6 Real Cyber Attacks Straight Out of a Bad Hacker Movie

#3. The Virus That Was a Spy (or the International Virus of Mystery)


Imagine a chunk of code that could do everything James Bond or Ethan Hunt are supposed to do, but better.

It was called Flame, and it was 20 megabytes of malicious programming that operated as a spy in several Middle Eastern nations, primarily Iran. While James Bond would be busy harpooning vaginas, Flame was doing the thing that spies are supposed to do -- that is, collecting information. Flame can copy data files, capture sensitive screenshots, download instant messaging transcripts and remotely turn on a computer's microphone and camera to record any conversations that are taking place near it.

"She keeps asking me to shit on her chest, and I'm like, 'I'm not your plaything, Grandma.'"

Flame receives commands and data via Bluetooth like a raiding party in Azeroth, but it also has the innate ability to fake credentials to avoid detection. It executes an obscure cryptographic technique called prefix collision attack -- basically, it wards off antiviruses by fooling them into thinking that it's supposed to be there, the binary equivalent of novelty glasses and a Groucho mustache.

In the movies, when a spy gets busted, he or she typically bites open a cyanide capsule hidden in a false tooth and chokes to death on selflessness. Flame totally has that, in the form of a suicide command that automatically deletes the virus and all traces of it from an infected computer. Flame doesn't just die when caught -- it disintegrates itself and burns its birth certificate.

And then executes its mother's obstetrician.

Flame was operating clandestinely for five years disguised as a Microsoft software update (yes, computers at the highest level of government run Windows Vista) until the shenanigans of a separate virus resulted in a crackdown that led to its discovery in Iran. Iran alleges that Flame was created by the U.S. and Israel, but, of course, both nations have disavowed all knowledge.

#2. In One Shot, a Tech Journalist Has His Life Deleted and All His Gadgets Frozen


The 1995 Sandra Bullock trivia question The Net tried to teach us the dangers of storing too much of our lives on the Internet and depicted hackers as being able to use computers to completely erase a person's existence in a matter of days. Specifically, by crashing an airplane and poisoning Dennis Miller (both done with hacking).

Well, laugh all you want, but in reality, Mat Honan, a senior writer at Wired.com, had his entire life shanghaied in less than one hour. It started with the typical stuff -- hackers deleted Honan's Google account (including eight years of emails) and then used his Twitter account to vomit out racist and homophobic garbage. But hey, that's the kind of hacking a bunch of you have probably endured. But then the attackers used his Apple ID to turn his iPhone, iPad and MacBook into shiny catatonic bricks. For someone who makes his living communicating and working online, they had effectively shut down his life. In minutes.

"Dammit, I know the correct password is 'fl0pd0ng69L0Lfart'."

One of the hackers got in touch with Honan later and told him how they did it, presumably while Honan stabbed a voodoo doll to death. Basically, all it took was Honan's billing address and credit card number, information that you give out on a frequent basis if you've ever ordered anything on the Internet (even a pizza). So pay attention:

First, they followed a link to his homepage from his Twitter account and used the information they found there to do a quick Internet search for his address. Next, they used his Gmail address to do an account recovery, which allowed them to see his partially obscured (but easily guessed) alternate email, which was his Apple ID. Then, they called Amazon's tech support to add a bogus credit card to Honan's Amazon account, which they were allowed to do after providing his email and billing addresses (two things that anyone on the Internet can see). Finally, they called right back and told tech support that they couldn't access their (Honan's) account. By providing Honan's name and email address and the newly added bogus credit card number, they were allowed to add a new email address to the account and have a password reset sent to it.

The hackers now had access to Honan's Amazon account, and access to all the credit cards on file -- just the last four digits of each card, mind you, but all Apple tech support requires is a billing address and those last four numbers. With that information, they had his Apple account, which they used to brick his devices and burn his digital life to the ground.

The best and/or saddest part is that Honan himself was targeted for absolutely no reason. The hackers had no idea who he was -- they just liked his Twitter handle and wanted to use it to troll for a while. They went through that whole complicated process and fucked his life over just so he wouldn't be able to log back in to Twitter and disrupt their hijinks.

Wait, when did hackers become such pussies that Twitter accounts became desirable targets?

But don't worry -- unless you have a Google account, an Amazon account and an Apple account, you're totally safe from something like this ever happening to you.

#1. Stuxnet Breaks Iran's Nuclear Plants


As we mentioned in the first entry, it turns out that real-life hackers can do the "run a virus that makes the enemy's shit explode" trick that we thought was Hollywood bullshit. So how do you top a virus that turns gas pipelines into giant smoking craters? How about crippling a country's nuclear capability?

In June 2010, a virus called Stuxnet was found lying dormant in the networks of factories, power plants and traffic control systems worldwide. Stuxnet had the disquieting ability to disable major energy networks (like switch off an oil pipeline or cripple a nuclear reactor) without alerting the operators, but in every system where it was found, the virus wouldn't do a single thing. It just kind of sat there, possibly collecting disability. As it turns out, Stuxnet was waiting.

"Don't mind me. Just come closer so I can see you better."

Viruses, in general, tend to be indiscriminate. They just burst through the door like a werewolf and start destroying things. Stuxnet was different. It had a specific target -- in this case, the centrifuges in Iran's main uranium enrichment facility in Natanz. Its destructive programming would only activate under certain conditions, which could only be met while in Natanz. Once those conditions were met, Stuxnet would take complete control of the system.

So, what, it freezes up their computers? Maybe displays a little animated skull to let them know they'd been hit?

"Damn it! Why do you always have to attack my tiny, tiny laptop?!"

Hardly. The plant needs thousands of spinning centrifuges as part of the uranium enrichment process. Stuxnet was programmed to take over the machines and make them spin themselves to pieces.

A thousand of these centrifuges were deactivated by Iran in short order just around the time Stuxnet was believed to have been most active, accounting for 30 percent of the Natanz facility's uranium enrichment ability. Iran did not admit to Stuxnet's involvement, but did state that the virus' presence in a separate nuclear facility still under construction prevented them from turning on the reactors there for fear of causing a nationwide blackout.

A blackout caused by hacking.

Danny is a freelance writer. Feel free to badger him with love, work or hate at his Twitter, blog or email: dannyvittore@gmail.com.

For more from Soren, check out 8 Scenes That Prove Hollywood Doesn't Get Technology. Or discover 5 Ridiculous Gun Myths Everyone Believes (Thanks to Movies).

If you're pressed for time and just looking for a quick fix, then check out 5 Hilariously Elaborate Ways Video Games Punished Cheaters.

And stop by LinkSTORM to see which O'Brien's computer is full of Twilight fanfics.

And don't forget to follow us on Facebook, Twitter, and Tumblr to get sexy, sexy jokes sent straight to your news feed. Are you on Google+? So are we!

Do you have an idea in mind that would make a great article? Then sign up for our writers workshop! Do you possess expert skills in image creation and manipulation? Mediocre? Even rudimentary? Are you frightened by MS Paint and simply have a funny idea? You can create an infographic and you could be on the front page of Cracked.com tomorrow!

Recommended For Your Pleasure

To turn on reply notifications, click here


The Cracked Podcast

Choosing to "Like" Cracked has no side effects, so what's the worst that could happen?

The Weekly Hit List

Sit back... Relax... We'll do all the work.
Get a weekly update on the best at Cracked. Subscribe now!