As we head into the final month of this decade, it's time for a look back at cybersecurity. Computer hacking and intrusion has been a major problem since the birth of computers in industry, but we're long past the days of people using toys to get free phone calls. Today, cyber-criminals create trillions of dollars in damages to businesses and individuals alike. Just looking at ransomware alone, there is a new victim every 14 seconds in 2019! Cybercrime has, unfortunately, never been more profitable.
How did we get to this state? It's been largely incremental. The largely independent "hackers" or "crackers" of the 1990s and 00s have given way to highly organized groups, often with connection to traditional organized crime or even rogue governments, capable of large-scale action. Likewise, as the number of Internet-connected computers and other devices grows, so too has the opportunity for malicious action.
So, let's take a look back at a few of the most impactful cybercrimes of the 2010s.
While it can be difficult to objectively evaluate damage done by a cyberattack in an apples-to-apples fashion, it's hard to argue against claims that WannaCry was the worst attack yet seen. This was the attack that put ransomware on the map, famously crippling the United Kingdom's National Health Service and genuinely endangering the lives of many British people who rely on the NHS.
It also hit several state governments in India, the Chinese public security bureau, multiple Russian governmental offices, Boeing, FedEx, and a long list of others.
All in all, it's estimated to have impacted up to 300,000 individual computers in 150 different countries. Estimates of the damages done are well into the billions, although we will likely never know the full extent.
Yahoo Breach (2013)
In terms of sheer numbers of people affected, the largest single data breach of all time probably was the attack on online search engine Yahoo which occurred in 2013, but the company did not fully admit to until 2016. Over one billion people had their personal information stolen, including full names and dates of birth, effectively representing every user Yahoo had ever signed up.
There is simply no way of knowing how much actual damage was done by the breach, but when literally one in seven human beings on planet Earth were part of it, the after-effects must have been immense.
The Target / Home Depot Hacks (2013-14)
In consecutive years, mega-retailers Target and Home Depot were both targeted by the same group, using similar methods, to ultimately gain access to nearly 100 million credit card numbers. In both cases, the hacking group utilized extremely smart malware to infect their systems, with an emphasis on their "self checkout" point of sale devices, and grab buyers' card data without being noticed.
Previously, most data-grabbing hacks had targeted servers. These two attacks were unique in that they attacked point-of-sale devices directly, a vector which caught security researchers at the time completely off guard. Also, rather than attacking at night, they had their malware running "in plain sight," during the busiest hours, assuming that it wouldn't be spotted amongst all the other traffic.
Since then, other retailers have learned how to better secure their POSes, thankfully.
Sony Pictures Hack (2014)
Most of the major hacks of the decade targeted either consumer data or attempted direct theft of funds. When Sony Pictures was hit by a major hack in 2014, the target was their own virtual merchandise. Over 100 terabytes of movies were stolen by a hacker group calling itself Guardians Of Peace, including several films which had not yet been released to theaters. They were all released to pirate movie sites, causing enormous financial loss.
This wasn't even the only time Sony had suffered from high profile attacks. In 2011, their Playstation Network gaming service was entirely taken over by hackers for over three weeks, stealing 77+ million user accounts in the process, followed by 21 other smaller attacks in the following years - capped off by the movie heist.
This would easily qualify for "most embarrassing" hacks on the list... except for our next entry.
The CIA Hacked By A Teenager (2016)
Tales of teenage cyber-criminals were commonplace in the 90s and especially the 00s, but their involvement in high-level hacking largely dropped off as "professionals" took over. Until, that is, a 15-year-old British boy hacked the CIA. He gained access to highly-confidential mission planning, data on hundreds of spies, and much more.
At least it's relatively easy to train your own employees to recognize and overcome social engineering scams with Hummingbird Networks!