10 most high-profile cyberattacks in history

2024 Author: Malcolm Clapton | [email protected]. Last modified: 2023-12-17 03:44

From hacking stars' accounts to attacking Iran's nuclear program.

Anyone can become a victim of a cyberattack: attackers hack into the devices of individuals, companies, and even government websites. The damage from such attacks is often not only financial, but also reputational. And large breaches inevitably attract a lot of attention. Lifehacker has collected 10 of the most resonant cyberattacks in history.

10. DarkHotel. The tarnished reputation of luxury hotels, 2007-2014

• Target: blackmail well-known politicians and wealthy businessmen.
• Way: the introduction of a spy program into open Wi-Fi networks.
• The culprits: unknown.
• Damage: unknown for sure, most likely a lot of personal funds of the victims.

The malicious spyware, also known as Tapaoux, was distributed by attackers via open Wi-Fi networks in a number of premium hotels. Such networks are very poorly protected, which is why hackers easily managed to install their software on hotel servers.

On computers connected to Wi-Fi, it was proposed to install an official update of some program at first glance. For example, Adobe Flash or Google Toolbar. This is how the virus was usually disguised.

The hackers also used an individual approach: once DarkHotel pretended to be a torrent file to download a Japanese erotic comic book.

After getting on the device, the virus program offered to enter personal data, for example, the card number, when "updating", and also knew how to read keystrokes when typing. As a result, the attackers gained access to the usernames and passwords, as well as his accounts.

Hackers deliberately set up a virus in a hotel chain before the arrival of high-ranking guests in order to gain access to their devices. At the same time, the attackers knew exactly where the victim would live and configured the program so that it would infect only the device they needed. After the operation, all data from the servers was deleted.

DarkHotel's targets were top managers of large companies, successful entrepreneurs, high-ranking politicians and officials. Most of the hacks were carried out in Japan, China, Russia and Korea. Having received confidential information, hackers, apparently, blackmailed their victims, threatening to spread classified data. The stolen information was also used to search for new targets and organize the next attacks.

It is still unknown who was behind these cybercrimes.

9. Mirai. The Rise of Smart Devices 2016

• Target:crash the site of the domain name provider Dyn.
• Way:DDoS attack on devices infected with botnets.
• The culprits:hackers from New World Hackers and RedCult.
• Damage: more than 110 million dollars.

Along with the boom in various internet-connected devices - routers, smart homes, online checkouts, video surveillance systems, or game consoles - new opportunities have emerged for cybercriminals. Such devices are usually poorly secured, so they can easily be infected by a botnet. With its help, hackers create networks of compromised computers and other devices, which they then control without the knowledge of their owners.

As a result, devices infected by botnets can spread the virus and attack targets defined by hackers. For example, to overwhelm the server with requests so that it will no longer be able to process requests and communication with it will be lost. This is called a DDoS attack.

The botnet with the sonorous name Mirai ("future" from Japanese) has become especially famous. Over the years, it infected hundreds of thousands of network-connected routers, surveillance cameras, set-top boxes and other equipment whose users did not bother to change their factory passwords.

The virus entered devices through a simple selection of a key.

And in October 2016, this whole armada received a signal to inundate the domain name provider Dyn with requests. This drove PayPal, Twitter, Netflix, Spotify, PlayStation online services, SoundCloud, The New York Times, CNN, and about 80 other Dyn user companies down.

The hacker groups New World Hackers and RedCult claimed responsibility for the attack. They did not put forward any requirements, but the total damage from downtime of online services amounted to about $ 110 million.

It was possible to fight off Mirai by redistributing traffic and restarting individual components of the Dyn system. However, what happened raises questions about the security of smart devices, which can account for almost half the capacity of all botnets.

