Sign in with
Sign up | Sign in
Your question

The Fifteen Greatest Hacking Exploits

Last response: in Systems
Share
March 14, 2008 10:13:06 AM

The arrival of PCs led to the joys of unbridled hacking. Read about everything from the first computer system Pentagon break-in to phone phreaking to the first worm to the theft of Windows code.

http://www.tomshardware.com/2008/03/14/the_fifteen_greatest_hacking_exploits/index.html
March 14, 2008 10:59:15 AM

The interesting thing about this article is that while some of the higher profile people caught are of course identified there were more [probably many more] who were not including some of whom are now employed in various places including the Security Services of some countries. In fact, I know one personally who was at University at the same time as I was and was just as active surveying the University Computers as I was however unfortunately some idiot crashed the system when I was where I shouldnt have been and I got caught by the autologging on crash system. I got at ban for a period while he was not on at the time and escaped going onto much bigger and brighter things.

Such is life.

VR

March 14, 2008 11:34:58 AM

That is a good article but it does, however, only focus on the the people that were busted and got a lot of media attention. There is a huge wealth of happenings in the security arena both good and bad.
Related resources
March 14, 2008 1:09:12 PM

If they had only used their powers for good instead of evil.

;-P
March 14, 2008 1:22:10 PM

Good read, thanks.
March 14, 2008 1:36:53 PM

some1 here ever hacked?

is it difficult to hack for example ur school network with an laptop from outside, to change ur marks :p ?
March 14, 2008 1:43:11 PM

Bobjeee, Are you serious? You don't just "hack". There is a certain level of education required. And no I am not calling you stupid or anything, I mean education to the specifics of required tools for specific tasks and so on.
March 14, 2008 2:18:58 PM

yeah it's not as easy as installing exchange server .... lol ^^^
March 14, 2008 2:24:50 PM

Bobjeee said:
some1 here ever hacked?

is it difficult to hack for example ur school network with an laptop from outside, to change ur marks :p ?

well, i dont think that would realy be considered hacking, but you could bring in a laptop, and try some obvious passwords like "password" or "admin" to get onto the network. once your on it, you could copy the marks program file onto your laptop and change your marks, then replace the file.

its probably not as easy as that, as any modern school will have many safegaurds against this. they will have backups of all the teachers files that they can revert to, and probably someone monitering activity. and in universities, it would be next to impossible.

by the way i have never tried this and neither should you!
March 14, 2008 2:32:28 PM

jnava121 said:
yeah it's not as easy as installing exchange server .... lol ^^^



LOL, well fact is that anyone can install exchange server. Staying sane enough to keep administering it is where the problem lies
March 14, 2008 2:55:03 PM

Interesting article. I wonder what the criteria is for a "greatest hacking exploit" is? 30% for media coverage, 25% for difficulty 25% for bawlzyness and 20% for impact or something like that?

(edit: Also, I belive the last sentence of the article is wrong. These days things are more virrulent and massive.)
March 14, 2008 3:41:00 PM

Nice Read!

March 14, 2008 4:09:28 PM

Bobjeee said:
some1 here ever hacked?

is it difficult to hack for example ur school network with an laptop from outside, to change ur marks :p ?


Actually... I almost got in trouble in high school for this... and I was definitely thrown out of a special computer program at my high school for this (Man that screwed up my grades, but no regrets)...

Let's see, at my main high school program...

Grades really depend on the program, granted, High School for me was... 3 years ago, in California at that? If you have the knowledge of how Microsoft Server works, and how the various policies are enforced, you can mess with a sloppy admin's network, especially since our school was lower-budget, so he had to piece together a network of varying machines of varying generations making them inconsistent.

Anyhoo, eventually you could get Remote Desktop rights on the network, and be able to access a teacher's desktop remotely, grab the grade file (Which was encrypted), somehow find a copy of the program somewhere (That was the luck part... unless you had knowledge of reverse-engineering encryption, which I didn't), edit it in the night, and replace it in the morning. You also have to make the changes very slight, because the teachers often keep hardbook backups, or further, would simply notice that something is not right.

I also got access to the network-wide program (That at the time, teachers only used for doing attendance)... It was funny I thought once I figured it out that for everyone's password, it used an algorithm consisting of a combination of the teacher ID number and their social security number.

However, I never really "Did" anything with the information, so I didn't get in trouble, and further, when they pulled me in for questioning, I told them that their security was sorely lacking and how they could improve it. If you ever get caught at your school, it's better to speak with a sort of professional grandeur as if you were doing the school a service, and as if it was all part of your plan all along (Yet not overly snobby though).

At the special computer program (Which took up a large chunk of my junior and senior year)...

