Saturday, September 17, 2011

10 Most Costly Cyber Attacks in History

What we have learned from these attacks?

Cyber-attacks aren’t just fuel for poorly made movies or something teenagers do for fun. They are a serious issue with real-world consequences for companies, consumers and nations (and while good web hosting is a undoubtedly a good protective measure, it’s far from an impenetrable defense).

A recent survey by the Ponemon Institute found that 59% of those surveyed had suffered a slew of attacks in the last year, with the average cost to businesses exceeding $500,000 when they added up expenditure, overheads, labor, revenue losses, business disruption and other costs. Of course, that’s just the average outlay.

Here are the most costly cyberattacks ever carried out. These victims wish it had only cost them a paltry half a million dollars.

10. Citigroup

Tremendous amounts of wealth, from thousands of parties, flow through financial giants such as Citigroup on a daily basis. Earlier this year, in 2011, the aforementioned stacks of money and hoards of sensitive customer information provided ample incentive for cyber-hacks to organize an attack.

Over 200,000 customers’ names, contact details, account numbers and other information were compromised in the attack, as the thieves made off with $2.7m from credit card accounts. That’s a bad day at the office.

9. Titan Rain

The public face of international relations between non-warring states is usually one of diplomatic politeness, yet the 2004 discovery by Shawn Carpenter, a Sandia National Laboratories employee, of hacking into US military files brought to light the shadier underbelly of global affairs. “Titan Rain” is the FBI code-name for an extensive series of infiltrations into US military security, companies such as Lockheed and even NASA.

It is believed to have been perpetrated by cells of operatives on behalf of the Chinese government, although it is unknown whether this is actually the case or whether these were simply the actions of rogue hackers. While very difficult to quantify in objective terms, the potential to access and exploit the US government’s most secret information makes this a pretty costly attack in our book, and it is certainly one of the biggest of all time.

8. Heartland Payment Systems

Trusted payments processor Heartland Payment Systems fell victim to a 2008 plot to steal credit and debit card numbers. By secretly infesting the company’s computer network with spyware, the criminal gang responsible were able to steal over 100 million individual card numbers.

However, for one of the key masterminds behind the job, Albert Gonzalez, it was a case of his number being up when a federal jury found him guilty of his crimes and he was sentenced to 20 years in prison. As for Heartland, the episode ended up costing them around $140m. So much for their motto, “The highest standards — The most trusted transactions.”

7. Hannaford Bros

Grocery retailer Hannaford Bros suffered a four-month long breach of their security from the winter of 2007 to the spring of 2008. During this period, over 4.2 million credit and debit card numbers were exposed, along with other sensitive information.

This feat of cyber-criminality was achieved through the installation of malware on store servers, which stands in contrast to the more common tactic of hacking company databases. Experts table the costs incurred at an estimated $252m — more than the value of an average grocery list, to say the least. One of the principal hackers involved was Albert Gonzalez, who had also hacked Heartland Payment Systems as well as taking part in the TJX cyber-attack…

6. TJX

Massachusetts-based retailing company TJX, owner of such well-known chains as TJ Maxx and Marshalls, was taken for a ride by a group of cyber fiends with a fetish for electronics. The gang were able to get their hands on over 45 million credit and debit card numbers, a selection of which they then used to fund a multi-million dollar spending spree from Wal-Mart’s stock of electronics equipment.

Initially estimated at around $25m, the damage from the data-breach ended up costing over $250m in total. Perhaps the zero button on the estimators’ calculator was sticky.

5. Sven Jaschan

We’ve all heard the classic example of “chaos theory”: a butterfly flapping its wings in Brazil can set off a tornado in Texas. Well, for one German teen, a computer made an apt chrysalis for his butterfly.

In 2004, Sven Jaschan unleashed a virus which infected millions of computers around the world, reaching its highest degree of destruction when it comprehensively disabled the Delta Air Lines computer system, causing the cancellation of several transatlantic flights. Jaschan was eventually arrested after a three-month hunt, during which Mircosoft placed a $250,000 bounty on the hacker’s head.

An estimated $500 million worth of damage was generated (although other sources have put the total cost much higher, in the billions of dollars), all starting in the computer of a German college student.

4. Michael Calce

Michael Calce was not the most well-known 15-year-old; “MafiaBoy,” however, was a cyber-superstar. Widely considered approaching genius levels of computer expertise, Calce, aka MafiaBoy, conducted notorious attacks against huge companies with high levels of security. Amongst those attacked were computer manufacturer Dell, media giant CNN, and shopping sites Amazon and Ebay.

Prosecution for the estimated $1.2bn worth of damage caused went pretty smoothly, from Calce’s perspective. He ended up with a sentence of eight months open custody.

3. Sony

In a still unravelling saga, this year’s exposure of over 100 million PlayStation Network and Sony Online Entertainment accounts is forging a new chapter in the history of cyber-attacks. The personal information — including credit and debit card data — of tens of millions of users was stolen by an as yet unknown group of assailants.

Experts predict that the damage may range from $1 to $2bn, making it possibly the costliest cyber-hack ever to have been pulled off. Even worse, dedicated gamers were unable to log on while Sony attempted to deal with the breach, causing some serious tantrums.

2. Epsilon

Estimated at having a potential cost that ranges from $225m to $4bn, the March 2011 hack of e-mail handler Epsilon is another as of yet undetermined candidate for the costliest cyber-heist of all time. The Dallas-based firm provides marketing and email-handling services to organizations as large as Best Buy and JP Morgan Chase.

However, as the stolen information was mostly email addresses, the various possible criminal applications of this information mean that the estimated cost is extremely variable.

1. The Original Logic Bomb

In 1982, with the Cold War still far from thawing, the expansion of computer technology was increasingly finding its way to becoming a major tactical vehicle for the CIA. Without using a missile, bomb or other traditional explosive device, the US managed to blow up a Siberian gas pipeline, creating a monumental and historically unprecedented method of explosion.

The method used, known as a “logic bomb,” involved the insertion of a portion of code into the computer system overseeing the pipeline, causing computational chaos. Other than the obvious material cost to the Russians, this moment in history showed the world a further dimension to the costs that can be unleashed and incurred through the power of cyber-hacking.

No comments: