The Greatest Computer Hacks

Vandalism, Theft, and Cleverness on a Large Scale

By Paul Gil
Internet Basics Expert

Hacking is about manipulating and bypassing systems to force them to do the

unintended.
While most hackers are benign hobbyists, some hackers do inflict terrible
widespread damage and cause financial and emotional hurt. Victimized companies
lose millions in repair and restitution costs; victimized individuals lose their jobs,
their bank accounts, and even their relationships.
So what are examples of large-scale hacks that wreaked this much havoc?
What are the greatest hacks of recent history?
With 'greatest' being synonymous with 'harshest', About.com has assembled a list
of noteworthy hacks from the last 20 years. As you read this list below, you will
certainly want to reconsider your own password practices. We've enclosed some
strong suggestions at the bottom of this article to help you reduce the risk that you
too will be hacked one day.

Ashley Madison website hack. Peter Cade / Getty

1. Ashley Madison Hack 2015: 37 Million Users
The hacker group Impact Team broke into the Avid Life Media servers and copied the
personal data of 37 million Ashley Madison users. The hackers then incrementally

released this information to the world through various websites. The shameful
impact to people's personal reputations has had ripples across the world, including
claims that user suicides followed after the hack.
This hack is memorable not only because of the sheer publicity of the impact, but
because the hackers also earned some fame as vigilantes crusading against
infidelity and lies.
Read more about the Ashley Madison breach:

Rob Price describes the impacts of the Ashley Madison hack scandal

Callum Paton tells us how you can check if your spouse was affected by the
hack

Krebs on Security describes how the hack transpired

Ads
Bitrix24 Is 100% Free
bitrix24.com/Unified_Communication
Bitrix24 Is World's #1 Free Unified Communication Platform. Learn More
Start Download Now
www.audiotoaudio.com
Audio to Audio Converter Convert Various Audio Files & More!

Conficker worm malware: still infection 1 mil computers per year. Steve Zabel /
Getty
2. The Conficker Worm 2008: Still Infecting a Million Computers a Year

While this resilient malware program has not wreaked irrecoverable damage, this
program refuses to die; it actively hides itself and then nefariously copies itself to
other machines. Even more frightening: this worm continues to open backdoors for
future hacker takeovers of the infected machines.
The Conficker worm program (aka 'Downadup' worm) replicates itself across
computers, where it lies in secret to either a) convert your machine into a zombie
bot for spamming, or b) to read your credit card numbers and your passwords
through keylogging, and transmit those details to the programmers.
Conficker/Downadup is a very smart computer program. It defensively deactivates
your antivirus software in order to protect itself.
Conficker is noteworthy because of its resilience and reach; it still travels around the
Internet 8 years after its discovery.
Read more about the Conficker/Downadup worm program:

Kelly Burton describes the technical side of the Conficker worm

How to detect and remove Conficker from your computer

Symantec can also remove the worm for you

Stuxnet worm set back Iran's nuclear program by years. Getty

3. Stuxnet Worm 2010: Iran's Nuclear Program Blocked
A worm program that was less than a megabyte in size was released into Iran's
nuclear refinement plants. Once there, it secretly took over the Siemens SCADA
control systems. This sneaky worm commanded over 5000 of the 8800 uranium
centrifuges to spin out of control, then suddenly stop and then resume, while
simultaneously reporting that all is well. This chaotic manipulating went on for 17
months, ruining thousands of uranium samples in secret, and causing the staff and
scientists to doubt their own work. All the while, no one knew that they were being
deceived and simultaneously vandalized.

This devious and silent attack wreaked far more damage than simply destroying the
refining centrifuges themselves; the worm led thousands of specialists down the
wrong path for a year and half, and wasted thousands of hours of work and millions
of dollars in uranium resources.
The worm was named 'Stuxnet', a keyword that was found in the code's internal
comments.
This hack is memorable because of both optics and deceipt: it attacked a nuclear
program of a country that has been in conflict with the USA and other world powers;
it also deceived the entire nuclear staff for a year and a half as it performed its
nasty deeds in secret.
Read more about the Stuxnet hack:

Stuxnet: a modern digital weapon?

Stuxnet was like a Tom Clancy novel

The real story of Stuxnet

Ads
Start Download
www.allin1convert.com
Convert 50+ Files On-line Free All in One Converter!
Start Download
www.videodownloadconverter.com
Download Videos To Your Desktop & Convert To Any Format - All Free!

