The
Internet has a long history of turbulent relations, major maliciously designed disruptions (such as wide scale
computer virus incidents,
DOS and DDOS attacks that cripple services, and
organized attacks that cripple major online communities), and other conflicts. This is a list of known and documented Internet,
Usenet,
virtual community and
World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.
Spawned from the original
ARPANET, the modern Internet, World Wide Web and other services on it, such as virtual communities (
bulletin boards,
forums, and
Massively multiplayer online games) have grown exponentially. Such prolific growth of population, mirroring "offline" society, contributes to the number of conflicts and problems online growing each year. Today, billions of people in nearly all countries use various parts of the Internet. Inevitably, as in "brick and mortar" or offline society, the virtual equivalent of major turning points, conflicts, and disruptions—the online equivalents of the falling of the
Berlin Wall, the creation of the
United Nations, spread of
disease, and events like the
Iraqi invasion of Kuwait will occur.
Kevin Mitnick was arrested by the FBI on February 15. Mitnick was convicted of wire fraud and of breaking into the computer systems of
Fujitsu,
Motorola,
Nokia, and
Sun Microsystems. He served five years in prison. His pursuit and subsequent arrest made him one of the most famous hackers up to that time.
1988
A 23-year-old graduate student at
Cornell University,
Robert Tappan Morris, released the Internet's first worm, the
Morris worm. Morris, the son of a
National Security Agency (NSA) computer security expert, wrote 99 lines of code and released them as an experiment. The program began replicating and infecting machines at a much faster rate than he had anticipated, causing machines all over the world to crash.[citation needed]
Phil Zimmermann creates and releases
Pretty Good Privacy, an encryption tool still in use. By 1993, he was the target of U.S. government investigations, charged with "munitions export without a license". The investigation ended in 1996 with no charges filed.
1994
An international group, dubbed the "Phonemasters" by the
FBI, hacked into the networks of a number of companies including
MCI WorldCom,
Sprint,
AT&T, and
Equifax credit reporters. The gang accounted for approximately $1.85 million in business losses.[4]
In late 1995,
Vladimir Levin persuaded
Citibank's computers to transfer $10 million from its customers' accounts to his.
Interpol arrested him at Heathrow Airport, and Citibank got most of the money back. He pleaded guilty in 1995, but the method he used wasn't uncovered for another ten years, and at that time was one of the largest computer crimes by dollar value.
Tim Lloyd plants a software time bomb at
Omega Engineering, a company in New Jersey. The results of the attack are devastating: losses of US$12 million and more than 80 employees lose their jobs. Lloyd is sentenced to 41 months in jail.[5]
The
CIH computer virus is released, written by
Chen Ing Hau of
Taiwan. It is considered to be one of the most harmful widely circulated viruses, overwriting critical information on infected system drives, and more importantly, in some cases corrupting the system
BIOS, rendering computer systems unbootable. It was found in the wild in September.
Two
Chinese hackers, Hao Jinglong and Hao Jingwen (twin brothers), are sentenced to death by a court in China for breaking into a bank's computer network and stealing 720,000
yuan ($87,000).[6]
The US government allows the export of 56-bit encryption software, and stronger encryption software for highly sensitive data.
From the time the Morris worm struck the Internet until the onset of the Melissa virus, the Internet was relatively free from swift-moving, highly destructive "malware". The
Melissa virus, however, was rapacious; damages have been estimated at nearly $400 million. It marked a turning point, being the first incident of its kind to affect the newly commercial Internet.
The U.S. government establishes a technical review process to allow the export of encryption software regardless of key length.
Discovering a
demo of their song "
I Disappear" on the
NapsterP2P file-sharing network, heavy metal band
Metallica filed legal action against Napster over it (Metallica v. Napster, Inc.). This was the first time a major musical act publicly went against allegedly illegal file sharing.
In February 2000, some of the Internet's most reliable sites were rendered nearly unreachable by distributed denial-of-service (
DDoS) attacks.
Yahoo! took the first hit on February 7, 2000. In the next few days,
Buy.com,
eBay,
CNN,
Amazon.com,
ZDNet.com,
E-Trade, and
Excite were taken down by DDoS attacks. Though damage estimates vary widely, the FBI estimates that the companies suffered $1.7 billion
USD in lost business and other damages.
On May 5, 2000, the
ILOVEYOU computer worm attacked tens of millions of Windows-based PCs. It started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs". The outbreak was estimated to have caused US$5.5–8.7 billion in damages worldwide, and estimated to cost the US$15 billion to remove the worm. The worm originated from the Philippines.[7]
In October, a
massive attack against the 13
root domain servers of the Internet is launched by unidentified hackers. The aim: to stop the domain name resolution service around the net.[10]
2003
Site Finder, the attempt by
VeriSign in 2003 to take control of all unregistered .com and .net
domain names for their own purposes, is launched, and just as quickly scuttled after massive public outcry and official protest from groups such as
ARIN and
IANA.
2004
In November,
Marvel Comics filed a lawsuit against the developers of the City of Heroes MMO,
Cryptic Studios and their publisher
NCsoft alleging that the game not only allows, but actively promotes, the creation of characters whose copyrights and trademarks are owned by Marvel, and that Cryptic has intentionally failed to police these infringing characters. The suit sought unspecified damages and an injunction to force the companies to stop making use of its characters. The case is settled and rejected by United States courts in December 2005 with no changes made to the game.
In October, the
Sony BMG copy protection rootkit scandal began, where it was discovered that
Sony BMG surreptitiously and possibly illegally distributed copy protection software that forced itself to install on computers playing their audio CDs. As a result, many Windows-based computers belonging to consumers were left vulnerable to exploits and hacking.
In November, it was revealed that the online video game World of Warcraft, with millions of subscribers, would be hackable due to the far-reaching corruption and invasiveness of Sony's copy protection scheme.[11]
On December 20, the City of Heroes game servers were nearly all hacked by an undisclosed method. According to
NCsoft representative CuppaJo, "Customer data and its security was not compromised in any way during the incident that occurred," and no additional information beyond this was publicly disclosed. As of July 2006, this is the first known hack of any MMO, of which there are millions of subscribers across numerous games.[12][13][14][15]
2006
In January 2006, the
Electronic Frontier Foundation lodged a
class action lawsuit (Hepting v. AT&T) which alleged that AT&T had allowed agents of the
National Security Agency to monitor phone and Internet communications of AT&T customers without warrants. In April 2006 a retired former AT&T technician, Mark Klein, lodged an affidavit supporting this allegation.[16] The
Department of Justice has stated they will intervene in this lawsuit by means of
State Secrets Privilege.[17] The existence of this database and the NSA program that compiled it was mostly unknown to the general public until USA Today broke the story on May 10, 2006.[18] It is estimated that the database contains over 1.9 trillion
call-detail records of phone calls made after
September 11 attacks.[19]
On May 3, a massive DDOS assault on
Blue Security, an anti-spam company, is redirected by Blue Security staff to their
Movable Type-hosted blog. The result is that the DDOS instead knocks out all access to over 1.8 million active blogs, including all ten million plus registered
LiveJournal accounts (which is owned by Movable Type's parent company).[20][21]
In June,
The Pirate Bay, a
BitTorrent tracker website based in and operating from
Sweden, is raided by Swedish police for allegedly violating United States, Swedish, and
European Union copyright law. As of November 2006, the site remains online, operating from
Denmark and no legal action has been filed against it or its owners.[23] (The site is online now at thepiratebay.org)
2007
May 17:
Estonia recovers from massive denial-of-service attack[24]
August 11:
United Nations website hacked by Indian Hacker Pankaj Kumar Singh.[28]
November 14: Panda Burning Incense, which is known by several other names, including Fujacks and Radoppan.T lead to the arrest of eight people in China. Panda Burning Incense was a parasitic virus that infected executable files on a PC. When infected, the icon of the executable file changes to an image of a panda holding three sticks of incense. The arrests were the first for virus writing in China.[29]
2008
January 17:
Project Chanology;
Anonymous attacks Scientology website servers around the world. Private documents are stolen from Scientology computers and distributed over the Internet.
