The “Internet of Things” means criminals can hack your phone, your car, and your fridge
Hacking is becoming more common in this digital age, as people have more information stored on computers than ever before. However, there was a time when it wasn’t nearly so common, back when computers were a new and rare addition to the house. Since then, hacking has taken on a ton of new forms and attacked most everything. Who are these hackers and how can you protect yourself?
1. The tale of three hackers
Throughout hacking history, hackers have not all been driven by the same motivations. There’s black hat hackers, who are malicious in their hacking. They’re the ones who hold computer files ransom, among other things. But there’s also white hat hackers, who use their gifts for good. White hats often work for companies to find cybersecurity holes, so the company can fix them.
But as with everything in life, hackers are not just black and white. There’s also gray hat hackers; they might break the law, but don’t have the malicious intent that black hat hackers have. Gray hats often find cyber vulnerabilities and sell the information to governments, who then use them to hack adversaries and suspects. But don’t think these hats are set in stone, some people trade hats, like going from black to white.
2. That time WarGames actually happened, sort of
Back in the 80’s, very few homes had their own computers and there were next to no laws governing cyber crime, because it just hadn’t been an issue yet. But a small group of young Milwaukee hackers, the 414s, showed the US government that maybe some regulation was needed.
The group hacked into far away computers via the Telnet, since computers were hooked into telephones back then. Plus, most computers still had the preset usernames and passwords written in their manuals, so the 414s easily got in. But they weren’t looking to steal data or make money; they had a completely different motivation for hacking.
3. 414s: Foiled by a Star Trek game
The 414s actually just wanted to find games on other computers and play them. They won high scores and when prompted to put in initials, they put “414” instead. And, similar to the movie WarGames (which came out in the midst of their hacking), they hacked a nuclear weapons research laboratory.
But that’s not how they got caught. They hacked into a medical company’s computers and accidentally deleted some of their files. When the FBI saw this, they planted a trap for the 414s: a Star Trek game. The hackers went back into the computers to play the game and left their tag, which the FBI eventually traced back to them.
4. Mr. President, the problem is much worse than you think
The 414s that were over 18 were charged with making illegal phone calls with the intent of harassment, put on probation, and fined. But their digital handiwork had a lasting impact. Because of them, the government made new hacking laws. However, they weren’t the only ones influencing computer laws at the time.
President Reagan was shook after he watched WarGames. “Could something like this really happen?” he asked his military adviser. A week later, the adviser told him, “Mr. President, the problem is much worse than you think.” And after that, they started on a directive to secure computers in the US.
5. Max Headroom infiltrates Chicago TVs
Hacking isn’t just a part of the modern experience, it’s been around longer than you might think. In 1987, television watchers all around Chicago were surprised when their regularly scheduled programming was interrupted with a superbly creepy masked man. He looked like a popular TV character, the artificially intelligent Max Headroom.
In the pre-recorded clip, the guy’s audio is garbled and hard to understand, but he says various things like “I just made a giant masterpiece for all the greatest world newspaper nerds.” The background rocks behind him and the video is complete nonsense, but unnervingly reminiscent of The Joker. While the hacker was never found, FCC agents believe he transmitted his video by getting high up on a building with a dish antenna between the TV studio and the transmitter tower.
6. Kevin “Dark Dante” Poulsen
Lock-picker, forger, burglar, and hacker Kevin Poulsen stuck his nose in just about everywhere he shouldn’t have. As a teen in the 80’s, he dropped out of high school and hacked into computer systems containing military projects, Naval research, and defense plans. But since he was just 17, he was never charged.
He soon got a job working for SRI International, a research center that looks at everything from computer security to aircraft sabotage to military intelligence. He worked on securing their communications with the military by scrambling and encoding messages. But in his off hours, he was up to his old antics…
7. Rigging the radio contest and running from the FBI
The FBI found out Poulsen was hacking into and robbing Pacific Bell, a telephone service, regularly. He had fake IDs, birth certificates, Social Security numbers, and a variety of technological gadgets stashed in a storage unit. When the FBI found all this, Poulsen went on the run. The FBI went to his family’s house, but he escaped and then called them, taunting. The FBI traced the call to a circuit in Pacific Bell.
What followed was over a year of Poulsen getting up to no good and the FBI desperately trying to find him. One of his more memorable hacks happened when he hacked all the phone lines of a radio station to become the 102nd caller and ensure his win of a $50,000 Porsche 944 S2 Cabriolet.
