home Audio Video Major cyber attacks. The largest cyber attacks in Russia and the world over the past four years . Attack on Lebanese banks

Major cyber attacks. The largest cyber attacks in Russia and the world over the past four years . Attack on Lebanese banks

The world's first cyberattack happened thirty years ago, in the fall of 1988. For the United States of America, where thousands of computers were affected by the virus within a few days, the new attack came as a complete surprise. Now it has become much more difficult to catch computer security specialists by surprise, but cybercriminals around the world still succeed. After all, whatever one may say, the biggest cyberattacks are carried out by programming geniuses. The only pity is that they direct their knowledge and skills not at all where they should be.

Biggest Cyber Attacks

Messages about ransomware viruses attacking computers around the world appear on news feeds regularly. And the farther, the greater the scale of cyberattacks. Here are just ten of them: the most resonant and most significant for the history of this type of crime.

Morris Worm, 1988

Today, the floppy disk with the source code for the Morris worm is a museum piece. You can take a look at it at the Boston Science Museum. Its former owner was graduate student Robert Tappan Morris, who created one of the earliest Internet worms and powered it at the Massachusetts Institute of Technology on November 2, 1988. As a result, 6,000 Internet nodes were paralyzed in the United States, and the total damage from this amounted to $96.5 million.
To combat the worm, the best computer security specialists were involved. However, they failed to identify the creator of the virus. Morris himself surrendered to the police - at the insistence of his father, who was also involved in the computer industry.

Chernobyl, 1998

This computer virus There are a couple of other names as well. It is also known as "Sneeze" or CIH. Taiwanese virus. In June 1998, it was developed by a local student who programmed the start of a massive virus attack on personal computers around the world on April 26, 1999 - the day of the next anniversary of the Chernobyl accident. The “bomb” laid in advance worked well on time, hitting half a million computers on the planet. At the same time, the malicious program managed to accomplish the hitherto impossible - to disable the hardware of computers by hitting the Flash BIOS chip.

Melissa 1999

Melissa was the first malicious code sent via email. In March 1999, he paralyzed the servers of large companies located around the world. This happened due to the fact that the virus generated more and more infected letters, creating a powerful load on the mail servers. At the same time, their work either slowed down very much, or stopped completely. The damage from the Melissa virus to users and companies was estimated at $80 million. In addition, he became the "ancestor" of a new type of virus.

Mafiaboy, 2000

It was one of the very first DDoS attacks in the world, launched by a 16-year-old Canadian schoolboy. In February 2000, several world-famous sites (from Amazon to Yahoo) came under attack, in which the hacker Mafiaboy managed to find a vulnerability. As a result, the work of resources was disrupted for almost a whole week. The damage from the full-scale attack turned out to be very serious, it is estimated at 1.2 billion dollars.

Titanium rain, 2003

This was the name given to a series of powerful cyber attacks that in 2003 affected several defense industry companies and a number of other US government agencies. The goal of the hackers was to gain access to classified information. The authors of the attacks (it turned out that they were from the Guangdong province in China) were tracked down by computer security specialist Sean Carpenter. He did a colossal job, but instead of the laurels of the winner, he ended up in trouble. The FBI considered Sean's methods incorrect, because during his investigation he made "illegal hacking of computers abroad."

Cabir, 2004

Viruses reached mobile phones in 2004. Then a program appeared that made itself felt with the inscription “Cabire”, which was displayed on the screen of the mobile device every time it was turned on. At the same time, the virus, using Bluetooth technology, tried to infect others. Cell phones. And this greatly influenced the charge of the devices, it lasted at best for a couple of hours.

Cyber attack on Estonia, 2007

What happened in April 2007 can easily be called the first cyberwar. Then in Estonia, government and financial sites went offline at once for a company with medical resources and existing online services. The blow turned out to be quite tangible, because by that time Estonia already had an e-government, and bank payments were almost completely online. The cyberattack paralyzed the entire state. Moreover, this happened against the backdrop of mass protests that took place in the country against the transfer of the monument to Soviet soldiers of the Second World War.