8. Scandalous leaks of personal data of celebrities from iCloud and Twitter, 2014 and 2020

• Target:see what celebrities are taking photos. And make money along the way.
• Way:an offer to fill out a questionnaire on a dummy website.
• The culprits:ordinary guys from the USA and Great Britain.
• Damage: reputational, in addition - more than 110 thousand dollars.

iCloud

Cybercriminals can get hold of users' personal data by sending fraudulent messages. For example, SMS masquerading as warnings from the security service. The user is told that they are allegedly trying to get into his profile. Fake tech support offers to follow a link that actually leads to the attackers' site and fill out a questionnaire with a username and password in order to protect personal data. Having seized the information of a gullible person, scammers gain access to the account.

In 2014, in this way, hackers managed to hack the iCloud of a number of celebrities and put their personal data in free access. The drain was not so much extensive as it was loud. For example, personal photographs of celebrities have gotten to the Internet, including very spicy pictures. In total, about 500 images were stolen. Moreover, it is possible that not all of them were published.

Kim Kardashian, Avril Lavigne, Kate Upton, Amber Heard, Jennifer Lawrence, Kirsten Dunst, Rihanna, Scarlett Johansson, Winona Ryder and others suffered from the hack.

Within four years of the hack, five US hackers involved were found and arrested. Four received between eight and 34 months in prison, and one managed to get off with a $ 5,700 fine.

Twitter

In July 2020, well-known Twitter users fell under the distribution. One of the hackers convinced a social network employee that he worked in the IT department. This is how the hackers gained access to the accounts they needed. And then they posted posts there with a call to support Bitcoin and send money to the specified crypto wallet. From there, the funds were supposedly to be returned in double the amount.

Various famous personalities again became victims: Bill Gates, Elon Musk, Jeff Bezos, Barack Obama and other American celebrities.

Also, some corporate accounts - for example, Apple and Uber companies - were attacked. In total, about 50 profiles were affected.

Social networks had to temporarily block hacked accounts and delete fraudulent posts. However, the attackers managed to raise a good jackpot on this scam. In just a few hours, about 300 users sent over 110 thousand dollars to hackers.

The burglars turned out to be three guys and one girl, aged 17 to 22, from the United States and Great Britain. The youngest of them, Graham Clark, managed to disguise himself as a Twitter employee. Now young people are awaiting trial.

7. Hacking NASA and the US Department of Defense as a 15-year-old teenager, 1999

• Target:find out what happens if you hack NASA.
• Way:installing spyware on a government server.
• The culprit:15 year old amateur hacker.
• Damage: 1.7 million dollars and three weeks of work of scientists.

Jonathan James, a teenager from Miami, was fond of space and knew the Unix operating system and the C programming language like the back of his hand. For fun, the boy looked for vulnerabilities in the resources of the US Department of Defense and found them.

The teenager managed to install a spyware program on the server of one of the departments to intercept official correspondence. This gave free access to passwords and personal data of employees of various departments.

Jonathan also managed to steal the code used by NASA to maintain the life support system on the ISS. Because of this, the work on the project was delayed by three weeks. The cost of the stolen software was estimated at $ 1.7 million.

In 2000, the boy was caught and sentenced to six months of house arrest. Nine years later, Jonathan James was suspected of participating in a hacker attack on TJX, DSW and OfficeMax. After interrogation, he shot himself, saying in a suicide note that he was innocent, but did not believe in justice.

6. BlueLeaks. Biggest U. S. security agency data theft, 2020

• Target: dishonor the US government.
• Way: hacking into a third party service provider.
• The culprits: hackers from Anonymous.
• Damage: leakage of confidential data and a scandal in the American law enforcement agencies.

American intelligence agencies themselves were vulnerable to hacker cyberattacks. Moreover, the criminals have demonstrated that they can also use cunning schemes. For example, attackers did not infiltrate government systems, but hacked web development company Netsential, which provided federal and local agencies with the technical capabilities to share information.

As a result, hackers from the Anonymous group managed to steal more than a million files of American law enforcement and special services: only 269 gigabytes of information. The attackers published this data on the DDoSecrets website. Video and audio clips, emails, memos, financial statements, as well as plans and intelligence documents were made publicly available.

Although there was no classified information or data on the violation of the law by the law enforcement officers themselves, much of the information was rather scandalous. For example, it became known that the special services were monitoring Black Lives Matter activists. Enthusiasts began to parse the merged files and then publish them under the hashtag #blueleaks.