March 7: Around 20 Chinese hackers claim to have gained access to the world's most sensitive sites, including
the Pentagon. They operated from an apartment on a Chinese Island.[30]
March 14:
Trend Micro website successfully hacked by Turkish hacker Janizary (aka Utku).[31]
2009
April 4:
Conficker worm infiltrated millions of PCs worldwide, including many government-level top-security computer networks.[32]
2010s
2010
June:
Stuxnet The Stuxnet worm is found by VirusBlokAda. Stuxnet was unusual in that while it spread via Windows computers, its payload targeted just one specific model and type of
SCADA systems. It slowly became clear that it was a cyberattack on Iran's nuclear facilities—with most experts believing that Israel[33] was behind it—perhaps with US help.
April 9:
Bank of America website got hacked by a Turkish hacker named JeOPaRDY. An estimated 85,000 credit card numbers and accounts were reported to have been stolen due to the hack. Bank officials say no personal customer bank information is available on that web-page. Investigations are being conducted by the FBI to trace down the incriminated hacker.[34]
April 17: An "
external intrusion" sends the
PlayStation Network offline, and compromises personally identifying information (possibly including credit card details) of its 77 million accounts, in what is claimed to be one of the five largest
data breaches ever.[35]
Computer hacker sl1nk releases information of his penetration in the servers of the Department of Defense (DoD), Pentagon, NASA, NSA, US Military, Department of the Navy, Space and Naval Warfare System Command and other UK/US government websites.[36]
September: Bangladeshi hacker TiGER-M@TE made a world record in defacement history by hacking 700,000 websites in a single shot.[37]
October 16: The
YouTube channel of Sesame Street was hacked, streaming pornographic content for about 22 minutes.[38]
November 1: The main phone and Internet networks of the
Palestinian territories sustained a hacker attack from multiple locations worldwide.[39]
November 7: The forums for
Valve's
Steam service were hacked. Redirects for a hacking website, Fkn0wned, appeared on the Steam users' forums, offering "hacking tutorials and tools, porn, free giveaways and much more."[40]
December 14: Five members of the Norwegian hacker group, Noria, were arrested, allegedly suspected of hacking into the email account of the militant extremist
Anders Behring Breivik (who perpetrated the
2011 attacks in the country).[41]
2012
A hacker, Big-Smoke, published over 400,000 credit cards online,[42] and threatened
Israel to release 1 million credit cards in the future. In response to that incident, an Israeli hacker published over 200 Albanian' credit cards online.[43][44]
Gottfrid Svartholm Warg, the co-founder of
Pirate Bay, was convicted in Denmark of hacking a mainframe computer, what was then Denmark's biggest hacking case.[45]
January 7: "Team Appunity", a group of Norwegian hackers, were arrested for breaking into Norway's largest prostitution website, then publishing the user database online.[46]
February 3:
Marriott was hacked by a
New Age ideologist, Attila Nemeth, who was resisting against the
New World Order where he said that corporations are allegedly controlling the world. As a response, Marriott reported him to the United States Secret Service.[47]
February 8:
Foxconn is hacked by a hacker group, "Swagg Security", releasing a massive amount of data including email and server logins, and even more alarming—bank account credentials of large companies like Apple and Microsoft. Swagg Security stages the attack just as a Foxconn protest ignites against terrible working conditions in southern China.[48]
May 4: The websites of several Turkish representative offices of international IT-companies are defaced within the same day by F0RTYS3V3N (Turkish Hacker), including the websites of
Google,
Yandex,
Microsoft,
Gmail,
MSN,
Hotmail,
PayPal.[49][50][51][52]
May 24: WHMCS is hacked by
UGNazi, they claim that the reason for this is because of the illegal sites that are using their software.
May 31:
MyBB is hacked by newly founded hacker group,
UGNazi, the website was defaced for about a day, they claim their reasoning for this was because they were upset that the forum board Hackforums.net uses their software.
June 5: The social networking website
LinkedIn has been
hacked and the passwords for nearly 6.5 million user accounts are stolen by cybercriminals. As a result, a United States grand jury indicted Nikulin and three unnamed co-conspirators on charges of aggravated identity theft and computer intrusion.
August 15: The most valuable company in the world
Saudi Aramco is crippled by a cyber warfare attack for months by malware called
Shamoon. Considered the biggest hack in history in terms of cost and destructiveness . Carried out by an Iranian attacker group called Cutting Sword of Justice.[53] Iranian hackers retaliated against Stuxnet by releasing Shamoon. The malware destroyed over 35,000
Saudi Aramco computers, affecting business operations for months.
December 17: Computer hacker sl1nk announced that he has hacked a total of 9 countries'
SCADA systems. The proof includes 6 countries: France, Norway, Russia, Spain, Sweden and the United States.[54]
2013
The social networking website
Tumblr is attacked by hackers. Consequently, 65,469,298 unique emails and passwords were leaked from Tumblr. The data breach's legitimacy is confirmed by computer security researcher
Troy Hunt.[55]
August:
Yahoo! data breaches occurred. More than 1 billion users' data is being leaked.
2014
February 7: The
bitcoin exchange
Mt. Gox filed for bankruptcy after $460million was apparently stolen by hackers due to "weaknesses in [their] system" and another $27.4million went missing from its bank accounts.[56]
October: The White House computer system was hacked.[57] It was said that the FBI, the Secret Service, and other U.S. intelligence agencies categorized the attacks "among the most sophisticated attacks ever launched against U.S. government systems."[58]
November 24: In response to the release of the film The Interview, the servers of
Sony Pictures are
hacked by a hacker group calling itself "Guardian of Peace".
November 28: The website of the Philippine telecommunications company
Globe Telecom was hacked in response to the poor internet service they are distributing.[59]
2015
June: the records of 21.5 million people, including social security numbers, dates of birth, addresses, fingerprints, and security clearance-related information, are
stolen from the United States Office of Personnel Management (OPM).[60] Most of the victims are employees of the United States government and unsuccessful applicants to it. The Wall Street Journal and The Washington Post report that government sources believe the hacker is the government of China.[61][62]
February: The 2016
Bangladesh Bank heist attempted to steal US$951 million from a
Bangladesh Bank, and succeeded in getting $101 million—although some of this was later recovered.
