Major IT security, cybercrime & cyberwar incidents

| last update: 2016-09-01

Distributed Denial of Service (dDoS) Attacks are not included in this list as they are annoying but not sophisticated attacks.

2019 | 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009

2019

2018

2017

  • 09/2017 Equifax Breach

2016

  • 07/2016 DNC Email leak
    During the U.S. presidential campaign a collection of Democratic National Committee (DNC) emails was leaked through WikiLeaks.
  • 04/2016 Panama Papers Leak
    More than 11 million documents (2.6 TB) on offshore companies leaked to the press.
  • 04/2016
    Hackers publish sensible data about 49 million turkish citizens.
  • 03/2016 "Billion" Dollar Cyber Heist
    Hackers use SWIFT to transfer 971 Million USD owned by the central bank of Bangladesh into foreign accounts. Most of it can be retrieve, but 81 million USD are lost.

2015

2014

  • 08/2014: possibly largest password theft ever
    According to Hold Security Russian hackers stole more than a billion user name password combinations from more than 400.000 websites. At the request of the New York Times a non affiliated expert confirmed this. However Bruce Schneier seems still to be sceptical.
  • 06/2014: The U.S. Justice Department secretly seized control over networks used to control GameOver Zeus and CryptoLocker
    NYT article
  • 05/2014: U.S. Charges Five alleged Chinese Military Hackers for Cyber Espionage
    First time criminal charges are filed against state actors for hacking.
    see: DoJ press announcement | NYT coverage
  • Heartbleed bug
    Some OpenSSL libraries did not properly handle Heartbeat Extension packets, which allowed remote attackers to obtain sensitive information - like private keys - from process memory. (see here | CVE-2014-0160)
  • Mt.Gox
  • The Mask
    Very complex malware (rootkit, bootkit, versions for multiple operation systems , ...) found by Kaspersky. Presumably state sponsored. Bruce Schneier hypothesizes that Spain may be behind this. According to Kaspersky the campaign was active for at least five years until January 2014.

2013

  • Massive data theft at Target stores
    During the 2013 holiday season credit card details and other data of up to 70 million customers of US retailer Target were stolen.
  • PRISM revealed
    Documents about the classified electronic surveillance program operated by the National Security Agency were leaked to news media.
  • Red October / Rocra
    Discovered by Kaspersky Labs in October 2012 and made public known in January 2013. Red October seems to be a very advanced cyber-espionage tool that was around for at least 5 years. Kaspersky Labs published a detailed report of their investigations.

2012

  • Cyberattack on Saudi Aramco
    In August 2012 a virus erased data on three-quarters of the oil company's computers and replaced them with an image of a burning US flag. (NYT)
  • Flame

2011

  • Lockheed Martin : network intrusion
    Hackers got into the military contractor's network, which had to be shut down to stop the attack. The attack may be linked to a data breach at RSA that could possibly have compromised some of the security tokens used at Lockheed Martin. (more on this))
  • Sony Playstation Network hacked
    Massive data theft. More on BBC News.
  • Anonymous vs HBGary
    See Ars Technica for a detailed report on this.

2010

  • Wikileaks: US Embassy Cables 1966 – 2010 ("Cablegate")
  • Wikileaks: Iraq War Logs
  • Stuxnet / Operation Olympic Games
    Stuxnet was a complex worm created to sabotage Iran's nuclear programme. There was speculation that Stuxnet forced Iran to temporarily stop enriching uranium.
    NYT on Operation "Olympic Games"

2009

  • Ghostnet
  • F35 Hack
    It has been revealed that hackers stole thousand of confidential documents on the F-35 Joint Strike Fighter Design. See CNN and WSJ.