Hacks can be simple or complex, hilarious or downright vindictive. And hackers? They can be motivated by the challenge, hubris, politics, and yes, profit. We’ve gathered the facts on 23 of the most infamous hacks of all time.
1. Conficker Worm
This is the hack that simply won't stop persisting. Launched in 2008, it still affects up to a million computers every year by replicating itself and then either converting computers into bots to send out more copies of itself or reading your credit card numbers. In 2015, Conficker was believed to be accountable for 20% of all cyber attacks, and it had even infiltrated body cams used by law enforcement agencies.
2. First Digital Weapon
The worm Stuxnet infiltrated Iran’s nuclear refinement plant network—oof, that doesn't sound safe. And it wasn't: Hackers infected USB drives and then distributed them to five companies connected to the Iranian nuclear program. The worm eventually caused uranium centrifuges to spin out of control, destroyed thousands of uranium samples, and had leading Iranian scientists convinced that they were doing something to cause the problems. As a result, Stuxnet has been called the world's first digital weapon.
3. Home Depot Credit Card Attack
It started with hackers stealing a single password from a Home Depot vendor, and it ended with the exposure of 56 million credit cards and 53 million email accounts. Hackers used a vulnerability in Microsoft to jump from the vendor to Home Depot’s database. Code lurked there undetected for five months while quietly gathering information.
4. Spamhaus 2013
Launched by a 17-year-old London teenager, this hack targeted Spamhaus, a non-profit web protection service that generates blacklists of spammers and hackers. It started with using infected computers to flood and overload the Spamhaus servers with web traffic (in what is called a distributed denial of service attack), and it quickly (and accidentally) slowed down the entire Internet.
5. So...Did I Win the Bid?
In 2014, the personal data of 145 million eBay users was compromised in a phishing attack. Hackers posted fake listings with malicious javascript in order to get users' login credentials.
6. Making Bank
In June 2014, (likely) Russian hackers used a list of applications and programs used by JP Morgan’s computers and crosschecked it with possible vulnerabilities to find a way into the bank’s system. Although they scooped up information from 7 million businesses and 75 million households, they didn't move any money and didn't take any financial information. Which, uh, is actually kind of creepier.
7. It's Always Explicit Content
The Melissa Virus works by distributing an infected email attachment that, once opened, sends itself along to your first 50 contacts. The virus originated in the same manner as many other viruses: through explicit adult content. In 1999, the virus was first distributed in the Usenet group alt.s in a file that contained passwords to pornographic sites. Be careful out there, lads.
8. LinkedOut
It took four years for LinkedIn to realize that a hacker named “Peace” had stolen the passwords and logins of millions of users, and they only discovered it at all because the info was being auctioned off on the dark web for about $2,300 for each bit. Oops.
9. Gamer Hack
In 2011, hackers launched an attack on Sony PlayStation that exposed the personal data of 77 million gamers, and added insult to injury by locking PlayStation users out of the system for over a week. The breach cost the company over $160 million. Worst of all? Millions of boyfriends had to actually spend time with their girlfriends.
10. Chip on Your Shoulder
In 2012, hackers accessed information on millions of credit cards and their users through Global Payments, a company that handles credit card transactions. Know how the US only just got chip credit cards, and had lagged behind other countries for years in getting the technology? Yeah, this attack took real advantage of that.
11. The Hack of the Century
Just as Sony Pictures was preparing to launch The Interview, a film featuring Seth Rogen that revolves around the plot to take down North Korean leader Kim Jong-un, hackers (presumably backed by North Korea) initiated a crippling attack that initially downloaded and then obliterated all of the company's data. Employees logging on to their computers were greeted by the sound of gunfire and the dancing, zombie-like heads of Sony execs. As a parting gift, the malware dumped the social security numbers of 47,000 employees, a slew of embarrassing emails, and even unreleased films into the waiting arms of the Internet. It's been called "the hack of the century," and that's no understatement.
12. Oil and Trouble
In 2012, an unwitting computer technician in Saudi Arabia clicked on a link in an email, eventually crashing 35,000 computers belonging to Saudi Aramco, a company responsible for delivering 10% of the world’s oil. Aramco was reduced to relying on faxes and typewriters, and the hack even created a temporary shortage of hard drives; the company was scouring the earth for 50,000 of them.
