Attacks/Breaches
12/27/2013
11:06 AM

9 Notorious Hackers Of 2013

This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.
2 of 10

Anonymous hacking collective
(Source: Feral78)

Is there any group of hackers more outspoken online than Anonymous? The group started the year with a legal bang by backing a White House 'We the People' petition arguing that DDoS attacks should be protected as a form of free speech, so that they could be used to protest injustice. However, that attempt to hack the Constitution failed to garner the number of signatures required for a White House response.
But that didn't stop the collective from protesting perceived injustices. Its Operation Last Resort included hacking the US Sentencing Commission website -- which establishes sentencing policies and practices for the federal courts -- to include a game of Asteroids, to protest federal prosecutors having threatened Reddit co-founder Aaron Swartz with a 35-year prison sentence for downloading millions of documents from the JSTOR archive, which helped drive Swartz to commit suicide. The group also defaced a Massachusetts Institute of Technology website to denounce the institution's failure to protest Swartz's prosecution.
As the year progressed, the campaigns continued, with Anonymous channeling mass anger over the 2008 economic crash -- as well as the fact that no Wall Street executives were ever charged with crimes related to it -- by leaking what it said were passwords for 4,000 financial executives. Rebranded as Operation Wall Street, the effort continued, with the hacktivist collective calling on the public to dox (release sensitive documents on) bank executives.
Anonymous continued with attacks against North Korean websites after the country's leadership threatened to restart a nuclear reactor; OpIsrae' attacks against Israeli websites -- taking sides in the Israeli-Palestinian conflict -- that reportedly fizzled; an OpUSA attack against banks and government agencies that likewise fizzled; and a threatened Guantanamo Bay Naval Base attack that led authorities there to deactivate WiFi and social media.
Meanwhile, Anonymous earned widespread praise in October when its members launched Operation Maryville to highlight the case of two Missouri girls, ages 13 and 14, who were both allegedly raped last year, only to see prosecutors drop charges against one of the girl's alleged attackers. The outcry helped draw attention to the case, leading the state's lieutenant governor to demand that a grand jury investigate.
(Source: Feral78)

Is there any group of hackers more outspoken online than Anonymous? The group started the year with a legal bang by backing a White House "We the People" petition arguing that DDoS attacks should be protected as a form of free speech, so that they could be used to protest injustice. However, that attempt to hack the Constitution failed to garner the number of signatures required for a White House response.

But that didn't stop the collective from protesting perceived injustices. Its Operation Last Resort included hacking the US Sentencing Commission website -- which establishes sentencing policies and practices for the federal courts -- to include a game of Asteroids, to protest federal prosecutors having threatened Reddit co-founder Aaron Swartz with a 35-year prison sentence for downloading millions of documents from the JSTOR archive, which helped drive Swartz to commit suicide. The group also defaced a Massachusetts Institute of Technology website to denounce the institution's failure to protest Swartz's prosecution.

As the year progressed, the campaigns continued, with Anonymous channeling mass anger over the 2008 economic crash -- as well as the fact that no Wall Street executives were ever charged with crimes related to it -- by leaking what it said were passwords for 4,000 financial executives. Rebranded as Operation Wall Street, the effort continued, with the hacktivist collective calling on the public to dox (release sensitive documents on) bank executives.

Anonymous continued with attacks against North Korean websites after the country's leadership threatened to restart a nuclear reactor; OpIsrae" attacks against Israeli websites -- taking sides in the Israeli-Palestinian conflict -- that reportedly fizzled; an OpUSA attack against banks and government agencies that likewise fizzled; and a threatened Guantanamo Bay Naval Base attack that led authorities there to deactivate WiFi and social media.

Meanwhile, Anonymous earned widespread praise in October when its members launched Operation Maryville to highlight the case of two Missouri girls, ages 13 and 14, who were both allegedly raped last year, only to see prosecutors drop charges against one of the girl's alleged attackers. The outcry helped draw attention to the case, leading the state's lieutenant governor to demand that a grand jury investigate.

2 of 10
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
SaneIT
50%
50%
SaneIT,
User Rank: Apprentice
1/6/2014 | 7:40:57 AM
Re: Have to agree
I really thought this would be addressed when we the country got a CIO... Then we had the summer of Anonymous attacking sites and we never really got a main stream explanation of what was going on or why.  I think part of it is just a lack or understanding by the media and the attitude toward attacks on web sites is that it's just childish pranks.  
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/3/2014 | 7:52:40 AM
Re: Have to agree
That's a great question. There's really no shortage of public news and information for anyone who wants to learn more and stay on top of the situation. It's the age-old dilemna of how to raise security awareness. You would think our leaders would take it upon themselves to have at least a basic understanding of digital security issues. Yet even security professionals struggle with the issue. Ira Winkler wrote a great piece about it recently: Why Security Awareness is Like an Umbrella. 
SaneIT
50%
50%
SaneIT,
User Rank: Apprentice
1/3/2014 | 7:14:28 AM
Re: Have to agree
I guess the question then would be how do we raise awareness without overblowing the situation.  We don't want to make them all out to be public enemy number one but we do need to draw enough attention that people are aware of what is possible, what is happening and hopefully educate themselves on how to avoid it.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/2/2014 | 10:33:17 AM
Re: Have to agree
I tend to agree with you @jg, that outside the security community, the general public is unaware of most of the notorious hackers and why they are important. What's worse, I don't have a lot of confidence that our public leaders (elected and appointed) truly get what they need to know to develop policies that protect us.
SaneIT
50%
50%
SaneIT,
User Rank: Apprentice
12/30/2013 | 8:32:36 AM
Re: Have to agree
I don't think the NSA are doing themselves any favors but I also wonder how many people would recognize any of the other individuals listed.  We all know about Snowden because he's been a daily news story but what about Sabu? Aside from those that were burned when the started working with the government to turn in other hackers and IT folks who follow things like this does anyone know who he is or why he was news worthy?
Whoopty
50%
50%
Whoopty,
User Rank: Moderator
12/30/2013 | 6:00:03 AM
Have to agree
Have to agree with the NSA being at the #1 spot. The revelation of its involvement in worldwide sureillance was the biggest rug pulling on internet privacy that's ever come to light. 
virsingh211
50%
50%
virsingh211,
User Rank: Apprentice
12/30/2013 | 3:36:03 AM
Re: 10
I would like thank author for including Edward Snowden in blog, Snowden was one to change my thinking towards hacker, he revealed the spying that is taking place. Many consider him a villain. I, on the other hand, hold him up in the hero category for one simple reason, His disclosure of classified documents unveiled the NSA's mass surveillance program. I was reading an article on WSJ which says Snowden Will Speak More in 2014, source: http://blogs.wsj.com/washwire/2013/12/29/snowden-will-speak-more-in-2014-adviser-says/.

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Strategist
12/28/2013 | 11:36:06 PM
10
A suggestion for the tenth: Those behind the Target hack on customer credit card numbers.  We're still somewhat in the dark about that.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5426
Published: 2014-11-27
MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message.

CVE-2014-2037
Published: 2014-11-26
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-6609
Published: 2014-11-26
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVE-2014-6610
Published: 2014-11-26
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dia...

CVE-2014-7141
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?