The advent of the Internet was a pivotal moment in modern history. It was the perfect tool for the increasingly globalized, modern world, which has now turned into an everyday necessity similar to groceries. Sadly, everything comes at a price. The Internet also came with an entirely new type of security threat, one that we still don’t have the tools to tackle: cyber attacks.
Because of our reliance on products and services that run on the World Wide Web, everything is now a potential target for a variety of cyber attacks from anywhere in the world, which could easily escalate into a major catastrophe. Imagine the aftermath of a massive power outage across the country, or a hostile remote takeover of state-controlled nuclear facilities.
While actual recorded attacks are yet to reach that scale, they’re not too far behind. These top 10 cyber attacks in history prove that they’re only getting more frequent and sophisticated with time, despite the best efforts of law enforcement and cyber security agencies around the world.
10. Church of Scientology
We don’t really know what the Church of Scientology exactly is or does, though this is not about that. Instead, we’re here to focus on their cyber security infrastructure, which was severely compromised back in 2008 by an emerging group of hackers called Anonymous. It was in response to what they called censorship, as one of their videos on Tom Cruise was taken down by the church.
In retaliation, hackers from around the world mounted a coordinated campaign to take down websites related to the church, along with other methods of part-digital-part-real-life sabotage like spamming their office fax machines with a bunch of messages. While hardly deadly or meaningful in any real way, it was the first Anonymous attack that made headlines around the world. The hack itself mostly involved denial-of-service attacks, which remains a popular and widely-used method by hackers even today.
9. The Teenaged NASA Hack
For 21 days in 1999, NASA systems had to be shut down due to what initially appeared to be a major coordinated attack on national security. 13 systems were compromised, which included controls for temperature and humidity in the living quarters at the Marshall Space Flight Center in Alabama. The overall damages turned out to be more than $41,000 in equipment and labor costs.
The same hacker – called ‘c0mrade’ online – was also responsible for a parallel attack on the Defense Threat Reduction Agency around the same time. They were able to hack the usernames and passwords of 19 employees, using them to gain access to 10 military computers.
While it all sounds like a serious attack against the US by a foreign force, it turned out to be just a bored teenager. Jonathan James was only 15 years old when he was taken into custody and sent to a correctional facility in Alabama for the attack. He was perhaps the youngest hacker to mount such a high-profile hack, making him instantly popular in the burgeoning black-hat hacker community at the time.
8. KIIS-FM
KIIS-FM was a popular radio station in Los Angeles back in 1990, popular for its weekly contest ‘Win a Porsche by Friday’. The prize was a Porsche 944 S2, and all one needed to win was to be the 102nd caller. It was the golden age of contests run entirely on landlines across America, and one could find people across LA using auto-dialers and other tricks to be the lucky one in.
While it sounds like a secure system – at least for 1990, when computers were still in their relative infancy – that was really not the case. On 1 June, 1999, Kevin Poulsen – then a 24-year-old college dropout – got together with a few of his friends, waited until the 101st call, and proceeded to hack and jam all of the station’s 25 telephone lines before calling, making him the 102nd caller. While he did win the car, the hack was soon discovered by law enforcement agencies.
Kevin was adept at manipulating switching networks, and had been responsible for previous attacks on the systems of various telephone companies similar to the one used by KIIS-FM. While he did manage to be on the run for a while after the hack, Kevin was eventually caught in April, 1991, and sentenced to five years in prison.
7. Solar Sunrise
Solar Sunrise was an operational name given to what appeared to be a large-scale, sophisticated attack against the Department of Defense in February 1998. The attackers took root control of more than 20 systems, and used them to access sensitive information about institutions like NASA, US Air Force, MIT and others. They also stole hundreds of employee usernames and passwords, and the attacks seemed to be coming from everywhere around the world.
Initially, the perpetrators were assumed to be Iraqi intelligence operatives, as US forces were preparing to bomb Iraq later that year. The Deputy Secretary of Defense even called it ‘the most organized and systematic attack the Pentagon has seen to date’.
After an extensive investigation involving multiple intelligence agencies, Internet service providers and top military officials around the world, the attackers turned out to be two teenagers from California, and one from Israel.
6. WannaCry
WannaCry was an aptly-named virus that infected over 230,000 Microsoft computers around the world back in May 2017. It was ransomware – a type of malicious code that holds your computer hostage in exchange for something, usually cryptocurrency. In this case, the virus was able to lock hundreds of thousands of users around the world out of their personal files and other data, demanding a sizable sum of bitcoin in exchange. Once the transaction was done, the hackers would then send decryption keys to unlock the files.
