8 of the Biggest Hacks of All Time | University of Delaware Online

8 of the Biggest Hacks of All Time

Hacking’s presence in pop culture has reached an all-time high, with USA network television program Mr. Robot gaining six 2016 Emmy Award nominations. The fictional series mirrors real-life hacking drama commonly seen by hacktivist groups, and the loss of millions of dollars-worth of bitcoin. As these hacks have hit entertainment entities such as Sony PlayStation and massive retailers like Target, everyone has been impacted by hacking - even if they aren’t aware of it.

The Biggest Hacks Ever

This year has already seen some of the biggest hacks of all time, including attacks on some of digital technology’s highest-profile names, such as Facebook founder Mark Zuckerberg, Google CEO Sundar Pichai and Twitter co-founder Jack Dorsey. Today, data breaches are a constant threat, but there are lessons from past hacks that can prevent future damage. Here are eight of the biggest hacks ever, for reasons ranging from global security impact, to threats of emerging economies, to the 2016 American presidential election.

1. US Military (1999)

One of the most notable early hacks came in 1999, when the United States military’s computer system was hacked by high school student Jonathan James, who installed backdoor software into the Defense Threat Reduction Agency and intercepted classified emails. He became the first juvenile convicted and sentenced for hacking. After he was investigated in connection to a 2007 hack of retail and home goods company TJX, he committed suicide and cited the accusation in a note he left behind.

2. Natanz (2009)

The malicious computer worm Stuxnet is a menacing indicator of what the future of cyber warfare looks like. The virus was discovered to have infected tens of thousands of Windows PCs in Iran through USB drives in 2010, and its origins traced back a year earlier. Captured in the 2016 documentary Zero Days, the Stuxnet virus caused at least a fifth of Iran’s nuclear centrifuges at its Natanz plant to stop working. The virus is purported to have been created by the United States and Israel, and its implications for the safety of critical infrastructure is monumental.

Stuxnet has been called one of the most sophisticated and complex computer viruses in history, but there are lessons to be learned and precautions companies can take to protect themselves from a Stuxnet-type virus. Since the virus exploited vulnerabilities in the Windows infrastructure it attacked, it’s vital for cybersecurity teams to constantly test a system to find vulnerabilities and correct them. By using device and application control, the USB port that transmitted Stuxnet would have been prevented from uploading the virus to the network.

3. Saudi Aramca (2012)

8 of the Biggest Hacks of All TimeIn 2012, a malware attack damaged 30,000 workstations at Saudi Aramco, one of the world’s largest oil companies. The hack, which the group Cutting Sword of Justice claimed responsibility for, put the ability to supply 10% of the world’s oil at risk. The “wiper” virus infected and erased 75% of the company’s data on its corporate PCs and replaced the data with an image of a burning American flag. Computer technicians scrambled to rip out cables out of the backs of computer servers at every data center around the globe to prevent the virus from spreading, and business was conducted on paper for over a week while the network was down. U.S. intelligence believes the perpetrator was Iran, according to The New York Times.

While Information Week reported Saudi Aramco had taken precautions to protect its industrial control systems from attacks, Windows desktop systems were left vulnerable and allowed the attack to succeed when an employee opened a phishing email. Additionally, the attack occurred during the holy month of Ramadan, when many workers were taking time off to observe the Islamic religious time. By making sure IT staff are monitoring network activity 24/7, and by implementing strong security measures across devices and training employees to not open suspicious emails, the damage from the Saudi Aramco attack could have been lessened.

4. Target (2013)

Target, one of the United States’ most popular retailers during the holidays (especially during Black Friday and around Thanksgiving), endured a costly cyberattack in November and December of 2013. Malware installed in Target’s security and payment systems gave hackers access to customer data from every single one of the retail giant’s stores. This resulted in an invasion of privacy for 40 million customers whose debit and credit card information was exposed. Two years later, Target settled with American banks for $39 million in damages, paying each customer affected up to $10,000 apiece.

