6 Real Cyber Attacks Straight Out of a Bad Hacker Movie

A logic bomb essentially makes a program switch to a different mode after running several million cycles (changing its "logic"). The pipeline software's logic bomb was set to go off after 10 million cycles. The KGB thieves weren't stupid -- they checked the stuff they were stealing -- but since the software appeared to be working fine, they brought it back to a pipeline in Siberia that extended into Western Europe, singing songs of their good fortune.

The program ran fine for a few months (the aforementioned 10 million cycles), but after that, it took the pipeline's pumps and compressors aside and told them, "Today is the day that we run a pressure test at dangerously high levels." After careful calculations, the CIA expected the pipeline to merely spring leaks all the way across Siberia. Clearly, they overestimated Soviet engineering.

In June 1982, American early warning satellites detected an extremely large blast in Siberia as the pipeline motherfucking exploded. The blast was 3 kilotons, or roughly one-fifth of the strength of the atomic bomb dropped on Hiroshima. It was "the most monumental non-nuclear explosion and fire ever seen from space," a phrase that here means "the most brain-shittingly awesome spectacle ever witnessed by the endless folds of the universe."

Intensely classified American military computer networks were penetrated by a worm (a self-perpetuating piece of code armed with evil intent) dubbed Agent.btz, and all it took was someone stationed in Afghanistan inserting an infected flash drive into a laptop that was connected to the military's Central Command. From there, Agent.btz worked its way through numerous networks used to relay secret materials for the U.S. State and Defense departments, beaming information back to its unknown master.

The U.S. scrambled together a response team called Operation Buckshot Yankee (after a spirited round of Mad Libs) to isolate and remove the malicious code from the top-secret networks. The problem was, Agent.btz had the ability to scan a computer to look for data, then open backdoors to let itself out and into other networks, transmitting both the data and the backdoors back to its mysterious creator. It's like that guy nobody invited but who is supposedly someone's cousin, just creeping from house party to house party, texting his friends which garage doors are unlocked so they can come by later and steal power tools.

Furthermore, Agent.btz mutated constantly, downloading new code to change its "signature" and evade detection. Just as older versions were being removed, newer and more complex variants of Agent.btz were appearing around the network, compromising both confidential and nonconfidential documents a year and a half after it first started operating, even with the full force of the U.S. government dedicated to tracking it down. It wasn't finally defeated until hundreds of machines were taken offline and reformatted, and thousands of infected thumb drives had been confiscated. Ah, come on! What's the worst that can happen? Oh, right. Giant explosions.

The medical practice shut down the server, records be damned, then contacted the police and notified their clients that their information had been compromised, because fuck ransoms.

And they weren't the first victims of this sort of thing -- in 2008, the prescription-drug benefits company Express Scripts was sent an email with the Social Security numbers and prescription records of 75 customers, demanding an unspecified sum to keep the information secure. Of course, Express Scripts decided to put their customers' interests first and refused to pay, then emailed all 700,000 of their clients (remember, that's 699,925 less than the hackers had actually compromised) to let them know that their information had probably been stolen. We guess that's better than just giving in, although ideally there'd be some kind of computer code Liam Neeson you could call to deal with this kind of thing.

Imagine a chunk of code that could do everything James Bond or Ethan Hunt are supposed to do, but better.

It was called Flame, and it was 20 megabytes of malicious programming that operated as a spy in several Middle Eastern nations, primarily Iran. While James Bond would be busy harpooning vaginas, Flame was doing the thing that spies are supposed to do -- that is, collecting information. Flame can copy data files, capture sensitive screenshots, download instant messaging transcripts and remotely turn on a computer's microphone and camera to record any conversations that are taking place near it.

Flame receives commands and data via Bluetooth like a raiding party in Azeroth, but it also has the innate ability to fake credentials to avoid detection. It executes an obscure cryptographic technique called prefix collision attack -- basically, it wards off antiviruses by fooling them into thinking that it's supposed to be there, the binary equivalent of novelty glasses and a Groucho mustache.

In the movies, when a spy gets busted, he or she typically bites open a cyanide capsule hidden in a false tooth and chokes to death on selflessness. Flame totally has that, in the form of a suicide command that automatically deletes the virus and all traces of it from an infected computer. Flame doesn't just die when caught -- it disintegrates itself and burns its birth certificate.

