2011 in Review: Top Computer Hacks That Shook the World

By @KukilBora on
  • Sony's PlayStation Network
    On April 26, Sony revealed that an outside party had accessed its PlayStation Network and gained access to personal information of about 77 million registered accounts. Users of PlayStation 3 and PlayStation Portable consoles were also reportedly prevented from playing online through the service. The attack prompted Sony to turn off the network on April 20. The outage lasted for approximately 23 days and the potential theft of personal information made it one of the largest such security breaches in history. Government officials in various countries voiced their concern at Sony’s inability to protect its customers, as well as the delay in announcing the breach; Sony only made the official announcement a week after the initial attack. The network was hacked for a second time, in May. The information of approximately 24.6 million Sony Online Entertainment users was stole. In a statement, the company said that compromised information included customer names, addresses, email handles, date of birth, gender, phone numbers and log-in information. An approximate 20,000 credit cards and bank account details were also put at risk. The situation got worse the following month. Hacker collective LulzSec was back and reportedly broke into SonyPictures.com. They claimed to have stolen personal information from over 1,000,000 users. The group later posted a .RAR file containing over 50,000 password/email combinations, in addition to details of 20,000 Sony music coupons and the administrative database for BMG’s Belgium-based employees, according to an Endgadget report. Expert estimates suggest that Sony lost $1.5 billion, by the end of April. By the end of May, reports suggested a cost of $24 billion, nearly 10 times its revenue for the same period. The year went from bad to worse. In October, the Tokyo-based company announced that intruders had tried to access user accounts on its PlayStation Network, as well as other online entertainment services, in the second major attack on its flagship gaming services this year. Sony was forced to lock about 93,000 accounts, the handles and passwords of which were compromised. The attempts occurred between Oct. 7 and Oct. 10 and targeted accounts globally. Reuters
  • Citigroup Credit Cards
    In June, there were reports that hackers successfully breached Citigroup’s online network and accessed data from a total of 360,083 North American Citigroup credit card accounts. The bank said the compromised data included customer names, account numbers and contact information, including email addresses. According to the Financial Times, the breach was discovered by the bank in early May. However, Citigroup said that other information, such as birth dates, social security numbers, card expiration dates and card security codes (CVV) were not compromised. According to a Reuters report, the bank said the breach affected 1 percent of all North American card customers, which was estimated at 21 million. According to a Wall Street Journal report, the breach occurred on May 10 and the bank began producing new cards and notifying customers on May 24. The breach wasn't officially announced until June 9. Reuters
  • The FBI and the CIA
    Hacker collective LulzSec, apparently as retribution for the NATO alliance’s “act of war” against hackers, breached the Atlanta chapter of Infragard, “a private, non-profit organization that exists to serve as a public/private partnership with the FBI.” On June 6, LulzSec said, on its Web site, the group had leaked details of Infragard’s user base, including 180 accounts. "Most of them reuse their passwords in other places, which is heavily frowned upon in the FBI/Infragard handbook and generally everywhere else too," the group said. LulzSec identified one of its victims as Karim Hijazi and claimed that he used a common password for both his Infragard account and his personal Gmail account, as well as a Gmail account for a company he owns. "Unveillance, a whitehat company that specializes in data breaches and botnets, was compromised because of Karim's incompetence. We stole all of his personal emails and his company emails. We also briefly took over, among other things, their servers and their botnet control panel," the hackers said. The Federal Bureau of Investigation’s (FBI) Detroit office reportedly received a distributed denial of services attack to their phone systems. The hacker group later posted a series of tweets mocking the FBI. "We sit and laugh at the FBI. No times decided, but we'll cook up something nice for tonight,” said the group. The Central Intelligence Agency (CIA) saw its worst nightmares come true on July 15, when its Web site, www.cia.gov, went down. Once again, LulzSec claimed responsibility. "Tango down -- cia.gov -- for the lulz," the group wrote on Twitter. Although there was no evidence that sensitive data on the agency's internal computer network had been compromised, experts said the fact that the hackers could successfully break into Web sites and collect system administrators’ credentials underscores the risks of failing to secure sites. Reuters
  • The U.S. Senate
    A few days after the attack on InfraGard, LulzSec again claimed responsibility for a successful cyber attack on the U.S. Senate’s Web site. While the Senate stated in a statement that the hackers failed to breach the firewall protecting the more sensitive portions of the network, LulzSec posted the allegedly stolen data on its Web site. "We don't like the U.S. government very much. Their boats are weak, their lulz are low, and their sites aren't very secure,” LulzSec commented, "This is a small, just-for-kicks release of some internal data from Senate.gov -- is this an act of war, gentlemen? Problem?" LulzSec's post pointed to a possible motivation for its attack – the U.S. government’s policy of treating all cyber attacks in the same manner as a real-world attack. Reuters
  • Lockheed Martin
    In May, hackers broke into the network of Lockheed Martin, the U.S.’s largest weapons manufacturer. The hackers reportedly breached the system in order to copy login IDs known as SecurID, which they could then use to access the system's network. However, Lockheed Martin claimed in a statement that it managed to stop the attack before any critical data was stolen. According to reports, hackers exploited Lockheed's VPN access system, which allows employees to log in remotely by using their RSA SecurID hardware tokens. InformationWeek reported that it was possible that whoever attacked Lockheed Martin may have also been behind the successful breach, in March, of EMC's RSA division, which manufactures SecurID. Experts later suggested that China may have been behind the attack. "It's unclear at this point precisely who conducted the attacks, but given past history with these sorts of things, there's a strong tendency to look east. The Far East, in fact, and a country that not so long ago hosted the Olympics," a U.S. official told Reuters. Reuters