... we were learning Java and Cisco... but the teachers didn't really teach much. Often we were bored, and so we'd like to cruise the internet when we finished our work. The teachers started locking down our internet, using a filter program proxy address to restrict us to Google only, and so I eventually gained Local Access on to each computer, creating hidden accounts... which then I'd remove the local policies restricting our changing of internet settings and installing of programs, and I'd have everyone log in through the normal proxy to get internet.

Further, I disabled all the monitoring software, as our teacher had this love... for some reason... to sit at his computer and watch our desktops via remote monitoring. It was pretty funny though when he'd want to look at one of the computers that was running on a different account, and he couldn't :p 

Over the two years, I slowly gained access to Network Admin, and eventually had full access to the network. All of this was done during class, in my free time between work. They kept changing things to restrict our internet, yet I kept finding was to circumvent it to keep having internet for anyone who wanted it (And we also played many games of Metal Slug via MAME).

Just about 4 months before school was over, I was caught though, cheating on a test (Probably the only thing I felt bad about, as it was the first time I cheated on a test, as I didn't study the night before), as I used my powers a bit sloppily to keep a cheat sheet open in the background. Someone else used a similar cheat sheet, and we had the same answers, which lead to them taking a closer look, and then they realized how far my control of the network included (Or, at least, to a point). I never admitted to anything, they grilled me and threatened me with bringing in the police, but in the end they did a presentation of what "evidence" they had to my parents. Funny Enough, the Computer Admin lied to everyone, saying that he knew I had control of the system for "6 Months"... When in reality, 6 months is just the cut off date of the logs :) . I lost all respect for him there.

I was kicked out of the program quietly... because they neglected to mention that no one is supposed to hack into their computers, according to their Cisco Teaching Licensing Agreement. And if Cisco found out about the whole debacle, they could lose their class license. It's all really funny when you look back on it.

Anyhoo... tinkering, twiddling... pushing all the different buttons and turning all the knobs. That's the key. Finding out how it works, trial and error. Also, RTFM, specifically the Admin's manual, the answer is likely in there. Having an understanding of advanced concepts? That's what makes you Super-Awesome, as you don't have to keep testing stuff until it comes out right. Oh, and Social Engineering is golden.

Though, what I was doing was tinkering, I wouldn't even compare it to what these people did. I probably would have did more if I didn't also play on the football team for my high school... that stuff keeps you crazy busy.
March 14, 2008 4:15:10 PM

Good read. I have never been interested in hacking, but it is nice to see what people have tried in the past.

I concentrate more on keeping my companies internal network out of harms way(double hardware firewall, double black hole DMZ with ghost nodes, SSID spoofer with over 200 ghost SSID across my wireless network ect....).

I would be curious to see how fast an experienced hacker could get into my network, but then again, it might scare me :) 
March 14, 2008 4:36:45 PM

nice Article , Very interesting
March 14, 2008 4:58:08 PM

My little brother plays xbox live alot and I remember a big ordeal with him and my dad when some other 15 year old kid "hacked" his account and purchased 80$ worth of media off of xbox live's survice. It seems to me this is happening often on Live and its too easy to do if 15 year olds are doing it. I also remember it being very difficult for microsoft to comply and issue a refund to my brothers account. Whats up with that?
March 14, 2008 5:36:10 PM

yeah boonality, i understand that i love developing applications but i hate dealing with stupid people that ask me stuff like ... uhhh this site won't open... I'm like uhh you don't have permission to go to it... be gone !!! ... hahaha...
March 14, 2008 6:48:45 PM

LoL!! John Draper is the first person I think of when someone says "hacker". That exploit was awesome. I mean really, who would have guessed that a whistle in a cereal box would let you get free calls...

Wasn't there something not too long ago that allowed people to get free long distance by dialing a special number that was leaked to the public? I guess thats not really hacking but pretty cool none the less.
March 14, 2008 7:22:38 PM

i was impressed by this article...it was a good read, it was interesting and more importantly, it came closer to belonging on tomshardware than a lot of the stuff that has shown up lately.
March 14, 2008 9:07:01 PM

Very interesting article.

If the source to Win2k is in the wild, I wonder how long until we see hacks that will allow WinXP and Vista "only" features to be run on the cleaner and faster running Win2K.

No wonder the Woz can be so outspoken against apple products, they are themselves open to the same kind of attacks that he perpetrated on the phone companies. He is likely in as good a position as anyone to see that DRM and single carrier apple products won't last.
March 14, 2008 11:48:38 PM

I thought the term was "cracking" for illegal stuff.
March 15, 2008 12:38:33 AM

intrepid_admin said:
I concentrate more on keeping my companies internal network out of harms way(double hardware firewall, double black hole DMZ with ghost nodes, SSID spoofer with over 200 ghost SSID across my wireless network ect....).