Flame was operating clandestinely for five years disguised as a Microsoft software update (yes, computers at the highest level of government run Windows Vista) until the shenanigans of a separate virus resulted in a crackdown that led to its discovery in Iran. Iran alleges that Flame was created by the U.S. and Israel, but, of course, both nations have disavowed all knowledge.

One of the hackers got in touch with Honan later and told him how they did it, presumably while Honan stabbed a voodoo doll to death. Basically, all it took was Honan's billing address and credit card number, information that you give out on a frequent basis if you've ever ordered anything on the Internet (even a pizza). So pay attention:

First, they followed a link to his homepage from his Twitter account and used the information they found there to do a quick Internet search for his address. Next, they used his Gmail address to do an account recovery, which allowed them to see his partially obscured (but easily guessed) alternate email, which was his Apple ID. Then, they called Amazon's tech support to add a bogus credit card to Honan's Amazon account, which they were allowed to do after providing his email and billing addresses (two things that anyone on the Internet can see). Finally, they called right back and told tech support that they couldn't access their (Honan's) account. By providing Honan's name and email address and the newly added bogus credit card number, they were allowed to add a new email address to the account and have a password reset sent to it.

The hackers now had access to Honan's Amazon account, and access to all the credit cards on file -- just the last four digits of each card, mind you, but all Apple tech support requires is a billing address and those last four numbers. With that information, they had his Apple account, which they used to brick his devices and burn his digital life to the ground.

The best and/or saddest part is that Honan himself was targeted for absolutely no reason. The hackers had no idea who he was -- they just liked his Twitter handle and wanted to use it to troll for a while. They went through that whole complicated process and fucked his life over just so he wouldn't be able to log back in to Twitter and disrupt their hijinks.

But don't worry -- unless you have a Google account, an Amazon account and an Apple account, you're totally safe from something like this ever happening to you.

As we mentioned in the first entry, it turns out that real-life hackers can do the "run a virus that makes the enemy's shit explode" trick that we thought was Hollywood bullshit. So how do you top a virus that turns gas pipelines into giant smoking craters? How about crippling a country's nuclear capability?

In June 2010, a virus called Stuxnet was found lying dormant in the networks of factories, power plants and traffic control systems worldwide. Stuxnet had the disquieting ability to disable major energy networks (like switch off an oil pipeline or cripple a nuclear reactor) without alerting the operators, but in every system where it was found, the virus wouldn't do a single thing. It just kind of sat there, possibly collecting disability. As it turns out, Stuxnet was waiting.

Viruses, in general, tend to be indiscriminate. They just burst through the door like a werewolf and start destroying things. Stuxnet was different. It had a specific target -- in this case, the centrifuges in Iran's main uranium enrichment facility in Natanz. Its destructive programming would only activate under certain conditions, which could only be met while in Natanz. Once those conditions were met, Stuxnet would take complete control of the system.

So, what, it freezes up their computers? Maybe displays a little animated skull to let them know they'd been hit?

Hardly. The plant needs thousands of spinning centrifuges as part of the uranium enrichment process. Stuxnet was programmed to take over the machines and make them spin themselves to pieces.

A thousand of these centrifuges were deactivated by Iran in short order just around the time Stuxnet was believed to have been most active, accounting for 30 percent of the Natanz facility's uranium enrichment ability. Iran did not admit to Stuxnet's involvement, but did state that the virus' presence in a separate nuclear facility still under construction prevented them from turning on the reactors there for fear of causing a nationwide blackout.

A blackout caused by hacking.

Danny is a freelance writer. Feel free to badger him with love, work or hate at his Twitter, blog or email: dannyvittore@gmail.com.

For more from Soren, check out 8 Scenes That Prove Hollywood Doesn't Get Technology. Or discover 5 Ridiculous Gun Myths Everyone Believes (Thanks to Movies).

If you're pressed for time and just looking for a quick fix, then check out 5 Hilariously Elaborate Ways Video Games Punished Cheaters.

And stop by LinkSTORM to see which O'Brien's computer is full of Twilight fanfics.

And don't forget to follow us on Facebook, Twitter, and Tumblr to get sexy, sexy jokes sent straight to your news feed. Are you on Google+? So are we!

Do you have an idea in mind that would make a great article? Then sign up for our writers workshop! Do you possess expert skills in image creation and manipulation? Mediocre? Even rudimentary? Are you frightened by MS Paint and simply have a funny idea? You can create an infographic and you could be on the front page of Cracked.com tomorrow!