When you hear "hacker," what comes to mind? Is it the popularized image of an unknown hooded figure stealing identities from an eerie basement? The truth is that hacking, just like technology, has transformed into a wildly scary and yet, also extremely intriguing subject that continues to evolve. But how did hackers come about?
It all began at the Massachusetts Institute of Technology (MIT) in 1959 as a group of students in the Tech Model Railroad Club tested the limits of their model train sets. The club members broke into the high-tech system that controls the trains to modify their functions and control the lanes and switches. These computer wizards called themselves hackers, but the event proved to be a harmless attempt to explore and improve the limits of the existing program.
Today, hacking is synonymous with illegally accessing a system or device. Hackers gain access through various tactics, ranging from technical, like viruses or malware, to social engineering, a method involving psychological tricks that get the victim to click on an attachment or share personal data with the hacker.
Let's take a closer look at how hackers have used technical and social engineering tactics to pull off these five major hacks.
1. Citibank
In 1994, Vladimir Levin engineered the first big-money heist by hacking into Citibank's telephone and computer systems and stealing $10 million.
The hack occurred around the time that many banks were going digital to lower costs and improve customer access. This called for fewer physical branches and human tellers and more electronic services.
Citibank in New York was among these banks that were switching to the new cash management system, which allowed for electronically transferring money to other banks worldwide.
Levin and his small team of hackers in St. Petersburg, Russia, hijacked this system and managed to steal account credentials like passwords and account numbers from customers as they told their information to Citibank representatives over the phone. Levin then used the credentials to electronically transfer the money to several untraceable accounts worldwide. After being caught, Levin received a three-year sentence in prison, and all but $400,000 of the $10 million was recovered.
This first online bank robbery attempt was a wake-up call for the financial industry and left the world shocked by the advancements in cybercrime and technology.
2. The Melissa Virus
In 1999, an email became the fastest-spreading virus that served as an inspiration for future viruses and a warning about the importance of online security.
The Melissa virus was a mass-mailing virus that targeted Microsoft Word and Outlook-based systems. David Lee Smith, the programmer behind the Melissa Virus, used social engineering tactics by sending the virus as an email attachment with the subject line: "Important Message from [the sender's username]" and a List.Doc attachment that was supposed to contain a list of passwords for different websites that required memberships.
Instead, the document contained a Visual Basic Script that, when users opened it, would disable several safeguards in Microsoft Word. And that's not even the worst of it. If the user had the Microsoft Outlook email program, the virus sent itself to the first 50 people in the user's address book. This allowed the virus to disable large corporate mail servers.
While no sensitive information was leaked or stolen, it's estimated to have impacted 20 percent of the world's computers at the time, causing over $80 million in damages and disrupting several businesses for several days as they tried to wipe the virus out of their systems. Smith was sentenced to 20 months in federal prison and fined $5,000.
3. Sony's Playstation Network
In 2011, Sony's Playstation Network became the victim of a targeted distributed denial-of-service (DDoS) attack, which uses hundreds or thousands of bots to take over control and make it impossible for service to be delivered. For the Playstation Network System, personal information, including names and addresses of around 77 million people with an account, had been stolen. The hack forced the network to shut down for over 20 days, locking out gamers and resulting in a loss of around $171 million.
The attacks came from a famous hacking group known as Anonymous. The "hacktivist" group was upset at Sony for their lawsuit against the PS3 hacker, George Hotz. Anonymous claimed that they were revolting against Sony for punishing coders who sought to modify their own hardware.
4. Yahoo!
Yahoo may just take the cake for being the continuous victim of data theft hacks. In 2013, a hack compromised three billion Yahoo accounts, including names, security questions, passwords and contact details. To make matters worse, the hack repeated itself in 2014, with another 500 million accounts hacked. Yahoo has won the title of the largest single entity to be hacked in internet history.
A group of Russian hackers has recently been identified behind the attack. They targeted Yahoo's database to steal records and user information through spear-phishing emails sent to Yahoo company employees that baited them into clicking on a link. While it's unclear how many emails were sent, once the hackers got into the network, they targeted Yahoo's user database and the Account Management Tool, which was used to edit the database. Unfortunately for Yahoo, the company failed to disclose the 2014 cyber breach to users, resulting in a $35 million fine and a series of class-action lawsuits.
5. The Spamhaus Project
The Spamhaus Project, an international nonprofit organization that tracks spam and cyber-related threats, ironically faced a large DDoS attack in 2013 that managed to slow down the entire internet, with parts shutting down for hours. The attack generated a stream of over 300 billion bits of data per second, which was such a large quantity that it even knocked Cloudflare, a company specializing in helping organizations stay online amid such attacks offline.
The attacks were the work of Stophaus, a group of individuals that had grievances against Spamhaus for adding their cybercrime enterprises and spam operations to a blocklist. The record-breaking attacks were a lesson on how DDoS attacks can affect a company's websites, mail servers and, ultimately, its entire infrastructure.