The biggest hacks that ever happened

Tips & tricks
10 mins

This article was originally published on February 19, 2016.

The Internet is a battleground. And everyone can see everything you do, all of the time.

‘Everyone’ is a big demographic. You can never know how or why some people might decide to do something. There are those amongst us who do things for good, while others will do it just for the lulz. Some nefarious types may even do something for evil, or simply to watch the world burn.

What makes a person or group want to hack into something? Revenge? Personal gain? Political motivation? We’ve got all those covered. Here are five of the biggest hacks of all time, and one that hasn’t happened yet.

1 – Kevin Lee Poulsen Takes Over the Phone Lines

Kevin didn’t commit the biggest hacks, but he’s certainly one of the biggest hackers around. Back in the day, Lee Poulsen called himself Dark Dante, and he aspired to be a ‘complete’ hacker. So much so that he even taught himself how to pick locks — a skill that may have come in useful after he was arrested and sentenced to five years in prison.

Dark Dante was a notorious hacker, and the FBI was on his case for some time before he was finally apprehended. So serious a threat was he, and so considerable his skills, that he is notorious for being the first American released from prison with a court sentence that banned him from using computers and the Internet. A ban which ran for three years after his sentence had expired.

His most famous hack started when KIIS-FM, an LA-based radio station, decided to give away a Porsche 944 S2 to the 102nd caller of a phone-in competition.

What’s the best was to ensure you’re the 102nd caller? That’s right! Take over the entire radio station’s phone network. Which is precisely what Kevin did. Then he drove off laughing into the sunset.

Not quite. Kevin was a wanted man, and the FBI wanted their man, so the FBI started a manhunt. So high profile was Mr. Poulsen that he ended up appearing on the TV show ‘Unsolved Mysteries’.

Except, when they featured Kevin’s story, the show’s freephone numbers (where people would call to give information on the featured crimes) mysteriously crashed. What are the chances of that?

Kevin learned his lesson and is now an editor at Wired. he also co-invented Securedrop – a platform for secure communication between journalists and their sources.

2 – Albert Gonzalez Stole All The Credit Cards

Between 2005 and 2007, Albert Gonzalez managed to harvest and resell 170 million credit card numbers. That’s not a typo, and to put it into context — it’s half the population of the US.

We recently warned of the perils of an insecure Wi-Fi setup, and Gonzalez’s scam is one of the reasons why.

Armed with just a laptop, Gonzalez would drive up and down the US Route 1 looking for vulnerabilities in public wireless networks. Once he found one, he would attack.

One of his targets, Heartland, reported that it lost $12.6 million in one of Gonzalez’s attacks. And that’s just one of the many companies involved. It’s not known for certain just how many companies Gonzalez hit, or how much he stung them for, as many refused to publish any details about it. We’re not surprised. It’s pretty embarrassing to get stung for something as silly as not changing the password on your Wi-Fi.

Fortunately, in August 2009, Gonzalez was indicted in Newark, New Jersey. And now he’s serving twenty years in a federal prison.

But there are more people like Gonzalez out there, people who have the desire and the skill to hack into your digital life.

Remember to protect yourself before you start doing things with strange and public Wi-Fi connections.

3 – Anonymous Creates Project Chanology to Attack the Church of Scientology

What happens when you cross the most infamous hacking collective in the world with the weirdest religion on the planet?

Project Chanology happens.

Like many things on the Internet, it started on 4Chan. For those that don’t know, 4Chan is an uncensored and anonymous messaging board. If you haven’t been there before and you want to check it out, caution is required: It’s not for the faint hearted.

4Chan is the birthing ground for a great deal of Internet memes and initiatives, but the greatest achievement of the 4Chan boards is the creation of the infamous hacking group Anonymous. Anonymous are a leaderless hacktivist group and possibly the most famous hacker collective that has ever existed.

4Chan kicked off Project Chanology when the Church of Scientology attempted to remove the material from an interview with Tom Cruise, a prominent member of the church, from the Internet.

The Church has a long history of censorship, often with aggressive lawsuits, but the biggest protest movement against them was conducted by Anonymous.

Anonymous don’t like censorship, especially when it comes from a source of power. And they have also been known to bring down a few bullies. The Church of Scientology certainly tick those boxes.

And so Anonymous went to work. The hack started with a YouTube “Message to Scientology” on January 21, 2008. Anonymous expressed their displeasure with the actions of the Church and stated an intent to put it right.

What followed was a series of distributed denial of service attacks (DDoS), prank calls, and black faxes.

The full extent of the damage to the Church of Scientology is not known, as they’re a quiet bunch. But considering the resources Anonymous threw at them, it must have been severe.

Not everything Anonymous does is great, they are just normal people, after all. But they do have the power to do great things – if they are so inclined.

4 – Spamhaus, the Biggest DDoS Cyberattack in History

Spamhaus is an email filtering service that people use to weed out spam emails.

The service is especially popular in the UK, where it runs in the background of many systems that determine whether or not to accept incoming emails.

On March 18, 2013, Spamhaus added Cyberbunker to its list of blacklisted sites. Cyberbunker is a hosting site, and they were taken completely off guard by the move from Spamhaus. Having existing or new customers cut off from your communications is not good for business.