Zeus, 2007

The Trojan began to spread on social networks in 2007. The first to suffer were Facebook users who received letters with photographs attached to them. An attempt to open a photo resulted in the user being taken to the pages of sites affected by the ZeuS virus. At the same time, the malicious program immediately penetrated the computer system, found the personal data of the owner of the PC and promptly withdrew funds from the person's accounts in European banks. The virus attack affected German, Italian and Spanish users. The total damage amounted to 42 billion dollars.

Gauss, 2012

This virus, a banking Trojan that steals financial information from affected PCs, was created by American and Israeli hackers working in tandem. In 2012, when Gauss hit the banks of Libya, Israel and Palestine, it was considered a cyber weapon. The main objective of the cyberattack, as it turned out later, was to verify information about the possible covert support of terrorists by Lebanese banks.

Wanna Cry, 2017

300 thousand computers and 150 countries of the world - these are the statistics on the victims of this encryption virus. In 2017, in different parts of the world, he penetrated into personal computers from the operating Windows system(taking advantage of the fact that they did not have a number of necessary updates at that time), blocked the owners from accessing the content hard drive, but promised to return it for a fee of $300. Those who refused to pay the ransom forfeited all the captured information. Damage from WannaCry is estimated at $1 billion. Its authorship is still unknown, it is believed that developers from the DPRK had a hand in creating the virus.

Criminologists around the world say: criminals go online, and banks are robbed not during raids, but with the help of malicious viruses introduced into the system. And this is a signal for each user: to be more careful with your personal information on the network, to protect the data on your financial accounts more reliably, and not to neglect the regular change of passwords.

Vulnerabilities, verification bypass digital signature, virtual file systems, non-standard encryption algorithms and other tricks. But sometimes things are a little simpler, as in the case of a malicious campaign that we discovered some time ago and named Microcin - after microini, one of the malicious components used.

We have detected a suspicious RTF file. The document contained an exploit for the previously known and closed vulnerability CVE-2015-1641 , but its code was heavily modified. It is noteworthy that malicious document spread through sites intended for a very narrow group of people, and therefore we immediately began to suspect that we were facing a targeted attack. The operators of the malicious campaign "targeted" visitors to forums where issues related to obtaining preferential apartments by Russian military personnel and their families are discussed.

This approach seems to be very efficient, because significantly increases the likelihood that a potential victim of attackers will download and open a malicious document - after all, the forum is legitimate, and the name of the document corresponds to its subject.

All links in forum posts lead to malicious resource files[.]maintr**plus[.]com, where the RTF document with the exploit was located. Sometimes the attackers used PPT files containing an executable PE file, but without an exploit: they were launched using a script embedded in the PPT file.

If successfully exploited in the MS Office package, the exploit creates an executable PE file on disk and launches it. A malicious program is a platform for introducing additional modules, storing them secretly and adding new features for attackers. The attack steps can be represented as follows:

As a result of the operation of the exploit, a malicious program is installed on the attacked computer in accordance with the bit depth operating system. Installation occurs through the introduction of explorer.exe into the system process, without using memory writes. The malware has a modular structure: the main body is stored in the registry, additional modules are loaded at the command of the command and control server (C&C). Autostart of the main module is carried out through dll hijacking using a modified system library.
The main module of the malicious program receives a command to download and run additional modules that open up new opportunities for attackers.
Additional malicious modules allow you to control an infected system, take screenshots of windows and intercept keyboard input. We have seen them in other cyber espionage campaigns as well.
Attackers use a modified set of PowerSploit powershell scripts and various utilities to steal files and passwords found on an infected computer.

On compromised computers, the criminals were primarily interested in files with extensions .doc, .ppt, .xls, .docx, .pptx, .xlsx, .pdf, .txt, and .rtf. Before being sent to the attackers' server, the files were packed into a password-protected archive.

