The 9 scariest hacks of the last decade

hackers
People pose in front of a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica December 27, 2014. REUTERS/Dado Ruvic

There are data breaches just about every day, as high-profile hacks of companies and governments have almost become commonplace.

Advertisement

But there at least a few incidents that truly stand out among the thousands of others. They are a bit scarier — the ones that have far-reaching consequences for people or organizations, and some even change the game in cyberspace.

These are attacks like Stuxnet, which destroyed nuclear centrifuges, or exposed email accounts that have consequences for presidential campaigns.

These are hacks we felt had some of the biggest impact over the past decade.

Advertisement

1. The "first major cyber conflict" was launched against Estonia in 2007 — a 21-day assault on its networks and websites that many believe was Russian-led.

Estonia
Flickr/Kiril Videlov

It was dubbed "Web War One."

At about 10 p.m. on April 27, 2007, the Estonian government noticed that many of its websites were kicked offline. Then hackers defaced the websites of its president, ministries, and parliament. 

Others shared tips for coordinating distributed denial-of-service attacks on the country's financial sector and media sites. For 21 days, Estonia fought a war carried out entirely in cyberspace, which began after it decided to remove a Soviet-era statue from its capital.

Estonia accused the Russian government of carrying out the attack, though it was more likely carried out by incensed Russian hackers, who were not actually state-sponsored. Still, as Wired wrote, "never before had an entire country been targeted on almost every digital front all at once, and never before had a government itself fought back."

Advertisement

The Estonia attack didn't have much lasting damage, but it did highlight how an extremely-connected country could be brought down, albeit briefly, by hackers.

iceland data servers
Stringer/Reuters

The attacks stopped entirely on May 18, 2007 at 11 p.m., according to Adam Segal's book "The Hacked World Order."

He wrote:

"Estonia was briefly cut off from the rest of the world, but the Internet remained accessible within the country. The damage of the attack was instead highly psychological, putting Estonia's digital vulnerability in stark relief."

As Segal noted of the post-mortem, Estonia had some soul-searching to do in its preparation and defenses against cyber attack, which proved inadequate. It eventually created a "Cyber Defense League" and has drastically increased its annual spending on cybersecurity.

Advertisement

2. The massive malware infection of the US government's classified networks in 2008 forced the Pentagon to create a new military unit dedicated to cyber threats.

us army cyber command
US Army

The Secret Internet Protocol Router Network, or SIPRNet, where the US military shares classified documents and chats, and the Joint Worldwide Intelligence Communication System (JWICS) for sharing top-secret information around the world were supposed to be "air-gapped," or cut off from the normal Internet.

But that didn't stop a worm dubbed Agent.btz from moving undetected through both those classified systems and other unclassified systems in 2008 due to an infected USB thumb drive.

Fortunately, the worm on SIPRNet and JWICS wasn't able to communicate with its creator due to the air gap, though it's unclear what information it gleaned from systems that were connected to the internet.

The worm was relatively-unsophisticated, but it still took the military nearly 14 months to get rid of in an operation called Buckshot Yankee, which included a complete ban on the use of portable thumb drives.

 

Advertisement

And it was the event that precipitated the creation of a new military command called US Cyber Command.

NSA Surveillance
In this June 6, 2013 file photo, a sign stands outside the National Security Agency (NSA) campus in Fort Meade, Md. The Justice Department warned lawmakers that the National Security Agency will have to wind down its bulk collection of Americans' phone records by the end of the week if Congress fails to reauthorize the Patriot Act. AP Photo/Patrick Semansky, File

“It was a great catalyst,” then-NSA Director Gen. Keith Alexander told The Washington Post.

Established in June 2009 and co-located at NSA headquarters in Fort Meade, Md., Cyber Command became the central hub of the Pentagon's cyberspace operations, unifying all of the military cyber branches under it. 

Its establishment also inspired other countries to stand up their own versions as well, to include the United Kingdom and South Korea.

Advertisement

3. The 2009 Stuxnet attack by the US and Israel against Iranian nuclear sites marked the first time a cyber weapon was successfully used to destroy physical infrastructure.

Stuxnet Bushehr nuclear power plant
Iranian technicians work at the Bushehr nuclear power plant in Iran. The country's nuclear chief said on Nov. 23, 2010 that Stuxnet had not harmed Iran's atomic program, and accused the West of trying to sabotage it. Iran had earlier confirmed that Stuxnet infected several personal laptops belonging to employees at the Bushehr nuclear power plant but that plant systems were not affected. International Iran Photo Agency/Ebrahim Norouzi/AP

In 2006, then-President George W. Bush was increasingly worried about Iranian efforts at enriching uranium, and ultimately, its hopes to build an atomic bomb.

But he was mired in the Iraq war, and had few options beyond air strikes or another full-scale war in the Middle East, which Israel was pushing for. So, his military leaders gave him a third option: a weapon that could potentially set back Iran's nuclear ambitions, while leaving no trace of the attacker.

