One of my (many) podcasts is called Security Now and is focused on the myriad of security issues faced today.
One of their more recent shows covered some of the biggest hacks over the past decade, and that turned out to be a very interesting Wikipedia rabbit hole to dive into, so if you’re as curious about this stuff as I am, here you go!
I consider this a nice companion piece to my post a few weeks ago about some of the best computer code in history.
Here are my “favorite” security stories.
- Stuxnet: A worm (likely) created by America and Israel to slow down Iran’s nuclear program. Way back in 2010!
- So many data breaches. Here are a few of the biggest of the past decade
- Sony Playstation Hack: In 2011, a hacker stole the information for 77 million users of Sony’s PSN. This was one of the largest breaches in the world at the time and caused the largest shutdown (23 days) of the PSN.
- Target Hack: Also in 2013, Target had a massive data breach that introduced consumers to the idea of Point-of-Sale malware, and the credit card readers used in physical stores are no more safe than credit or debit cards used online. Up to 110 million customers were affected by this hack.
- Adobe Hack: 2013 was a very interesting year. Adobe suffered a data breach of its own, where a 3.8-gigabyte file containing usernames and (weakly) encrypted passwords of 153 million users was stolen. In addition to the user information, the source code for Adobe products was also infiltrated, letting the hackers find any potential weaknesses in Adobe’s products.
- Equifax hack: Not only did the initial data breach impact almost every household in America (145.5 million Equifax customers), but the response from Equifax (and its executives) was (and continues to be) bad.
- Marriot hack: Part of a Chinese intelligence-gathering operation, this intrusion netted the hackers the personal information of about 500 million Marriot guests.
- Yahoo hacks: There were two major Yahoo breaches in this decade (2014 and 2013), and they impacted all 3 billion of Yahoo’s users. This takes the cake as the largest security breach in internet history (for now).
- DigiNotar Hack: The hack of a Dutch certificate authority by Iran in 2011 created major headaches for all sorts of companies. These fraudulent certificates allowed Iran to impersonate popular sites like Gmail, Yahoo, Mozilla, and others. The breach forced browser manufacturers to revoke the certificates and DigiNotar shut down in late 2011.
- Snowden Revelations: In 2013 Edward Snowden leaked details about the global surveillance network set up by the US and its Five Eyes partners, and it seems like nothing has been the same since.
- Silk Road (v. 1) Shutdown: The Silk Road was a Tor-hosted marketplace on the Dark Web, and famous for the fact that you could find and buy just about anything. Its shutdown was notable for showing that while the Dark Web and Tor provided more security, they did not give perfect anonymity.
- Mt. Gox Hack: Mt. Gox was a bitcoin exchange, launched in 2010, where users could exchange bitcoin for “real” currency. In 2014 it was handling over 70% of all bitcoin transactions worldwide. After an increasing number of site issues, Mt. Gox shut down in early 2014 an announced that about 850,000 bitcoin belonging to customers were missing and likely stolen. This bitcoin would be worth over $6 billion today, although it has never been found.
- The Shadow Brokers and the leak of NSA’s EternalBlue vulnerability: Appearing in 2016, the Shadow Brokers published several leaked hacking tools taken from the NSA. EternalBlue was probably the most devastating since it was later used in the WannaCry ransomware attack that infected more than 300,000 computers in the second half of 2017.
- The hack of the DNC: Not one, but two Russian cyber-espionage groups (Fancy Bear and Cozy Bear) infiltrated the Democratic National Committee’s computer network, stole sensitive information, and used that in an operation to influence the outcome of the 2016 election.
- Computer Architecture Broke: This past decade saw quite a few theoretical exploits that leveraged weaknesses in the microarchitecture of almost every desktop and laptop currently made. These exploits included Meltdown, Spectre, and RowHammer.
- Sim Swapping: This may be one of the most troubling, since it’s still somewhat unknown, involves social engineering (which is impossible to patch), and is a glaring weakness for many 2-factor authentication systems. Additionally, there is virtually no security against this provided by most cell phone companies.
So there you have it! Some of the biggest security stories of the past 10 years! Have fun falling down the Wikipedia rabbit hole!