Home Depot hack, 2014: over 50 million credit card numbers. Raedle / Getty

4. Home Depot Hack 2014: Over 50 Million Credit Cards

By exploiting a password from one of its stores' vendors, the hackers of Home Depot
achieved the largest retail credit card breach in human history. Through careful
tinkering of the Microsoft operating system, these hackers managed to penetrate
the servers before Microsoft could patch the vulnerability.
Once they entered the first Home Depot store near Miami, the hackers worked their
way throughout the continent. They secretly observed the payment transactions on
over 7000 of the Home Depot self-serve checkout registers. They skimmed credit
card numbers as customers paid for their Home Depot purchases.
This hack is noteworthy because it was against a monolithic corporation and
millions of trusting customers.
Read more about the Home Depot hack:

How CEO Frank Blake responded to his chain of stores getting hacked

The Wall Street Journal describes the hack here

The Home Depot hack is now an official case study

Spamhaus: nonprofit protection against spammers and hackers. screenshot

5. Spamhaus 2013: the Largest DDOS Attack in History
A distributed denial of service attack is a data flood. By using dozens of hijacked
computers that repeat signals at a high rate and volume, hackers will flood and
overload computer systems on the Internet.
In March of 2013, this particular DDOS attack was large enough that it slowed the
entire Internet across the planet, and completely shut down parts of it for hours at a
time.

The perpetrators used hundreds of DNS servers to 'reflect' signals repeatedly,

amplifying the flood effect and sending up to 300 gigabits per second of flood data
to each server on the network.
The target at the center of the attack was Spamhaus, a nonprofit professional
protection service that tracks and blacklists spammers and hackers on behalf of
web users. The Spamhaus servers, along with dozens of other internet exchange
servers, were flooded in this 2013 DDOS attack.
This DDOS hack is noteworthy because of the sheer scale of its brute force
repetition: it overloaded the Internet's servers with a volume of data that had never
been seen before.
Read more about the Spamhaus attack:

The New York Times describes the DDOS attack

A London teenage hacker pleads guilty to being one of the DDOS hackers

Meet Spamhaus, the anti-spam service who was the prime target of the
DDOS attack.

Ads
Download For Free Movies
www.filmfanatic.com
Get Showtimes & Watch Movies Free Download Movies w/ Film Fanatic!

eBay: the world's largest marketplace. Bloomberg / Getty Images

6. eBay Hack 2014: 145 Million Users Breached
Some people say this is the worst breach of public trust in online retail. Other says
that it was not nearly as harsh as mass theft because only personal data was
breached, not financial information.

Whichever way you choose to measure this unpleasant incident, millions of online
shoppers have had their password-protected data compromised. This hack is
particularly memorable because it was very public, and because eBay was painted
as weak on security because of their slow and lackluster public response.
Read more about the eBay hack of 2014:

BGR describes how the eBay hack transpired

eBay does not win any points with its sluggish response to the breach

Here's eBay's blog response

JP Morgan Chase was hacked. Andrew Burton / Getty

7. JPMorgan Chase Hack, 2014: (76 + 7) Million Accounts
In the middle of 2014, alleged Russian hackers broke into the largest bank in the
USA and breached 7 million small business accounts and 76 million personal
accounts. The hackers infiltrated the 90 server computers of JPMorgan Chase and
viewed personal information on the account holders.
Interestingly enough, no money was looted from these account holders. JPMorgan
Chase is not volunteering to share all the results of their internal investigation. What
they will say is that the hackers stole contact information, like names, addresses,
email addresses and phone numbers. They claimed that there is no evidence of
social security, account number, or password breach.
This hack is noteworthy because it struck at people's livelihoods: where they store
their money.
Read more about JPMorgan Chase hack:

The New York Times tells the story of the hack

The UK Register tells us that server technicians failed to upgrade one of its
servers that allowed the hack

Here is the official report documentation from the S.E.C.

Melissa email virus 1999. screenshot

8. The Melissa Virus 1999: 20% of the World's Computers Infected
A New Jersey man released this Microsoft macro virus into the Web, where it
penetrated Windows computers. The Melissa virus masqueraded as a Microsoft
Word file attachment with an email note 'Important Message from [Person X]. Once
the user clicked on the attachment, Melissa activated itself and commanded the
machine's Microsoft Office to send a copy of the virus as a mass mailout to the first
50 people in that user's address book.
The virus itself did not vandalize files or steal any passwords or information; rather,
its objective was to flood email servers with pandemic mailouts.
Indeed, Melissa successfully shut down some companies for days at a time as the
network technicians rushed to clean their systems and purge the pesky virus.
This virus/hack is noteworthy because it preyed on people's gullibility and the
current state weakness of antivirus scanners on corporate networks. It also gave
Microsoft Office a black eye as a vulnerable system.
Read more about Melissa virus:

1999: Melissa wreaks havoc on the Web

How Melissa works

What can we learn from Melissa?

