The 5 Most Embarrassing Hacks Ever

What is the worst thing about being hacked?  Is it losing your data? The financial costs?  Having to spend tedious hours getting your system back to where it was?  Or is it the embarrassment?

According to Wikipedia, a hacker is someone who displays “playful cleverness.” Hackers take “the serious humorously and their humor seriously.”  And in the beginning, most hacks were done by hobbyists, intent on having some serious fun at their targets’ expense. Breaking into networks was a way to demonstrate skill, to prove it could be done. And many hackers still have a code that they live by.

However, we are now in the age of cybercrime when crackers and cyber gangs employ every possible hack, malware and scam to make much money as possible. Criminals know that our PCs facilitate in the most intimate activities in our lives. We bank, shop and flirt via our PCs, as if no one can see what we’re doing. Yet, if our system becomes compromised, every byte of our personal data is there for a criminal to use.

Crackers have rarely gotten into the business of exposing private details, unless they were trying to satisfy a personal or political vendetta. But now—as social networks increasingly entwine or real and our digital lives—criminals recognize that our private lives can be used against us. They can play with their victims’ consciences to soak money out of even the most rational computer user. This has given rise to a new generation of extortionware that is designed to threaten both our wallets and our reputations.

From the harmless to the heartless, here are the 5 most embarrassing hacks in history:

1. Bearded
If you ever received the message “You have been bearded”, you know how humiliating it can be to have your PC hit by a Trojan. In the summer of 2000, this nasty Trojan installed a vile, not-safe-for-work desktop wallpaper that once seen can never be deleted from your memory.

2. Sober.
The Sober worm didn’t do much damage to your system, but it did give all of your email contacts something to think about. Disguised as a computer security warning (as many attacks often are), Sober included a SMTP engine that sent out to every email address it could find. If the person who received the email—which often used a provocative subject line like “You have sent me a virus!”—installed the attached executable file, the attack spread and spread and spread. It was quickly disarmed up by most antivirus software, but the embarrassment still lingers.

3. You got phished.
For most of us, getting phished can result in our accounts being hijacked and our contacts being harassed. But if you’re a Facebook board member, a phishing attack can make international news. Facebook investor Jim Breyer’s 2301 Facebook friends found out that even insiders at the world’s largest social network are vulnerable. It isn’t clear whether Breyer’s account was hacked or he fell for a scam himself. What is clear is that when you use a social network, any mistake you make can affect both your friends and your reputation.

4. Hentai virus.
This virus took embarrassment to a whole new level. Users who were infected by it had their web history was published online. The victim was then instructed to pay 1,500 yen to have the history deleted. What was particularly insidious about this attack is that the criminals knew the victim probably had something to hide since the virus was hidden to a Hentai porn video game (IF YOU DON’T KNOW WHAT “HENTAI” IS, PLEASE DO NOT GOOGLE IT WHILE AT WORK). Every virus teaches a lesson, and as PC magazine said, this virus taught us all, “Don’t enter any personal information in the videogame porn that you download from Japanese torrent sites.”

5. ICPP Copyright Foundation
The F-Secure Labs is familiar with Trojans that extort users to get their own documents back. But this newly discovered Trojan played on the nearly universal fear of profound legal trouble. Infected users were told that illegal torrents had been found on their system. The choice: Pay $400 or face jail time and fines. (Of course, the real solution was to delete the Trojan using a tool like our free Online Scanner.) What was most impressive about this attack was the detail and professionalism of the design. The use of legalese and small print tapped into a latent fear of many computer users: Someday you’re going to have to pay for all that music on your iPod.

Guilt and shame are powerful motivators. But when your computer starts acting suspiciously or your software starts making demands, the smartest thing you can do is to scan your system.

Cheers,

Jason

CC image credit:  Perfecto Insecto

More posts from this topic

cyber censorship

Join the Fight against Cyber Censorship

For this year's World Day against Cyber Censorship, F-Secure is giving away free subscriptions for our one-button Freedome app. You can use the key qsf257 to get a free 3-month subscription to Freedome! Freedom of expression is an important issue for everyone. Developments over the past year have highlighted how sensitive the matter is. It transcends national and cultural borders, yet these borders shape the issue differently for people across the globe. It belongs to us all, but it means different things to different people. Reporters without Borders launched the World Day against Cyber Censorship in 2008. Its intent is to raise awareness that our rights to say what we really think are not something to take for granted. Free speech is a dynamic concept that constantly grows and contracts in the face of developments that threaten its growth. While the Internet has given many people across the globe a powerful new voice, there are always threats mobilizing against this invaluable resource. The World Day against Cyber Censorship draws attention to this struggle. Last year Reporters without Borders compiled a list of what they call “Enemies of the Internet” as part of the annual event. If you look through it you’ll notice a diverse list of government agencies from nations across the world. Many of the events that highlight the fragility of our digital freedoms are attributable to these institutions, such as the Gemalto hack that saw the encryption keys to millions of phone calls stolen by the NSA and its fellow conspirators. And in some cases surveillance is just the beginning, as once these institutions identify their targets they can escalate their actions to include oppression. Hong Kong protestors saw this when local pro-democracy websites became infected with malware. Turkish people saw this during the Twitter crackdown. Drawing attention to these agencies as “enemies” of the Internet places the struggle within a larger dichotomy – enemies and allies. Even if it is a bit of a cliché or oversimplification of the conflict, it points out that people still have an opportunity to mobilize and assert their rights. And nobody is alone in this fight - we all have enemies and allies in this struggle. Having said all of this, World Day against Cyber Censorship isn't all about doom-and-gloom. Reporters without Borders is working to circumvent a number of websites blocked by governments. The Electronic Frontier Foundation continues to work to inform, educate, and represent the voices crying out for a free and open Internet. And F-Secure wants to help by making privacy and security solutions easy and accessible for people all over the world. Just get your trial version of the app and then use the key when it asks for your subscription number. Freedome gives you a one-button app that lets you encrypt your communications, disable trackers, and even change your virtual location. Check out this blog post for more information about the app. It's first come first serve, so don't miss this chance to take control of your digital freedom!

