The biggest hacking fails of all time

In this 3-part series, expertIP is exploring the good, the bad and the ugly of network security. This post covers the ugly – or hacking attempts gone wrong

Share this article:

Hercules … Othello … Voldemort …

They all had fatal flaws that led to their demise. However, fatal flaws are not just part of the literary realm. In network security, a fatal flaw can bring down even the most talented hacker.

Here are five of biggest hacking fails of all time, along with the fatal flaw that ultimately caused the fail.

Idealism: Shahee Mirza, Hacker Behind the Rapid Action Battalion Website Attack

The scheme: In 2008, Mirza and his associates hacked the website of the Bangladesh elite security force, Rapid Action Battalion. When people visited the infected site, they were greeted with a political message stating that the government wasn’t taking enough steps to develop IT in the country, although it had passed a law against cybercrime. The message also referred to the hackers as “GINIOUS”. Unfortunately, a banner on the website also said, “HACKED BY SHAHEE_MIRZA,” which wasn’t a very “GINIOUS” move. Mirza and his team were arrested the following day, and he faced 10 years in a Bangladesh federal prison.

Lesson learned: If you want to make a political statement, don’t hack a website that features images of guys with guns.


Delusion: Jesse William McGraw, Double Agent

The scheme: In 2009, McGraw was a security guard at the North Central Medical Plaza in Dallas. During one of his night shifts, he made a video, complete with James Bond music, in which he pretended to be a spy who broke into the building on a covert mission. Although the break in was pretend, the video showed him installing malicious botnet software on systems throughout the medical plaza.

He posted the video on YouTube, along with another video in which he displayed a fake FBI badge with his photo. The real FBI found the videos and arrested him. McGraw pled guilty in 2010 and was sentenced to 110 months in prison. He was also ordered to pay restitution to the medical plaza.

Lesson learned: Next time you want to play double agent, brush up on your James Bond first.


Blind Trust: Bitchchecker, Wiped Out Own Hard Drive in Failed Hacking Attempt

The scheme: This transcript shows a chat between two rivals, bitchchecker and Elch. Bitchchecker threatens that he has a program that will allow him to enter Elch’s IP address and wipe his hard drive. Bitchchecker then asks for the IP address so he can make this happen.

Elch gives him an IP address, and bitchchecker taunts, “elch man you’re so stupid never give your ip on the internet.” However, the IP address is a loopback address that points back at bitchchecker’s computer. Seconds later, bitchchecker is gone.

Lesson learned: Know who you’re up against.


Forgetfulness: Eduard Lucian Mandru, Hacked Into the U.S. Department of Defense

The scheme: Mandru, a Romanian student, hacked the U.S. Department of Defense’s computer system in 2006. He covered his tracks so well that the crime stumped investigators for years. Their only clue was a email address. However, in 2009, Mandru started posting the same email address with his resume on popular job boards, which led to his arrest.

Lesson learned: Keep your day job separate from your night job.


Ego: Samy Kamkar, Creator of the Samy MySpace Worm

The scheme: Kamkar created the famous Samy Worm, which infected over a million MySpace accounts during a 20-hour period in 2005, making it one of the fastest-growing malware attacks of all time. The worm inserted “Samy is my hero” at the end of every victim’s profile. When someone viewed an infected profile, they would also pick up the worm. In addition, the Worm would automatically send a friend request to Kamkar, which gave him one million new MySpace friends.

Kamkar later boasted about the attack on his blog and posted a photo of him standing in front of a car with the license plate number visible. Six months after his worm crashed MySpace, he was arrested. Kamkar pled guilty and was placed on probation for three years, as well as banned from using a computer for two years. He was also ordered to perform community service and pay restitution to MySpace.

Lesson learned: What you post on social media can come back to haunt you.


Desperation: Michael Buen, Author of the WM97/Michael-B Word Macro Virus

The scheme: Buen wrote a Word macro virus that would print copies of his resume at infected stations. If someone opened an infected Word file on Fridays at the end of the month, the virus would interrupt print jobs by running copies of Buen’s resume. A warning at the end of the print read, “If I don’t get a stable job by the end of the month, I will release a third virus that will remove all folders in the primary hard disk.”

Although Beun was also associated with the Love Bug email worm in 2000, he could not be prosecuted, as the Philippines had no laws pertaining to hacking at the time.

Lesson learned? An article on states that Buen was offered a choice position with a US-based security company.

Prepare to fight the network security villains of the future by reading “The Next Generation of Cybercrime: How it’s evolved, where it’s going.”

Share this article:
Comments are closed.