Welcome back to this third and last part of the series on the history of hacking. I ended the last part with a story about the remote hacking and destroying of a generator back in 2007 as a teaser for the first subject of this last article in the series – the Stuxnet hack.
Much has been written and theorized about the background and goal of the Stuxnet hack, so I will refrain from diving into those. The Stuxnet worm was initially discovered by Sergey Ulasen in the beginning of 2010. After the worm escaped its initial target, the Iranian Nuclear program and rapidly started to spread around the world. Over the summer the various antivirus companies started to get inside the most complex piece of code they had ever seen. And because some of the code was related to Siemens PLC systems, it was not until late in the summer of 2010, that the public became fully aware of potential of the Stuxnet worm.
Stuxnet represented the first time that a cyber weapon – that we know of – was used against another state, causing physical damage. The geo-political consequences are still being felt around the world, most notably in Ukraine, which have had their electrical systems shut of and sabotaged by Russia multiple times over the past decade. Iran retaliated for the attack on their nuclear program with DDOS attacks against some US banks, notably: JP Morgan Chase, Bank of America, and Wells Fargo. Iran is at least ‘credited’ with these attacks since attribution is as difficult as it is on the Internet.
This brings us to 2012 and my own favorite Anonymous story. Hunter Moore ran a website called isanyoneup.com, where pictures were shared of naked men and women without their consent. These people where then subjected to the vilest shaming imaginable. The website was eventually shut down, but Hunter Moore was apparently planning to publish a new website, with the pictures from the old website as the basis. Anonymous found out and went on attack against Hunter Moore. They hacked and wiped his servers, got into his banking account, and reportedly donated the money to a women’s abuse shelter. They even got him declared dead in the state of California. The hack destroyed his ability to use the pictures from the old website on any new ventures he had in mind. Eventually the FBI arrested him, and he got to serve 2½ years in jail.
In 2014 North Korea got in on the geo-political hacking game, when Sony Pictures announced the release of the movie: Then Interview, where part of the story is an assassination of the leader of North Korea. North Korea reacted by hacking Sony pictures stealing enormous amounts of data and wiping most of the computing infrastructure at Sony. Among the data stolen were movies not released to the public yet. Because this was a nation state attack against company they disagreed with, the story eventually developed to a level where the then President Barack Obama had to comment on the incident. Because North Korea threatened movie theaters with violence, the move got cancelled for a while, prompting even more political turmoil due to the issue of free speech, and bowing to pressure from a foreign government.
The Shadow Brokers appear on the hacking scene in the summer of 2016, in a big way, by announcing the release of hacking tools from The Equation Group, a unit suspected of being tied to the NSA. The exploits and vulnerabilities they release are across enterprise firewalls, antivirus programs, and Microsoft products. If you, like me, are a massive Mass Effect fan, you might suspect the name of the group Shadow Brokers refers to a character in the games. I do and I am not alone. Until then, many of the exploits and vulnerabilities in the leaks were unknown to the vendors behind the enterprise firewalls and Microsoft. I have previously written about the ethics of the zero-day trade here on Cybersecurity Magazine. I recommend you read that article for my opinion on this trade. Let’s just say, it is not a positive one.
One of the vulnerabilities in the shadow broker leaks is known as EternalBlue that compromises the Server Message Block (SMB) in Windows. This vulnerability is being used in the Not Petya attack of 2017. Not Petya starts in Ukraine, by attacking a tax program in wide use in Ukraine. The suspicion is that Not Petya is an attack by Russia on Ukraine, unfortunately the attack spreads around the world, and Not Petya is a destructive worm, meaning that the encryption that is used on clients and servers, cannot be decrypted. Many, many companies around the world get infected by Not Petya, including, for example, DHL, FedEx, and Maersk Line.
The reason for highlighting these companies, is they are heavily involved transportation. Just imagine the cost to their customers in late delivery of materials. I do not think the full cost of the Not Petya attack can be fully estimated. The US has estimated a cost of more than 10 billion USD, as the global cost of a geo-political cyber-attack.