13. Sofa Theft
In the '90s, Russian hacker Vladimir Levin (with his team) managed to divert millions in Citibank wire transfers to his own accounts. Working from his laptop in London, England, Levin first accessed the Citibank network and was then able to download a list of customers and passwords. The FBI called the attack one of the first ever attempts to rob a bank by means of a computer.
14. NASA
In 1999, a 15-year-old under the pseudonym C0mrade cracked a password, gaining access to NASA's network. He made away with $1.7 million worth of software and also breached the Pentagon's computer system in the process. NASA shut down its computers for almost a month, and Jonathan James (his real name) became the youngest person to be incarcerated for cybercrime.
15. Thunderstruck!
In 2012, computers in Iran’s nuclear facilities began to randomly play AC/DC’s "Thunderstruck" at full volume in the middle of the night. The hackers were never identified, and they caused little other damage. Maybe they just really wanted to spread the word about AC/DC.
16. Operation Cupcake
Hackers don't always exist on the outskirts of society; many are employed by governments. When individuals attempted to download the handbook titled "How to Create a Dangerous Device in Your Mother's Kitchen" from al-Qaeda's premier English-language magazine, Inspire, they were greeted unexpectedly with...recipes for cupcakes? MI6 had hacked the site and replaced the pdf with cupcake concoctions, including "Mojito"and "Rocky Road," from none other than Ellen Degeneres.
17. Flame
The Flame virus is seen as one of the most refined tools of cyber espionage ever crafted. As a Trojan disguising itself as harmless software, a backdoor offering entry points for hackers, and a worm capable of moving between computers, it presents threefold danger. Once it infiltrated computers across Iran in 2012, Flame was able to acquire passwords, take screengrabs, record conversations both within and around computers, and transfer data to its own servers.
18. I Love You
There wasn’t a lot of love in the fake email love letter sent to millions of computers in 2000. The email originated in the Philippines, and the worm it contained caused an estimated $10 billion in damages by replicating itself, replacing files on the computer's hard drive, and executing a password-stealing application.
19. The Big Sick
In the fall of 2016, a botnet virus named Mirai began bombarding servers worldwide, eventually bringing down Netflix, Twitter, and CNN, among others. It also affected several newspapers including The Guardian. As you can at least guess from the breadth of its victims, this botnet was likely the largest of its kind the world had ever seen.
20. Anonymous
Ironically, we've all heard of the hacktivist group Anonymous, which grew out of the 4Chan message boards. The group has used the Guy Fawkes mask from V for Vendetta as a kind of mascot, and generally aligns itself with liberal causes. Anonymous has targeted the Church of Scientology, the Westboro Baptist Church, and even Donald Trump.
21. Fessing Up
It took almost two years for Yahoo to admit it had been the victim of the biggest data breach in history (500 million users affected), and then it beat its own record by disclosing a few months later that it had suffered an earlier data breach that doubled the size of that attack: 1 billion users were affected. An ignominious record, to say the least.
22. Don't Let Yourself Be Next
Recently, several celebrities have had their revealing or provocative photos inadvertently shared online. Celebrities aren't the only one at risk; hackers may target an individual for financial gains, or as a vendetta. Individual hacking is a growing concern, and you are at risk of being hacked and having your information exposed if you fail to take precaution online.
Use different passwords for different online services. If you're using the same password across multiple platforms, then you're exposed to significant risk. First, hackers that get access to one platform can effectively get access to all services using the same password. Second, you lose your failsafe; mst online platforms have password resets that use different email addresses, but you can't use this feature if you've lost access to all platforms.
Be wary of public hotspots. There are applications, such as Firesheep, that can access information on any device on a public system. Your files, photos, and cookie data can be accessed.
If you aren't looking to download something trusted and specific, don't download anything. Any time you're browsing online or opening an email, be careful if you're prompted to download, run, or open a file. Ask yourself if the source is trusted, and do research before clicking that download button.
23. Ashley Madison
In 2015, a hacker group named Impact Team infiltrated the servers of Ashley Madison, a matchmaking service for potential cheaters, and gathered the private information of millions of users, including several individuals employed in defense services and governmental positions. While the site carefully encrypted its users' passwords, it still left its servers largely unprotected. What's worse: identity theft or having your affair revealed to your wife?
Sources: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35