Slideshow

In Pictures: 20 infamous hacker security vendor break-ins

18 Photos Ellen Messmer (Network World)

Here are 20 of the most notorious known break-ins over the past decade.

  • Companies providing IT security and software have been the target of hackers out to steal source code, compromise products or services, steal customer information or just to make them look foolish. Here are 20 of the most notorious known break-ins over the past decade:

  • Back in 2004, a hacker managed to break into Microsoft’s corporate network and stole the source code for Windows 2000, about 600 million bytes of data, posting it online. The hacker was never caught.

  • In 2011, HBGary Federal’s CEO Aaron Barr found his e-mail hacked, and 50,000 internal business messages posted online, an event that led to Barr stepping down from the company. The hackers from the LulzSec group detailed how they exploited weak passwords and unpatched servers at HBGary Federal, but they were eventually caught, among them Jake Davis, who confessed to the crime in a London court.

  • RSA executive chairman Art Coviello three years ago disclosed that RSA’s network had been compromised by attackers who took information related to its SecurID tokens, a break-in later linked to a cyberattack at Lockheed Martin. RSA decided to replace 40 million SecurID tokens because of the breach of its network, attributed to a “nation-state” which many believed was China.

  • Security firm Bit9 last year admitted to a network breach in which hackers had stolen code-signing certificates in order to drop malware into the systems of three customers. Bit9 took full blame for the “operational oversight” in which it had failed to install its own whitelisting security product internally to protect some computers on its network, allowing the attackers to access a code-signing certificate which was used by the criminals to sign malware.

  • In 2012, source code used in older Symantec enterprise security products, Symantec Endpoint Protection 11.0 and Symantec AntiVirus 10.2, as well as older versions of pcAnywhere and Norton Internet Security, was exposed online by hackers calling themselves Lords of Dharmaraja with a leader named Yama Tough in Mumbai. The gang claimed to obtain the code from a third-party associated with the Indian military. Symantec, acknowledging the authenticity of the source code, also said the hackers had been vainly trying to extract an extortion payment of about $50,000 in exchange for not posting the stolen code. Symantec also acknowledged a breach of its servers in 2006.

  • In what's come to be called the "Aurora attacks," Google in January 2010 acknowledged valuable intellectual property was stolen via a network break-in over several months, intimating China to be the origin of the cyberattack. About a dozen other high-tech and industrial companies appear to have been struck in similar fashion. The Chinese government said it doesn't know what they're talking about.

  • In an embarrassment for Cisco, someone hacked into the list of attendees for the Cisco Live 2010 users' conference, a security breach that led Cisco to notify the customers as well as a broader group with dealings with the company. Though Cisco prefers to keep mum on some details, it appears someone had made "an unexpected attempt to access attendee information through ciscolive2010.com," the event site. Cisco said the breach was closed quickly, "but not before some conference listings were accessed." The compromised information consisted of Cisco Live badge numbers, names, title, company addresses and e-mail addresses. Cisco apologized by e-mail to both attendees and those who were invited but didn't attend.

  • In 2011, Glenn Mangham of York, England, hacked into the account of a Facebook employee in order to penetrate the network and find Facebook source codes and stole it. Mangham said he did it in order to analyze the code for vulnerabilities. "I was working under the premise it is sometimes better to seek forgiveness than to ask permission,” said Mangham, who was caught and ended up in jail.

  • In 2012, Yahoo accidentally leaked the private key that was used to digitally sign its new Axis extension for search and browsing for Google Chrome. Security blogger Nik Cubrilovic discovered the package included the private crypto key used by Yahoo to sign the extension, noting it offered a malicious attacker the ability "to create a forged extension that Chrome will authenticate as being from Yahoo." Yahoo was forced to release a new version of its Axis extension for Google Chrome after that. In another unrelated incident for Yahoo, the company acknowledged that about 450,000 unencrypted passwords and user names were stolen from its Contributor Network, taken by a group calling itself D33Ds Company.

  • In 2012, Adobe said it was investigating how user names, email addresses and encrypted passwords were stolen from a company database after an Egyptian hacker called "Virus_HimA" posted 230 of them on Pastebin. Last year, Adobe disclosed that about 38 million usernames and encrypted passwords of customers were stolen in a cyberattack and that the attacker had decrypted some accounts’ credit-card systems using Adobe’s own internal systems. Source code for Adobe Acrobat, Reader and ColdFusion were also stolen.

  • In 2011, when a string of SSL digital certificate providers, including Comodo, DigiNotar and GlobalSign, were breached, some of them allegedly by a 21-year-old Iranian student calling himself "Comodohacker," the fallout included the creation of a fake Google certificate (since revoked) that allowed the attacker to capture login details of a person's Gmail account without a warning from the victim's browser the site might not really be Google. DigiNotar, owned by Dutch-based Vasco Security Systems, went bankrupt as a result of the hack, especially after the Dutch government banned use of DigiNotar certificates.

  • In 2013, Evernote, which makes business and consumer productivity software, forced all its 50 million users to change their passwords after detecting a hacker intrusion on its systems. The attacker is said to have gained access to Evernote accounts’ usernames, email addresses and passwords, though the passwords were encrypted. The company said there’s no evidence the hackers got hold of user content or customers’ payment information.

  • In 2013, two of Japan’s major Web portals were hacked, with one warning that as many as 100,000 user accounts were compromised. Goo, the portal owned by network operator NTT, said it had no choice but to lock 100,000 accounts to prevent illicit logins. Separately, Yahoo Japan said it discovered a malicious program on company servers that had extracted user data for 1.27 million users, but was stopped before it leaked any of the information outside of the company.

  • Domain registrar Name.com forced its customers to re-set their account passwords following a security breach on the company’s servers that might have resulted in customer information being compromised, including usernames, email addresses, encrypted passwords, and encrypted credit-card information.

  • Government contractor Booz Allen Hamilton was supposed to be providing security support for the National Security Agency, but was shocked to discover last June that one of its contactors, Edward Snowden, had leaked reams of stop-secret NSA information to the press.

  • Apple last year announced an intruder broke into its developer website and downloaded the personal information of users registered at Developer Center, prompting a shutdown of the site for a week while Apple made security changes. An independent security researcher, Ibrahim Balic, claimed responsibility for the security breach incident in which it appears he gained access to about 100,000 Apple Developer center accounts but said “this is definitely not a hack attack; I have reported all the bugs. I am not a hacker, I do security research.”

  • Last year French web hosting firm OVH disclosed that a hacker compromised the company’s European customer database and gained access to an installation server in Canada. OVH said the attacker gained access to a system administrator’s e-mail account, and from there used that account to gain access to another employee’s VPN credentials, and kept moving through the internal network.

Show Comments