8. Getting into one too many places he didn’t belong
While a fugitive, Poulsen acquired the plans of a secret Army exercise, phone numbers of people being investigated by the FBI, secret Soviet phone numbers, and learned about a federal wiretap of a mobster. Meanwhile, he listened in on the phone conversations of the very people at Pacific Bell working to keep him out of their system.
“Unsolved Mysteries” did a whole feature on Poulsen and asked for people to call in if they had any information about him. As soon as they got one call, all their phone lines went dead for thirty minutes. Coincidence? Perhaps. But the end was coming for Poulsen. He’d been seen in a grocery store…
9. Teen hacker turned wily fugitive turned… journalist?
Kevin Poulsen was arrested while grocery shopping. He started crying and asked to take his contacts out and grab his glasses, but when the FBI looked in his glasses case, they found a handcuffs key. In his car’s trunk, they found tons of telecommunications devices that “put James Bond to shame.” He’d also dyed his hair blonde.
Poulsen was charged with several crimes, including money laundering and interception of wire or electronic communications. While he was potentially facing 100 years in prison and $5 million in fines, he only served about five years. For three years after that, he was banned from the internet and computers. But Poulsen turned his life around and became a journalist. He now works for Wired and reports on computer, hacking, and security stories.
10. The guy who just wanted to answer customer questions
The Homeless Hacker, Adrian Lamo, hacked into The New York Times, Google, Yahoo!, and Microsoft in the early 2000s when he was about 19 years old. He got this nickname because he often set up shop in coffee shops and libraries. He didn’t make money or steal data from his hacking, but instead just had a bit of fun. This isn’t exactly a heartwarming case of a homeless man getting back on his feet in the traditional sense.
He hacked into one company and actually answered customer service questions that the company had been ignoring. Some companies even thanked him for pointing out security holes. But in 2002, he hacked the Times and added his name to their expert sources database, which turned out to be a big mistake.
11. Lamo’s downfall
While Lamo was amused by his antics, the police were not. For 15 months law enforcement worked on the case, before arresting him in 2003. Lamo was sentenced to six months of house arrest, charged with paying a $60,000 fine, and was put on probation for two years.
Afterward, he went to college and studied journalism, eventually becoming a threat analyst for a private company. Before being arrested, Lamo lived an unconventional lifestyle. He mostly lived out of a backpack and loved exploring when he wasn’t on his laptop. Lamo passed away this year, but it’s unclear what caused it.
12. Jeanson J. Ancheta and his zombie army
Ancheta created a zombie army of computers, aka a botnet, and crashed major websites in 2004. To do this, he hacked 500,000 computers with malicious software (malware), some of which were US military computers, and used them to spam websites. In a botnet, the owner of the computer usually has no idea that their device is being used in the army.
He even put out ads, saying he could take down any website for a price. But in 2005, this scheme became his downfall, when an undercover FBI agent posed as a client and caught him. He had to give up the money he made, pay a $16,000 fine, and spend five years in prison. He was 20 at the time.
13. ATM Skimming: hacking your debit card
One thing to look out for is something called “ATM skimming.” Nefarious people try to steal debit card information by placing skimmers on ATMs. The skimmer scans a card’s magnetic strip, stealing all the information stored on it. To get the PIN number, the thief will either put a small camera on or near the ATM or place a sneaky keypad over the real one. People have been skimming since the early 2000’s, but the methods have changed through the years.
Some skimmers are fake card readers that can be just pulled off the ATM, but newer ones are small and can’t be seen from the outside of the machine. Try wiggling the card reader. If it moves, don’t use that ATM. Also, cover your PIN when you type it in, since some people still use cameras. Luckily, skimmers don’t work on chip cards, but chips aren’t used for every transaction.
14. Anonymous: the faceless, nameless hackers
In 2003, a hacker group started on 4chan and gave themselves the name Anonymous, since many posts on the site were under anonymous screen names. At the time, they were bored and just did harmless pranks together, but they changed over time. In 2010, they executed Operation Payback in response to attacks on file-sharing.
Anonymous, in support of free information, attacked websites that were working against file sharing. From then on, they did a number of cyberattacks in protest and rebellion. Anyone can join Anonymous, but some have used the name to do malicious things. A handful of members have gone to jail or been fined.
15. 21st century pick-pocketing
Around 2012, a certain kind of credit card became more popular in America. It was RFID enabled, meaning that people could pay with it without actually touching it to a card reader. However, security researchers were demonstrating how easy it was to steal the data from the cards. This made people nervous.
