In this 3-part series, expertIP is exploring the good, the bad and the ugly of network security. This post looks at the bad – network security villains who have accomplished extreme feats of hacking, breaking into systems that were thought impenetrable and alluding authorities. (Read part one, about the 3 biggest network security superheroes, here.)
It seems like a high-profile network security breach is making headlines daily. Although all of these breaches put businesses and consumers at risk, some of the hackers behind these breaches have taken cyber attacks to new levels.
Here are five of the most notorious hackers of all time:
Operation Shady RAT
Operation Shady RAT is the mother of all hacking syndicates. Since 2006, the group has launched targeted attacks against at least 75 global organizations, including the International Olympic Committee and the United Nations. The group has stolen highly-sensitive data, such as government secrets, legal contracts and email archives.
A report by Vanity Fair cited Operation Shady RAT as “among the most significant and potentially damaging acts of cyber-espionage yet made public.” Dmitri Alperovitch, vice president of threat research, McAfee, called attacks by other high-profile hackers, such as Anonymous and LulzSec, “just nuisance,” compared to Operation Shady RAT.
In 2009, Operation Aurora launched targeted cyber attacks against dozens of high-profile organizations including Google, Symantec, Adobe Systems and Dow Chemical. The attackers used malware and exploited a vulnerability in Microsoft Internet Explorer to gain access to these highly-secure systems. They also employed layers of encryption to protect their identities.
At the time of the attacks, Dmitri Alperovitch, vice president of threat research, McAfee, said, “We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack. It’s totally changing the threat model.”
Although the Anonymous hacking collective developed in 2003, it didn’t come to the public’s attention until 2008 – when it posted an internal Church of Scientology video starring Tom Cruise to YouTube. When the church asked them to remove the video, they responded by launching attacks against Scientology websites and releasing its private documents to the public. In addition to the cyber attacks, Anonymous members also staged protests in front of Scientology centers.
What makes Anonymous different from other hacking groups is that they claim to perform attacks to draw attention to issues such as freedom of speech and government hypocrisy. Anonymous “hacktivists” have attacked a number of global organizations that they felt were impeding free speech, such as the FBI, Sony and the Motion Picture Association of America. The collective has also been involved with protests such as Occupy Wall Street.
Anonymous has spawned other hacking groups, such as LulzSec, whose high-profile victims include the CIA, PBS and FOX.
Before today’s global hacking collectives, there was Kevin Poulsen, a computer programmer by day and “the Hannibal Lecter of computer crime” by night. In the late 1980s and early 1990s, Poulsen hacked federal computers and the US Department of Defense’s network. However, he is best known for taking over the telephone lines of a Los Angeles radio station, to ensure that he was the winning caller for phone-in contests.
The authorities captured Poulsen shortly after he appeared on an episode of Unsolved Mysteries in 1991. He was sentenced to five years in prison, which at the time was the longest sentence ever given in the U.S. for hacking.
Since his release, Poulsen has become a respected journalist, who has broken a number of high-profile network security stories. He is currently the news editor at Wired.com and the co-founder of its Threat Level blog.
Complex Magazine referred to Mitnick as “the godfather that all these other (hacker) dudes have on their jail cell walls.”
From his humble beginnings of scamming the Los Angeles bus system to get free rides, Mitnick moved on to hacking into dozens of computer systems and earning the title of “the most wanted computer criminal in United States history” by the US Department of Justice.
Mitnick was first arrested in 1988 after hacking into Digital Equipment Corporation’s system and stealing software. He was sentenced to a year in prison followed by three years of supervised release. Towards the end of his release, Mitnick hacked into Pacific Bell’s computer system, which led the FBI to issue a warrant for his arrest.
Mitnick spent two and a half years as a fugitive and was the first hacker to appear on an FBI most wanted poster. According to his bio, Mitnick “gained unauthorized access to computer systems at some of the largest corporations on the planet and penetrated some of the most resilient computer systems ever developed.” His victims included Nokia, Sun Microsystems and Motorola.
The FBI captured Mitnick in 1995. After serving five years in prison, Mitnick started an information security consulting firm, Mitnick Security Consulting LLC. He is also an author and speaker.
The movies Take Down and Freedom Downtime document Mitnick’s career as a hacker.
Prepare to fight the network security villains of the future by reading “The Next Generation of Cybercrime: How it’s evolved, where it’s going.”