September: Hacker Ardit Ferizi is sentenced to 20 years in prison after being arrested for hacking U.S. servers and passing the leaked information to members of
ISIL terrorist group back in 2015.[63]
October: The
2016 Dyn cyberattack is being conducted with a botnet consisting of IOTs infected with
Mirai by the hacktivist groups SpainSquad, Anonymous, and New World Hackers, reportedly in retaliation for
Ecuador's rescinding Internet access to
WikiLeaks founder
Julian Assange at their
embassy in London, where he has been granted
asylum.[64]
Late 2016: Hackers steal international personal user data from the company
Uber, including phone numbers, email addresses, and names, of 57 million people and 600,000 driver's license numbers of drivers for the company. Uber's
GitHub account was accessed through
Amazon's cloud-based service. Uber paid the hackers $100,000 for assurances the data was destroyed.[65]
December 2016:
Yahoo! data breaches reported and affected more than 1 billion users. The data leakage includes user names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords
2017
April: A hacker group calling itself "The Dark Overlord" posted unreleased episodes of Orange Is the New Black TV series online after failing to extort the online entertainment company
Netflix.[66]
May:
WannaCry ransomware attack started on Friday, May 12, 2017,[67] and has been described as unprecedented in scale, infecting more than 230,000 computers in over 150 countries.[68] A hacked unreleased Disney film is held for ransom, to be paid in Bitcoin.[citation needed]
May: 25,000 digital photos and ID scans relating to patients of the Grozio Chirurgija
cosmetic surgery clinic in
Lithuania were obtained and published without consent by an unknown group demanding ransoms.[69][70][71] Thousands of clients from more than 60 countries were affected.[69] The breach brought attention to weaknesses in Lithuania's information security.[69]
December:
Mecklenburg County, North Carolina computer systems were hacked. They did not pay the ransom.[77]
2018
March: Computer systems in the city of
Atlanta, in the U.S. state of Georgia, are seized by hackers with
ransomware. They did not pay the ransom,[78] and two Iranians were indicted by the
FBI on cyber crime charges for the breach.[79]
The town of
Wasaga Beach in Ontario, Canada computer systems are seized by hackers with ransomware.[80]
September:
Facebook was hacked, exposing to hackers the personal information of an estimated 30 million Facebook users (initially estimated at 50 million) when the hackers "stole" the "access tokens" of 400,000 Facebook users. The information accessible to the hackers included users' email addresses, phone numbers, their lists of friends, Groups they are members of, users' search information, posts on their timelines, and names of recent Messenger conversations.[81][82]
October:
West Haven, Connecticut USA computer systems are seized by hackers with ransomware, they paid $2,000 in ransom.[83]
November:
The first U.S. indictment of individual people for
ransomware attacks occurs. The
U.S. Justice Department indicted two men Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri who allegedly used the SamSam ransomware for extortion, netting them more than $6 million in ransom payments. The companies infected with the
ransomware included
Allscripts,
Medstar Health, and
Hollywood Presbyterian Medical Center. Altogether, the attacks caused victims to lose more than $30 million, in addition to the ransom payments.[84]
March:
Jackson County computer systems in the U.S. state of Georgia are seized by hackers with
ransomware, they paid $400,000 in ransom.[86] The city of
Albany in the U.S. state of New York experiences a ransomware cyber attack.[87][88]
April: Computer systems in the city of
Augusta, in the U.S. state of Maine, are seized by hackers using ransomware.[89][90] The
City of Greenville (North Carolina)'s computer systems are seized by hackers using ransomware known as RobbinHood.[91][92]Imperial County, in the U.S. state of California, computer systems are seized by hackers using Ryuk ransomware.[93]
May: computer systems belonging to the
City of Baltimore are seized by hackers using ransomware known as RobbinHood that encrypts files with a "file-locking" virus, as well as the tool
EternalBlue.[94][95][96][97]
June: The city of
Riviera Beach, Florida paid roughly $600,000 ransom in
Bitcoin to hackers who seized their computers using ransomware.[98] Hackers stole 18 hours of unreleased music from the band
Radiohead demanding $150,000 ransom. Radiohead released the music to the public anyway and did not pay the ransom.[99]
November: The
Anonymous hacktivist collective announced that they have hacked into four Chinese computer databases and donated those to data breach indexing/notification service vigilante.pw. The hack was conducted in order to support the
2019 Hong Kong protests, amidst the Hong Kong police's siege of the city's
Polytechnic University. They also brought up a possible peace plan first proposed by a professor at
Inha University in hopes of having the
Korean reunification and the five key demands of the Hong Kong protest being fulfilled at once.[100]
March: A
Malaysian railway station was mentioned on a
Twitter post as part of a warning issued via a hacked account by a group of entities with the names of "黎晓培", "Coltsfan", "biowolfjp", "CM Ang" and "chi.keat". On the website and
Reddit they also claimed responsibility of allegedly contaminating the headquarters of
United Malays National Organisation and
Malaysian Islamic Party with the
COVID-19 virus. As a result, the local mass transit company
Rapid KL had reported it to the police.[102]
March: Locations including
Ostankino Tower, a station in
St Petersburg Metro and at least one
Aeroflot flight were subjected to alleged bio-terrorist attacks by a group of entities including those with names of "Thomas Little Evil Utoyo", "Calton", "David Law", "Thanthom", "Hendy", "Gideon W", "Audentis", "Mister Eriee O", "Khengwin", "T-Zehang", "曾家顺", "Mr Castaigne", "kkkwan", "ronxi", "KC LING", "Le3p0ryuen", "Jayrulo", "S Teoh", "Ian Chew", "Mr Yiliang", "W. somboonsuk", "S Patcharaphon", "Victor pang", "jiangxin", "文_祥!", "Freddyisf0xy", "Masami", "Greg Galloway", "EncoreOngKai", "Alteredd State", "Jon@th@nlangdale" and "Dig Dejected" who had posted about it on the hacked
University of Georgia's Grady Newsource website, the web page of US National Association of Women Business Owners (NAWBO), a
Council of Europe's
Twitter account and that of
Temple University's which they've taken over.[103][104][105] They further said that they would target the
RKA Mission Control Center at a later time and additionally claimed that "Elmo Chong" and "Krully" had contaminated the Twitter headquarters in
San Francisco,
United States.[106][107]
May: Anonymous declared a large hack on May 28, three days after the
murder of George Floyd. An individual claiming to represent Anonymous stated that "We are Legion. We do not forgive. We do not forget. Expect us." in a now-deleted video. Anonymous addressed police brutality and said they "will be exposing [their] many crimes to the world". It was suspected that Anonymous were the cause for the downtime and public suspension of the
Minneapolis Police Department website and its parent site, the website of the
City of Minneapolis.[108]
May: Indian national Shubham Upadhyay posed as Superintendent of Police and, using
social engineering, used a free caller identification app to call up the in-charge of the Kotwali police station, K. K. Gupta, in order to threaten him to get his phone repaired amidst the
COVID-19 lockdown. The attempt was foiled.[109]
June: Anonymous claimed responsibility for stealing and leaking a trove of documents, collectively nicknamed '
BlueLeaks'. The 269-gigabytes collection was published by a leak-focused activist group known as
Distributed Denial of Secrets. Furthermore, the collective took down
Atlanta Police Department's website via
DDoS, and defaced websites such as a
Filipino governmental webpage and that of
Brookhaven National Labs. They expressed support for
Julian Assange and press freedom, while briefly "taking a swing" against
Facebook,
Reddit and
Wikipedia for having 'engaged in shady practices behind our prying eyes'. In the case of Reddit, they posted a link to a court document describing the possible involvement of a moderator of a large traffic subreddit (/r/news) in an online harassment-related case.[110][111]
June: The
Buffalo, NY police department's website was supposedly hacked by Anonymous.[112] While the website was up and running after a few minutes, Anonymous tweeted again on Twitter urging that it be taken down.[113] A few minutes later, the Buffalo, NY website was brought down again. They also hacked
Chicago police radios to play
N.W.A's "
Fuck tha Police".[114]
June: Over 1,000 accounts on the multiplayer online game
Roblox were hacked to display that they supported U.S. President
Donald Trump.[115]
July: User credentials of writing website
Wattpad were stolen and leaked on a hacker forum. The database contained over 200 million records.[116]
August: A large number of sub
reddits were hacked to post materials endorsing
Donald Trump. The affected subreddits included r/BlackPeopleTwitter, r/3amJokes, r/NFL, r/PhotoshopBattles. An entity with the name of "calvin goh and Melvern" had purportedly claimed responsibility for the massive defacement, and also made violent threats against a
Chinese embassy.[117]
