Are you safe from a cyber attack? Probably not. You can turn on two-factor authentication, get a password manager, and surf the web via VPN, but if the companies with which you do business are breached, your personal information can quickly wind up on the dark web.
Last year, credit reporting firm Equifax revealed that a breach that went on from mid-May to the end of July 2017 potentially impacted 143 million US consumers. In March, it said another 2.4 million people were possibly affected. The scary thing with that case? There was no way to avoid Equifax obtaining your data.
More recently, Facebook is in the spotlight for a leak that possibly affected up to 87 million people. The social network disputes that the unauthorized sale of data to Cambridge Analytica was a “data breach” in the traditional sense, but your private data ended up in the hands of a shady analytics firm, so you be the judge.
It wasn’t the first security nightmare, and won’t be the last. Over the last few decades, we’ve seen some of the most secure servers in the world breached by black hats. Below, we spotlight the intrusions and leaks that caused serious damage, whether it be financial or informational.
We’re still in the early days of cyberwarfare, with armies trying to figure out the best way to gain strategic advantage in this electronic battlefield. Most Western nations are operating pretty much under the Geneva conventions, not performing overt attacks on other countries’ infrastructure or materials. And then there’s contries like North Korea, who security experts believe were behind an incursion that funneled $81 million out of a bank in Bangladesh using the SWIFT money transfer system.
This was by most accounts the first act of cyber warfare that had a direct financial impact, and with North Korea occupying a precarious place in the world’s economy, it’s not surprising that they’d look for other ways of bringing in funds. The hack used custom malware to spoof SWIFT messages and hide them from inspectors, and it was exceptionally well-constructed, even altering printed and PDF records to conceal the illegal transactions.
Financial data breaches are bad, but you can always get a new debit card. When your health information gets stolen, though, you have way less in the way of options. That’s why the Anthem hack of 2015 was such a big deal. The insurance giant saw tens of millions of client accounts compromised, with birthdates and other personal information released onto the black market.
Thankfully, the files that were illegally accessed did not contain medical case information, however the vulnerability of Anthem’s systems caused some serious panic in the healthcare sector. The company had a $100 million insurance policy in events of data theft, and analysts believe that just notifying the victims will eat up a significant amount of that money.
Gundremmingen Nuclear Plant
In an increasingly networked world, the danger of hackers being able to compromise more than just data is all too real. That became clear in April 2016 when IT staff at the Gundremmingen nuclear plant north of Munich discovered that their systems were infected with malware that could have given outside forces access to a system used for moving highly radioactive nuclear fuel rods.
Luckily for the population of Europe, the compromised machines weren’t connected to the internet, so they couldn’t receive instructions from the malware’s creators. The W32.Ramnit and Conficker programs were also discovered on a number of Flash drives throughout the facility, indicating that they probably came in on physical media and infected systems that way.
JP Morgan Chase
Some of these hacks are dangerous because they strike at a very precise vulnerability, while others earn a place for the sheer scale of the breach. That second category is epitomized by the 2014 JP Morgan compromise, which saw a staggering 76 million households exposed. We expect financial institutions to be vigilant in protecting their data—after all, the Western economy would grind to a halt without them—so when Chase admitted that the intrusion was as big as it was it raised a number of red flags.
Analysts revealed that the breach was committed on a single server that had not been upgraded to two-factor authentication. JP Morgan Chase spends an estimated $250 million yearly on computer security, but when you’re an organization of that scale there are guaranteed to be systems that fall through the cracks.
Weapon Designs Hack
In 2013, cyber warfare became all too real for the Defense Department, when hackers allegedly in the employ of China managed to breach a server and make off with high-tech weapon designs. It sounds like a plotline out of a spy movie, but it really happened, and the ramifications were felt all over the world. Weapons design is one of the ways the West keeps ahead of the competition in the global game of chess that is diplomacy, and losing ground there could be seriously detrimental.
Some of the designs that were swiped include the PAC-3 Patriot missile system, the latest version of our long-running defensive weapon, as well as the Aegis system that the Navy uses for the same purpose. Many military aircraft plans were also stolen, including the F-35 Joint Strike Fighter, the most expensive combat plane ever constructed.
The scary thing about cyber warfare is how level the playing field is. A lone terrorist with an internet connection can do just as much damage as some of the biggest governments on Earth, if they know how to leverage their access. And things get even worse when the companies that make tools for governments to wage information war get compromised themselves.
That’s what happened in 2015 when Hacking Team, creators of the Remote Control Systems monitoring software, saw their systems breached and their products released to the world. Some of the most powerful spyware ever built was now available for use by any repressive government or force, free of charge. Thankfully, the release of the code prompted antivirus and other security companies to create new countermeasures, but the damage had already been done.
Syrian Rebel Phone Malware
When a corrupt government wants to crack down on opposing forces, they have a lot of ways to do it. Excessive force is always a favorite, but it can be tough to pick out actual rebels from innocent civilians. The Syrian army, battling a number of rebel groups, decided to take things to the next level with the aid of an old-fashioned “honeypot” scam, where hackers posing as women persuaded fighters to download malware onto their phones.
Investigators going through another data breach uncovered a 7.7GB
Office of Personnel Management
We expect the federal government to have top-of-the-line information security—after all, the data they store about us could be used to completely destroy our lives if it got out. But when the Office of Personnel Management was compromised by Chinese hackers in 2015, it proved that even they have room for improvement. The leak released personal information from a staggering 21.5 million government employees and contractors past and present, including Social Security numbers and fingerprints.
That would be bad enough, but what truly put this data breach into the hall of fame was the realization that the hackers made off with incredibly sensitive security clearance documents that contain psychological evaluations, family connections, and tons more material perfect for blackmail.
2016 Election Hacks
Ahead of the 2016 election, emails stolen from the Democratic National Committee and campaign staff wound up on WikiLeaks. US intelligence placed the blame on Russian
Malware is never fun, especially when it locks your device and turns into ransomware. That’s what happened in May 2017 when a serious strain of ransomware, dubbed WannaCry, hit Windows PCs worldwide. Those who were infected found their computers locked, with hackers demanding a $300 ransom to unlock the device and its files. When all was said and done, at least 300,000 devices were affected globally, and hackers made away with about $144,000 in ransom payments.
Pro tip: if you’re hit with ransomware, don’t pay up. Some ransomware is just malware in disguise, and the hackers don’t even have the capability to unlock your system. If you’ve been hit, your best bet is to restore from backup; reputable security firms also have ransomware decryption tools.
Uber’s Secret Hack
Uber was breached in October 2016, and discovered the hack a month later. But management decided to keep it under wraps until the company’s new CEO, Dara Khosrowshahi, learned of it last last year. The hack affected the data of Uber drivers as well as 57 million users, exposing their names, email addresses and mobile phone numbers. And if some (now fired) execs had their away, you might never have known about it.