The massive hack could have been prevented in one simple way: if Target had listened to its malware-detection company it employed, computer security firm FireEye. News site Bloomberg reports the company did nothing to investigate the warning of the malware detection it received from FireEye and waited 10 more days to act, only after federal investigators warned the retailer about the breach. Companies that invest in fraud detection services should heed their warnings and act quickly to prevent damage.

5. Sony Pictures (2014)

Sony is a company that has experienced several high-profile hacks, including the massive 2011 hack of its PlayStation network, which caused the personal information of more than 77 million users to be leaked and for the network to be shut down for more than 20 days. The hack was a hit of more than $170 million to the company, and the brand lost the trust of millions of loyal customers.

In 2014, North Korea became associated with Sony when its Sony Pictures Entertainment entity experienced the leak of thousands of sensitive emails and documents, amid the country calling Sony film The Interview “an act of war”. After the hack, Sony executives admitted a closer look at cybersecurity was imperative, as the targeted hack identified forms of vulnerabilities after employees let them into the Sony Network. The malware found and stole personal information such as passwords and sensitive documents.

The Sony hack is a reminder that in addition to extra layers of digital security, physical security to a building where private information is stored is also of utmost importance.

6. Mt. Gox (2014)

For those interested in an alternate currency that doesn’t require paper, banks or money managers, bitcoin’s introduction in 2009 was a welcome way for people to gain control of their finances through decentralized digital money. While the currency is resistant to inflation, it hasn’t been resistant to hacking. The theft/loss of $460 million worth of bitcoin from Mt. Gox (which handled 70% of all bitcoin transactions at the time), occurred in 2014. The insolvent exchange has since gone bankrupt, rendering those funds valueless for their owners.

Wired reports the hackers had identified holes in Mt. Gox’s security and had been taking money from the exchange over a period of years. Security weaknesses included stolen passwords and transaction malleability, which would have enabled fraudulent withdrawals, according to PC World.

Mt. Gox isn’t the only bitcoin entity to be hacked. In August 2016, bitcoin exchange Bitfinex was hacked and lost more than $70 million worth of the currency in a security breach. While larger financial institutions are able to invest more money in cybersecurity, bitcoin investors should be aware of the security threats to bitcoin and only invest with exchanges that prioritize security to prevent fraudulent withdrawals. Inside Bitcoins recommends users and businesses that use bitcoin to back up multiple bitcoin wallets offline, limit privileges with access controls, and update anti-malware regularly.

7. Ashley Madison (2015)

The 2015 hack of extramarital affair site Ashley Madison, which leaked the private information of 32 million accounts, also spurred hack-related suicides, as well as divorces and familial problems. That hasn’t stopped Ashley Madison from conducting business as usual, despite being hit with more than $500 million in lawsuits. The site started running new commercials in July 2016 and claims business is growing.

8. Hillary Clinton and the Democratic National Committee (2016)

One of the most recent notable hacks that could have meaningful implications for the future of the United States government is the hack of the Democratic National Committee and other organizations related to presidential nominee Hillary Clinton, including the Bill, Hillary and Chelsea Clinton Foundation, in 2016. Hillary Clinton told Fox News in July 2016 that Russian intelligence services hacked into the Democratic National Committee, likely through speak phishing, in which members clicked on malicious links.

The hack accessed an analytics data program used by the Democratic National Committee and leaked emails that have caused top officials within the committee to resign, after it was revealed the committee attacked Clinton opposition Bernie Sanders throughout the primary campaign. With so many volunteers and staffers working with the Democratic National Committee and within Clinton’s campaign, extra security even in the form of imploring users not to open malicious-looking emails could have helped prevent the hack.

Preventing Major Hacks in the Future

Does preventing and working to stop the damage of hacks sound like an ideal career to you? An online master of science degree in cybersecurity from University of Delaware can get you there.

Learn more about the online Master of Science in Cybersecurity program.

Bookmark and Share

[an error occurred while processing this directive]