[BreachExchange] The most notorious hacks in history, and what they mean for the future of cybersecurity

Audrey McNeil audrey at riskbasedsecurity.com
Fri Mar 2 10:30:30 EST 2018


https://www.geekwire.com/2018/notorious-hacks-history-mean-
future-cybersecurity/


Where has the time gone? February is almost over, and already we’ve seen
several major vulnerabilities and hacks this year! As we head further into
what’s sure to be another busy year for cybersecurity, it’s important to
take a step back and examine how we got here.

For nearly four decades, cyber criminals have been exploiting the latest
and greatest technology for fun, profit and power. In that time, the word
“hacker” has taken on many meanings. At first, it referred to mischievous
young techies looking to build a reputation on the internet, but it has
since become a worldwide title for data thieves, malicious online
“entrepreneurs” and geopolitical operatives. The threats and tactics that
hackers use have evolved, too – from small-time scams to dangerous worms
and earth-shaking breaches.

As a result, the security industry has been in game of “cyber cat and
mouse” for the better part of a half-century, looking to evolve security
technology to thwart the constant evolution in malware and techniques used
by sophisticated threat actors.

Let’s take a look back at the past four decades to assess the most
notorious hacks in each era, why they mattered, and how the security
industry responded.

The Era of Trojans (1980s)

Synthwave music wasn’t the only thing to come out of the 1980s. While
“phone phreaks” were busy trying to make free long-distance calls,
biologist Joseph Popp was busy forging what would become the first
widespread ransomware attack.

The AIDS Trojan was a simple hack that paved the way for modern-day
ransomware. Dr. Popp delivered his trojan using a 5.25-inch floppy disk,
labeled as an AIDS information diskette, along with a EULA warning users
that failure to pay a licensing fee to the PC Cyborg Corporation would
result in “adverse effects.” Dr. Popp gave out 20,000 copies of his AIDS
Trojan disks to attendees of a World Health Organization AIDS conference.

Once the AIDS Trojan infected a victim’s computer, it would start counting
the number of times the computer was rebooted. Once the boot count reached
90, the AIDS Trojan encrypted the filenames for all files on the system’s
C: drive, rendering the computer useless. The trojan then presented a
ransom note that instructed the victim to pay $189 by mail to the PC Cyborg
Corporation’s post office box in Panama to “renew their license.”

The AIDS Trojan was eventually traced back to Dr. Popp, who was promptly
arrested and extradited from Ohio to London on charges of blackmail for his
creation, though he was later released after being deemed mentally unfit to
stand trial.

As for the AIDS Trojan, security professionals eventually discovered
weaknesses, allowing them to create tools capable of reversing the trojan’s
damages.

The Era of Viruses (1990s)

As computers continued to gain sophistication and accessibility in the
‘90s, so did hackers. These attackers were more technically sophisticated
and criminally motivated than their 1980s forebears. Their focus also
shifted away from general playfulness and exploration to more serious
crimes like credit card theft, bank fraud, and government hacking.

The ‘90s also saw a rise in computer viruses, including one of the most
prolific macro viruses ever – the Melissa virus. The Melissa virus arrived
to its victims as a Microsoft Word document attached to an email. When the
victim opened the Word document, an auto-run macro script would execute on
the system. The macro would first infect the default Microsoft Word
template, causing all other opened Word documents to become carriers of the
virus, and then email a copy of itself to the first fifty addresses in the
victim’s Outlook address book.

Melissa was so effective at spreading that it forced Microsoft to
temporarily block incoming email. Its estimated that at its highest point,
Melissa infected 20 percent of all computers, including those at many large
business and even the United States government.

A team of investigators including the FBI, the New Jersey State Police, and
several private companies and individuals ultimately traced the Melissa
virus back to its author, David Smith. Smith was arrested and accused of
causing over $80 million in damages from his virus. He was sentenced to 10
years in prison, serving only 20 months of them in exchange for assisting
the FBI catch other virus and network worm creators.

The Era of Worms (2000s)

While the dot-com bubble boomed and busted, malicious hackers were
capitalizing on skyrocketing internet adoption to earn both fame and
fortune. Cyber criminals found ways to monetize their skillsets through
botnet armies and clickjacking. The 2000s also saw the beginning of true
state-sponsored hacking and the rise of the hacktivist organization
Anonymous.

Not every criminal was looking for money however, some simply wanted to
watch the world burn at the hands of their malware. One of the most
prolific examples of this was the ILOVEYOU worm, which is estimated to have
caused damages and cleanup costs in the range of tens of billions of
dollars.

The ILOVEYOU Worm propagated as a Visual Basic script (.vbs file) attached
to an email with the subject line “ILOVEYOU.” Microsoft’s default extension
handling at the time hid the .vbs extension, making the file look like a
simple text document. When the victim attempted to open the “text” file,
the script executed and began overwriting any images, mp3s and document
files it could find. The worm replicated itself by sending a copy of the
ILOVEYOU email to the first 500 contacts in the victim’s address book.

ILOVEYOU was so successful in spreading to new systems that it forced
several government organizations, including The Pentagon, CIA, and the
British Parliament, to completely shut down their email systems while they
tried to clean up.

In the aftermath of the ILOVEYOU Worm, Microsoft launched its Trustworthy
Computing initiative, vowing to increase security in its products to
prevent similar attacks.

The Era of Cyber Espionage and Warfare (2010s)

We aren’t quite finished yet with the 2010s, but in recent years, we’ve
seen endless data breaches and nation-state attacks turn hacking into a
mainstream news topic. Perhaps the most notorious nation state attack came
right at the turn of the decade when the Stuxnet worm caused Iran’s nuclear
centrifuges to spin themselves apart.

The Stuxnet worm was an incredibly sophisticated piece of malware that
exploited zero-day flaws in Microsoft Windows and Siemens Step7 software to
ultimately compromise Iranian Programmable Logic Controllers (PLCs). The
final malware payload collected information on the targeted industrial
systems and caused nearly a fifth of Iran’s nuclear centrifuges to spin
fast enough to destroy themselves.

Stuxnet was the first malware to impact industrial control systems and make
the jump from Windows to early IoT devices. Stuxnet opened the world’s eyes
to the realities of geopolitical hacking and cyber warfare. In response to
Stuxnet, Siemens released a removal tool and Microsoft issued stringent
security updates.

Looking Ahead

We still have a few years left before the end of the decade, but we can
already see trends forming that are likely to stick around. Ransomware
continues to grow aggressively each year and we’ve even see the
introduction of “ransomworms,” IoT botnets are becoming the norm, and
hidden cryptocurrency miners are stealing our computer resources without
our knowledge.

The next big hacking evolution is still unclear at this point, but tried
and true information security best practices can help you weather the
storm. Keep your systems updated with the latest security patches. Educate
yourself on spotting phishing attempts and other social engineering
attacks. And as always, stay up to date on the latest developments in the
modern threat landscape so you don’t find yourself blindsided by what comes
next.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180302/61315945/attachment.html>


More information about the BreachExchange mailing list