In general, the tactics, techniques and procedures that the attackers used during the attack can hardly be called complex and expensive, but something did catch our attention:

The payload (at least one of the modules) is delivered using a simplified . In traffic, this looks like a regular JPEG image download, but the encrypted payload follows immediately after the image data. Microcin looks for a special label in such a file - "ABCD" - and from it, skipping the special structure, it starts decrypting the payload. Thus, both new base-independent code and PE-format files can be delivered.
If the Microcin installer detects running processes some anti-virus programs, the installation will go without using injection into explorer.exe, and the modified system library, which is used to fix the malicious program in the system, is placed in the %WINDIR% directory by using the wusa.exe system application with the "/extract" parameter (on OS that has UAC).

Conclusion

The considered malicious campaign does not use fundamentally new technologies: zero-day vulnerabilities, innovations in injection or masking techniques. In the arsenal of attackers:

Watering hole attack with MS Office exploit;
Fileless storage of the main set of malicious functions (shellcode) and additional modules;
Injection into a system process without writing to its memory;
DLL hijacking against system process as an autorun method that leaves no traces in the autorun keys in the registry.

Attackers also use powershell scripts, which are widely used in penetration tests. We have seen backdoors in various targeted attacks, and PowerSploit is a project with open source. However, well-known technologies can also allow attackers to achieve their goals.

In our opinion, the considered malicious campaign is primarily interesting because of the attack vectors used – often organizations that may be on the list of targets of cybercriminals do not pay attention to them.

First, if your organization's infrastructure is well protected and it would be "expensive" to attack (that is, it may require expensive zero-day exploits and other complex tools), attackers will most likely try to attack ordinary employees. The logic of such a step is simple: an employee's personal IT resources (his computer or mobile device) may well become a "door" to your perimeter without a direct attack. Therefore, organizations need to inform employees about existing cyber threats and how they work.

Secondly, Microcin is one of many malicious campaigns that use tools and methods that are difficult to detect with standard security solutions, even at an enterprise level. Therefore, we recommend that large corporations and government agencies use complex solutions to protect against targeted attacks. Such solutions are able to recognize an attack, even if the use of obviously malicious tools in it is minimized, and instead the attackers seek to use legitimate penetration testing tools, remote access and other tasks.

Building a comprehensive defense system can significantly reduce the risk of becoming a victim targeted attack, even unknown at the time of its implementation. There is no other way out - otherwise the secrets will be stolen, and information is often worth more than the cost of its reliable protection.

Almost daily, new reports appear in the media about cyber attacks recorded in different countries. There are cases that people will remember for a long time.

"Titanium Rain"

Unknown hackers managed to carry out an illegal operation called "Titanium Rain" for almost four years in a row. From 2003 to 2007, attackers hacked into the networks of security, energy and defense departments of various states. Separately in this list is the British Foreign Office, which was also attacked by Internet criminals.

In total, during the specified period, hackers downloaded several terabytes of classified information, but they remained unnoticed. It was believed that illegal activities are carried out by the military from China, living in the province of Guangdong. Beijing officials denied these allegations, noting that the criminals simply "camouflaged" their computers under false addresses.

The main feature of the Shady RAT operation is that it continues to this day. As in the first case, the PRC is considered to be the source of the threat, but experts are still unable to substantiate their accusations.

Back in 2011, McAfee, a company specializing in the development of antivirus software, recorded a number of hacks related to the same features. As it turned out, it was a large-scale hacker action that had been going on since 2006.

Attackers send emails to employees of large organizations, infecting their PCs with Trojan viruses. The United Nations Olympic Committee, the Association of Southeast Asian Nations, and an incredible number of commercial firms from Japan, Switzerland, the UK, Indonesia, Denmark, Singapore, Hong Kong, Germany and India have already been hacked. In addition, the computers of the governments of the United States, Taiwan, South Korea, Vietnam and Canada were subjected to attacks.

Revenge for the monument

In 2007, after the Estonian authorities decided to demolish a Soviet monument in the center of Tallinn, the country was subjected to massive cyber attacks. Due to malfunctions, several banks did not work for a long time and mobile operators. At the same time, citizens could not use ATMs or Internet banking. Visiting government and news resources also proved impossible.