It was the world's first cyber weapon, code-named "Olympic Games" and later called "Stuxnet" by computer security researchers.

Advertisement

First authorized by President Bush and then re-authorized by President Obama, the top secret computer worm was designed by the US and Israel to infect an Iranian nuclear enrichment facility at Natanz.

Obama Bush Africa
AP

And it worked. Too well.

The code made its way into the facility and infected the specific industrial control systems the Iranians were using. Once it turned itself on about 13 days after infection, it sped up or slowed down the centrifuges until they destroyed themselves — all while the operators' computer screens showed everything was working as normal.

But at some point, the powerful computer code escaped and made its way out. It had an unheard number of zero-day exploits (four, to be precise), which are software vulnerabilities unknown to the target that has "zero days" to protect themselves. Making matters worse, its self-replicating behavior ended up infecting computers around the world.

Though Iran initially had no idea it was attacked by a cyber weapon, believing its scientists and engineers were incompetent due to the failures, eventually the code escaped and worldwide infections led computer researchers to study it, and the idea of leaving "no trace" of the attacker was gone.

"We've never seen this before," Liam O'Murchu, a director at Symantec, says in the new film "Zero Days." "We've actually never seen this since, either."

Advertisement

Though, it turns out, Stuxnet was only the beginning. The US also had a top-secret cyber weapon that could have taken out most of Iran's infrastructure — without a single bomb dropped.

hacker phishing emails
Matt Grandy, security consultant with Red Team Security, runs various commands on a system he is testing. Paul Szoldra/Tech Insider

Known as Operation Nitro Zeus, the sophisticated cyber attack plan gave the US access into Iran's air defense systems so it could not shoot down planes, its command-and-control systems so communications would go dead, and infrastructure like the power grid, transportation, and financial systems.

"The science fiction cyber war scenario is here. That’s Nitro Zeus," a source says in the film "Zero Days."

Advertisement

4. But Iran showed it could hit back in cyberspace, when it perpetrated the biggest hack in history against Saudi Aramco in 2012.

Khurais oilfield, Saudi Arabia oil
A gas flame is seen in the desert near the Khurais oilfield, about 160 km (99 miles) from Riyadh. Ali Jarekji/Reuters

One of the ironies to come of the Stuxnet attack was the rise of an Iranian hacker army.

Not soon after its centrifuges were destroyed, Iran built up a cyber army backed by the highest levels of its government with nearly $20 million in funding to its Revolutionary Guard Corps.

Though Iranian hackers launched cyber attacks against the US financial sector and broke into the control system of a dam in upstate New York, their biggest hack came in 2012.

In August of that year, Iranian hackers broke into Saudi Arabia's state-owned oil company, Saudi Aramco, and wiped or totally destroyed 35,000 computers. After an emailed phishing link was clicked on by one of the company's information technology staff, within a matter of hours, the hackers had turned back the clock and pushed one of the world's biggest oil companies back to using typewriters and handwritten contracts.

Advertisement

And the US certainly got the message.

NSA headquarters
Paul Szoldra/Tech Insider

The attack was mentioned in a leaked Snowden document as being observed by the National Security Agency: "Iran ... has demonstrated a clear ability to learn from the capabilities and actions of others," the document said.

And now, Iran has the fourth largest cyber army in the world, just behind Russia, China, and the United States. 

 

Advertisement

5. Then there was the hack of the world's largest Bitcoin exchange in 2013, in which hackers apparently made off with $460 million in stolen cash.

mt gox
Screenshot

The rocky ride of the digital cryptocurrency known as Bitcoin got much more volatile after the company operating its largest exchanged folded and went bankrupt in early 2014.

The big reason for the downfall of Mt. Gox, which handled more than three-quarters of the world's Bitcoin trade, was due to a massive hack that saw the theft of 850,000 bitcoins.

It amounted to $460 million at the time (it's now up to $568 million — quite a heist).

As The Stanford Review noted, frustrated Mt. Gox customers turned to the Bitcoin subreddit to vent of college funds and retirement savings being among the casualties. And to the greater Bitcoin community, the site's downfall signaled that, perhaps Bitcoin itself could be in trouble.

 

Advertisement

Ultimately, Bitcoin did not collapse, but it's still far from its late 2013 trading high.

bitcoin coindesk chart
Coindesk

The price of one Bitcoin shot up in Nov. 2013 from around $200 on the 1st to more than $1,000 by month's end.

That value rapidly declined after Mt. Gox went offline in Feb. 2014.

Still, Bitcoin's value has slowly recovered, and is currently trading over $660.

Advertisement

6. After the massive 2014 breach against Sony, the US pointed the finger at North Korea — the first time it had ever publicly blamed a foreign nation for a cyberattack.

Sony Pictures hack
Imgur

The 2014 hack of Sony Entertainment was remarkable for both what happened during, but mostly for what came afterward.

The attack resulted in the leaks of thousands of private emails, social security numbers, unreleased films, and a complete data wipe of half of the company's network. The company pulled its film "The Interview" from theaters, and its chairman Amy Pascal resigned over her controversial emails being made public.