Mar 12, 2015
BY 
8402394000_861ef1b969_z

Mikko Hypponen to Talk Privacy at the Mobile World Congress

This year’s Mobile World Congress (MWC) is coming up next week. The annual Barcelona-based tech expo features the latest news in mobile technologies. One of the biggest issues of the past year has enticed our own digital freedom fighter Mikko Hypponen to participate in the event. Hypponen, a well-known advocate of digital freedom, has been defending the Internet and its users from digital threats for almost 25 years. He’s appearing at this year’s MWC on Monday, March 2 for a conference session called “Ensuring User-Centred Privacy in a Connected World”. The panel will discuss and debate different ways to ensure privacy doesn’t become a thing of the past. While Hypponen sees today’s technologies as having immeasurable benefits for us all, he’s become an outspoken critic of what he sees as what’s “going wrong in the online world”. He’s spoken prominently about a range of these issues in the past year, and been interviewed on topics as diverse as new malware and cybersecurity threats, mass surveillance and digital privacy, and the potential abuses of emerging technologies (such as the Internet of Things). The session will feature Hypponen and five other panelists. But, since the event is open to public discussion on Twitter under the #MWC15PRIV hashtag, you can contribute to the conversation. Here’s three talking points to help you get started: Security in a mobile world A recent story broken by The Intercept describes how the American and British governments hacked Gemalto, the largest SIM card manufacturer in the world. In doing so, they obtained the encryption keys that secure mobile phone calls across the globe. You can read a recent blog post about it here if you’re interested in more information about how this event might shape the discussion. Keeping safe online It recently came to light that an adware program called “Superfish” contains a security flaw that allows hackers to impersonate shopping, banking, or other websites. These “man-in-the-middle” attacks can be quite serious and trick people into sharing personal data with criminals. The incident highlights the importance of making sure people can trust their devices. And the fact that Superfish comes pre-installed on notebooks from the world’s largest PC manufacturer makes it worth discussing sooner rather than later. Privacy and the Internet of Things Samsung recently warned people to be aware when discussing personal information in front of their Smart TVs. You can get the details from this blog post, but basically the Smart TVs voice activation technology can apparently listen to what people are saying and even share the information with third parties. As more devices become “smart”, will we have to become smarter about what we say and do around them? The session is scheduled to run from 16:00 – 17:30 (CET), so don’t miss this chance to join the fight for digital freedom at the MWC. [Image by Hubert Burda Media | Flickr]

Feb 27, 2015
BY 
DoS

What is a DoS attack really?

Ordinary people here in Finland have been confronted with yet another cybersecurity acronym lately, DoS. And this does not mean that retro-minded people are converting back to the pre-Windows operating system MS-DOS that we used in the eighties. Today DoS stands for Denial of Service. This case started on New Year’s Eve when customers of the OP-Pohjola bank experienced problems withdrawing cash from ATMs and accessing the on-line bank. The problems have now continued with varying severity for almost a week. What happens behind the scene is that someone is controlling a large number of computers. All these computers are instructed to bombard the target system with network traffic. This creates an overload situation that prevents ordinary customers from accessing the system. It’s like a massive cyber traffic jam. The involved computers are probably ordinary home computes infected with malware. Modern malware is versatile and can be used for varying purposes, like stealing your credit card number or participating in DoS-attacks like this. But what does this mean for me, the ordinary computer user? First, you are not at risk even if a system you use is the victim of a DoS-attack. The attack cannot harm your computer even if you try to access the system during the attack. Your data in the target system is usually safe too. The attack prevents people from accessing the system but the attackers don’t get access to data in the system. So inability to use the system is really the only harm for you. Well, that’s almost true. What if your computer is infected and participates in the attack? That would use your computer resources and slow down your Internet connection, not to speak about all the other dangers of having malware on your system. Keeping the device clean is a combination of common sense when surfing and opening attachments, and having a decent protection program installed. So you can participate in fighting DoS-attacks by caring for your own cyber security. But why? Who’s behind attacks like this and what’s the motive? Kids having fun and criminals extorting companies for money are probably the most common motives right now. Sometimes DoS-victims also accuse their competitors for the attack. But cases like this does always raise interesting questions about how vulnerable our cyber society is. There has been a lot of talk about cyber war. Cyber espionage is already reality, but cyber war is still sci-fi. This kind of DoS-attack does however give us a glimpse of what future cyber war might look like. We haven’t really seen any nations trying to knock out another county’s networks. But when it happens, it will probably look like this in greater scale. Computer-based services will be unavailable and even radio, TV, electricity and other critical services could be affected. So a short attack on a single bank is more like an annoyance for the customers. But a prolonged attack would already create sever problems, both for the target company and its customers. Not to talk about nation-wide attacks. Cyber war might be sci-fi today, but it is a future threat that need to be taken seriously.   Safe surfing, Micke   Image by Andreas Kaltenbrunner.  

Jan 5, 2015
BY