I would be curious to see how fast an experienced hacker could get into my network, but then again, it might scare me :) 


Thats a nightmare... Not impossible of course, all it really takes is a stupid end user to use a simple password. But if your net is as you say it is, I wouldnt touch it...
March 15, 2008 1:09:13 AM

Some guy got expelled from my old high school for finding out the password for the admin account. Overreaction?
March 15, 2008 3:02:39 AM

Ah, I remember some of the good old days. Using winnuke to knock people off the busy kali servers so I could jump in. Hacking the hughs direct pc client to get unlimited non-fap bandwidth. Shutting down my buddies computer with back oriface while he was talking to me on the phone with his boss in the room.
March 15, 2008 8:43:33 AM

I was a teenager in the mid 90's and frequently used those stupid AOL tools that gave you the wavy text and **** to boot people offline from chat rooms lol. Fun times back then. I look back on it and think about how stupid that actually was. I wish I knew more about security but the limited knowledge I do have has lead me to slightly higher administration overhead but I have a deny all rule on my little linksys firewall router thing and only allow web/games/ windows update, the ports that msn and aol messenger use, and stuff like that.
March 15, 2008 2:32:16 PM

dmacfour said:
Some guy got expelled from my old high school for finding out the password for the admin account. Overreaction?


thats dumb, has a school ever used a good password

they want something thats easy to remember which is 99% of the time a pass that a dictionary attack will only take 1-2 seconds to get through


who ever hacks to cause damage is a jerk. the people who do it for good things are the ones that made the internet as good as it is today.

with out hackers and crackers, the large companies would have a complete monopoly over the internet, just like how almost 100% of the wireless spectrum is owned by large companies, (before home users could freely use some of it, now companies own it and sell usage of it so us when it used to be free)

companies are trying this with the internet also. if it was not for a few who round ways around those limitations, we would only be able to go on website owned by large companies

as shown in the article, most hackers do a a good service to everyone around the world
like removing apples DRM

apple uses drm because when you spend a crap load of money on music, it will only work on their crap so suppose another company made a better mp3 player, you wouldn't be able to get it because none of your music will work on it and you wont want to repurchase all of your music again

hackers are what keep large companies in check and keeps them from completely ruining everything from us.

if there were no hackers or crackers, software will be a lot more limited
bus since there around, many companies think twice about screwing people over

because they know the consumers have an option
if they drm the hell out of their stuff, people will just download a cracked drm free copy

if that option was never available, companies will drm the hell out of everything so if you purchase something from them, your caught in their claws for ever
March 15, 2008 3:07:32 PM

Loved the article, but why is this in the general homebuilt section?
March 15, 2008 11:23:19 PM

intrepid_admin said:
Good read. I have never been interested in hacking, but it is nice to see what people have tried in the past.

I concentrate more on keeping my companies internal network out of harms way(double hardware firewall, double black hole DMZ with ghost nodes, SSID spoofer with over 200 ghost SSID across my wireless network ect....).

I would be curious to see how fast an experienced hacker could get into my network, but then again, it might scare me :) 


As we all know... Social Engineering is golden... probably one of the cheapest security measures is pulling your endusers into a conference room and educating them on how -you- will contact them, if at all, for service (However, if you have a building with less than 100 endusers, likely you'll be doing everything via remote desktop or going to their computer manually without using them). That way, if anyone uses social engineering, you'll know they're an outsider and not someone with inside knowledge ;) . However, doing it the real technical way would be a challenge... though Wireless is one of those nasty things that some of it will always be out of your control if you get a zero-day exploit going (Check the exploits last DefCon). Your users are -always- connecting via a tunnel, right? If they aren't, the data -they're- sending is open for catching if someone was patient enough to go through all the "clients".

That's just a guestimate at a glance though. Wish ya best in protecting your network!
March 16, 2008 12:03:27 AM

boonality said:
That is a good article but it does, however, only focus on the the people that were busted and got a lot of media attention. There is a huge wealth of happenings in the security arena both good and bad.


that is the scariest part of all. I was victim to a money heist (small time) and it involved my identity somewhere else. I dug into this on my own and learned with a shock that even tcp/ip verson 4 (the net as we know it) is deeply flawed. "firewalls are absurd, but for basic things" <- and I am not even hacker.That is what I concluded.
I did try out a few things, that involved spoofing between two of my own computers (at the time almost 10 years go) I was fascinated. To this day, I do not know what keeps me secure and I wonder constantly...every purchase. TCP ip v6 seems real quiet lately, I wonder where that stands today...
My worries subsided the second win2k sparked up for me when it came out. I even let my linux redhat 7 go...Seems ancient history, I may have even read this story posted already someplace. (my net is that bad with repeats, another reason I dug at the whole concept).
Anyhoo...great story, even if I may have read similar, it is always interesting reminders.
Most hackers aren't bad, the notoriety brings change. The seeking mental help for computer dependency and other pc related stuff is not all bad...
March 17, 2008 5:59:26 PM

randomizer said:
I thought the term was "cracking" for illegal stuff.



