Cybercrime. Cyberwarfare. General Cyber-pandemonium. It’s a brave new world of crime, espionage, and sabotage. It’s not quite the Cyberpunk future we grew up reading about. But it’s becoming clear that the shady side of the internet and digital technology will continue to become a prominent part of the threats we face in life.
We’ve come a long way from the days of Captain Crunch and Kevin Mitnick. Those early phreakers and hackers were almost a sort of folk hero. Now a hacker is more likely to be a government agent or part of a crime syndicate. Instead of a mysterious Robin Hood figure.
Some cyber attacks are incredibly audacious or just plain damaging. They’ll go down in cyberspace legend for years to come. I’ve seen plenty of “biggest cyber crime” lists, but it’s not really possible to rank such attacks in an objective way. Do we rank by how many people are affected? What about monetary damage? Does it matter if the attack is simple or sophisticated? There’s no single system for classifying which attacks are “ bigger”. Don’t think of these ten cyber crimes as being a ranked list. Simply ten attacks that were so special in some way. They’ve cemented their place in the cybersecurity history books.
Sometimes I honestly forget that Yahoo! Is still around. Apparently, there are enough people still using this internet pioneer’s products to keep them afloat. Regardless of how many people still actively use Yahoo systems today, the company has a massive database of past and present users. In 2016 the company revealed that in a 2013 attack over a billion user account were hacked. Then in 2014, another 500 million account was compromised. The Yahoo hacking scandal is without a doubt one of the largest security breaches of the modern day and is significant in how many ordinary people were affected.
“Mafiaboy” or Michael Calce, as his mum knows him, is probably one of the most financially damaging individual hackers in history. The total damages were at one point reported to be 1.2 Billion USD although it is a disputed figure.
Mafiaboy is also notable for being incredibly young when he committed his crimes. It was in the year 2000 when we heard of his hacking attacks against giants like Dell, Yahoo, Amazon, and eBay.
Despite the massive damages attributed to Calce, he got off with a slap on the wrist. Likely because he was a minor. His punishment included eight months of open custody, a year of probation and a small amount of money paid as a fine.
There’s no way the 2011 hack of Epsilon could be left off this list. Computerworld called it the “hack of the century” and if you dig down into the details it’s not hard to see why.
Epsilon is a company whose sole purpose is to provide marketing emails, which means it sits on a massive database of email addresses. Reportedly Epsilon is responsible for over 40 billion marketing emails annually. Epsilon has around 2200 clients that include heavyweights such as JP Morgan, Citibank (which got hacked itself) and U.S Bank.
The long list of companies that had their email databases compromised via Epsilon sharply increased the chances of spear phishing attacks, which is a more targeted version of traditional phishing attacks.
How much damage the Epsilon breach actually caused is hard to estimate accurately. I have seen figures as low as 200 million dollars and ones have high as 4 billion. Either way, Epsilon was one of the biggest scores in cybercrime history.
Max Vision, aka Max Ray Butler, aka Iceman is currently serving a 13-year sentence. He’ll be out of prison in 2019. When he was first sent to jail for his hacking crimes the length of his jail term set the record for computer crime in the USA.
What did little old Max do to deserve such a harsh punishment? Well, in short, he stole almost two million credit card numbers. He not only targeted banks and businesses, Max also successfully took on other hackers.
In one of the most audacious moves in hacker history, Max raided an illegal hacker server. He moved their credit card data to his own site, named CardersMarket. Apart from his time in jail, Max also must pay $27.5 in restitution although of course, this seems unlikely to be possible. The total number of fraudulent charged made with numbers sold by Max is estimated at $86.4 million. That is quite a chunk of change!
The future of warfare is cyberwarfare and China seems to be at the forefront of this new battlefield. Uncovered all the way back in 2004, Titan Rain was a set of coordinated attacks by hacker cells allegedly receiving support from the Chinese government.
We will probably never know exactly who was behind Titan Rain. The targets suggest it was more than random hacker bros. NASA, the US Department of Defense and the UK Ministry of Defence were all on the menu.
For their part, the Chinese government has denied responsibility for these cyber attacks. But then that’s what you’d expect them to say.
In direct terms, Titan Rain doesn’t seem all that damaging. Classified information was not stolen. What makes Titan Rain so notable is the precedents that it sets. Whether China’s government is behind them or not, Titan Rain established in our minds that countries can have virtual skirmishes. Ones that are as diplomatically sensitive as any armed conflict.
Not long after Titan Rain, the next big cyber-warfare act was perpetrated. In 2007 attacks against the government of Estonia were launched by a group of hackers aligning themselves with the Kremlin. The group, Transnistria, used a variety of attack methods. These included botnets and ping floods.
It is believed that the relocation of a grave marker significant to Russians was what triggered the attacks. They were pretty sophisticated and caused devastating shutdowns of government websites. So the Estonians believe the attacks were supported by the Russian government itself.
The effects of the attacks were widely felt. Even normal citizens were unable to use ATMs and online banking services. Thanks to this attack Estonia has one of the best volunteer cyber defense forces in the world.