In light of recent events, state officials immediately blamed Russia for the attack. Moscow rejected the claims, stressing that the Kremlin does not deal with such things.

Conflict in South Ossetia

In August 2008, an armed conflict began between Georgia and the self-proclaimed republics of South Ossetia and Abkhazia. Since then, Tbilisi has been subject to online attacks, which were immediately blamed on the Russian Federation. Moscow officially supported the opposite side, so the attacks of its hackers on Georgian resources looked quite logical. Prime Minister Dmitry Medvedev did not confirm this information and said that the state had nothing to do with cyber attacks.

Tbilisi law enforcement agencies still managed to identify the criminals, who turned out to be members of the Russian Business Network group. According to foreign experts, the members of the association deliberately blocked the websites of Mikhail Saakashvili, the Ministry of Foreign Affairs and the Ministry of Defense of Georgia.

Stuxnet and Iran's nuclear program

In June 2010, experts discovered a worm called Stuxnet. It exploits Windows vulnerabilities to hack industrial systems Siemens. Similar software is installed at nuclear power plants and other enterprises associated with the segment.

The largest number of infected computers was noticed in Iran, where 16,000 machines were attacked. It is assumed that this software was developed by Israel in order to prevent the development of nuclear weapons by Tehran. In 2011, The New York Times confirmed the allegations, citing their own research.

Olympics and WADA

No less interesting were the hacks from the hacker organization Fancy Bears, outraged by the actions of the World Anti-Doping Agency (WADA). In most cases, we are talking about documents incriminating the department in supporting foreign athletes and biased attitude towards the participants of the Olympic Games from Russia.

The last time Internet criminals came forward, they posted online excerpts of correspondence between two members of WADA. According to these materials, several members of the US team used cocaine to lose weight before the competition. At the same time, the agency knew about what was happening, but did not react in any way to the actions of the athletes.

Hillary Clinton and WikiLeaks

During the US election race, one of the participants of which was Hillary Clinton, another anonymous organization gained popularity on the Internet and in the media. Its members posted on the Web fragments of the correspondence of the candidate, who, while serving as Secretary of State, used a personal mail server, and not government lines.

Most of the documents ended up on the WikiLeaks portal, which accused Clinton of many violations. After that, a real scandal broke out around the official related to her activities. Later in world wide web even there was information that the wife of the ex-president of the country periodically practices same-sex love with her assistant.

Hackers created new version WannaCry virus, which stops when a control domain is found and attacks computers by Windows control. Within two days, the malware blocked the devices of commercial and government organizations, on the screens of which a demand to pay from $300-600 appeared, otherwise all information would be deleted. The virus has already attacked more than 200,000 devices in more than 150 countries around the world. "Digital Moscow" decided to remember what high-profile cases the past few years have been remembered for.

2013: spam or not spam?

Four years ago, users of the European part of the continent complained for a whole week about low speed the Internet. The reason for this was a DDoS attack that hit even the systems of large corporations that have Tier-1 operators installed (that is, telecom operators connected to the entire Network through connections for which no one is paid) and large traffic exchange points. The attack reached a speed of 300 Gb / s and is still considered one of the largest in the world.

As it later turned out, the reason for such aggressive actions of hackers was the conflict between the non-profit organization Spamhaus, which compiles lists of spam distributors, and the Dutch provider Cyberbunker, after it appeared on the mentioned lists. In response, Cyberbunker launched a cyberattack against the blockers, which not only disabled Spamhaus, but made other resources vulnerable to DDoS attacks. So, CDN CloudFlare, which provides protection against DDoS, was attacked. The attack on it began on March 18 and grew to 90 Gb/s the next day. Unable to break through, the attackers again switched to providers, increasing the attack power to a record 300 Gb / s, which the networks could not withstand.

According to experts, in this case, the attack occurred using the DNS amplification method: when the hackers' servers sent a large number of recursive requests with fake return addresses. To answer a question weighing several tens of bytes, the system needed several kilobytes, and it would be sent to the victim's address, making the attack more intense. When using DNS amplification, a lot of traffic is due to the fact that not user computers, but servers are “zombified”. Moreover, despite the fact that this vulnerability has been known for a long time, many servers do not solve the problem of closing it.