Back in February 2016, we see the first known attack on a national bank, with the attempted transfer of almost 1 billion USD from the national bank of Bangladesh to accounts in Sri Lanka and the Philippines. Fortunately, not all the money was transferred successfully, but the bank lost some 101 million USD to the attacks. This is the first time we see an attack that successfully compromises the international SWIFT system, used to transfer money between banks. You can find a link to a documentary on YouTube with more details on this attack in references section at the end of this article.
At this point in time, the hacks done by the various groups in it for the money turns to ransomware attacks. There is still the classical hacking to steal data going on, but since money is the main motivator for non-governmental hackers, they turn to the techniques providing most profit, ransomware. Try thinking back a year. How many ransomware attacks can you remember seeing in the news, bot nationally and internationally? I can remember dozens and there are undoubtedly many more that never got reported. It is because of this proliferation of successful attacks that we see an increase in regulation around the world. And with the consequences we saw for the Not Petya attack politicians cannot be seen to stand by and do nothing.
And still our governments are using cyber-attacks against each other to gather data or gain advantages in negotiations. These kinds of hacks are more shadowy, with almost no information in the public domain. It will likely be decades before we see any information on the current cyber fighting between nations unless there are any major leaks.
This brings me to the end of this third article on the history of hacking. I am sure you have noted that there are less name dropping in this one, compared to the first two articles. Contrary to the first few daces of hacking, the new generation of hackers have gotten better at hiding and cloaking their attacks. There are a few names on nation state hackers out there, but for the more underground hacker groups we have a lot fewer names. You will find names in most of the books mentioned in the closing section. I hope you have enjoyed this introduction, to the massive amount of history surrounding hacking.
- Hackers Heroes of the Computer revolution – Steven Levy
- The Hacker Crackdown – Bruce Sterling
- Worm – Mark Bowden
- Sandworm – Andy Greenberg
- Hacker, Hoaxer, Whistleblower, Spy – Gabriella Coleman
- We are Anonymous – Parmy Olson
- Russian Cyber Operations – Scott Jasper
- This Machine Kills Secrets – Andy Greenberg
- This is how they tell me the world ends – Nicole Perlroth
- The Hacker and the State – Ben Buchanan
- Countdown to Zeroday – Kim Zetter
- Dark Market – Misha Glenny
- Spam Nation – Brian Krebs
- The Hacked World Order – Adam Segal
- Dark Territory – Fred Kaplan
- Underground – Suelette Dreyfus
- Anonymous Documentary – https://www.youtube.com/watch?v=bC1ex2zRCYA&t=2002s
- The Hacker wars – https://www.youtube.com/watch?v=ku9edEKvGuY&t=1730s
- Web Warriors – https://www.youtube.com/watch?v=Ut6VqRx4gQQ
- Hacked, The Bangladeshi Bank Heist – https://www.youtube.com/watch?v=p3O3BbqE9SE
- Kevin Mitnick, A Hackers Story – https://www.youtube.com/watch?v=Qe73tRTksf0
- Cyberwar Threat – https://www.youtube.com/watch?v=i9CSaAKE_Gk&t=311s
- The Most Dangerous Town on the Internet – https://www.youtube.com/watch?v=un_XI4MM6QI&t=310s
- WANNACRY: The World’s Largest Ransomware Attack – https://www.youtube.com/watch?v=PKHH_gvJ_hA
- Guardians of the new World – https://www.youtube.com/watch?v=jUFEeuWqFPE&t=558s
- Cyber Warfare: Fighting The Crimes Of The Future – https://www.youtube.com/watch?v=if-SeCjE0e4
- Hacking group The Realm and Electron – https://www.youtube.com/watch?v=GcnkEPTy3QI
- Code 2600 – https://www.youtube.com/watch?v=I_dBupEUn24&t=2432s
- The Most Hated Man on the Internet – Netflix
Tom Madsen has been active in the cybersecurity industry for more than 20 years. Tom graduated from the University of Aalborg and covered several technical roles in security during his professional career. He is certified as CISSP, CISA, CISM, CGEIT, CRISK, CCSP, CDSPE and CSSLP, and has published the book "The Art of War for Cybersecurity". He is currently writing a book 'Security Architecture - How & Why'.