DDoS or distributed denial-of-service attacks are a blunt-force way of preventing people from accessing web resources. DDoS is not very elegant and is usually the first line of attack by “hackers” who are really just an army of script kiddies clicking a button.
A DDoS attack is performed by “zombie” computers that are infected with malware. Regardless of how a DDoS is performed, the end result is that the target server is so overwhelmed with network requests that it becomes unusably slow or just crashes.
These days companies like CloudFlare have pretty effective DDoS protection but it can still be a real nuisance even for large corporations.
The mother of all DDoS attacks happened in 2016. What made this particular case so extreme and widely effective was its target. Dyn is a DNS or domain name system provider. When you type in a website URL a request is sent to a DNS provider. It then returns the correct network address to which your browser should be routed.
If the DNS server goes down you can’t access the site you are looking for. Even if that site is in fact fine. The Dyn attack was perpetrated by a zombie botnet army. It left users in North America and part of Europe with no net access for hours. The really scary thing about this attack is that the botnet did not consist of PCs, but of the internet of things devices infected with malware called Mirai. Internet of things devices is of major concern to cybersecurity experts since so many of them are weak against hacking.
A “logic bomb” is computer code designed to make the system it controls harm itself, something else or both. Usually, it's designed in such a ways that if a certain logical condition is met the harmful effects will be triggered. Obviously, this can be anything, like a date, time or when a specific person logs into their PC.
The real-life analog might be something like a car bomb. An explosive rigged to explode when someone starts the car. Since more and more industrial systems rely on software failsafes and control, it makes it possible to weaponize or destroy those systems.
In 1982 the ever-vigilant CIA figured out they could reprogram Siberian gas lines to blow themselves up. Saving the US taxpayer a chunk of change in actual bombs and missiles.
The code is tagged with the words “logic bomb” and so the moniker remains to this day.
Incidentally, the resultant fireballs were apparently so bright they could be seen from space. By a CIA spy satellite no doubt.
While it might not have the widespread scope of giant database breaches, the Stuxnet worm is easily one of the scariest items on this or any other cybercrime list. It’s one of the first examples of weaponized computer code. Computer code that actually destroyed the physical infrastructure of a target.
It’s no secret that the nuclear ambitions of Iran make many of the big players on the world stage more than a little nervous. Doing something about the issue is a diplomatic nightmare, however. So it seems someone decided to try a less obvious way of slowing down potential nuclear weaponization.
Stuxnet is a computer worm, which means it can actively infiltrate systems via the network connection or any other means based on the security weaknesses of the target system.
Stuxnet attacked the nuclear research facilities in Tehran, destroying about 1000 nuclear centrifuges. The damage that set the Iranian nuclear project back by years. Stuxnet didn’t stop there either. 60 0000 additional computers were infected.
No one knows for sure who is behind Stuxnet. Industry experts say that the level of sophistication and development cost involved is very high. This suggests that only another nation-state could have created this highly intelligent and destructive piece of malware.
Albert “Segvec” Gonzalez was just a regular 20-something guy who almost brought the debit and credit card industry to its knees. Presumably fed up with earning a pittance, Gonzalez teamed up with some Russian acquaintances and proceeded to smash the security on major card databases for nearly four years. They called their little hobby Operation “Get rich or die trying” which means Albert might also have been a fan of 50 Cent.
Over the run of the operation, Gonzalez’ most famous hit was probably the breach of Heartland Payment Systems. By itself, it accounted for over 130 million people’s data.
Albert and his crew favored hacking WiFi networks and injecting malicious SQL code, which seems pretty eerie given the recent revelation about KRACK and how vulnerable our WiFi security actually is.
Apart from Heartland, Albert got into the systems of TJX, Office Max and even 7-Eleven, to name a few. The Albert Gonzalez hack “only” did about 200 million dollars in damage. Still, he does now hold the record for longest sentence for computer crime. Although he might have spent more than 30 years in prison, the final sentence was a still-hefty 20 years.
These mass attacks are both impressive and terrifying, but they are only a small sample of the global cybercrime landscape. There are thousands of smaller attacks on a daily basis. Against small businesses or groups who don’t have a lot of security or even against individuals.
There’s a lot you can do to make the chances of becoming a victim less likely. You could create an email account for sites you don’t trust with your information or just all accounts in general. We also have a whole bunch of safe internet browsing tips that you can use for a better level of protection.
Technology can help as well. A good VPN is a great way to protect your information from prying eyes. Whether from private or government hackers. We’ve looked at the top 5 VPN offerings and have advice on how to choose a VPN.
Of course, one of the scariest things about big data breaches is that you can’t do anything about them. Once you have surrendered your information to a third-party, you have to hope that they will take good care of it. Additionally, you might have had your info stolen and wouldn’t even know.
Luckily there’s a great website called Have I Been Pwned which keeps track of data breaches. It lets you look up your email address to see which breaches you have been a victim of. People who are "pwned" must change their passwords. You should also enable two-factor authentication where possible. Never use the same password across sites and think twice before just signing up for stuff.