The internet as we know it today may be young, but something as vast as the Internet is quick to build a rich and varied history. Along with the myriad of cat videos, selfies, and countless social media sites, there is also a darker side to the internet. A side that few people have the will or knowledge to do: hacking.
Hacks occur for any number of reasons. There are those who want justice, others want money, and still, others do so as whistleblowers, hoping to correct the path of an agency or institution that they believe has gone astray. No matter the intention or motivation hacks have the potential to affect millions as these examples will show.
Sony PlayStation Network Hack
One of the largest hacks of all time was that on Sony’s PlayStation online gaming branch. In April of 2011 details of over 77 million registered accounts on the PlayStation network were compromised. While credit card info was properly encrypted, the names and addresses of the users were not. This made the hack one of the biggest data breaches in history. Not only did the hackers make off with the personal information, they also made the network unusable for much of its 77 million users. Those responsible for the attack have never been officially identified.
In the wake of the aftermath, members of the gaming community lost faith in Sony’s ability to remain secure. Sony was also found to be liable for the intrusion due to insufficient security measures, including not encrypting all user information. The UK slapped the entertainment giant with a $395,000 fine for having security protocols below government standards. To date, there have been no reported cases of any of the 12.3 million credit cards being involved in fraud related to the Sony PlayStation hack.
A 15-year-old hack NASA
Okay, maybe this one isn’t as famous as some of the others, but it certainly should be! In 1999, Jonathon James from South Florida was only 15 but able to get into some serious installations and companies. His victims included the Miami-Dade school system, Bell South, and the US Department of Defense. It was the latter that caught the attention of federal authorities. After he was arrested, James admitted that he installed a backdoor (think of it as a secret door in the software codes) on a computer in Dulles, Virginia that allowed him to monitor messages between employees of the Defense Threat Reduction Agency (DTRA) and even get their login credentials.
In the time it was revealed that the teenager had downloaded enough source code to understand how the International Space Station worked- especially the life-sustaining systems. After his malware was discovered it forced NASA to shut down for three weeks and spend $41,000 to repair the damage. He subsequently pleaded guilty to two counts of juvenile delinquency and was sentenced to six months’ house arrest and probation until he was 18.
Stuxnet, which was found in 2010 is perhaps one of the scariest and most sophisticated hacks that the world has seen. To this day there is only speculation about where it came from and who carried out the attack. The target was uranium enrichment facilities in Iran. What made this hack unique was that its target was air gapped (physically isolated from the public internet). The hackers targeted an enrichment facility employee’s USB drive in hopes that they would plug it into a computer at a facility, thereby bypassing the air gap. The bug worked wonders and not only got into the Iranian uranium enrichment facilities but also computers and networks worldwide.
What makes this attack advanced was its operation. It very specifically targeted programmable logic computers (PLCs) which control the operation of the centrifuges essential to uranium enrichment. The bug would alter the operation of the centrifuge while sending back data that was within parameters to the technicians managing the facility. The changes in operation to the PLCs through the fast-moving and precise elements of the centrifuges unbalanced in an effort to destroy them and sow uncertainty into Iran’s nuclear program. Curiously, investigators found it was also coded to self-destruct in 2012. In the seven years since its discovery, nobody has been able to definitely blame the party responsible for the creation or deployment of Stuxnet.
Because of the target, speculation suggests that the United States and Israel played some role in the attack. The US has a long history of attempting to control and stifle uranium enrichment in Iran. Israel has been an even more staunch supporter of bringing an end to all of Iran’s nuclear capabilities. Thus some suggest that both states teamed up in order to halt- or at least impede- Iran’s nuclear capabilities.
The IoT botnet, Mirai
Didn’t think your DVR or camera can play a role in a sophisticated hacking? Think again. The Malware named Mirai took control of over 100,000 devices connected to the internet, otherwise known as the internet of things (IoT). In October of 2016 this malware, known as a botnet, used these devices to launch a distributed denial of service attack (DDoS) which overloads a target server with requests so large in number that it overwhelms and eventually crashes a server.
In this case, the target was Dyn, which provides services to a range of vastly popular websites like Airbnb, Amazon, CNN, The Guardian, Reddit, Twitter, Wikia, and many others. The attack came in three waves, separated by around four hours each. However, within 12 hours of the first attack, Dyn announced that it had resolved the issue.
Like so many other hacks, those investigating the Mirai malware attack still have no idea who launched it. Efforts of attribution, in this case, are further complicated because just weeks prior the source code to Mirai was posted, allowing anyone to alter and use it. However, hacktivist groups Anonymous and New World Hackers claimed responsibility for the attack in response to denying internet access to Julian Assange, the founder, and editor-in-chief of WikiLeaks.
As long as computers are around you can bet that there will be those who take the code and bend it to their will to break through security barriers and access information. It’s really just a matter of time until the next big hack.