Now, there’s plenty of wallets, purses, and other items that can block RFID skimmers. However, despite all the worry, there haven’t really been any RFID-related crimes. Most RFID cards have encrypted data, so they can’t be used so easily. Also, there are easier and more cost effective ways to steal credit card information, so people don’t really RFID skim.
16. The mystery of Cicada 3301
In 2012, a mysterious image first graced the internet. It was white text on a black background that said, “Hello. We are looking for highly intelligent individuals. To find them, we have devised a test. There is a message hidden in this image. Find it, and it will lead you on the road to finding us. We look forward to meeting the few that will make it all the way through. Good luck. 3301.”
And with that, the puzzle solving began. People found the hidden message, which led to another puzzle, which led to another and another. At one point, the puzzle left the internet and even gave a phone number to call, which eventually led to a series of coordinates. People began to realize this puzzle was on a much larger scale than anyone had imagined…
17. Solving the Cicada puzzle
At the coordinates, which were in various countries, people found a poster with a picture of a cicada and a QR code. Which led to more puzzles. Eventually, the puzzle solvers got an email that said more about the mysterious group. Anonymous leaked it, despite the fact that it said, “DO NOT SHARE THIS INFORMATION!”
The email described them as an international group that believes tyranny and oppression must end, that censorship is wrong, and privacy is a right. It said they’re not a hacker group and that they don’t do anything illegal. Instead, it said they’re a think tank that research and develop “techniques to aid the ideas we advocate.” Their ideologies give a clue to who they are…
18. Who is Cicada 3301?
The leaked Cicada 3301 email gave more information about the mysterious group. It said “you have undoubtedly heard of a few of our past projects” and then asked the recipient questions like, “Do you believe that information should be free?” They offered membership to the receiver, but said “if you lie to us we will find out.”
No one knows who’s behind the Cicada 3301 puzzles, but there’s plenty of speculation. Some think it could be a government intelligence agency like the CIA or NSA, but others think this unlikely. It could be some sort of underground organization that’s anti-establishment and driven by ideologies about privacy and information freedom. A new puzzle appeared online in 2013 and again in 2014, but there have been none since.
19. Ashley Madison: hacked!
In 2015, cheaters all around the Internet were shocked to find out their favorite marital affairs dating website Ashley Madison was hacked. A group or person called “The Impact Team” leaked the profiles of 32 million people. The Impact Team hadn’t done anything by that name before, so there was really no information about them.
Ashley Madison had been telling its users that for $19 it would erase all their profile data, but The Impact Team revealed that the data was still there. Ashley Madison offered $500,000 (Canadian dollars) to anyone who had information about the hackers. They haven’t found out who hacked them, yet.
20. Recruiting army hackers
With hacking becoming more common, governments and companies are looking to hire high class hackers for themselves. But not all these jobs have a straightforward application process. The US Army hid a clue in one of their cybersecurity recruiting commercials; it was a URL hidden on a computer screen that directed to a hacking puzzle.
The Army announced that 9.8 million people saw the ad online, 800,000 attempted the hacking puzzle, and 1% passed the test. From there, the hackers could apply for a job in the Department of Defense. It was kind of like a very watered down version of the Cicada puzzle. Sort of.
21. Your refrigerator: hacked!
Like the botnet Jeanson J. Ancheta created when he hacked 500,000 computers, your home appliances can be drafted into a similar zombie army. Any appliance, like a fridge or washing machine, that has WiFi capabilities is part of the “Internet of Things.” Hackers can use the Internet of Things to attack websites and temporarily shut them down.
In 2016, Twitter, Reddit, Spotify, and other websites were all shut down for two hours by a botnet. This was a large scale denial of service attack on the service provider that the websites all share. The Internet of Things devices they used were largely webcams and DVRs. So, how secure is your new Internet-connected refrigerator?
22. The Internet of (your) Things
You might think that your refrigerator, or DVR or whatever, couldn’t possibly be part of a botnet. Well, a reporter at The Atlantic did an experiment with a simulated internet-connected toaster that was completely virtual. To hackers, it appeared to be a real toaster. In just 41 minutes, someone was trying to hack it. Perhaps the hackers made it make virtual toast?
However, this may not be the fate of your technology. Fortunately, most appliances have better security than this poor virtual toaster, because of their router. However, we don’t know who used the botnet to take down Twitter. So, you never know, the zombie robot uprising may be starting in your very own living room.
23. Hacking is on the rise
As we become more and more entrenched in our digital lives, hacking becomes more common. Websites are increasingly victims to hacking; Google reported that about 30% more websites were hacked in 2016 than in 2015. Some of the common hacks are the Gibberish Hack, the Japanese Keywords Hack, and the Cloaked Keywords Hack.
