Hacks can be simple or complex, hilarious or downright vindictive. And hackers? They can be motivated by the challenge, hubris, politics, and yes, profit. We’ve gathered the facts on 23 of the most infamous hacks of all time.
23. Conficker Worm
This is the hack that just won’t die. Launched in 2008, it still affects up to a million computers every year by replicating itself and then either converting computers into bots to send out more copies of itself or reading your credit card numbers. In 2015, Conficker was believed to be responsible for 20% of all cyber attacks, and has even spread to police body cams.
22. First Digital Weapon
The worm Stuxnet infiltrated Iran’s nuclear refinement plant network—oof, that doesn’t sound safe. And it wasn’t: Hackers infected USB drives and then distributed them to five companies connected to the Iranian nuclear program. The worm eventually caused uranium centrifuges to spin out of control, destroyed thousands of uranium samples, and had leading Iranian scientists convinced that they were doing something to cause the problems. As a result, Stuxnet has been called the world’s first digital weapon.
21. Home Depot Credit Card Attack
It started with hackers stealing a single password from a Home Depot vendor, and it ended with the exposure of 56 million credit cards and 53 million email accounts. Hackers used a vulnerability in Microsoft to jump from the vendor to Home Depot’s database. Code lurked there undetected for five months while quietly gathering information.
20. Spamhaus 2013
Launched by a 17-year-old London teenager, this hack targeted Spamhaus, a non-profit web protection service that generates blacklists of spammers and hackers. It started with using infected computers to flood and overload the Spamhaus servers with web traffic (in what is called a distributed denial of service attack), and it quickly (and accidentally) slowed down the entire Internet.
19. So…Did I Win the Bid?
18. Making Bank
In June 2014, (likely) Russian hackers used a list of applications and programs used by JP Morgan’s computers and crosschecked it with possible vulnerabilities to find a way into the bank’s system. Although they scooped up information from 7 million businesses and 75 million households, they didn’t move any money and didn’t take any financial information. Which, uh, is actually kind of creepier.
17. It’s Always Porn
The Melissa Virus works by distributing an infected email attachment that, once opened, sends itself along to your first 50 contacts. The virus started the way a lot of viruses start: porn. In 1999, the virus was first distributed in the Usenet group alt.sex in a file that contained passwords to pornographic sites. Be careful out there, lads.
It took four years for LinkedIn to realize that a hacker named “Peace” had stolen the passwords and logins of millions of users, and they only discovered it at all because the info was being auctioned off on the dark web for about $2,300 for each bit. Oops.
15. Gamer Hack
In 2011, hackers launched an attack on Sony PlayStation that exposed the personal data of 77 million gamers, and added insult to injury by locking PlayStation users out of the system for over a week. The breach cost the company over $160 million. Worst of all? Millions of boyfriends had to actually spend time with their girlfriends.
14. Chip on Your Shoulder
In 2012, hackers accessed information on millions of credit cards and their users through Global Payments, a company that handles credit card transactions. Know how the US only just got chip credit cards, and had lagged behind other countries for years in getting the technology? Yeah, this attack took real advantage of that.
13. The Hack of the Century
Just as Sony Pictures was about to release The Interview, a film starring Seth Rogen about the assassination of North Korean leader Kim Jong-un, hackers (likely sponsored by North Korea) launched a debilitating attack that first downloaded then destroyed all of the company’s data. Employees logging on to their computers were greeted by the sound of gunfire and the dancing, zombie-like heads of Sony execs. As a parting gift, the malware dumped the social security numbers of 47,000 employees, a slew of embarrassing emails, and even unreleased films into the waiting arms of the Internet. It’s been called “the hack of the century,” and that’s no understatement.
12. Oil and Trouble
In 2012, an unwitting computer technician in Saudi Arabia clicked on a link in an email, eventually crashing 35,000 computers belonging to Saudi Aramco, a company responsible for delivering 10% of the world’s oil. Aramco was reduced to relying on faxes and typewriters, and the hack even created a temporary shortage of hard drives; the company was scouring the earth for 50,000 of them.