More in the world:

Also in June of the same year, the FBI and Microsoft jointly stopped the activities of about a thousand botnets that were part of the virus network. With the help of the complex software Citadel ("Citadel") cybercriminals infected users' devices with viruses and gained access to personal information and information about bank accounts. By the way, at that time the hackers had already stolen about $500,000,000 - but this, however, also takes into account 2012.

On August 7, non-core Twitter accounts of the RIA Novosti news agency, the International Multimedia Press Center and RIA Novosti Deutsch, were hacked. The hackers posted false information about the death of Soviet President Mikhail Gorbachev there. Both fake messages “hung” for no more than five minutes, after which they were deleted. But, by the way, this was not the first attempt at a cyberattack on the agency. In March 2013, hackers carried out a major DDoS attack, which was then repeated back in July.

2014: Russian hackers steal data

According to the Center for Strategic and International Studies (CSIS), 2014 will be remembered for "big numbers". Thus, the damage from identity theft in 2014 amounted to $150,000,000,000. Together, the United States, Japan, China and Germany lost $50,000,000,000 more. According to professionals, this story is repeated from year to year.

One of the memorable cyberattacks of that year involved a discovered vulnerability in the NTP (Network Time Protocol) protocol. It was opened in January of that year by the American organization US-CERT, whose task is to provide information security. Moreover, it has spread all over the world, large companies, Russian banks and government agencies have suffered from it. In terms of power, it reached 70-80 Gb / s and rose to 120 Gb / s. In total, 15 organizations became victims of the attack by hackers.

In the same year, Hold Security announced a leak of user information: about 1.2 billion unique login/password combinations from email addresses were stolen. Cybercriminals have collected 4.5 billion pairs of records from 420,000 websites using a network of infected computers. By the way, some sources claim that the hackers themselves were from Russia.

Back in 2014, US and EU energy companies were seriously affected by hacker attacks, whose systems were infected with Energetic Bear malware, which could monitor electricity consumption in real time and even damage physical systems such as wind turbines, gas pipelines and power plants. In total, 1,000 organizations in 84 countries of the world became victims of a cyber attack.

Quite often, attacks from cybercriminals are associated with the theft of credit and debit data. bank cards. For example, in 2014, more than 50 million customers of the Target retail chain were compromised: hackers using the Trojan.POSRAM (iSight or a new modification of BlackPOS) obtained their data during payments.

2015: iOS and Android vulnerabilities and political strife

Somewhere since 2015, attackers began to pay more and more attention to mobile device users, using vulnerabilities and bugs in the iOS and Android operating systems.

Thus, in the third quarter of 2015, 94.1% of Android gadgets were at risk. And all because of a vulnerability in the Android OS Mediaserver, which is responsible for scanning and detecting multimedia files. By the way, during that year, five “holes” were found in a key component of the operating system only in the third quarter.

Thanks to one of them (CVE-2015-3824), cyber scammers were able to send infected MMS messages, which, when opened, installed malicious code on the device. Another vulnerability (CVE-2015-3823) caused gadget overloads and also allowed hackers to remotely execute arbitrary code.

Fans of Apple products, of course, no one has forgotten either. Even though the system is closed, meticulous hackers have found loopholes and vulnerabilities in iOS. And they not only found, but also infected applications with XcodeGhost malware not only in third-party stores, but also on the official page App Store. Moreover, mainly Chinese users suffered, and subsequently, as it turned out, it was Chinese developers who used the Xcode development tool downloaded from the forums and infected with malicious code to create applications. In addition, Unity, a tool for developing three-dimensional images and games, as well as AirDrop file transfer technology, were infected.

Another vulnerability called Quicksand was able to leak data through the mobile device management (MDM) system. Through it, not only private information, but also corporate information went to the attackers.