The three typically create new pages within the website, with either gibberish sentences, Japanese text, or hidden words. These hacks make the website pages show up in Google searches a lot, but then when people click on them, they’re directed to things like fake brand merchandise ads or explicit websites.
24. How hackers get in your website
Hackers can get into websites in several different ways. Maybe they just find or guess passwords or perhaps they write a program that finds them through brute force guessing and checking. These methods are good against weak passwords that don’t have much variation, so it’s best to make a strong password that’s long, has letters, numbers, and symbols, and doesn’t use personal information.
Otherwise, hackers can try to exploit security holes in the website. For example, if the software is old and isn’t updated, it could be vulnerable to hacking. Old plugins and themes that no one’s maintaining anymore can also be security holes. However, sometimes hackers will trick people into giving their login information through phishing.
25. Equifax: hacked!
While Ashley Madison’s users may have deserved to be hacked, 147.7 million Americans did not deserve this. Last year, hacking made the headlines when Equifax, consumer credit reporting company, revealed that they’d been breached. 147.7 million Americans’ personal information was stolen off their servers, including names, Social Security numbers, birth dates, and addresses.
But we still don’t know who hacked Equifax and stole this information. The hackers got into Equifax servers via a vulnerability that Equifax knew about, but never fixed. For 76 days, they stole information from about 50 servers. Over the last year, Equifax reportedly spent $200 million on cybersecurity, so hopefully that pays off. In the meantime, it sucks for those 147.7 million people.
26. Marcus Hutchins, hero hacker
In 2017, the infamous WannaCry ransomware spread to hundreds of thousands of computers. It locked up people’s files and drives, demanding payment in return for unlocking. It spread through networks, from computer to computer. But 23-year-old Marcus Hutchins, a cybersecurity expert for a small security firm, came back from vacation and to the rescue.
Hutchins didn’t realize what he was doing at first. He was trying to track WannaCry’s spread when he accidentally triggered a kill switch that stopped the malware from spreading. The cybersecurity community applauded Hutchins, as he’d stopped a terrible infection. However, a few months later, Hutchins got the opposite of praise…
27. Marcus Hutchins, indicted and arrested
Upon leaving a hacker conference, Marcus Hutchins was arrested in the Las Vegas airport. The arrest came at the end of a two year investigation that concluded he had created a malware called Kronos, that could steal usernames, passwords, PINs, and personal information from banking websites. According to law enforcement, he’d made the program and his accomplice sold it online.
The security community was surprised and skeptical, worrying this arrest would harm the relationship between white hat hackers and law enforcement. They said in 2014, Hutchins asked on Twitter if anyone had a Kronos sample, so why would he do that if he’d made the malware? He’s currently awaiting trial.
28. Hacker’s Breakfast Club
Many hackers are just teenagers messing around with things they understand a little too well. However, what many of them don’t understand is the legality of their actions. In the UK, law enforcement is trying to find these young hackers and get them on a better track in life.
The police caught several teen hackers and created a sort of Breakfast Club for them: they meet on Saturday mornings for rehab and career advising. The program teaches the teens what’s legal and what’s not, while also showing them legit cybersecurity career paths. Parents come too, because they often have no idea what their teen is doing on the computer.
29. This guy’s Tesla: hacked!
While car key fobs are deliciously convenient for no-hands vehicle unlocking, they come with some dangers. Long after the thieves were gone, a man regrettably watched two guys steal his Tesla through a home camera feed. Using a tablet, they captured the key fob’s signal and sent it to a cell phone that unlocked the car door. After seriously struggling to unplug the electric vehicle (this took longer than hacking the key), they drove away into the night.
Fortunately, with a little extra care, this could have been avoided. Tesla has a feature that requires a PIN code before you can drive, you just have to make sure this is on. Plus, you can turn off “passive entry” which is what the key fob does. Or, you could get a special “Faraday pouch” to store your key fob and protect it from getting hacked.
30. How to keep your internet self safe
While most hackers target companies, there are things you can do to reduce the likelihood you’ll be hacked. For instance, you shouldn’t click on links or attachments in emails that come out of the blue. You should also use different passwords for different websites, so if one website has its user data stolen, they can’t use that for another website.
Another helpful anti-hacking tool is anti-virus software. It probably can’t ward off all viruses, but it can certainly stop some of them. It’s also a good idea to not accept social media invitations from people you don’t know. Plus, you should enable two-step verification where possible and take care not too share too much personal information online, which could be used to figure out your passwords or security answers.