Amid a major hack in size and scope, the President made a surprising announcement at his 2014 end of the year press conference, when he attributed the attack to North Korea. It was the first time the US had blamed another country for a destructive cyberattack, according to The Washington Post.

Advertisement

Though even that call turned out to be controversial.

North Korea Kim Jong Il Jong Un
North Korean leaders AP Images

Neither the FBI or President Obama offered specifics on how they were sure the attack was directed by Pyongyang, which led many in the cybersecurity community to express skepticism, which continues even today.

North Korea has steadfastly denied it was responsible.

Advertisement

7. A breach of the Office of Personnel Management discovered in 2015 resulted in roughly 21 million records of people who underwent background checks going all the way back to 1985.

Office of Personnel Management (OPM) Director Katherine Archuleta
Office of Personnel Management (OPM) Director Katherine Archuleta testifies on Capitol Hill in Washington, Tuesday, June 16, 2015. AP

Before current or prospective federal employees can see any secret or top secret information, they must undergo a background check and fill out an SF-86 form.

On that form is private data on where they've lived, their family members, who they've associated with, where they've traveled, and fingerprints. And in June 2015, it was learned that the federal office holding all those forms was hacked — big time.

US officials suspect that China was behind the breach, which touched roughly 22 million victims (including this reporter). Besides the leaked data that will continue to have far-reaching consequences, the OPM's director was forced to resign over the affair.

Advertisement

8. The 2015 leak of 25 gigabytes of data hacked from the adultery website Ashley Madison had offline ramifications, to include exposed users being shamed, getting divorced, or in some cases, even committing suicide.

ashley madison s korea
In this June 10, 2015 photo, Ashley Madison's Korean web site is shown on a computer screen in Seoul, South Korea. Lee Jin-man/AP

There are more than a few big data breaches every day, which often expose affected users to future spam emails and the inconvenience of having to change a password, and that's it.

But a hack of the adultery website Ashley Madison had more dire consequences for those affected.

In July 2015, the hacking group calling itself "The Impact Team" breached the servers of Avid Life Media, which owned the site, and stole reams of data, to include user information, internal emails, and a complete map of its servers. Alongside a small sample of the data, it demanded the company shut down the site permanently, or it would leak the data.

The company said no. The hackers did what they said they would do. And their threat that the company would be "liable for fraud and extreme harm to millions of users" turned out to be very true.

Advertisement

The hack led to the extortion of affected users, public shaming, and even suicides.

ashley madison
Getty Images

With the massive listing of email address, phone numbers, credit cards, and other private information exposed on the internet, reporters reached out to speak with some victims.

“This will wreck my marriage,” Tom, a Kentucky man who requested anonymity, told the website Fusion.

And cyber criminals realized how the embarrassment from being in such a database could be used to extort money. In targeted emails, extortionists demanded Bitcoin in exchange for them not telling the victim's spouse, according to journalist Brian Krebs.

There were at least two unconfirmed suicides related to the breach. And there were even innocent bystanders caught up, since people could use any email address they wanted to sign up. At least 16 people signed up for the site using email variations for the President of the United States.

Meanwhile, Avid Life Media suffered from the devastating amount of negative publicity, a massive class-action lawsuit, and the resignation of its CEO.

But it did not shutter its operations. Instead, the company was trying this month to relaunch and rebrand under new management.

Advertisement

9. The infamous hacker "Guccifer" inadvertently exposed the secret email address Hillary Clinton was using as Secretary of State in 2013 — and it could cost her an election.

hillary clinton blackberry
Then-Secretary of State Hillary Clinton. REUTERS/Kevin Lamarque

The FBI director said earlier this month that former Secretary of State Hillary Clinton was "extremely careless" for setting up a private email server instead of using a government system.

But it's interesting to remember that the investigation, political fallout, and continuing consequences for the Democratic presidential candidate came because of a hack, by the infamous "Guccifer."

After the Romanian hacker gained access to the email account of Clinton confidant Sydney Blumenthal, screenshots of those emails revealed contact with an address of hdr22@clintonemail.com. That email turned out to be Clinton's secret email — a revelation that continues to damage her presidential campaign.

A recent poll showed that half of Americans consider the issue to be a major problem, according to AP.

Advertisement

And that's brought Clinton's big lead on her Republican opponent down substantially.

Donald Trump
U.S. Republican presidential candidate Donald Trump reacts to supporters as he arrives to a campaign event in Radford, Virginia February 29, 2016. REUTERS/Chris Keane

Just a couple of months ago — before the FBI director gave his testimony on the investigation — Clinton was holding a "small but consistent lead," according to The Los Angeles Times.

But now some polls show the race tightening. Republican candidate Donald Trump currently trails by less than 3 points in the RealClearPolitics average.

Cybersecurity
Advertisement
Close icon Two crossed lines that form an 'X'. It indicates a way to close an interaction, or dismiss a notification.