When Cyberbunker found out itself to be on the spam list, they responded with one of the largest ever DDoS attack clocking upto 300Gbps . Such a huge DDoS attack caused a ripple effect leading to slowdown in services throught Europe. Cyberbunker leader Sven Kamphuis was later arrested in Spain.
6. Operation Aurora
It was a series of counter-espionage cyber attacks carried out by Chinese government against a number of leading companies including Google, Microsoft,& Adobe in United States of America and other western countries. The attacks first revealed by Google in January 2010, first started from mid 2009 and continued till late December. These attacks were named “Operation Aurora” by Dmitri Alperovitch Vice President of Threat Research at cyber security company McAfee after the part of the file path on the attacker’s machine that was included in two of the malware binaries associated with the attack. In simple terms the hackers used a Trojan named “Aurora”. Dave Aucsmith, senior director of Microsoft’s Institute for Advanced Technology in Governments said the attackers were actually probing whether the U.S. government had uncovered the identity of clandestine Chinese agents operating in the United States. Many former government officials say that attackers successfully accessed a database that flagged Gmail accounts marked for court-ordered wiretaps. Such information would have given attackers insight into active investigations being conducted by the FBI and other law enforcement agencies that involved undercover Chinese operatives.
7. Nokia Cyber Extortion Case
A Finnish television station MTV reported that in 2007 hackers had stolen source code for part of its smartphone operating system. This news was later confirmed by local police who were investigating the case. Reportedly, the thief had resorted to blackmail, threatening Nokia that if money was not paid he would reveal the key to public. If the source code to Symbian (Nokia’s smartphone operating system) was leaked to public, it would have enabled hackers around the globe to infect millions of smartphones with malware without the fear of detection.The report further stated that Nokia paid a multi-million dollar ransom to hackers agreeing to deliver cash to a parking lot but also tipped Finland’s National Bureau of Investigation. However, the criminals escaped untouched after a botched up operation by the police who lost track of the criminals after they picked up money. In 2007, Nokia had a share of around 50% in smartphone market across the globe and Symbian was also used by other manufacturers. By 2006 Nokia had shipped around 100 million devices. This would somehow explain why Nokia budged to the demand.
8. Sony Pictures Hack
In November 2014, a hackers group named “Guardians of Peace” leaked confidential data hacked from the network of Sony Pictures. The data included personal and professional information of employees, scripts and copies of un-released Sony films. The hackers group later demanded that Sony should pull down its film “The Interview” a comedy about a plot to assassinate DPRK’s leader Kim Jong-un. Apparently little Kim was not pleased with the movie and asked his hackers to do something about it. The “Guardians of Peace” later threatened to carry out terrorist attacks if the film was not pulled off the screens. Sony pictures obliged to the demand and skipped the theatrical release. The attack was ascribed to North Korea which as usual denied it.
9. Department of Defense Hack
In 1999 U.S military computer network was compromised by a Florida based high school student Jonathan James. He installed a backdoor software into the Defense Threat Reduction Agency, a Department of Defense Division and stole classified data including the life support code for International Space Station. A year later he was arrested and sentenced to six months house arrest because he was a juvenile. James later battled depression and committed suicide.
This is the latest hack discovered by scientists at Kaspersky and Symantec. As per the reports, a hacker group named as Strider has deployed an advanced form of malware called “Remsec” in about 30 organizations in Russia, China, Belgium, Iran and Sweden. The malware has been planted atleast 5 years ago in 2011 and has been discovered only now in 2016. The source code of Remsec has references to Sauron, the all-seeing antagonist in the classic J.R.R Tolkien’s novel Lord of the Rings. As per the Kaspersky report titled The ProjectSauron APT “The threat actor behind ProjectSauron commands a top-of-the-top modular cyber-espionage platform in terms of technical sophistication, designed to enable long-term campaigns through stealthy survival mechanisms coupled with multiple exfiltration methods”. ProjectSauron will easily find itself in the top 10 hacks of all times because of it’s stealthiest, sophistication and advance nature. As of now, the primary purpose of the malware is being said to spy on the targeted organizations.