Despite preliminary checks performed by DDoSecrets, confidential data were also found among the leaked files. For example, information about suspects, victims of crimes and bank account numbers.

At the request of the United States, the DDoSecrets server with BlueLeaks data in Germany was blocked. A criminal case has been opened against Anonymous, but there are no specific suspects or accused yet.

5. GhostNet. China vs. Google, Human Rights Defenders and the Dalai Lama, 2007-2009

• Target: spy on dissidents and Asian governments.
• Way: distributing spyware using a Google server.
• The culprits: intelligence services of China.
• Damage: theft of confidential information of politicians and companies; concomitant - the departure of Google from China.

Cyber attacks and cyber espionage are carried out not only by hacker groups, but also by entire states. Thus, Google felt the full power of the hackers in China's service.

In 2009, the company discovered that it had been distributing spyware using its server in China for two years. It has been embedded in at least 1,295 computers in government organizations and private companies in 103 countries.

Resources were affected, ranging from foreign ministries and NATO to the Dalai Lama's shelters. Also, the GhostNet has damaged more than 200 US firms.

With the help of the virus, China monitored the governments of South and Southeast Asia, as well as Chinese dissidents and human rights activists. The program, for example, could activate the cameras and microphones of the computer in order to eavesdrop on what was being said nearby. Also, with its help, Chinese hackers stole the source code of the servers of individual companies. Most likely, he was needed to create their own similar resources.

The discovery of GhostNet played a large role in the fact that Google closed its business in China, not holding out in the Middle Kingdom for five years.

4. Stuxnet. Israel and the United States vs. Iran, 2009-2010

• Target: slow down the Iranian nuclear program.
• Way: the introduction of a network worm on the servers of Iranian companies.
• The culprits: intelligence services of Israel and the United States.
• Damage: 20% of Iranian uranium enrichment centrifuges failed.

Cyberattacks usually require the victim to be connected to the Internet. However, in order to spread malware even among those computers that do not have access to the Internet, attackers can infect USB flash drives.

This technique was very effectively used by the special services of the United States and Israel, which wanted to slow down Iran's nuclear weapons program. However, the country's nuclear industry facilities were isolated from the World Wide Web, which required an original approach.

The preparation for the operation was unprecedented. The hackers developed a sophisticated complex virus called Stuxnet that acted with a specific purpose. It only attacked Siemens industrial equipment software. After that, the virus was tested on a similar technique in the Israeli closed city of Dimona.

The first five victims (Iranian nuclear companies) were carefully selected. Through their servers, the Americans managed to distribute Stuxnet, which unsuspecting nuclear scientists themselves brought onto secret equipment via flash drives.

The break-in led to the fact that the centrifuges, with the help of which the Iranian nuclear scientists enriched uranium, began to rotate too fast and fail. At the same time, the malicious program was able to simulate normal operation readings so that specialists would not notice failures. Thus, about a thousand installations were put out of action - a fifth of such devices in the country, and the development of Iran's nuclear program was slowed down and thrown back for several years. Therefore, the story with Stuxnet is considered the largest and most successful cyber sabotage.

The virus not only fulfilled the task for which it was created, but also spread among hundreds of thousands of computers, although it did not harm them much. The real origin of Stuxnet was only established two years later after 2,000 infected files were examined.

3. Attack on the servers of the US Democratic Party, 2016

• Target: cause a scandal and at the same time ruin the reputation of Hillary Clinton.
• Way: installing spyware on the Democratic Party servers.
• The culprits: unknown, but US authorities suspect Russian hackers.
• Damage: defeat of Clinton in the presidential election.

Due to the confrontation between Hillary Clinton and Donald Trump, the US presidential election in 2016 was scandalous from the very beginning. They culminated in a cyberattack on the resources of the Democratic Party, one of the country's two main political forces.

The hackers were able to install a program on the Democrats' servers with which they could manage information and spy on users. After stealing the data, the attackers hid all traces behind them.

