It’s axiomatic in cybersecurity that the biggest hacks are the ones you haven’t heard about… yet.
For both hackers and the organizations that end up compromised, there are powerful incentives not to publicize major security breaches. Hackers don’t want to tip their hand when they have a successful technique in play, and don’t want to go to jail even after it’s played out… and organizations that fall victim to these ploys don’t want to advertise that they bungled their information security protocols.
But sometimes word gets out anyway. Some events are too big to keep under wraps for long. Whether the attackers brag about it in the wrong places or get caught by cybersecurity pros, bits and pieces sometimes end up in the press.
Although the accounts of these attacks are often incomplete, they’re still important for other cybersecurity staff to study and try to understand—the most successful attacks are often copied and the techniques that worked before, unfortunately, often work just as well when tried again.
This makes knowing the history of major events just as important as staying up to speed with emerging threats and techniques.
Here are the top ten hacking attacks or all time… that we know about.
2007: “Operation: Get Rich” TJX Hack
Sometimes hacking is mostly about money. That was absolutely the case when a gang of hackers went after retailer TJX and other major stores and made off with more than 90 million credit and debit card numbers.
They were led by Albert Gonzalez, an American hacker who struck up relationships with Eastern European carding operations to sell them the numbers he and his crew stole after penetrating commercial networks.
In what remains the largest cybercrime case ever prosecuted in the United States, Gonzalez was sentenced to 20 years in prison and fined $25,000 and made to pay restitution to his victims.
2014: Home Depot Point of Sale Hack
Home Depot was attacked by carders in 2014, seven years after the TJX hacks from Operation Get Rich… plenty of time for the home improvement mega-chain to have secured their systems against similar operations.
But it turned out that Home Depot itself wasn’t the first victim. Instead, hackers compromised a trusted vendor the company used, then used the vendor credentials and a zero-day Windows exploit to compromise over 7,500 self-checkout point-of-sale terminals on the Home Depot network.
Those terminals grabbed 56 million credit and debit card numbers and passed them along to the carders, along with e-mail addresses that would allow them to further exploit those customers unwise enough to opt for emailed receipts.
2007: Russian DDoS Cyberattack on Estonia’s Banking Infrastructure
Cyberwar is a term that gets thrown around a lot, but few people agree exactly what it means. For the tiny Baltic nation of Estonia, a preview of what cyberwar might look like landed on the night of April 26, 2007.
Russian hackers, likely in retaliation for the relocation of a Soviet-era war memorial in the capital of Tallinn, kicked off the event by launching a DDoS attack on the website of the ruling political party.
Over the next three weeks, they escalated to hitting news outlets, schools, and businesses, including Estonia’s banking infrastructure. Cash machines were cut off and 97 percent of banking transactions were blocked, putting commerce at a virtual standstill.
2014: “The Fappening” Apple iCloud Celebrity Nude Photo Hack
It’s puerile and probably didn’t do anything except boost the careers of the people who were attacked, but the 2014 exploit that exposed (in the most literal way) nearly 500 private photos of different celebrities made a huge splash and showed everyone that personal passwords actually matter.
The breach was made in Apple’s iCloud storage system, but not because of any flaw in Apple’s security. Instead, the hackers guessed, brute-forced, or social-engineered access to backups of celebrity iPhone accounts. Their racy selfies soon littered the Internet as a warning to anyone who might ever think of picking an easy password.
1999: “Melissa” Macrovirus Infection of MS Word
If you recognized Melissa, you’ve been in the cybersecurity field for quite a while. The 1999 virus was one of the first major macrovirus infections—programmed not using conventional coding languages, but instead in the increasingly powerful macro recording pseudo-language built into Microsoft Word.
What made Melissa scary was that it used that language to spread itself—it mass-mailed copies of infected documents to recipients found in the Outlook address book of any hapless infectee.
2008: “Conficker” Worm Attack of Windows OS
Conficker might have been the first modern worm attack when it was detected in November of 2008. It used a number of technically sophisticated techniques to infect Windows machines around the world and quickly became the largest computer worm infection since 2003.
The worm became so prevalent that even as recently as 2015, despite heavy efforts to eradicate it, as many as half a million Internet-connected machines remained infected.
2013: DDoS Attack on Holland-Based Spamhaus Anti-Spam Website
Distributed Denial of Service attacks are not particularly high-tech but that doesn’t make them any less of a threat to cybersecurity operations. Millions of network requests per second can bring down even the most secure server if the network isn’t configured to handle them. There may be no actual compromise, but that’s not much consolation when business starts grinding to a halt.
The DDoS that hit Dutch anti-spam website Spamhaus in 2013 has since been eclipsed, but at the time it occurred, it was a revelation. Hackers were going after security providers themselves, and they pulled out the big guns to go after Spamhaus.
When the company went with outside resources to defend itself, things got even more wicked—attackers went directly after bandwidth providers, affecting a substantial portion of the European Internet at one point.
2010: Stuxnet Hack of PLCs in Iranian Nuclear Centrifuges
China isn’t the only country that has made use of offensive hacking operations to engage in espionage or sabotage of global rivals. In 2010, a worm was discovered in the wild that appeared to monitor and infect a very specific type of Programmable Logic Controller. Curious researchers soon identified those PLCs as being used in centrifuges that were being used by Iran as part of its nuclear program.
Those centrifuges had been failing in record numbers—and almost only in Iran, immediately suggesting a targeted attack.
Dissection of the worm’s code revealed considerable sophistication, including exploitation of several previously unrevealed zero-day bugs in Microsoft software.
Suspicion immediately fell on U.S. and Israeli intelligence agencies, but both countries have denied involvement.
2010: Chinese Compromise U.S. Defense Contractors and Military Systems
Some cybersecurity experts believe China has been engaged in cyberwarfare as far back as 2007, but beginning in 2010, China went all-in on cyberespionage against the United States, with devastating results. Operation Aurora, as American experts dubbed it, compromised Google and at least 20 other companies including defense contractors.
Separated out into unique events, a number of these hacks are so big they would end up with their own spots on the list, such as the 2015 hack of the Office of Personnel Management that exposed personal data for 4 million government employees or the likely compromise of CIA networks between 2010 and 2012 that resulted in the capture or death of 18 to 20 CIA operatives.
Taken together, however, they represent an unprecedented campaign veering between cyberespionage and outright electronic warfare that remains a primary threat for any Western cybersecurity professional.
2016: Democratic National Committee e-Mail Hack
This attack is interesting because the investigation remains ongoing and the effects are still in dispute. When and if a full understanding emerges of who all the players were, if they worked on behalf of the Russian government, who they may have colluded with in the U.S., and what the ultimate intent was, this could prove to be the greatest hack of all time. Pretty safe to say that a hack that changed the course of a U.S. presidential election would easily earn that distinction.
Because it happened so recently, and the effects remain so bitterly politically contentious, very little is known about the mechanisms and operation behind the attack that compromised the e-mail systems of the Democratic National Committee. In fact, cybersecurity professionals have to contend with the possibility that some part of what has been publicly circulated about the hack is actually disinformation intentionally designed to distract from the truth… whatever the truth might be.
Either way, this type of operation can be seen as the future of operational cyberwarfare and demands careful study.