Despite communications, Spamhaus declined to remove Cyberbunker from the blacklist. So Cyberbunker responded in kind: “If you stop us from communicating with our customers, we’ll stop you from communicating with yours.”

And so Cyberbunker hit Spamhaus with a DDoS attack. DDoS attacks work by clogging up a server with false requests for data. Equipment soon gets strained and, if the attack is large enough, may end up shutting down completely.

And oh boy, Cyberbunker’s attack was definitely large enough. It’s fair to say things escalated quickly.

What started as a mild DDoS increased in size exponentially, until at one point Spamhaus was being hit by 300 GBPS (Gigabytes per second).

This hit is so massive it slowed down the Internet across the whole of Europe.

And then Sven Olaf Kamphuis, Cyberbunker’s spokesman CEO went on the run, as he was a wanted man by the Internet police for the DDoS attacks.

Kamphuis was eventually caught and arrested. We’re guessing he didn’t mean to take things quite as far as they went. But as we’ve said before, be careful what you do on the Internet. It could end up coming back to bite you.

5 – The Hacking of Saudi Aramco Affected the Entire Planet

We’ve all heard about the Sony and US government hacks. But they don’t even register in scale compared to the attack on Saudi Aramco.

Saudi Aramco is the biggest company you’ve never heard of. They are a huge oil company from Saudi Arabia, with profits larger than the GDP of most countries. They were also the victim of the biggest corporate hack in history.

The hack began sometime in mid-2012 when someone in Saudi Aramco’s IT team opened a bad link in an email. That was all it took for the hackers to get in.

The actual attack occurred during the Islamic holy month of Ramadan, when many Saudi Aramco employees were on vacation. On Aug. 15, 2012, some employees noticed computers were acting weird. A few screens started to flicker and, more worryingly, files began to disappear. Some computers even shut themselves down without explanation.

The Saudi Aramco IT team soon realized what was happening, and frantically started to unhook all the computers from the Internet. But it was too late.

In just a few hours roughly 30,000 computers were either heavily corrupted or totally destroyed.

Since Saudi Aramco provides ten percent of the world’s oil, this hack could have led to a global disaster. If they lost the ability to deliver on this oil, the effects would certainly be felt around the entire planet.

So Saudi Aramco did the only thing they could: They got out the paper and pens. The whole company went back in time, to the 80s. Reports were done on typewriters, and communications sent via fax.

Saudi Aramco Buy All the Computers in Southeast Asia

Using archaic technology was a short-term fix, but it couldn’t last forever. Saudi Aramco needed to replace all their hardware. And so they did. All at once.

If you bought any computer hardware between September 2012 and January 2013, you had to pay a higher price for it. This is because Saudi Aramco bought everything, which put a huge strain on the computer industry. This isn’t an exaggeration; it’s actually what happened.

Saudi Aramco flew representatives to computer factory floors in Southeast Asia and had them purchase every computer hard drive currently on the manufacturing lines. Saudi Aramco had to pay a hefty premium to jump the queue, and they bought over 50,000 units in one go.

A political group called the “Cutting Sword of Justice” claimed responsibility for the attack. Although, from what we know, no one was ever brought to justice. Most of the details were kept secret–the full extent of the hack is only just filtering through.

It took Saudi Aramco over five months to fully recover from the hack. Fortunately, they were able to continue supplying oil, despite their systems being down. If they hadn’t been able to things could have been far worse.

Hacking isn’t just something that gamers and IT guys have to worry about. It’s a serious threat, for everyone. Even you.

6 – Apple Are Forced to Hack Themselves

In a bizarre twist, potentially the biggest hack of all time hasn’t happened yet. But a court is demanding that it should.

A judge in California recently decreed that Apple should hack themselves.

This all started with the San Bernardino shootings last December. The FBI wants to access one of the perpetrator’s encrypted iPhones, and have ordered Apple to hack it. Apple doesn’t want to do this, as it would potentially open a backdoor for every iPhone out there. Over 700 million iPhones have been sold, so this would be a hack of epic proportions.

So far, this hasn’t happened, and we hope Apple stands against the ruling. It sets a dangerous precedent.

We’re not alone in supporting Apple’s decision, either. Some big hitters have expressed support for Apple – including big time rivals, Google.

Where Do We Go from Here?

A lot of these attacks were perpetrated by skilled hackers, some were just DDoS attacks. But they were all born of different motivation. Attacks can happen at any time, for any reason.

Innocent people got sucked into the mess caused by a few, and these tales are a testament to the fact that anyone could be a victim.

You can limit the risk to yourself with a bit of common sense and some beefing up of your security. Why not take some time out today to check your Wi-Fi settings? And how long is it since you changed your passwords? If it’s been a while, we recommend you get a new one with ExpressVPN’s Random Password Generator.

Maybe it’s time to give your security settings an audit, lest you end up starring in our next blog!

Johnny 5 is the founding editor of the blog and writes about pressing technology issues. From important cat privacy stories to governments and corporations that overstep their boundaries, Johnny covers it all.