The information received, which is 30 thousand emails, was handed over to WikiLeaks by the hackers. Seven and a half thousand letters from Hillary Clinton became key in the leak. They found not only personal data of party members and information about sponsors, but also secret documents. It turned out that Clinton, a presidential candidate and senior politician with experience, sent and received confidential information through a personal mailbox.

As a result, Clinton was discredited and lost the election to Trump.

It is still not known for certain who was behind the attack, but American politicians persistently accuse Russian hackers from the Cozy Bear and Fancy Bear groups of this. They, according to the American establishment, have previously participated in hacking the resources of foreign politicians.

2. WannaCry. Data Encryption Epidemic 2017

• Target:extort money from random people and companies.
• Way:encryption of files of Windows users.
• The culprits:hackers from the Lazarus Group.
• Damage: more than four billion dollars.

One of the most unpleasant types of malware is data encryption. They infect your computer and encode files on it, changing their type and making them unreadable. After that, such viruses display a banner on the desktop demanding to pay a ransom for unlocking the device, usually in cryptocurrency.

In 2017, the Internet was swept by a real epidemic of wcry-files. This is where the name of the ransomware comes from - WannaCry. To infect, the virus used a Windows vulnerability on devices with an operating system that had not yet been updated. Then the infected devices themselves became breeding grounds for the virus and spread it on the Web.

First discovered in Spain, WannaCry infected 200,000 computers in 150 countries in four days. The program also attacked ATMs, vending machines for tickets, drinks and food, or information boards running on Windows and connected to the Internet. The virus also damaged equipment in some hospitals and factories.

It is believed that the creators of WannaCry were originally going to infect all Windows devices in the world, but did not manage to finish writing the code, accidentally releasing a virus on the Internet.

After infection, the creators of the malicious program demanded $ 300 from the owner of the device, and later, when the appetite kicked in, $ 600 each. The users were also intimidated by “counting”: allegedly, the amount would increase in three days, and in seven days, the files would be impossible to decrypt. In fact, in any case, it was impossible to return the data to its original state.

Defeated WannaCry researcher Markus Hutchins. He noticed that before infection, the program was sending a request to a non-existent domain. After its registration, the spread of the virus stopped. Apparently, this is how the creators intended to stop the ransomware if it got out of control.

The attack turned out to be one of the largest in history. According to some reports, she caused $ 4 billion in damage. The creation of WannaCry is associated with the hacker group Lazarus Group. But no specific culprit has been identified.

1. NotPetya / ExPetr. The biggest damage from the actions of hackers, 2016-2017

• Target:blackmail businesses around the world.
• Way:encryption of files of Windows users.
• The culprits:unknown, but US authorities suspect Russian hackers.
• Damage: more than 10 billion dollars.

A relative of WannaCry is another ransomware known under suspiciously Russian names: Petya, Petya. A, Petya. D, Trojan. Ransom. Petya, PetrWrap, NotPetya, ExPetr. It also spread over the Web and encrypted the data of Windows users, and paying a ransom of $ 300 in cryptocurrency did not save the files in any way.

Petya, unlike WannaCry, was specifically targeted at businesses, so the consequences of the attack turned out to be much greater, although there were fewer infected devices. The attackers managed to seize control of the MeDoc financial software server. From there, they started spreading the virus under the guise of an update. The mass infection appears to have originated from Ukraine, which the malware caused the most damage.

As a result, a wide variety of companies around the world were affected by the virus. For example, in Australia the production of chocolate stopped, cash registers were out of order in Ukraine, and in Russia the work of a tour operator was disrupted. Some large companies, such as Rosneft, Maersk and Mondelez, also suffered losses. The attack could have had more dangerous consequences. So, ExPetr even hit the infrastructure for monitoring the situation in Chernobyl.

The total damage from the hacking amounted to more than $ 10 billion. More than any other cyber attack. The US authorities have accused the Sandworm group, also known as Telebots, Voodoo Bear, Iron Viking and BlackEnergy, of creating Petit. According to American lawyers, it consists of Russian intelligence officers.