Stuxnet
The
US isn’t innocent of cyber attacks. Take the case of Stuxnet,
which was discovered in 2010. The malicious software was a Microsoft Windows
worm that was specifically designed to infect Siemens industrial controllers –
the first ever malware designed to do so. And what did the program target?
Iran. More specifically, uranium enrichment facilities in Iran. The worm –
which has all but officially been confirmed was created by the United States
and Israel – disrupted the operations of Siemens centrifuges in nuclear power
plants, making them spin at uneven speeds and hide that from their operators.
The scary thing is that this is just the one we know about – there could
be dozens of worms like it out there.
Chinese
Compromise U.S. Weapons Systems
This
is the most recent hack on this list, and it’s a chilling one. A confidential
report prepared for the Pentagon and just released indicates that Chinese cyber
criminals breached design files for over two dozen critical weapons systems,
including critical missile defense programs. Officially, the Obama administration
hasn’t laid the blame on China, but the leaders of the two nations will meet this week to discuss cyber security concerns.
Spamhaus
DDOS
Most
Internet attacks just affect users of one particular site or service. This one,
however, almost broke the whole thing.Spamhaus is one of the world’s largest anti-spam
services, blocking huge amounts of unsolicited email from all over the world.
When Cyberbunker, an Amsterdam-based hosting provider, found their emails
blacklisted, they struck back with one of the largest distributed denial of service
attacks the Internet has ever seen. The traffic reached an astounding 300 GB per second, causing a ripple
effect that lagged connections all over Europe. Cyberbunker leader Sven
Kamphuis was arrested in Spain and is waiting to stand trial.
Conficker
One
of the largest and most tenacious worms of all time was discovered in 2008 and
is still infecting more than a million computers a year as of this writing. Conficker is an incredibly
smart piece of software that continually updates itself by making connections
to an ever-growing system of websites. Infected systems are linked into a
botnet that is estimated to be millions of systems strong, and although the
creators have yet to use that combined computing power for anything more
nefarious than spreading more copies of the worm, experts say that it could
wreak unimaginable havoc on just about any target. Even scarier, tech security
professionals still don’t have a clue who is behind it, other than to say that
they’re incredibly gifted programmers.
Operation
Get Rich
Most
of the hackers on this list have perpetrated their crimes for love of country –
or hatred of their enemies. But Alberto Gonzalez just wanted to get away with a
huge amount of money. Between 2005 and 2007, Gonzalez and his crew used SQL injections to steal a staggering
170 million ATM and credit card numbers from major retailers like TJ Maxx, DSW
and Dave & Buster’s. The numbers were then sold at auction, netting
Gonzalez a tremendous profit. His ventures were one of the largest sustained
identity theft operations of all time, but they ended up getting him 20 years
in jail. Attempts to tell the judge that he was working undercover for the
Secret Service were laughed out of court.
PlayStation
Network Hack
It’s
not just computers that are vulnerable to malicious hacks. As more and more of
your devices go online, security holes open up. That’s what Sony learned in 2011, when an incursion to their PlayStation Network service
resulted in the loss of data from approximately 77 million user accounts,
including personally identifiable information. The company was forced to take
their entire network down for 20 days while they dealt with the fallout, at a
cost of $171 million. It was one of the largest assaults on an entertainment
network ever seen.
Comodo Hack
The
process of using the Internet seems simple, but in reality your web page goes
through a number of stops before it reaches your screen. One of the
intermediary steps is the security certificate, a bit of code that confirms
that the site you’re looking at is what it claims to be. One company that
provides those certificates is Comodo, and in 2011 an Iranian hacker fraudulently accessed their system and
generated a number of certificates for major sites like Google and Yahoo –
certificates that he could use to make any computer anywhere in the world think
that they were on those sites, and allow him to eavesdrop on secure e-mail sent
from any of their services. The hacker took responsibility for similar attacks
on a number of other certificate registrars the same year.
Melissa
Virus
The
fastest-spreading virus of its day, Melissa was the cyber attack that really made
people start taking electronic warfare seriously. Coded by a bored New Jersey
programmer named David L. Smith, the software was deceptively simple –
disguised as a Microsoft Word document, it would spread through email,
automatically sending itself to the first 50 names in an infected computer’s
address book. The document was first uploaded to the alt.sex newsgroup in 1999
and from there it exploded, being sent out so rapidly that it forced infected
companies like Microsoft and Intel to shut down outgoing mail until they got it
under control.
Department
Of Defense Hack
As
viewers of 80s classic War Games can tell you, the
Department of Defense is the Holy Grail for wanna-be hackers. One of the most
secure networks in the world, the U.S. military’s computer system was
compromised by a humble teenager in 1999, sending security experts into a
tailspin. Florida high school student Jonathan James
installed backdoor software into the Defense Threat Reduction Agency, a DoD
division, and intercepted numerous classified emails, including life support
code for the International Space Station. James was caught in 2000 and
sentenced to six months house arrest, as he was still a juvenile. He committed
suicide some years later.
Operation
Shady RAT
One
of the most enticing fruits for a cyber attacker is remote access tools –
software that allows computers to be taken over from anywhere in the world.
Placing remote access programs on a target computer gives unprecedented access,
so it’s no surprise that the Chinese government has allegedly been using them
since 2006 in a concerted wave of attacks dubbed Operation Shady
RAT. Starting in 2006, an unknown actor targeted over 70 public and
private organizations in 14 countries, stealing a vast wealth of intellectual
property. Victims included the International Olympic Committee and the World
Anti-Doping Agency, which pointed the finger at China in advance of the 2008
Beijing Olympics.
No comments:
Post a Comment