In 2015, among other things, there was great amount cyberattacks, one way or another related to political events. For example, on January 7, the CyberBerkut group disabled the websites of the German parliament and Chancellor Angela Merkel's offices, and almost exactly a month later, other cybercriminals gained access to the Anthem company's database, obtaining information about 80 million customers and employees of the company. Here experts blame the Chinese hackers. Just a week later, on February 10, 2015, threats against the family of then-US President Barack Obama appeared on the Twitter feed of the American weekly Newsweek. The Cyber Caliphate is suspected in this attack.

In November, an anonymous hacker hacked into the server of the American telecommunications provider Securus Technologies and sent journalists more than 70 million registration records about phone calls and another 144,000 audio recordings of conversations with American prisoners, of which 14,000 were with their lawyers. Recording of conversations is prohibited in the country, however, due to the disclosure, it turned out that Securus violated the law.

While passions were running high in the world, on December 7, the website of the Russian Post "collapsed" in Russia. It was subjected to a major DDoS attack, so from 8:00 to 13:00, access to it was restricted for users.

2016 turned out to be the most eventful and rich in events, especially in Russia. The volume of attempts to steal funds from the accounts of Russian banks amounted to 5 billion rubles, and the fraudsters managed to steal two of them.

So, one of the first to suffer last year Post service mail.ru. Hackers managed to steal passwords from emails of 57 million users. Slightly less affected were those who registered mailbox on Yahoo (40 million), Hotmail (33 million) and Gmail (24 million). The total number of accounts whose data fell into the wrong hands was 272 million. Some of them belong to employees of large American banks and organizations in the field of industry and retail trade.

By the way, some cases of cyberattacks on banks (and there were several in a row) were accompanied by SMS sending and publications in social networks that reported information about the alleged crisis of the Russian credit and financial system, bankruptcy and revocation of licenses from large banks. Later it became known that the command centers for cyberattacks were located in the Netherlands, and their owner is the BlazingFast hosting company.

Also in 2016, it became known about a cybercriminal under the pseudonym Peace, who managed to gain access to the usernames of the VKontakte social network, passwords, email addresses and phone numbers that were stolen by other cybercriminals during a cyberattack on the site in 2011-2013. The hacker put the data up for sale on one of the online platforms. According to him, he had “passwords and appearances” from 70 million VKontakte accounts, which he refused to sell for some reason. The LeakedSource portal confirmed the correctness of the information from the attacker, who checked the information put up for sale and found out that 92 out of 100 randomly selected accounts were active.

By the end of the year, according to Security Council Secretary Nikolai Patrushev, the number of external cyberattacks on Russian Internet resources had more than tripled, to 52.5 million from 14.4 million in 2015. From June 2015 to July 2016, the damage to Russian banks amounted to about 3.8 billion rubles. Now, according to statistics, 30 percent of all hacker attacks fall on banks, 26 percent on government agencies, and 17 percent on the media.

They plan to solve the problem with the help of the state system for detecting, preventing and eliminating the consequences of computer attacks (GosSOPKA), which is being developed by the Federal Security Service. It is planned that the regulation on it will be approved in the second quarter of 2017. Now most of the system services have been implemented and work with government subscribers is being established.

Teenager vs. US Department of Defense

If anyone deserves to be called real "Mr Robot"(in honor of the genius hacker from the series of the same name), then this is Jonathan James. In 1999, he was able to remotely connect to one of the computers of the US Department of Defense and, using the program, gained access to messages, the real names of employees and their current passwords. The information received by James, of course, was secret and concerned mainly plans to protect the States from potential threats. But, perhaps most importantly, in his hands was even programming code life support systems for astronauts on the International Space Station.

At the time of the first attack, James was 16 years old. He could not go unpunished: he was caught in 2000 and, due to his minority, was sentenced to house arrest and a ban on the use of computers. But if Jonathan had been over eighteen at the time of the hack, he would have received about ten years in prison.

In 2008, James was found shot to death. The official version is suicide, but, of course, the theory appeared on the network that the American intelligence services eliminated the hacker.

The largest DDOS attack in history

DDOS is quite common hacker attack, the purpose of which is to disable the attacked object. An attacker, often from many computers, sends gigantic amounts of data to the server, which he obviously cannot handle, which is why ordinary users there are huge connection problems. In the worst (for a hacker - the best) case, the server simply "falls", that is, stops working.

