Is ‘Your security system crap’ too? Hackers who make us realize the importance of Security Testing

As referred in my previous blog, Internet of Things – The Dark Side, in the movie The Net, the identity of the protagonist (computer programmer Angela Bennett) is hacked into, and all the data erased, rendering her without a car, credit cards, - even her home. Imagine the situation if a million people lost their data – or the military information of a country is compromised. Imagine what sort of a catastrophe this can lead to!

People who use their genius to gain access to another persons’ data are called hackers. There are two broad categories of hackers: Black-hat hackers and White-hat hackers. Black-hat hackers are computer-wizards-turned-evil, who want to rule the cyber world. Thankfully, the world has its fair share of White-hat hackers too who do their best to prevent the cyber-criminals from carrying out their evil intentions.

In this write-up, I will be talking about the top 10 hackers from different parts of the world - in no particular order – grouped on the domain hacked such as military information, corporate houses, and banking. These hackers have proven beyond doubt the need and importance of Security Testing.

Hackers who almost made us, and the banks, go bankrupt

Albert Gonzalez, aka ‘CumbaJohnny’, Cuba

Albert Gonzalez, aka CumbaJohnny, moved to the US with his parents in 1970s from Cuba. In his high-school, he was described as 'the "troubled" pack leader of computer nerds'.

Reading through the activities that he performed can give anyone the jitters about the safety of Internet Banking. What did he do? He performed what is recorded as the biggest credit card theft in the history of mankind.

For a period of over two years (2005-2007) CumbaJohnny accessed data of about 175 million (about half the population of the US) credit cards and ATM numbers and sold the data online – amassing an undisclosed amount of money, and leaving people crying over restoration of credit card ratings and money.

Per Wiki, “Gonzalez and his accomplices used SQL injection to deploy backdoors on several corporate systems in order to launch packet sniffing (specifically, ARP Spoofing) attacks which allowed him to steal computer data from internal corporate networks.”

When arrested in 2010, Gonzalez was sentenced to Federal prison for 40 years – two simultaneous sentences of 20 years.

Vladimir Levin, Russia

Way back in 1994, there was a genius Russian hacker by the name of Vladimir Leonidovitch Levin, who, using just a dialup connection and a laptop, from an apartment in Saint Petersburg, hacked into the accounts of several corporate clients of Citibank, and stole roughly about USD 10.5 million.

As most Black-hat hackers, however, he had to spend 3 years in jail.

Hackers who shook the Corporate Giants

Adrian Lamo, aka ‘the Homeless Hacker’, US

Adrian Lamo is better known as 'the homeless hacker' as he hacked into major corporation’s like Yahoo, Citigroup, Bank of America, Microsoft, etc. from internet cafés, coffee shops, and libraries.

I would consider him a White-hat hacker as he broke into computer networks and then reported their vulnerabilities back to the companies. His biggest hack was when he broke into the New York Times intranet and added his name to their database of experts, and used their LexisNexis account to access confidential data of high-profile subjects.

In 2004 after being caught he was given six months house arrest in order to pay $65,000 in restitution.

Lamo later became an American Threat Analyst and is also credited with turning Wikileaks suspect Bradley Manning over to FBI.

Kevin David Mitnick

Kevin Mitnick, one of the most wanted cyber criminals, stole millions of dollars of corporate secrets from giants like Nokia, Motorola, Fujitsu, IBM, and the National Defense warning system over a two and half year span.

However, the self-styled hacker-poster boy did not like to refer to his activities as 'hacking'. He instead called them 'social engineering'. His knack with the computers has been depicted in the films Freedom Downtime and Takedown.

After serving a 5-year sentence. Mitnick became a consultant and public speaker for computer security, and now runs Mitnick Security Consulting, LLC.

Michael Calce, aka MafiaBoy, Canada

Michael Calce was a Canadian Hacker who as part of his mastermind Project Rivolta (meaning riot in Italian), on Valentine's Day in 2000, launched a series of denial-of-service (DOS) attacks across 75 computers in 52 networks, taking down major websites like Yahoo, FIFA, Amazon, eBay, CNN, and Dell among others in 2000.

He received a sentence of 8 months of "open custody," one year of probation, restricted use of the internet, and a small fine after bragging about his exploits in a chatroom. MafiaBoy Michael, 15-year-old, was in high school at the time.

Hackers who compromised Military Information of Countries

Gary Mckinnon, aka Solo, Scottish

Back in 2002, a US Army computer screen displayed the following message: “Your security system is crap, ...I am Solo. I will continue to disrupt at the highest levels.” This message was broadcast by a Scottish systems administrator, Gary McKinnon, aka Solo.

Gary McKinnon, using his exceptional genius, executed what is probably the biggest military hack of the US Govt. computer network of about 97 systems belonging to its Army, Air Force, Navy & NASA. This caused about $700,000 in damage.

The interesting part is that McKinnon made this hack searching for information on UFOs believing that the US Govt. hid such information in its military computers.

His hack was soon discovered from his girlfriend’s aunt’s house in London. However, being of Scottish origin and working out of the UK, he could dodge the US Govt. for a while.

Mathew Bevan and Richard Pryce, US

In 1996, Mathew Bevan (21) and Richard Pierce (17) hacked into military computers in a manner that led officials to believe that they may also have compromised North Korean Systems as well. They first accessed the US military computers, and then used those systems to hack in to the Korean systems. They copied critical data from the Korean Atomic Research Institute and dumped into the USAF system.

The factor that helped control things from becoming a global issue was that the data was related more to South Korea and hence, it seems, was less volatile. In short, the two almost started a war between USA and Korea.

Astra, Greece

Astra, a Sanskrit word for weapon, was the codename of a 58-year-old Geek Mathematician (and hacker) who between 2002 and 2008 stole vulnerable weapons technology data in 3D modeling software from France’s Dassault Group. He sold this data to about 250 people across the globe, causing an estimated USD 360 million worth of damages to the Dassault Group.

It is said that he was tracked down in an apartment in Athens, Greece in 2008.

Jonathan James, aka c0mrade, US

Jonathan James, better known as c0mrade, was the first juvenile to be imprisoned for a cyber-crime at the age of 16. He hacked into a number of networks, including Bell South, Miami-Dade, and the Defense Threat Reduction Agency (DTRA), US. He installed a sniffer in DTRA to scrutinize the messages passed on between the DTRA employees. Doing so, he was able to spy on the messages being shared, as also collect the passwords, usernames, and other critical details of the employees.

He also hacked into NASA’s network and accessed and downloaded the source code that could teach someone how the International Space Station worked. The estimated value of the downloads was more than USD 1.5 million. Additionally, to investigate the leak, NASA was forced to shut down their network for three weeks. This cost them another USD 41,000.

In 2007, however, when a number of large companies faced a huge wave of network attacks, c0mrade became the key suspect and was investigated. James, unable to bear this, committed suicide in 2008.

Conclusion

In summary, most of these geniuses proved beyond an iota of doubt the need and criticality of Security Testing. Whatever be their claim to fame, it is they who opened the eyes of this generation, forcing us to look for stronger, and better ways to secure and encrypt our data.