August: The US Air Force's Hack-A-Sat event was hosted at DEF CON's virtual conference where groups such as Poland Can Into Space, FluxRepeatRocket, AddVulcan, Samurai, Solar Wine, PFS, 15 Fitty Tree, and 1064CBread competed in order to control a satellite in space. The Poland Can Into Space team stood out for having successfully manipulated a satellite to take a picture of the
Moon.[118][119]
August: The website of Belarusian company "BrestTorgTeknika" was defaced by a hacker nicknaming herself "
Queen Elsa", in order to support the
2020–21 Belarusian protests. In it, the page hacker exclaimed "Get Iced Iced already" and "Free Belarus, revolution of our times" with the latter alluding to the famous slogan used by
2019 Hong Kong protests. The results of the hack were then announced on Reddit's /r/Belarus subreddit by a poster under the username "Socookre".[120][121]
August: Multiple DDoS attacks forced
New Zealand's stock market to temporarily shut down.[122]
September: The first suspected death from a cyberattack was reported after cybercriminals hit a hospital in
Düsseldorf,
Germany with
ransomware.[123]
December: A
supply chain attack targeting upstream dependencies from Texas IT service provider "SolarWinds" results in serious, wide-ranging security breaches at the
U.S. Treasury and
Commerce departments. White House officials did not immediately publicly identify a culprit;
Reuters, citing sources "familiar with the investigation", pointed toward the Russian government.[127] An official statement shared by Senate Finance Committee ranking member,
Ron Wyden said: "Hackers broke into systems in the Departmental Offices division of Treasury, home to the department’s highest-ranking officials."[128]
December: A bomb threat posted from a
Twitter account that was seemingly hacked by persons with the aliases of "Omnipotent" and "choonkeat", against the
Aeroflot Flight 102, a passenger flight with the plane tail number of VQ-BIL coming from
Moscow to
New York City. Due to that, a runway of New York's
John F. Kennedy International Airport was temporarily closed and resulted in the delay of Aeroflot Flight 103, a return flight back to Moscow.[129][130][131]
December: The
Anonymous group initiated 'Christmas gift' defacements against multiple Russian portals, including a municipal website in
Tomsk and that of a regional football club. Inside the defacements, they made multiple references such as Russian opposition activist
Alexei Navalny, freedom protests in
Thailand and
Belarus, and opposition to the
Chinese Communist Party. They also held a mock award based on an event on the game platform
Roblox that was called "RB Battles" where YouTubers Tanqr and KreekCraft, the winner and the runner-up of the actual game event, were compared to both Taiwan and
New Zealand respectively due to the latter's reportedly stellar performance in fighting the
COVID-19 pandemic.[132]
February: Anonymous announced cyber-attacks of at least five
Malaysian websites. As a result, eleven individuals were nabbed as suspects.[133][134][135][136]
February: Hackers including those with names of "张卫能 utoyo" and "full_discl0sure" hijacked an events website Aucklife in order to craft a phony bomb threat against the
Chinese consulate in
Auckland, New Zealand, and also a similar facility in
Sydney, Australia. Their motive was a punitive response against China due to
COVID-19. As a result, a physical search was conducted at the consulate by New Zealand's Police Specialist Search Group, while Aucklife owner Hailey Newton had since regained her access to the website.
Wellington-based cybersecurity consultant Adam Boileau remarked that the hack isn't 'highly technical'.[137][138]
February: The group "Myanmar Hackers" attacked several websites belonging to
Myanmar government agencies, such as the
Central Bank of Myanmar and the military-run Tatmadaw True News Information Team. The group also targeted the Directorate of Investment and Company Administration, Trade Department, Customs Department, Ministry of Commerce, Myawady TV and state-owned broadcaster Myanmar Radio and Television and some private media outlets. A computer technician in Yangon found that the hacks were denial-of-service attacks, while the group's motive is to protest the
2021 Myanmar coup.[139]
April: Over 500 million
Facebook users' personal info—including info on 32 million in the United States—was discovered posted on a hackers' website, though Facebook claimed that the information was from a 2019 hack, and that the company had already taken mitigation measures; however, the company declined to say whether it had notified the affected users of the breach.[140][141][142][better source needed]
July: On 22 July 2021
Saudi Aramco data were leaked by a third-party contractor and demanded $50 million ransom from Saudi Aramco. Saudi Aramco confirmed the incident after a hacker claimed on the dark web that he had stolen 1 terabyte of data about the location of oil refineries and employees data in a post that was posted on June 23.[148][149][150]
August: T-Mobile reported that data files with information from about 40 million former or prospective T-Mobile customers, including first and last names, date of birth, SSN, and driver's license/ID information, were compromised.[151]
September and October:
2021 Epik data breach. Anonymous obtained and released over 400gigabytes of data from the domain registrar and web hosting company
Epik. The data was shared in three releases between September 13 and October 4. The first release included domain purchase and transfer details, account credentials and logins, payment history, employee emails, and unidentified private keys.[152] The hackers claimed they had obtained "a decade's worth of data", including all customer data and records for all domains ever hosted or registered through the company, and which included poorly encrypted passwords and other sensitive data stored in
plaintext.[152][153] The second release consisted of bootable disk images and API keys for third-party services used by Epik;[154] the third contained additional disk images and an archive of data belonging to the
Republican Party of Texas, who are an Epik customer.[155]
October: On October 6, 2021, an anonymous 4chan user reportedly hacked and leaked the source code of
Twitch, as well as information on how much the streaming service paid almost 2.4 million streamers since August 2019.[156] Source code from almost 6,000 GitHub repositories was leaked, and the 4chan user said it was "part one" of a much larger release.[157]
2022
February: The German
Chaos Computer Club has reported more than fifty data leaks. Government institutions and companies from various business sectors were affected. In total, the researchers had access to over 6.4 million personal data records, as well as terabytes of log data and source code.[158][159]
March: The website of a local newspaper in
Sumy, Ukraine was hacked by a person identifying themselves as "zehang陈". He claimed that he and other individuals "P_srim_asap", "Mrthanthomthebomber", "mister-handsomekai" and "RiansJohnson" had placed bombs at
Chinese and
Russian diplomatic facilities in
Malaysia with the former containing a photo of
Huanan Seafood Wholesale Market,
Hong Kong's
International Finance Centre and
MTR Airport Station, and the headquarters office of American game company
ROBLOX. Besides that, they claimed responsibility for the delivery of an envelope containing white powders against the Russian embassy in
Canberra, Australia. As a result, the area surrounding the embassy was briefly cordoned off.[160][161]
April: Anonymous hacked Russian companies Aerogas, Forest, and Petrovsky Fort. From there they leaked around 437,500 emails which they donated to non-profit whistleblower organization
Distributed Denial of Secrets. Furthermore, they leaked 446 GB of data from
Russian Ministry of Culture.[163][164]
April: On April 19, Gijón City Council (Spain) was attacked by the GERVASIA computer virus and suffered data hijacking.[165]
April: Airports in
Chelyabinsk and
Volgograd, in
Russia, had been hit with email bomb threats. Temporary evacuations were then ordered.[166][167]
May: The airport in
Omsk, Russia received an email bomb threat.[168]
May: Network Battalion 65 (NB65), a hacktivist group affiliated with Anonymous, has reportedly hacked Russian payment processor
Qiwi. A total of 10.5
terabytes of data including transaction records and customers' credit cards had been exfiltrated. They further infected Qiwi with
ransomwares and threatened to release more customer records.[169]
May: During the
Victory Day in Russia, anti-war messages were inserted into Russian TV schedules including that of
Russia-1, Channel 1, and
NTV-Plus. One of the messages were "On your hands is the blood of thousands of Ukrainians and their hundreds of murdered children. TV and the authorities are lying. No to war."[170]
June: The airport in
Volgograd, Russia, was hit by a threat of a bomb explosion sent via electronic mail. Furthermore, courts in
Saratov, Russia had been evacuated due to similar threats.[172][173]
July: A bomb threat message targeting a
Chinese embassy and a Russian consulate in
Malé,
Maldives was sent via the city's website, which caused the deployment of security forces to the affected areas along with the residence of politician
Mohamed Nasheed. Some streets had been cordoned off by the authorities as well.[174]
July: The
Elizovo Airport in Kamchatka, Russia received an email bomb threat. Because of that, the airport was inspected by the authorities.[175]
^Evan Perez; Shimon Prokupecz (April 8, 2015).
"How the U.S. thinks Russians hacked the White House". CNN. Retrieved December 17, 2016. Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.