11. Armchair Robbery
In the ’90s, Russian hacker Vladimir Levin (with his team) managed to divert millions in Citibank wire transfers to his own accounts. Working from his laptop in London, England, Levin first accessed the Citibank network and was then able to download a list of customers and passwords. The FBI called the attack one of the first ever attempts to rob a bank by means of a computer.
In 1999, a 15 year old going by the code name C0mrade cracked a password that allowed him into NASA’s network, stealing $1.7 million in software and breaking into the Pentagon weapons computer system along the way. NASA shut down its computers for almost a month, and Jonathan James (his real name) became the youngest person to be incarcerated for cybercrime.
In 2012, computers in Iran’s nuclear facilities began to randomly play AC/DC’s “Thunderstruck” at full volume in the middle of the night. The hackers were never identified, and they caused little other damage. Maybe they just really wanted to spread the word about AC/DC.
8. Operation Cupcake
Hackers aren’t always on the fringes of society; many of them work for governments. When readers of al-Qaeda’s first English-language magazine, Inspire, attempted to download the handbook How to Make a Bomb in the Kitchen of Your Mother, they were instead greeted with…cupcake recipes? MI6 had hacked the site and replaced the pdf with cupcake concoctions, including “Mojito”and “Rocky Road,” from none other than Ellen Degeneres.
The Flame virus is considered one of the most sophisticated cyber espionage weapons ever created. As a Trojan that masks itself as harmless software, a backdoor that hackers can enter into, and worm that can move between computers, it’s a triple threat. Once it infiltrated computers across Iran in 2012, Flame was able to steal passwords, take screengrabs, record conversations both within and around computers, and transfer data to its own servers.
6. I Love You
There wasn’t a lot of love in the fake email love letter sent to millions of computers in 2000. The email originated in the Philippines, and the worm it contained caused an estimated $10 billion in damages by replicating itself, replacing files on the computer’s hard drive, and executing a password-stealing application.
5. The Big Sick
In the fall of 2016, a botnet virus named Mirai began bombarding servers worldwide, eventually bringing down Netflix, Twitter, and CNN, among others. It also affected several newspapers including The Guardian. As you can at least guess from the breadth of its victims, this botnet was likely the largest of its kind the world had ever seen.
Ironically, we’ve all heard of the hacktivist group Anonymous, which grew out of the 4Chan message boards. The group has used the Guy Fawkes mask from V for Vendetta as a kind of mascot, and generally aligns itself with liberal causes. Anonymous has attacked the Church of Scientology, the Westboro Baptist Church, and even Donald Trump.
3. Fessing Up
It took almost two years for Yahoo to admit it had been the victim of the biggest data breach in history (500 million users affected), and then it beat its own record by disclosing a few months later that it had suffered an earlier data breach that doubled the size of that attack: 1 billion users were affected. An ignominious record, to say the least.
2. Don’t Let Yourself Be Next
Recently, several celebrities have had nude or risqué photos leaked online. Celebrities aren’t the only one at risk; hackers may target an individual for financial gains, or as a vendetta. Individual hacking is a growing concern, and you are at risk of being hacked and having your information exposed if you fail to take precaution online.
Use different passwords for different online services. If you’re using the same password across multiple platforms, then you’re exposed to significant risk. First, hackers that get access to one platform can effectively get access to all services using the same password. Second, you lose your failsafe; mst online platforms have password resets that use different email addresses, but you can’t use this feature if you’ve lost access to all platforms.
Be wary of public hotspots. There are applications, such as Firesheep, that can access information on any device on a public system. Your files, photos, and cookie data can be accessed.
If you aren’t looking to download something trusted and specific, don’t download anything. Any time you’re browsing online or opening an email, be careful if you’re prompted to download, run, or open a file. Ask yourself if the source is trusted, and do research before clicking that download button.
1. Ashley Madison
In 2015, a hacker group called Impact Team broke into the servers of Ashley Madison, a matchmaking service for would-be cheaters, and scooped up (and then published) the personal information of millions of users (including some military and government employees). While the site carefully encrypted its users’ passwords, it still left its servers largely unprotected. What’s worse: identity theft or having your affair revealed to your wife?