Often there are times when intelligent kids grow up to be some of the world’s most well known and talented computer hackers who wreak havoc on systems through manipulation and code breakdown. Most times, breaches are quickly stabilized but others tend to take a bit of time to recover from, like the ones on our list. Check out the craziest computer hacks in history.
Easily one of the most threatening hacks of 2014, Heartbleed shattered the world of network security. By allowing the OpenSSL cryptographic software library to encrypt web traffic through what is known as a security bug, the technological raiders would have been able to acquire any sensitive data from servers without a single trace.
Resulting from an improper input validation in the Transport Layer Security extension, the public was made aware of the bug in 2014. Although the hack was fabricated by a simple mistake during a programming session, its long-term effects still left an impact on the whole internet for years.
Just months after the Heartbleed hack heard round the world, Shellshock, or Bashdoor, made its debut to make matters worse in September of 2014. By allowing hackers access to systems on Mac OS X and Linux computers, at least 3,000 separate systems were used against the U.S. Department of Defense and Akamai Technologies within just two days of the breach.
On the same day, the cloud-based application delivery platform Incapsula reported 17,400 attacks on more than 1,800 web domains. With the potential to compromise millions of systems and unpatched servers, the bug was easily compared to the massive system devastation that Heartbleed was responsible for.
In an attempt to live up to Apple Pay’s convenient reputation, Walmart, Target and Best Buy launched CurrentC, a similar form of mobile payment. Unfortunately for the companies, along with the use of the payment method several emails of consumers were leaked to hackers worldwide.
Luckily the attackers did not do much with the email information, and millions of customers are using CurrentC to this day. Out of caution, of course, the public was warned to change their email passwords following the hack as well as to avoid opening advertisements and links sent by third-parties, as they could potentially contain viruses.
In early 2014, Russia launched what we refer to as CyberVor, a major hack that stole 1.2 billion username and passwords and 500 million email addresses. This was considered the largest collection of “stolen Internet credentials” in history and was reported by Hold Security, a firm that claimed to have nondisclosure agreement that wouldn’t allow for any victims to be named.
Although it is believed to have been rooted in Russian soil, plenty of the public was suspicious of Hold Security for staging the hack to gain advertising from the published report; especially since they kept so quite about the details behind the case. Reportedly, the only action taken from the stolen information related back to spamming on Twitter and other social media accounts.
In August 2014, an attack launched against female celebrities through Apple’s iCloud services came to the attention of millions. With leaked, lewd images of the actresses and models, including nude photos, privacy of the victims was more than violated and major sites like Reddit capitalized on the major hack.
These even allowed the attackers to acquire passwords, usernames and other data of the celebrities, while the public was enjoying the humiliating exposure tenfold. People were even sending bitcoins to the hackers as payment for the images in order to sell them to the public and agencies like the paparazzi. This atrocity was reportedly named “The Fappening.”
One of the biggest data breaches of 2014 was Home Depot’s doing when over 56 million credit and debit cards fell victim to theft, all thanks to the company’s lazy approach to security. Apparently, after six years of complaints from the cybersecurity department that Home Depot had hired themselves, the Target hack was the only thing to wake up the company.
With the overwhelming response when complaints were posted by the cybersecurity team, the home product manufacturer and retailer responded with a ridiculous “we sell hammers” statement. Just like the team had predicted, the breach eventually occurred in September of 2014 resulting in the loss of customer information acquired over years.
JP Morgan Chase
Although the consequences for such a major blunder did not accumulate as much as the company anticipated, JP Morgan Chase messed up when hackers got into their system.
At least 65% of U.S. households (over 83 million) fell victim to the security breach that the company experienced in 2014, but fortunately passwords, social security numbers, user IDs, and account numbers stayed safe despite the scary transgression. There was major relief at the time when no fraud was reported as a result of the hack, but it doesn’t even mean that the potential destruction of the situation has passed even to this day.
Not only was there a breach in the famous Sony hack, but a ransom demand even followed the technological raid. Attackers demanded the money to keep the cache of stolen and private data secret, but Sony refused to stoop to the level of hackers.
As a result of their disregard toward the ransom, Sony’s information was leaked all over the internet including unreleased films, important information about executives, top-secret marketing reports and even political plans for the company. Around the time of The Interview release about the North Korean government, and Kim Jong-Un in particular, the hack was deemed the work of the dictator’s country by the FBI.