The
Internet has a long history of turbulent relations, major maliciously designed disruptions (such as wide scale
computer virus incidents,
DOS and DDOS attacks that cripple services, and
organized attacks that cripple major online communities), and other conflicts. This is a list of known and documented Internet,
Usenet,
virtual community and
World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.
Spawned from the original
ARPANET, the modern Internet, World Wide Web and other services on it, such as virtual communities (
bulletin boards,
forums, and
Massively multiplayer online games) have grown exponentially. Such prolific growth of population, mirroring "offline" society, contributes to the number of conflicts and problems online growing each year. Today, billions of people in nearly all countries use various parts of the Internet. Inevitably, as in "brick and mortar" or offline society, the virtual equivalent of major turning points, conflicts, and disruptions—the online equivalents of the falling of the
Berlin Wall, the creation of the
United Nations, spread of
disease, and events like the
Iraqi invasion of Kuwait will occur.
Kevin Mitnick was arrested by the FBI on February 15. Mitnick was convicted of wire fraud and of breaking into the computer systems of
Fujitsu,
Motorola,
Nokia, and
Sun Microsystems. He served five years in prison. His pursuit and subsequent arrest made him one of the most famous hackers up to that time.
1988
A 23-year-old graduate student at
Cornell University,
Robert Tappan Morris, released the Internet's first worm, the
Morris worm. Morris, the son of a
National Security Agency (NSA) computer security expert, wrote 99 lines of code and released them as an experiment. The program began replicating and infecting machines at a much faster rate than he had anticipated, causing machines all over the world to crash.[citation needed]
Phil Zimmermann creates and releases
Pretty Good Privacy, an encryption tool still in use. By 1993, he was the target of U.S. government investigations, charged with "munitions export without a license". The investigation ended in 1996 with no charges filed.
1994
An international group, dubbed the "Phonemasters" by the
FBI, hacked into the networks of a number of companies including
MCI WorldCom,
Sprint,
AT&T, and
Equifax credit reporters. The gang accounted for approximately $1.85 million in business losses.[4]
In late 1995,
Vladimir Levin persuaded
Citibank's computers to transfer $10 million from its customers' accounts to his.
Interpol arrested him at Heathrow Airport, and Citibank got most of the money back. He pleaded guilty in 1995, but the method he used wasn't uncovered for another ten years, and at that time was one of the largest computer crimes by dollar value.
Tim Lloyd plants a software time bomb at
Omega Engineering, a company in New Jersey. The results of the attack are devastating: losses of US$12 million and more than 80 employees lose their jobs. Lloyd is sentenced to 41 months in jail.[5]
The
CIH computer virus is released, written by
Chen Ing Hau of
Taiwan. It is considered to be one of the most harmful widely circulated viruses, overwriting critical information on infected system drives, and more importantly, in some cases corrupting the system
BIOS, rendering computer systems unbootable. It was found in the wild in September.
Two
Chinese hackers, Hao Jinglong and Hao Jingwen (twin brothers), are sentenced to death by a court in China for breaking into a bank's computer network and stealing 720,000
yuan ($87,000).[6]
The US government allows the export of 56-bit encryption software, and stronger encryption software for highly sensitive data.
From the time the Morris worm struck the Internet until the onset of the Melissa virus, the Internet was relatively free from swift-moving, highly destructive "malware". The
Melissa virus, however, was rapacious; damages have been estimated at nearly $400 million. It marked a turning point, being the first incident of its kind to affect the newly commercial Internet.
The U.S. government establishes a technical review process to allow the export of encryption software regardless of key length.
Discovering a
demo of their song "
I Disappear" on the
NapsterP2P file-sharing network, heavy metal band
Metallica filed legal action against Napster over it (Metallica v. Napster, Inc.). This was the first time a major musical act publicly went against allegedly illegal file sharing.
In February 2000, some of the Internet's most reliable sites were rendered nearly unreachable by distributed denial-of-service (
DDoS) attacks.
Yahoo! took the first hit on February 7, 2000. In the next few days,
Buy.com,
eBay,
CNN,
Amazon.com,
ZDNet.com,
E-Trade, and
Excite were taken down by DDoS attacks. Though damage estimates vary widely, the FBI estimates that the companies suffered $1.7 billion
USD in lost business and other damages.
On May 5, 2000, the
ILOVEYOU computer worm attacked tens of millions of Windows-based PCs. It started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs". The outbreak was estimated to have caused US$5.5–8.7 billion in damages worldwide, and estimated to cost the US$15 billion to remove the worm. The worm originated from the Philippines.[7]
In October, a
massive attack against the 13
root domain servers of the Internet is launched by unidentified hackers. The aim: to stop the domain name resolution service around the net.[10]
2003
Site Finder, the attempt by
VeriSign in 2003 to take control of all unregistered .com and .net
domain names for their own purposes, is launched, and just as quickly scuttled after massive public outcry and official protest from groups such as
ARIN and
IANA.
2004
In November,
Marvel Comics filed a lawsuit against the developers of the City of Heroes MMO,
Cryptic Studios and their publisher
NCsoft alleging that the game not only allows, but actively promotes, the creation of characters whose copyrights and trademarks are owned by Marvel, and that Cryptic has intentionally failed to police these infringing characters. The suit sought unspecified damages and an injunction to force the companies to stop making use of its characters. The case is settled and rejected by United States courts in December 2005 with no changes made to the game.
In October, the
Sony BMG copy protection rootkit scandal began, where it was discovered that
Sony BMG surreptitiously and possibly illegally distributed copy protection software that forced itself to install on computers playing their audio CDs. As a result, many Windows-based computers belonging to consumers were left vulnerable to exploits and hacking.
In November, it was revealed that the online video game World of Warcraft, with millions of subscribers, would be hackable due to the far-reaching corruption and invasiveness of Sony's copy protection scheme.[11]
On December 20, the City of Heroes game servers were nearly all hacked by an undisclosed method. According to
NCsoft representative CuppaJo, "Customer data and its security was not compromised in any way during the incident that occurred," and no additional information beyond this was publicly disclosed. As of July 2006, this is the first known hack of any MMO, of which there are millions of subscribers across numerous games.[12][13][14][15]
2006
In January 2006, the
Electronic Frontier Foundation lodged a
class action lawsuit (Hepting v. AT&T) which alleged that AT&T had allowed agents of the
National Security Agency to monitor phone and Internet communications of AT&T customers without warrants. In April 2006 a retired former AT&T technician, Mark Klein, lodged an affidavit supporting this allegation.[16] The
Department of Justice has stated they will intervene in this lawsuit by means of
State Secrets Privilege.[17] The existence of this database and the NSA program that compiled it was mostly unknown to the general public until USA Today broke the story on May 10, 2006.[18] It is estimated that the database contains over 1.9 trillion
call-detail records of phone calls made after
September 11 attacks.[19]
On May 3, a massive DDOS assault on
Blue Security, an anti-spam company, is redirected by Blue Security staff to their
Movable Type-hosted blog. The result is that the DDOS instead knocks out all access to over 1.8 million active blogs, including all ten million plus registered
LiveJournal accounts (which is owned by Movable Type's parent company).[20][21]
In June,
The Pirate Bay, a
BitTorrent tracker website based in and operating from
Sweden, is raided by Swedish police for allegedly violating United States, Swedish, and
European Union copyright law. As of November 2006, the site remains online, operating from
Denmark and no legal action has been filed against it or its owners.[23] (The site is online now at thepiratebay.org)
2007
May 17:
Estonia recovers from massive denial-of-service attack[24]
August 11:
United Nations website hacked by Indian Hacker Pankaj Kumar Singh.[28]
November 14: Panda Burning Incense, which is known by several other names, including Fujacks and Radoppan.T lead to the arrest of eight people in China. Panda Burning Incense was a parasitic virus that infected executable files on a PC. When infected, the icon of the executable file changes to an image of a panda holding three sticks of incense. The arrests were the first for virus writing in China.[29]
2008
January 17:
Project Chanology;
Anonymous attacks Scientology website servers around the world. Private documents are stolen from Scientology computers and distributed over the Internet.