It was like a digital pandemic and spread to hundreds of thousands of systems before it was even recognized as one virus, though till date, no particular hacker group has taken responsibility for it. While a killswitch that stopped it from spreading was eventually discovered by a security researcher, Marcus Hutchins, many users who refused to pay the ransom were never able to recover their files. The same attack was allegedly used against the Taiwan Semiconductor Manufacturing Co Ltd. in August, 2018.
5. Sony PlayStation Network
Sony’s PlayStation Network (PSN) and Qriocity services – now the Sony Entertainment Network – were attacked in 2011. Hackers stole details of over 100 million users, including their names, addresses, birthdates, usernames, passwords, security questions and other personal information. While Sony denied that it included credit card information, they still issued a statement advising customers to consider their cards compromised, just in case.
It’s easily one of the – if not the – largest leak involving personal data in history, and we’re still not entirely sure who did it. It was also a huge PR disaster for Sony, as it’s also one of the largest repositories of credit card numbers in the US. The attack was directly responsible for a complete overhaul of Sony’s cyber-security infrastructure, as it took over three weeks to rebuild everything and get the network up and running.
4. MafiaBoy
In February 2000, quite a few major digital outlets were attacked by a massive denial-of-service attack. It targetted Amazon, eBay, Yahoo!, CNN, and Dell, among others, all of which were early Internet-era startups. Needless to say, it caused quite a panic among investors across Wall Street, as the successful attack proved that they weren’t as secure as they claimed to be.
It was quite impressive, actually, especially as it was done by a 15 year old. Michael Calce, then a high school student living in Quebec, Canada, first gained control of multiple university networks. He then used their combined computing power to mount the main attacks, taking down all of the targetted websites in a matter of hours.
It was a high-profile case, as it prompted President Clinton to convene a high level security meeting and brought widespread media coverage to the rapidly-emerging issue of cyber attacks. The attack itself, though, didn’t mean to do any actual harm, as it was done as a sort of a flex against other hacker groups. Michael was eventually sentenced to eight months at a juvenile detention facility.
3. Dyn
Distributed denial of service – or DDoS – attacks intend to lock users out of a particular online service. That may include something as harmless as replacing a common website with pictures of memes, to something as serious as denying security officials access to their country’s military installations. Thankfully, nothing of that scale has been tried yet, though DDoS attacks are definitely getting more serious and sophisticated over time.
The largest DDoS attack ever was targetted at Dyn – a major Internet domain name service. It’s kind of like a phonebook of the Internet, connecting IP addresses with website names and other locators behind the scenes. The attack crashed the websites of major online organizations like Netflix, Twitter, Spotify, Reddit, CNN, and PayPal, along with media outlets like The New York Times and Wall Street Journal.
The attack was eventually linked to three hackers, Josiah White, Dalton Norman, and Paras Jha, all of whom pleaded guilty in December, 2017.
2. Heartland Payment Systems Inc.
0
Heartland Payment Systems is a subsidiary of Global Payments – one of the largest payment processors in the US. Back in 2008, it was targetted by what is now known as one of the most serious security leaks in history, when its payment system got hacked and compromised sensitive details – including credit card information – of tens of millions of customers. The true figure could have been way higher, too, as we still don’t know the exact scale of the attack.
The hack was attributed to one Albert Gonzales, as he was later sentenced to 20 years in prison for it. It was too late, however, as the damage was already done. The hack would cost the company around $140 million in damages, plus settlements to Visa and American Express worth $63.5 million, and an additional $26 million in legal fees.
1. Mt.Gox
Mt. Gox was a cryptocurrency exchange based out of Tokyo. By 2013, it had already established itself as the largest exchange in the burgeoning field, which was still in its early stages and prone to hacks and manipulation. By some estimates, over 70% of all bitcoins traded around the world passed through Mt. Gox at its peak, making it a perfect target for emerging hackers.
Sure enough, the exchange was hacked in 2014, with over 850,000 bitcoins stolen overnight. It wasn’t even a very advanced attack, as the attackers just used the order book to manipulate the price and make fraudulent trades to accumulate as many bitcoins as possible. Thanks to no regulation or government oversight in the cryptocurrency space, the attackers have never been brought to justice, though over 200,000 bitcoins have been recovered over time. At the time of writing this, the total value of the stolen coins stands at more than $23 billion, making it the largest hack in history in terms of losses.