The 10 worst cyberattacks.
- By Joshua E. KeatingJoshua E. Keating was an associate editor at Foreign Policy.
Alleged source: China
Fallout: In 2004, U.S. federal investigators discovered an ongoing series of attacks penetrating the networks of the departments of Defense, State, Energy, and Homeland Security, as well as those of defense contractors, and downloading terabytes of data. The investigators were able to trace the cyberspying ring — which they code-named "Titan Rain" back to computers in Guangdong, China. While the Chinese military is widely believed to have been involved in the attacks, Beijing has consistently denied responsibility. It was reported in 2007 that attacks believed to be connected to Titan Rain had also targeted the British Foreign Office.
Alleged source: China
Fallout: In 2011, McAfee reported the existence of a five-year-old hacking campaign it calls Shady RAT. It works by sending an email to an employee of a targeted organization, who then installs a "Trojan horse" on the computer after clicking an innocuous-looking attachment. The 49 victims include the International Olympic Committee, the United Nations, the Association of Southeast Asian Nations, companies in Japan, Switzerland, Britain, Indonesia, Denmark, Singapore, Hong Kong, Germany, and India, and the governments of United States, Taiwan, South Korea, Vietnam, and Canada. At least 13 U.S. defense contractors were also hit. The list of targets has led many analysts to suspect Chinese involvement. It has been called the biggest cyberattack of all time.
THE ESTONIA ATTACKS
Alleged source: Russia
Fallout: One of the most devastating attacks ever unleashed on a country, the Estonia attack followed the controversial decision to remove a Soviet war memorial in central Tallinn, the capital. The operation was a distributed denial-of-service (DDOS) attack, which involves using remotely commandeered computers — collectively known as a botnet — to overwhelm a targeted web server, taking it offline. The attacks took down the websites of Estonia’s major banks, government websites, and news portals. At the peak of the crisis, bank cards and mobile phones were inoperable within the country. The Russian government has denied responsibility for the attack, but a State Duma deputy from the ruling United Russia party made an offhand remark to a journalist two years later saying that one of his staff members had been involved in the attack.
THE AUGUST WAR
Alleged source: Russia
Fallout: During the August 2008 Russia-Georgia war, key Georgian websites, including the pages of President Mikheil Saakashvili, the Ministry of Foreign Affairs, and the Ministry of Defense, as well as numerous corporate and media sites, were taken down by cyberattacks. At one point the Parliament’s site was replaced with photos comparing Saakashvili to Hitler. Georgian officials have blamed a cybercriminal group known as the Russian Business Network for the attacks. Russian President Dmitry Medvedev denied government involvement.
Alleged source: China
Fallout: In 2009, Canadian researchers discovered a massive electronic spying network that had infiltrated 1,295 computers in 103 countries. The researchers were acting on a request from the Dalai Lama’s office to see whether his personal network had been infiltrated — it had. Ministries of foreign affairs and embassies in Iran, Bangladesh, Indonesia, India, South Korea, Thailand, Germany, and Pakistan were also affected. The Chinese government denied involvement.
Alleged source: Israel
Fallout: Discovered in June 2010, the Stuxnet worm exploits a vulnerability in Windows to attack Siemens industrial systems, such as those used in nuclear power plants. While systems in several countries, including the United States, were affected, Iran was the worst hit, with over 16,000 computers infected. The virus seemed to be specifically targeting Iran’s nuclear program, leading to suspicions that it had been designed by Israel. The Israeli government has neither confirmed nor denied involvement, but a 2011 New York Times investigation concluded that the worm had been developed and tested in Israel.
50 DAYS OF LULZ
Alleged source: LulzSec
Fallout: In the spring and summer of 2011, a group of hackers calling itself LulzSec, associated with the online collective Anonymous, went on a tear, disabling and defacing a series of prominent websites. Unlike previous large-scale cyberattacks, the group didn’t seem motivated by profit or a particularly ideology, but were in fact, in it for the lulz. The group did occasionally take a stand. For example, in response to a documentary about WikiLeaks that it thought was negative, it posted a story on PBS’s website alleging that Tupac Shakur is alive. The group also took down CIA.gov at one point. In its biggest operation, Lulzsec hacked into Sony PlayStation’s website, compromising the personal information of more than a million users. In June, the group announced through its Twitter feed that it was suspending its campaign, releasing a trove of classified AT&T documents as a parting shot. In July 2011, police arrested an 18-year-old man in the Shetland Islands said to be "Topiary," one of the Lulzsec ringleaders.
THE SOUTH KOREAN DDOS
Alleged source: North Korea
Fallout: DDOS attacks in March 2004 targeted more than 40 South Korean websites, including those of the National Assembly, military headquarters, U.S. forces in South Korea, and several major banks. The attacks shut down the country’s stock trading system for several minutes. An estimated 11,000 personal computers may have been infected by malware as part of the attack. A month later, an attack brought down the network of a major South Korean bank. The South has accused North Korea of running an ongoing cyberwarfare campaign since similar smaller attacks in 2009, but no solid link to Pyongyang has been proven.
Alleged source: A loose coalition of online "hacktivists"
Fallout: The online group known as Anonymous was, until recently, best known for its attacks on the Church of Scientology and Fox News host Bill O’Reilly. But lately it has taken on more of a political character. Anonymous targeted Egyptian government websites during the uprising against Hosni Mubarak, and when the regime took the unprecedented step of shutting the country’s Internet down, the group went old school, flooding government offices with faxes. In response to the January arrest of Megaupload founder Kim Dotcom, Anonymous shut down the websites of the U.S. Justice Department and the Recording Industry Association of America, as well as those of several record companies and congressional offices. In February, the group took credit for shutting down the website of the CIA.
Alleged source: India or China
Fallout: This January, U.S. authorities began investigating allegations that Indian intelligence operatives had hacked into the emails of the U.S.-China Economic and Security Review Commission, an American agency that monitors trade policy was China. The investigation came after hackers posted a document online purporting to show Indian military intelligence plans to target the commission as well as extracts from the emails in question. Just a few weeks later, however, the document was found to be fake — though the emails were real — and investigators are now focusing on Chinese hackers as the most likely source of the breach.