It is. The author got his terms backwards. Hacking is the digging into the innards out of curiosity. Cracking is breaking into systems. Makes you wonder how much else the author got wrong.

I notice that he seems to support DRM, which violates the Fair Use provisions of most copyright systems. All of which leads to the larger issue of whether our laws should be there to protect corporations or citizens. With technology having a lifespan of a few years, DRM on music means that you have to repurchase your music collection every few years. And on DVDs it means you can't move out of your region (e.g. don't move from North America to Europe or vice-versa).

It's interesting to note than no criminal charges were ever laid in the biggest cracking scam ever devised - the Sony Rootkit exploit - where millions of CDs were distributed with code that gave Sony administrator access to your Windows computer. Why isn't Sony listed in this article?
March 17, 2008 6:38:31 PM

Quote:
The author got his terms backwards. Hacking is the digging into the innards out of curiosity. Cracking is breaking into systems. Makes you wonder how much else the author got wrong


I was just going to notice the same thing, plus the fact that the author places in the same category people who "crack" for financial gain and cause real damage and those that "hack" retarded things like DRM to help people exercise their freedom and rights.

Also, the mere idea that a computer crime, no matter the magnitude (as long as it does not involve human death or injury) can be punished by a 70-year sentence is simply appaling. How much do they get for rape?...
March 19, 2008 7:31:42 PM

drm deserves to be hacked. There needs to be a way around it. These companies just keep dumping more and more money into it and there's always a few people who are willing to crack it in a weeks time or less just to prove to them that drm is retarded. Waste of money if you ask me. And I honestly don't understand how they get off punishing hackers (not in all cases, but most of them).... without them they would never know how insecure their data really is... so in all honesty, it's people like this that keep security tech moving forward and keep simpletons like the masses out of their cache of private data. This is why most hackers are employed as security pro's... it's like a resume.. if you didn't go to prison you can't get a job. :-p An admittedly unconventional way to build your resume, but it appears to be the most effective in the tech field today. Nothing else really gets any one given person this much media attention... and you can't buy or study for that. Either way all of these activities are a means to an end. So some "money" is lost in the end... but make not that the article always states that the companies themselves state how much the loss was, and not a third party. :-p
a b B Homebuilt system
March 19, 2008 8:11:42 PM

nachowarrior said:
drm deserves to be hacked. There needs to be a way around it. These companies just keep dumping more and more money into it and there's always a few people who are willing to crack it in a weeks time or less just to prove to them that drm is retarded. Waste of money if you ask me. And I honestly don't understand how they get off punishing hackers (not in all cases, but most of them).... without them they would never know how insecure their data really is... so in all honesty, it's people like this that keep security tech moving forward and keep simpletons like the masses out of their cache of private data. This is why most hackers are employed as security pro's... it's like a resume.. if you didn't go to prison you can't get a job. :-p An admittedly unconventional way to build your resume, but it appears to be the most effective in the tech field today. Nothing else really gets any one given person this much media attention... and you can't buy or study for that. Either way all of these activities are a means to an end. So some "money" is lost in the end... but make not that the article always states that the companies themselves state how much the loss was, and not a third party. :-p

Agreed.
March 24, 2008 6:01:14 PM

drm causes hackers to spring up and piracy to increase

when a user downloads his favorite song from itunes and finds that it doesnt work in his mp3 player or favorite music

when what he/she might do research into why it wont work, then they will find that the drm is causing the problem, then they will use their favorite p2 program to just download all of their music



if you went to a mall and there were 2 music stores next to each other
store 1 sells each song for $1, the song will only play in 1 device or program and nothing else

store 2: sells each song for free and the music plays in any device and program

which would you do?


drm is useless when it lowers the value of the software.

also drm is not always a result of piracy.

most drm comes out because the greedy company workers will discover that, oh, users can copy our stuff if they did this, lets make DRM to block it before they discover it (not thinking that, this drm will annoy everyone and they will start looking for a way around it, and the easiest way around it is piracy)
March 25, 2008 9:55:17 AM

Reading some of these stories, and getting a laugh.. here is one of mine.

At high school, our IT teacher used to have big glasses and couldn't even really see with them on. Back then the school only had a super fast single dial up account. So when he used to log in, my brother hovered around in the background. He did then whole, hunch over the keyboard 2cm away and press 1 key slowly with the index finger, raise his head the the screen 2cm away to see the *, then back to the keyboard and repeat. Once we had the password we used the schools account after hours for a full year! I guess security at that level was more lax in those days.
March 27, 2008 12:59:04 AM

I can't believe that this one didn't make it in:

http://spectrum.ieee.org/jul07/5280

Whilst there's no definitive name that can be associated to it, this was a pretty amazing hack!
!