March 7: Around 20 Chinese hackers claim to have gained access to the world's most sensitive sites, including
the Pentagon. They operated from an apartment on a Chinese Island.[30]
March 14:
Trend Micro website successfully hacked by Turkish hacker Janizary (aka Utku).[31]
2009
April 4:
Conficker worm infiltrated millions of PCs worldwide, including many government-level top-security computer networks.[32]
2010s
2010
June:
Stuxnet The Stuxnet worm is found by VirusBlokAda. Stuxnet was unusual in that while it spread via Windows computers, its payload targeted just one specific model and type of
SCADA systems. It slowly became clear that it was a cyberattack on Iran's nuclear facilities—with most experts believing that Israel[33] was behind it—perhaps with US help.
April 9:
Bank of America website got hacked by a Turkish hacker named JeOPaRDY. An estimated 85,000 credit card numbers and accounts were reported to have been stolen due to the hack. Bank officials say no personal customer bank information is available on that web-page. Investigations are being conducted by the FBI to trace down the incriminated hacker.[34]
April 17: An "
external intrusion" sends the
PlayStation Network offline, and compromises personally identifying information (possibly including credit card details) of its 77 million accounts, in what is claimed to be one of the five largest
data breaches ever.[35]
Computer hacker sl1nk releases information of his penetration in the servers of the Department of Defense (DoD), Pentagon, NASA, NSA, US Military, Department of the Navy, Space and Naval Warfare System Command and other UK/US government websites.[36]
September: Bangladeshi hacker TiGER-M@TE made a world record in defacement history by hacking 700,000 websites in a single shot.[37]
October 16: The
YouTube channel of Sesame Street was hacked, streaming pornographic content for about 22 minutes.[38]
November 1: The main phone and Internet networks of the
Palestinian territories sustained a hacker attack from multiple locations worldwide.[39]
November 7: The forums for
Valve's
Steam service were hacked. Redirects for a hacking website, Fkn0wned, appeared on the Steam users' forums, offering "hacking tutorials and tools, porn, free giveaways and much more."[40]
December 14: Five members of the Norwegian hacker group, Noria, were arrested, allegedly suspected of hacking into the email account of the militant extremist
Anders Behring Breivik (who perpetrated the
2011 attacks in the country).[41]
2012
A hacker, Big-Smoke, published over 400,000 credit cards online,[42] and threatened
Israel to release 1 million credit cards in the future. In response to that incident, an Israeli hacker published over 200 Albanian' credit cards online.[43][44]
Gottfrid Svartholm Warg, the co-founder of
Pirate Bay, was convicted in Denmark of hacking a mainframe computer, what was then Denmark's biggest hacking case.[45]
January 7: "Team Appunity", a group of Norwegian hackers, were arrested for breaking into Norway's largest prostitution website, then publishing the user database online.[46]
February 3:
Marriott was hacked by a
New Age ideologist, Attila Nemeth, who was resisting against the
New World Order where he said that corporations are allegedly controlling the world. As a response, Marriott reported him to the United States Secret Service.[47]
February 8:
Foxconn is hacked by a hacker group, "Swagg Security", releasing a massive amount of data including email and server logins, and even more alarming—bank account credentials of large companies like Apple and Microsoft. Swagg Security stages the attack just as a Foxconn protest ignites against terrible working conditions in southern China.[48]
May 4: The websites of several Turkish representative offices of international IT-companies are defaced within the same day by F0RTYS3V3N (Turkish Hacker), including the websites of
Google,
Yandex,
Microsoft,
Gmail,
MSN,
Hotmail,
PayPal.[49][50][51][52]
May 24: WHMCS is hacked by
UGNazi, they claim that the reason for this is because of the illegal sites that are using their software.
May 31:
MyBB is hacked by newly founded hacker group,
UGNazi, the website was defaced for about a day, they claim their reasoning for this was because they were upset that the forum board Hackforums.net uses their software.
June 5: The social networking website
LinkedIn has been
hacked and the passwords for nearly 6.5 million user accounts are stolen by cybercriminals. As a result, a United States grand jury indicted Nikulin and three unnamed co-conspirators on charges of aggravated identity theft and computer intrusion.
August 15: The most valuable company in the world
Saudi Aramco is crippled by a cyber warfare attack for months by malware called
Shamoon. Considered the biggest hack in history in terms of cost and destructiveness . Carried out by an Iranian attacker group called Cutting Sword of Justice.[53] Iranian hackers retaliated against Stuxnet by releasing Shamoon. The malware destroyed over 35,000
Saudi Aramco computers, affecting business operations for months.
December 17: Computer hacker sl1nk announced that he has hacked a total of 9 countries'
SCADA systems. The proof includes 6 countries: France, Norway, Russia, Spain, Sweden and the United States.[54]
2013
The social networking website
Tumblr is attacked by hackers. Consequently, 65,469,298 unique emails and passwords were leaked from Tumblr. The data breach's legitimacy is confirmed by computer security researcher
Troy Hunt.[55]
August:
Yahoo! data breaches occurred. More than 1 billion users' data is being leaked.
2014
February 7: The
bitcoin exchange
Mt. Gox filed for bankruptcy after $460million was apparently stolen by hackers due to "weaknesses in [their] system" and another $27.4million went missing from its bank accounts.[56]
October: The White House computer system was hacked.[57] It was said that the FBI, the Secret Service, and other U.S. intelligence agencies categorized the attacks "among the most sophisticated attacks ever launched against U.S. government systems."[58]
November 24: In response to the release of the film The Interview, the servers of
Sony Pictures are
hacked by a hacker group calling itself "Guardian of Peace".
November 28: The website of the Philippine telecommunications company
Globe Telecom was hacked in response to the poor internet service they are distributing.[59]
2015
June: the records of 21.5 million people, including social security numbers, dates of birth, addresses, fingerprints, and security clearance-related information, are
stolen from the United States Office of Personnel Management (OPM).[60] Most of the victims are employees of the United States government and unsuccessful applicants to it. The Wall Street Journal and The Washington Post report that government sources believe the hacker is the government of China.[61][62]
February: The 2016
Bangladesh Bank heist attempted to steal US$951 million from a
Bangladesh Bank, and succeeded in getting $101 million—although some of this was later recovered.