Regin, a complex bit of malware that was used to hack Belgian phone and internet provider Belgacom’s systems and email servers, was allegedly the doing of American and U.K. hackers in 2014. The brilliant and devilishly disguised malware that has the appearance of real software, stole the data for months under the alleged direction of America’s National Security Agency.
According to the Intercept, “The implants allowed GCHQ to conduct surveillance of internal Belgacom company communications and gave British spies the ability to gather data from the company’s network and customers, which include the European Commission, the European Parliament, and the European Council.” It was even dubbed as one of the “most sophisticated top-frontier espionage tool” discovered by researchers from the security firm Symantec.
Rumored to be perpetrated by Chinese hackers, South Korea experienced one of the biggest attacks in history in August 2014 when 27 million people fell victim to the major data breach. With 220 million private records exposed, at least 16 hackers were arrested after targeting Korea’s gaming culture, online ringtone downloads and movie ticket stores.
Once the original hackers sold the information to mortgage fraudsters and illegal gambling advertisers, it was hard to pinpoint the particular thieves although they were eventually brought to justice. In all, over 70% of South Korea’s population was affected by the impressive attack resulting in damages exceeding $2 million.
“U.S.” hackers struck gold in 2010 with the malicious Microsoft Windows worm, Stuxnet, specifically created to infect Siemens industrial controllers. The German manufacturing and electronic conglomerate’s uranium enrichment facilities in Iran were disrupted with the technological pathogen through physical manipulation of their centrifuges.
Causing them to spin at uneven speeds, the country’s plant went up in chaos and caused significant damage to Iran’s nuclear program. The software was described by experts as a “American-Israeli cyberweapon” and reportedly compromised Iranian PLCs and caused the centrifuges to physically tear themselves apart, all the while stealing important information on their industrial systems.
Known as one of the world’s largest anti-spam services, Spamhaus houses and blocks massive amounts of unsolicited email worldwide. Dutch hosting company CyberBunker decided to get their “hands” on the system through what is called a denial-of-service attack (doS) that reached 300 GB per second and managed to lag connections all over Europe after the service blacklisted them.
Claiming that Spamhaus was “abusing its influence,” the company’s work “threatened to clog up the Internet’s core infrastructure” and had the potential to block access to the internet in general. The head of the company, Sven Kampius, was arrested in Spain shortly after the hack was traced and steps were taken to avoid attacks of similar nature through the reconfiguration of DNS servers and networks.
Another game-changing worm to infect millions of computer systems is known as Conficker. This insanely smart piece of software actually updates itself based on an ever-growing system of websites and has the potential to wreak unimaginable havoc on any target it chooses through the spreading of infected systems.
Estimated to be millions of systems strong, the worm was fortunately only ever used to spread copies of its plaguing virus. Even crazier, officials were never even able to trace the source of the worm after being discovered in 2008, as it still affects millions of computers to this day.
What is the worst thing that could happen to a gaming company like Sony? Possibly a company-wide outage resulting in the loss of data from over 77 million user accounts. This is what happened to the company’s PlayStation system in 2011. As a result of the security breach “external incursion” to the system’s Network service, Sony lost $171 million for having to shut down their entire network for 20 days.
Even worse, some of the account information caught in the crossfire was personally identifiable data. Users were not happy about this hack, needless to say. After issuing a press release on May 2, Sony revealed that “Over 12,000 credit card numbers, in encrypted form, from non-U.S. cardholders and additional information from 24.7 million SOE accounts may have been accessed.”
When accessing websites via the Internet, web pages go through several steps to ensure that the consumer is getting what they requested — for example, security certificates. Certain companies like Comodo provide these code bits to confirm the accuracy of searched web pages, but the code is not bullet-proof.
In 2011, an Iranian hacker accessed Comodo’s system, broke into GlobalTrust’s server, and generated hundreds of certificates for sites like Google and Yahoo that were used to ensure any of the computers on a global scale believed that they were on these sites. This allowed him to monitor secure email information sent from the services anywhere in the world, and, apparently, it wasn’t the hacker’s first rodeo.
One of the worst viruses to ever spread across the nation was the dreaded Melissa macro virus, that conveniently disguised itself as a Microsoft Word doc through email. Done by Jersey programmer David L. Smith, the infection would automatically be sent to the first 50 names in the computer’s address book as a standalone program.
