Stupid Ways that Big Corporations Got Hacked

Access Granted

Hackers are like the digital equivalent of airborne dust particles. Despite the countless efforts to make your house impenetrable to airborne debris, there will always be an entry point from where it will seep through.

Similarly, hackers are a breed that thrives when a secure network presents them the most challenges. When breaking in, they will turn to the most merciless ways and find the most absurd and outrageous entries that make even the best corporations chuckle while marveling at their creativity.

In some instances, however, the hacks are rather sophisticated and complex. Mostly, hackers will be quick to take advantage of the most obvious vulnerabilities when hacking a system. These methods involve phishing, attacking unpatched networks, exploiting weak passwords, or extracting data with the help of social engineering methods.

Nonetheless, below are real-world examples when hackers resorted to unorthodox hacking techniques leaving corporations, third-party suppliers, and network operators in utter disbelief.

Hackers Breached Casino Data by Invading into the Fish Tank’s Thermostat

In today’s age, computers are able to perform every small little task that involves moderating or controlling. The world is vastly moving towards the internet of things, in which most items will come installed with a computer board, allowing them to be integrated with a single computer network.

This will allow you to sync all devices and synergistically carry out your daily operations. Even though this helps optimize productivity, it also makes for more pathways towards your data that are vulnerable to exploitation.

One example of such exploitation came about in 2017. A cyber security firm announced a discovery of a hack in which the perpetrators were stealing data from a North American casino through a fish tank present inside the casino premise.

This fish tank was equipped with IoT sensors integrated with the casino computer. This allowed the staff to use the computer for regulating the temperature of the aquarium and also automatically set the feeding time for the fish.

According to a Business Insider report in 2018, Nicole Eagan, cybersecurity executive of Darktrace, which is a cyber security firm, highlighted the story at a conference. “The attackers used that (a fish-tank thermometer) to get a foothold in the network,” she recounted. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”

Who could have guessed that the purchase of a high-tech shark tank would cost them much more than they expected? The name of the casino is undisclosed, but the reports confirm that the data was transferred to a foreign country.

The hackers figured that there are not only plenty of fish in the sea but also plenty at casinos around the world. By doing so, they were not only in possession of the casino’s shark feeding schedule but also the accounting records of a few whales.

Shark Tank Whale Falls Victim to a Cunning Email Scam

Barbara Corcoran, one of the famous investors of the popular show “Shark Tank,” gave up nearly four million dollars to the hands of a clever online con artist. The hacker played Concoran’s executive assistant by crafting an exact duplicate invoice and sending it to the millionaire’s bookkeeper.

The bookkeeper failed to notice the phony return email address. What seemed to be a playful yet hopeful attempt by the hacker made it through as a success due to the negligence of the bookkeeper. The bookkeeper realized that the invoice was fake after it sent an email to the address of the rightful executive that the hackers were trying to impersonate.

This was probably a huge victory for the hacker community worldwide. Some hackers who spend months trying to break codes and use complex tools to bag such an amount must be banging their heads on the wall. Hopefully, no one was rooting for them in the first place.

You would think that Corcoran fired her assistant after suffering such a huge blow; however, that was not the case. She said, “I lost the $388,700 as a result of a fake email chain sent to my company. It was an invoice supposedly sent by my assistant to my bookkeeper approving the payment for a real estate renovation. There was no reason to be suspicious as I invest in a lot of real estate. I was upset at first but then remembered it was only money.”

Cyber Attack on American University Devices because the Hacker was in the Mood for Seafood

Hackers will sometimes work collectively to DDoS attack. This is when a particular server faces an abnormal amount of traffic that it is incapable of handling. This causes a particular system to crash. The IT staff of an educational institute was shocked to find out that all 5000 connected items of the educational facility were infected by malicious code.

The malware traffic invaded all devices and objects such as laptops, control centers, lamps, vending machines, and more. After an inquiry was set up and the third-party risk assessment came about, people found out that the devices were running on default passwords.

The unusual and comical part about this cyber chaos was that all the devices were simultaneously searching for nearby seafood restaurants. No one had expected that something so FISHY was about to happen. Nonetheless, this is an example of how multiplying devices to the main network increases the risks of virtual attacks.

Guardians of Peace Threaten Sony

Normally, the name “guardian of peace” is associated with guarding and protecting. This was, however, not the case for a notorious hacker group. In late November of 2014, Sony Pictures Entertainment was about to release the controversial movie, “The Interview.”

Before the movie’s release, Sony encountered a cyber attack by a group that ironically referred to themselves as the guardians of peace. This cyber crime was widely believed to have associations with North Korea because the plot of the movie showcased the death of Kim Jong-Un.

The hackers caused much havoc after penetrating Sony’s system. They stole incredible amounts of data from their network and displayed a scary image of demands. Not only that, but they also posted five Sony movies to file-sharing networks, out of which four were unreleased.

This was not all – they also put thousands of confidential documents into jeopardy and threatened to commit terrorist attacks if Sony ever released the movie. Fortunately, nothing violent came about, and the movie hit the theaters with an added punch of excitement.

Giant Corporations are the best Targets for Practical Jokes

This is another IoT-related invasion that leads to the question of whether having computerized items do more harm than good. It is very difficult to track the incentives and motives of hackers when they carry out their hacks. A third-party risk can sometimes put your life savings at risk, and other times it is only a mental disturbance.

Most hackers are juvenile delinquents that are just trying to get a laugh and make a fool out of giant corporations. This is why you rarely see them targeting small to medium-sized businesses. You cannot tell what the purpose is when giant corporations and even governments become part of a satirical practical joke. In most cases, it deems to assuring dominance and control, letting the CISOs or chief information security officers know that they are powerless.

Mr. Bean as the Spanish PM

In one instance, the Spanish Prime Minister’s picture was replaced with Mr. Bean’s picture on the government’s official website. According to the authorities, the hacker managed to do this by leveraging cross-site scripting. This is a vulnerability that is common with many websites. No one can really tell whether this instance was in light of sheer randomness or a critique of the PM’s policies.

Iranian Nuclear Facility was “Thunderstruck”

A similar government struck-down occurred in July 2012, when ACDC’s thunderstruck echoed around the Iranian nuclear facilities. The song continued to soar from the speakers without stopping throughout the night. For what it was worth, the hackers were sure to introduce the nuclear facility with western rock and roll sensations and possibly change the life of one or two Iranians.

To Conclude

As you can see, hackers carry out their activities and cyber attacks using many different methods and have a wide range of different motives for doing so –some of which are also very stupid. Much of their expertise comes from their knowledge of the deep web. It is fair to say that as computers start taking hold of more functionalities, cyber crime as a threat will become more evident.

About the Author

About this Post

Leave a Reply

Your email address will not be published.