September: Hacker Ardit Ferizi is sentenced to 20 years in prison after being arrested for hacking U.S. servers and passing the leaked information to members of
ISIL terrorist group back in 2015.[63]
October: The
2016 Dyn cyberattack is being conducted with a botnet consisting of IOTs infected with
Mirai by the hacktivist groups SpainSquad, Anonymous, and New World Hackers, reportedly in retaliation for
Ecuador's rescinding Internet access to
WikiLeaks founder
Julian Assange at their
embassy in London, where he has been granted
asylum.[64]
Late 2016: Hackers steal international personal user data from the company
Uber, including phone numbers, email addresses, and names, of 57 million people and 600,000 driver's license numbers of drivers for the company. Uber's
GitHub account was accessed through
Amazon's cloud-based service. Uber paid the hackers $100,000 for assurances the data was destroyed.[65]
December 2016:
Yahoo! data breaches reported and affected more than 1 billion users. The data leakage includes user names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords
2017
April: A hacker group calling itself "The Dark Overlord" posted unreleased episodes of Orange Is the New Black TV series online after failing to extort the online entertainment company
Netflix.[66]
May:
WannaCry ransomware attack started on Friday, May 12, 2017,[67] and has been described as unprecedented in scale, infecting more than 230,000 computers in over 150 countries.[68] A hacked unreleased Disney film is held for ransom, to be paid in Bitcoin.[citation needed]
May: 25,000 digital photos and ID scans relating to patients of the Grozio Chirurgija
cosmetic surgery clinic in
Lithuania were obtained and published without consent by an unknown group demanding ransoms.[69][70][71] Thousands of clients from more than 60 countries were affected.[69] The breach brought attention to weaknesses in Lithuania's information security.[69]
December:
Mecklenburg County, North Carolina computer systems were hacked. They did not pay the ransom.[77]
2018
March: Computer systems in the city of
Atlanta, in the U.S. state of Georgia, are seized by hackers with
ransomware. They did not pay the ransom,[78] and two Iranians were indicted by the
FBI on cyber crime charges for the breach.[79]
The town of
Wasaga Beach in Ontario, Canada computer systems are seized by hackers with ransomware.[80]
September:
Facebook was hacked, exposing to hackers the personal information of an estimated 30 million Facebook users (initially estimated at 50 million) when the hackers "stole" the "access tokens" of 400,000 Facebook users. The information accessible to the hackers included users' email addresses, phone numbers, their lists of friends, Groups they are members of, users' search information, posts on their timelines, and names of recent Messenger conversations.[81][82]
October:
West Haven, Connecticut USA computer systems are seized by hackers with ransomware, they paid $2,000 in ransom.[83]
November:
The first U.S. indictment of individual people for
ransomware attacks occurs. The
U.S. Justice Department indicted two men Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri who allegedly used the SamSam ransomware for extortion, netting them more than $6 million in ransom payments. The companies infected with the
ransomware included
Allscripts,
Medstar Health, and
Hollywood Presbyterian Medical Center. Altogether, the attacks caused victims to lose more than $30 million, in addition to the ransom payments.[84]
March:
Jackson County computer systems in the U.S. state of Georgia are seized by hackers with
ransomware, they paid $400,000 in ransom.[86] The city of
Albany in the U.S. state of New York experiences a ransomware cyber attack.[87][88]
April: Computer systems in the city of
Augusta, in the U.S. state of Maine, are seized by hackers using ransomware.[89][90] The
City of Greenville (North Carolina)'s computer systems are seized by hackers using ransomware known as RobbinHood.[91][92]Imperial County, in the U.S. state of California, computer systems are seized by hackers using Ryuk ransomware.[93]
May: computer systems belonging to the
City of Baltimore are seized by hackers using ransomware known as RobbinHood that encrypts files with a "file-locking" virus, as well as the tool
EternalBlue.[94][95][96][97]
June: The city of
Riviera Beach, Florida paid roughly $600,000 ransom in
Bitcoin to hackers who seized their computers using ransomware.[98] Hackers stole 18 hours of unreleased music from the band
Radiohead demanding $150,000 ransom. Radiohead released the music to the public anyway and did not pay the ransom.[99]
November: The
Anonymous hacktivist collective announced that they have hacked into four Chinese computer databases and donated those to data breach indexing/notification service vigilante.pw. The hack was conducted in order to support the
2019 Hong Kong protests, amidst the Hong Kong police's siege of the city's
Polytechnic University. They also brought up a possible peace plan first proposed by a professor at
Inha University in hopes of having the
Korean reunification and the five key demands of the Hong Kong protest being fulfilled at once.[100]
March: A
Malaysian railway station was mentioned on a
Twitter post as part of a warning issued via a hacked account by a group of entities with the names of "黎晓培", "Coltsfan", "biowolfjp", "CM Ang" and "chi.keat". On the website and
Reddit they also claimed responsibility of allegedly contaminating the headquarters of
United Malays National Organisation and
Malaysian Islamic Party with the
COVID-19 virus. As a result, the local mass transit company
Rapid KL had reported it to the police.[102]
March: Locations including
Ostankino Tower, a station in
St Petersburg Metro and at least one
Aeroflot flight were subjected to alleged bio-terrorist attacks by a group of entities including those with names of "Thomas Little Evil Utoyo", "Calton", "David Law", "Thanthom", "Hendy", "Gideon W", "Audentis", "Mister Eriee O", "Khengwin", "T-Zehang", "曾家顺", "Mr Castaigne", "kkkwan", "ronxi", "KC LING", "Le3p0ryuen", "Jayrulo", "S Teoh", "Ian Chew", "Mr Yiliang", "W. somboonsuk", "S Patcharaphon", "Victor pang", "jiangxin", "文_祥!", "Freddyisf0xy", "Masami", "Greg Galloway", "EncoreOngKai", "Alteredd State", "Jon@th@nlangdale" and "Dig Dejected" who had posted about it on the hacked
University of Georgia's Grady Newsource website, the web page of US National Association of Women Business Owners (NAWBO), a
Council of Europe's
Twitter account and that of
Temple University's which they've taken over.[103][104][105] They further said that they would target the
RKA Mission Control Center at a later time and additionally claimed that "Elmo Chong" and "Krully" had contaminated the Twitter headquarters in
San Francisco,
United States.[106][107]
May: Anonymous declared a large hack on May 28, three days after the
murder of George Floyd. An individual claiming to represent Anonymous stated that "We are Legion. We do not forgive. We do not forget. Expect us." in a now-deleted video. Anonymous addressed police brutality and said they "will be exposing [their] many crimes to the world". It was suspected that Anonymous were the cause for the downtime and public suspension of the
Minneapolis Police Department website and its parent site, the website of the
City of Minneapolis.[108]
May: Indian national Shubham Upadhyay posed as Superintendent of Police and, using
social engineering, used a free caller identification app to call up the in-charge of the Kotwali police station, K. K. Gupta, in order to threaten him to get his phone repaired amidst the
COVID-19 lockdown. The attempt was foiled.[109]
June: Anonymous claimed responsibility for stealing and leaking a trove of documents, collectively nicknamed '
BlueLeaks'. The 269-gigabytes collection was published by a leak-focused activist group known as
Distributed Denial of Secrets. Furthermore, the collective took down
Atlanta Police Department's website via
DDoS, and defaced websites such as a
Filipino governmental webpage and that of
Brookhaven National Labs. They expressed support for
Julian Assange and press freedom, while briefly "taking a swing" against
Facebook,
Reddit and
Wikipedia for having 'engaged in shady practices behind our prying eyes'. In the case of Reddit, they posted a link to a court document describing the possible involvement of a moderator of a large traffic subreddit (/r/news) in an online harassment-related case.[110][111]
June: The
Buffalo, NY police department's website was supposedly hacked by Anonymous.[112] While the website was up and running after a few minutes, Anonymous tweeted again on Twitter urging that it be taken down.[113] A few minutes later, the Buffalo, NY website was brought down again. They also hacked
Chicago police radios to play
N.W.A's "
Fuck tha Police".[114]
June: Over 1,000 accounts on the multiplayer online game
Roblox were hacked to display that they supported U.S. President
Donald Trump.[115]
July: User credentials of writing website
Wattpad were stolen and leaked on a hacker forum. The database contained over 200 million records.[116]
August: A large number of sub
reddits were hacked to post materials endorsing
Donald Trump. The affected subreddits included r/BlackPeopleTwitter, r/3amJokes, r/NFL, r/PhotoshopBattles. An entity with the name of "calvin goh and Melvern" had purportedly claimed responsibility for the massive defacement, and also made violent threats against a
Chinese embassy.[117]