  • International Monetary Fund
    In June, the International Monetary Fund (IMF) joined Sony Citigroup and other high-profile targets, as the victim of a hacker attack. According to reports, hackers reportedly obtained “large quantities” of data, including email addresses and other documents. The attacks were believed to have begun on May 14, which was when the IMF’s former Managing Director, Dominique Strauss-Kahn was arrested in New York, on charges of sexual assault. Experts suggested that the hackers used a trick known as “spear phishing” to gain access to the IMF’s internal network. According to The New York Times, since the IMF provides economic aid and policy advice to nations in financial distress, the agency has "highly confidential information about the fiscal condition of many nations,” which can affect global markets. Once again, China topped the list of suspects, with Larry Wortzel, a Commissioner on the Congressionally-created U.S.-China Economic and Security Review Commission, pointing a finger at Chinese authorities. He suggested that China was looking for inside information, before scheduled meetings in Beijing, with French Finance Minister, Christine Lagarde. However, other security experts said the attacks could just as likely have been from Russia. Reuters
  • Sega Corp
    June turned out to be a bad month, for both Japanese game developers and global corporations. Sega Corp. was reportedly hacked by as-yet-unidentified cyber criminals, who stole information belonging to 1.3 million customers. In a statement released after, Sega said that names, birth dates, email addresses and encrypted passwords of users of the Sega Pass online network had been compromised. However, payment data – such as credit card numbers – were declared safe. The company was forced to shut down the network, telling customers in a note on its Web site that it was "undergoing improvements." Quite unexpectedly, hacker group LulzSec responded to news of the attack by offering to track down the hackers. "Sega - contact us," Lulz said in its Tweet to the video game developer, "We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down." Reuters
  • Gmail Accounts
    Google Inc. made a shocking announcement in June, saying they suspected Chinese hackers of attempting to steal passwords from hundreds of account holders, including those of senior U.S. government officials, Chinese activists and journalists. The search engine giant said on its official blog that hackers tried to crack and monitor email accounts by stealing passwords but it detected and "disrupted" their campaign. "We recently uncovered a campaign to collect user passwords, likely through phishing," Google said, referring to the practice where computer users are tricked into giving up sensitive information. The company further stated that the perpetrators appeared to originate from Jinan, the capital of China's eastern Shandong province. According to a former U.S. government official who served in China, it was quite possible that the Chinese government was responsible. "I'm fairly certain it's the Chinese government, and probably the PLA," the former official told Reuters. In response, China said the “so-called Chinese state support for hacking are completely fictitious and have ulterior motives." The official Xinhua news agency said in a commentary that Google had provided "no solid proof" to support its claims. Reuters
  • The Pentagon
    In July, the Deputy U.S. Secretary of Defense, William Lynn, admitted that the Pentagon had become the victim of the largest cyber-attack in its history. Lynn said a "foreign intelligence service" stole 24,000 sensitive defense department files in a single operation. However, he didn't elaborate much and only said the officials had a "pretty good idea" of who was responsible. "A great deal of it concerns our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols," Lynn said in a speech at the National Defense University. Reuters
  • NASA, Booz Allen Hamilton, Arizona Police and Others
    There were reports, in May, suggesting that hackers masquerading as online salesmen were offering cheap Adobe software and they had also managed to break into several Internet pages belonging to NASA and Stanford University. The hackers reportedly compromised a page on NASA's Jet Propulsion Laboratory Web site. The online attack came just days before the final launch of NASA's shuttle Endeavor, which was scheduled for May 16. The hacked pages were full of "nonsense text,” said a Computerworld report. The pages also included interest-generating keywords, such as "Edit buy adobe premiere pro cs4 some callouts and balloons to make this time it took you and saved you a long time." In June, Nintendo revealed that its U.S.-based servers were hacked; however no consumer data had been stolen. The hacker group LulzSec claimed responsibility for the attack in a statement posted on its Twitter feed. Lulzsec tweeted it had taken one file but "we didn't mean any harm. Nintendo had already fixed it anyway." In July, hacking collective Anonymous broke into a server operated by U.S. government contractor Booz Allen Hamilton and released an approximately 190 MB data torrent, which, according to eWeek, contained "login information of personnel from US CENTCOM, SOCOM, the Marine Corps, Air Force facilities, Department of Homeland Security, Department of State and other private sector contractors." The attack on Booz Allen Hamilton followed the attack on IRC Federal, a contractor that works with the Army, Navy, NASA, the Department of Justice and other government agencies. The Anonymous group also targeted the Arizona Police’s Web site and compromised data, claiming it to be a protest against the state's immigration laws. Reuters
1 of 10

This year saw a number of sensational instances when the Web sites of various government agencies and corporations were hacked, in what appeared to a series of cyber-wars, initiated by a group of hackers.

This may sound grim but 2011 was, in several ways, the Year of the Hackers, with damages rumored to be running to millions of dollars.

Hacker group Lulz Security (LulzSec) claimed responsibility for a number of large-scale data breaches and, working closely with another hacker collective called Anonymous, LulzSec encouraged other groups and individuals to open fire on any government or agency that crosses their path. They named the undertaking as Operation Anti-Security.

Check out the slideshow for more details on the most sensational hacks of 2011.

Join the Discussion