Due to its expedited pattern through talented code and its traced origin of the alt. adult newsgroup, Melissa spread like wildfire so quickly that Microsoft and Intel had to shut down their systems until they could get rid of the bug. Smith was sentenced to 10 years and fined $5,000 after he pleaded guilty.
The Department Of Defense
Managing to penetrate the Holy Grail Department of Defense in 1999 through a series of cyber intrusions, teenager Johnathan James implemented an unauthorized back door software in a computer server that hacked into the U.S. Defense Threat Reduction Agency.
Through the hack, James acquired numerous amounts of classified emails, including the International Space Station’s life support code and other sensitive information like confidential usernames and passwords of government employees. Caught a year after, James was sentenced to six months house arrest, but committed suicide years later. At only 15 years old, James was the first minor citizen incarcerated for cyber crime in the United States.
Operation Shady Rat
When it comes to remote hacking, China has apparently been one step ahead of the game. Through what we call Operation Shady Rat, Chinese officials were placing remote access programs on a target computer — giving them direct access to victims like the International Olympic Committee, the World Anti-Doping Agency and more.
Launched in a series of mini-attacks, Operation Shady Rat hit at least 71 private and public organizations from 14 different countries starting in 2006. An unknown “actor” was said to be the scapegoat at the time the world was trying to track the hack, but later it was believed to be the work of the Republic of China.
In one of the craziest and almost successful attempts to steal money from strangers, hacker Albert Gonzalez and his talented team used SQL injections to steal over 170 million ATM and credit card numbers from TJ Maxx, DSW, Dave & Busters and more from 2005 to 2007.
Instead of directly taking the profits however, Gonzalez auctioned off the massive sum. Although he technically pulled off one of the largest identity theft operations in history, gaining hundreds of millions, he also got 20 years in prison along with a $25,000 fine. The foolish 28-year-old was caught after pulling hundreds of dollars from an ATM machine on several different debit cards in front of an NYPD detective. Go figure.
U.S. Weapon Systems Compromise
In 2013, the most recent hack on this list, it was believed that Chinese cyber criminals intercepted design files for over two dozen critical U.S. weapons systems. Missile systems, combat aircraft and ship designs were breached as stated by the Defense Science Board.
According to the Washington Post, “Experts warned that the electronic intrusions gave China access to advanced technology that could accelerate the development of its weapons systems and weaken the U.S. military advantage in a future conflict.” Although China was conveniently pursuing a “long-term strategy to modernize its military and invest in ways to overcome the U.S. military advantage,” China was not ever directly blamed for the breach of national security.
Unreleased Disney Film Stolen
On May 15, 2017, the American Broadcasting Company revealed that Disney had been hacked, and the hackers were threatening to leak an unreleased film that they accessed. The film they referenced, unnamed, could either be Pirates of the Caribbean: Dead Men Tell No Tales or Cars 3. Both are apart of hugely successful franchises, with the Pirates franchise bringing in over $3.72 billion.
The group of hackers are known as TheDarkOverlord, and had already gotten ahold of the widely popular Orange Is The New Black Netflix series, and released it to the public as they threatened. They are demanding “a huge sum” in Bitcoin ransom from Disney if they want to keep their new film unseen.
WannaCry Cyber Attack
In May of 2017, the WannaCry ransomware cryptoworm infected more than a quarter of a million computers in the course of a day. The attack affected 150 countries. The attack targeted computers using the Microsoft Windows operating system. Affected computers received demands for ransom payments in Bitcoin. The kill switch was discovered by a 22-year-old internet security researcher named Marcus Hutchins.
In October 2017, Microsoft announced that the hack had been done by North Korea. Microsoft president Brad Smith said the company believes “with great confidence” that the Asian country was responsible for the attack. He also said that attacks like the WannaCry hack will become more common as society evolves.
In 2017, Equifax Inc., the credit reporting agency, announced that it had been the target of a cybercrime identity theft that compromised 145 million consumers. More than 200,000 credit card numbers were stolen during the hack. The attack began in May of that year but wasn’t discovered until July.
Alarmingly, Equifax was targeted again in October 2017. On the 12th, the company took down part of its website “after code on the site redirected users to a malicious URL urging them to download malware,” according to the Los Angeles Times. As of October 13, spokespeople from Equifax denied to say when they had discovered the problem.