August: The US Air Force's Hack-A-Sat event was hosted at DEF CON's virtual conference where groups such as Poland Can Into Space, FluxRepeatRocket, AddVulcan, Samurai, Solar Wine, PFS, 15 Fitty Tree, and 1064CBread competed in order to control a satellite in space. The Poland Can Into Space team stood out for having successfully manipulated a satellite to take a picture of the
Moon.[118][119]
August: The website of Belarusian company "BrestTorgTeknika" was defaced by a hacker nicknaming herself "
Queen Elsa", in order to support the
2020–21 Belarusian protests. In it, the page hacker exclaimed "Get Iced Iced already" and "Free Belarus, revolution of our times" with the latter alluding to the famous slogan used by
2019 Hong Kong protests. The results of the hack were then announced on Reddit's /r/Belarus subreddit by a poster under the username "Socookre".[120][121]
August: Multiple DDoS attacks forced
New Zealand's stock market to temporarily shut down.[122]
September: The first suspected death from a cyberattack was reported after cybercriminals hit a hospital in
Düsseldorf,
Germany with
ransomware.[123]
December: A
supply chain attack targeting upstream dependencies from Texas IT service provider "SolarWinds" results in serious, wide-ranging security breaches at the
U.S. Treasury and
Commerce departments. White House officials did not immediately publicly identify a culprit;
Reuters, citing sources "familiar with the investigation", pointed toward the Russian government.[127] An official statement shared by Senate Finance Committee ranking member,
Ron Wyden said: "Hackers broke into systems in the Departmental Offices division of Treasury, home to the department’s highest-ranking officials."[128]
December: A bomb threat posted from a
Twitter account that was seemingly hacked by persons with the aliases of "Omnipotent" and "choonkeat", against the
Aeroflot Flight 102, a passenger flight with the plane tail number of VQ-BIL coming from
Moscow to
New York City. Due to that, a runway of New York's
John F. Kennedy International Airport was temporarily closed and resulted in the delay of Aeroflot Flight 103, a return flight back to Moscow.[129][130][131]
December: The
Anonymous group initiated 'Christmas gift' defacements against multiple Russian portals, including a municipal website in
Tomsk and that of a regional football club. Inside the defacements, they made multiple references such as Russian opposition activist
Alexei Navalny, freedom protests in
Thailand and
Belarus, and opposition to the
Chinese Communist Party. They also held a mock award based on an event on the game platform
Roblox that was called "RB Battles" where YouTubers Tanqr and KreekCraft, the winner and the runner-up of the actual game event, were compared to both Taiwan and
New Zealand respectively due to the latter's reportedly stellar performance in fighting the
COVID-19 pandemic.[132]
February: Anonymous announced cyber-attacks of at least five
Malaysian websites. As a result, eleven individuals were nabbed as suspects.[133][134][135][136]
February: Hackers including those with names of "张卫能 utoyo" and "full_discl0sure" hijacked an events website Aucklife in order to craft a phony bomb threat against the
Chinese consulate in
Auckland, New Zealand, and also a similar facility in
Sydney, Australia. Their motive was a punitive response against China due to
COVID-19. As a result, a physical search was conducted at the consulate by New Zealand's Police Specialist Search Group, while Aucklife owner Hailey Newton had since regained her access to the website.
Wellington-based cybersecurity consultant Adam Boileau remarked that the hack isn't 'highly technical'.[137][138]
February: The group "Myanmar Hackers" attacked several websites belonging to
Myanmar government agencies, such as the
Central Bank of Myanmar and the military-run Tatmadaw True News Information Team. The group also targeted the Directorate of Investment and Company Administration, Trade Department, Customs Department, Ministry of Commerce, Myawady TV and state-owned broadcaster Myanmar Radio and Television and some private media outlets. A computer technician in Yangon found that the hacks were denial-of-service attacks, while the group's motive is to protest the
2021 Myanmar coup.[139]
April: Over 500 million
Facebook users' personal info—including info on 32 million in the United States—was discovered posted on a hackers' website, though Facebook claimed that the information was from a 2019 hack, and that the company had already taken mitigation measures; however, the company declined to say whether it had notified the affected users of the breach.[140][141][142][better source needed]
July: On 22 July 2021
Saudi Aramco data were leaked by a third-party contractor and demanded $50 million ransom from Saudi Aramco. Saudi Aramco confirmed the incident after a hacker claimed on the dark web that he had stolen 1 terabyte of data about the location of oil refineries and employees data in a post that was posted on June 23.[148][149][150]
August: T-Mobile reported that data files with information from about 40 million former or prospective T-Mobile customers, including first and last names, date of birth, SSN, and driver's license/ID information, were compromised.[151]
September and October:
2021 Epik data breach. Anonymous obtained and released over 400gigabytes of data from the domain registrar and web hosting company
Epik. The data was shared in three releases between September 13 and October 4. The first release included domain purchase and transfer details, account credentials and logins, payment history, employee emails, and unidentified private keys.[152] The hackers claimed they had obtained "a decade's worth of data", including all customer data and records for all domains ever hosted or registered through the company, and which included poorly encrypted passwords and other sensitive data stored in
plaintext.[152][153] The second release consisted of bootable disk images and API keys for third-party services used by Epik;[154] the third contained additional disk images and an archive of data belonging to the
Republican Party of Texas, who are an Epik customer.[155]
October: On October 6, 2021, an anonymous 4chan user reportedly hacked and leaked the source code of
Twitch, as well as information on how much the streaming service paid almost 2.4 million streamers since August 2019.[156] Source code from almost 6,000 GitHub repositories was leaked, and the 4chan user said it was "part one" of a much larger release.[157]
2022
February: The German
Chaos Computer Club has reported more than fifty data leaks. Government institutions and companies from various business sectors were affected. In total, the researchers had access to over 6.4 million personal data records, as well as terabytes of log data and source code.[158][159]
March: The website of a local newspaper in
Sumy, Ukraine was hacked by a person identifying themselves as "zehang陈". He claimed that he and other individuals "P_srim_asap", "Mrthanthomthebomber", "mister-handsomekai" and "RiansJohnson" had placed bombs at
Chinese and
Russian diplomatic facilities in
Malaysia with the former containing a photo of
Huanan Seafood Wholesale Market,
Hong Kong's
International Finance Centre and
MTR Airport Station, and the headquarters office of American game company
ROBLOX. Besides that, they claimed responsibility for the delivery of an envelope containing white powders against the Russian embassy in
Canberra, Australia. As a result, the area surrounding the embassy was briefly cordoned off.[160][161]
April: Anonymous hacked Russian companies Aerogas, Forest, and Petrovsky Fort. From there they leaked around 437,500 emails which they donated to non-profit whistleblower organization
Distributed Denial of Secrets. Furthermore, they leaked 446 GB of data from
Russian Ministry of Culture.[163][164]
April: On April 19, Gijón City Council (Spain) was attacked by the GERVASIA computer virus and suffered data hijacking.[165]
April: Airports in
Chelyabinsk and
Volgograd, in
Russia, had been hit with email bomb threats. Temporary evacuations were then ordered.[166][167]
May: The airport in
Omsk, Russia received an email bomb threat.[168]
May: Network Battalion 65 (NB65), a hacktivist group affiliated with Anonymous, has reportedly hacked Russian payment processor
Qiwi. A total of 10.5
terabytes of data including transaction records and customers' credit cards had been exfiltrated. They further infected Qiwi with
ransomwares and threatened to release more customer records.[169]
May: During the
Victory Day in Russia, anti-war messages were inserted into Russian TV schedules including that of
Russia-1, Channel 1, and
NTV-Plus. One of the messages were "On your hands is the blood of thousands of Ukrainians and their hundreds of murdered children. TV and the authorities are lying. No to war."[170]
June: The airport in
Volgograd, Russia, was hit by a threat of a bomb explosion sent via electronic mail. Furthermore, courts in
Saratov, Russia had been evacuated due to similar threats.[172][173]
July: A bomb threat message targeting a
Chinese embassy and a Russian consulate in
Malé,
Maldives was sent via the city's website, which caused the deployment of security forces to the affected areas along with the residence of politician
Mohamed Nasheed. Some streets had been cordoned off by the authorities as well.[174]
July: The
Elizovo Airport in Kamchatka, Russia received an email bomb threat. Because of that, the airport was inspected by the authorities.[175]
^Evan Perez; Shimon Prokupecz (April 8, 2015).
"How the U.S. thinks Russians hacked the White House". CNN. Retrieved December 17, 2016. Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.