It is ironic that an international organization was subjected to the largest DDOS attack in history. Spamhouse, the purpose of which is to fight spam on the network: to identify spammers, form blacklists and sell them to mail server owners. In 2013 Spamhouse added to the blacklist of the Dutch provider CyberBunker Therefore, any information from CyberBunker was automatically considered spam on all mail servers that cooperated with Spamhouse.

A few days later Spamhouse was subjected to a catastrophic DDOS attack that brought down the company's servers like an avalanche: the volume of DDOS traffic reached an astronomical 300 gigabits per second. And this despite the fact that already 50 gigabits is enough to bring down a fairly large server.

Official website of the company Spamhouse

Anti-spam filters stopped working across Europe. This went on for over a week and Spamhouse even had to seek help from Google. As a result, hackers from Russia and Eastern Europe were blamed for the incident.

In 2013 the founder CyberBunker was arrested in Spain on suspicion of involvement in the attack. He was later released, the court's decision has not yet been announced.

hackers vs cheaters

Sometimes hackers can do more than just steal your money or your account from someone World of Warcraft. But also destroy the family.

This is exactly what happened to many users of the dubious site. Ashley Madison. His the target audience- married men and married women looking for an affair on the side. Internet resource for those who are going to change.

For a long time the worst thing that happened to Ashley Madison, there was public censure. However, in July 2015, a group of hackers The Impact Team stated that they were able to access a database of all customers of the service, that is, names, postal addresses, credit card numbers, payment histories ... The hackers put forward one simple requirement: Ashley Madison must immediately cease to exist - or all information will be made available to the public.

Official website of the company Ashley Madison

ashleymadison.com

Five days later, representatives of the service reported that the security loophole had been eliminated, and US law enforcement agencies were connected to the hacking case. They did not plan to close the site, betting that the hackers were bluffing. In vain - without waiting for the fulfillment of the requirements, The Impact Team ruthlessly posted on the network everything that the visitors of the resource so diligently concealed. A convenient database was even compiled, where any person could enter the name of interest to him and see if it was in the database. You could find out if your husband and wife are cheating on you, “check for lice” your best friend or boss.

The consequences were devastating: On August 24, Toronto police reported two burglary-related suicides. Ashley Madison. Families collapsed, marriages broke up, and the world is still arguing who is to blame for all this.

Half a billion bitcoins

Bitcoin is a cryptocurrency that many economists call the currency of the future. Bitcoin transactions require no intermediaries, your holdings cannot burn, cannot be frozen, and are almost impossible to trace.

Now bitcoins can be easily exchanged for the same dollars, so it is not surprising that hackers are interested in this topic.

February 7, 2014 The world's largest bitcoin exchange service Mt Gox discovered a vulnerability in the system and reported that over the course of three to four years, hackers stole half a billion dollars worth of bitcoins from users. Since all the stolen funds were transferred to the same account, there is a high probability that the attacker acted alone.

The end of the story is sad: Mt Gox suffered significant financial and reputational losses and went bankrupt. The hacker has not been found, and given the nature of bitcoin as a currency and his half-billion dollar fortune, it is unlikely that they will ever be found.

Yahoo

The consequences of this hack are not too serious, but it is worth mentioning for several reasons. First, attacked Yahoo, one of the largest IT companies. Second, the scale of the stolen data is staggering.

In 2014 from servers Yahoo more than half a billion (and according to some estimates, a billion) of account data leaked from the company's services. The details of the hack were published only two years later, in 2016. So if you are registered with Yahoo and let's say you have an email on it and you're hearing about this story for the first time, it's time to change your password.

Official website of the company Yahoo

Although, according to staff Yahoo, in the worst case, only real names, phone numbers and dates of birth of users fell into the hands of hackers, but not credit card numbers. In addition, passwords on the company's servers are stored in encrypted form. But who knows for sure?

Just about the complex. Programs. Iron. Internet. Windows