LinkedIn hack 2016: 164 million accounts breached. screenshot

9. LinkedIn 2016: 164 Million Accounts
In a slow-motion breach that took four years to reveal, the social networking giant
admits that 117 million of their users had their passwords and logins stolen back in
2012, to later have that information sold on the digital black market in 2016.
The reason this is a significant hack is because of how long it took for the company
to realize how badly they had been hacked. Four years is a long time to find out
you've been robbed.
Read more about the LinkedIn hack:

CNN Money describes the incident

LinkedIn publicly responds to the 2012 hack

Anthem health care: 78 million users hacked. Tetra / Getty

10. Anthem Health Care Hack 2015: 78 Million Users
The second-largest health insurer in the USA had its databases compromised
through a covert attack that spanned weeks. Details of the penetration are not
being volunteered by Anthem, but they do claim that no medical information was
stolen, only contact information and social security numbers.
No harm has been yet identified for any of the compromised users. Experts predict
that the information will one day be sold via online black markets.

As a response, Anthem is providing free credit monitoring for its members. Anthem
is also considering encrypting all their data for the future.
The Anthem hack is memorable because of its optics: another monolithic
corporation fell victim to a few clever computer programmers.
Read more about the Anthem hack here:

Anthem responds to their customer questions about the hack

The Wall Street Journal describes the Anthem hack

More details about the Anthem hack and their response.

Updated July 16, 2016.

Sony Playstation network: 77 million users hacked. Djansezian / Getty

11. Sony Playstation Network Hack 2011: 77 Million Users
April 2011: intruders from Lulzsec hacker collective cracked open the Sony
database at their Playstation Network, revealing the contact information, logins, and
passwords to 77 million players. Sony claims that no credit card information was
breached.
Sony took down its service for several days in order to patch holes and upgrade
their defenses.
There has been no report that the stolen information has been sold or used to harm
anyone yet. Experts speculate that it was a SQL injection attack.
The PSN hack is memorable because it affected gamers, a culture of people who are
computer-savvy fans of technology.
Read more about the Sony PSN hack here:

Extremetech describes how Sony PSN was hacked

How SQL injection works

Ads
Start Download Now
www.audiotoaudio.com
Audio to Audio Converter Convert Various Audio Files & More!
Start Download
www.allin1convert.com
Convert 50+ Files On-line Free All in One Converter!

Heartland hack 2012: 110 million users. PhotoAlto / Gabriel Sanchez / Getty
12. Global Payments 2012 Hack: 110 Million Credit Cards
Global Payments is one of several companies that handle credit card transactions
for lenders and vendors. Global Payments specializes in small business vendors. In
2012, their systems were breached by hackers, and information on people's credit
cards was stolen. Some of those users have since had their credit accounts
defrauded with dishonest transactions.
The signature system of credit cards in the USA is dated, and this breach could have
easily been reduced if credit card lenders would invest in using the newer chip cards
that are used in Canada and the UK.
This hack is noteworthy because it struck at the daily routine of paying for goods at
the store, shaking the confidence of credit card users around the world.
Read more about the Global Payments hack:

CNN Money describes the GPN hack

How hackers use DoS and SQL injections

Heartland payment processor was also hacked in 2009 before merging with
Global Payments

How to Make a Killer Password. E+ / Getty

13. So What Can You Do to Prevent Getting Hacked?
Hacking is a real risk that all of us must live with, and you will never be 100%
hacker-proof in this age.
You can reduce your risk, though, by making yourself harder to hack than other
people. You can also reduce the impact of when you do get hacked by implementing
different passwords for your different accounts.
Here are some strong recommendations to reduce your online identity exposure:
1. Check to see if you've been hacked and outed at this free database.
2. Make the extra effort to design strong passwords as we suggest in this tutorial.
3. Use a different password for each of your accounts; this will substantially reduce
how much of your life a hacker can access.
4. Consider adding two-factor authorization (2FA) to your Gmail and other main
online accounts.
5. Consider subscribing to a VPN service to encrypt all of your online habits.