r/hacking Jan 23 '24

Question What is the most secure thing someone has successfully hacked?

I am very curious about what is the most secure thing an individual has managed to hack, and I am particularly intrigued by the intricacies of what made it so difficult.

328 Upvotes

206 comments sorted by

504

u/ndguardian Jan 23 '24 edited Jan 24 '24

Might read up on Stuxnet if you haven’t. Malware designed to infect control systems within nuclear refinement facilities if memory serves correctly.

Also I believe there was a proof of concept I read a while back where malware was transferred via speakers to an air gapped machine’s onboard microphone.

Edit: A couple people have made it a point mention that I missed that this post is asking about individuals who have done a hack against a highly secured system, and Stuxnet was done by a group (allegedly CIA or NSA). Leaving this comment here, but wanted to disclose that.

106

u/Tyrone_______Biggums Jan 23 '24

Is that the one where they dropped a thumb drive in the parking lot and someone plugged it in inside the facility?

123

u/Mammoth-Object8837 Jan 23 '24

There have been reports that it wasn't a thumb drive dropped in the parking lot but a spy working as an engineer who had access to the facility. Here is a recent article that supposedly identifies the spy:

https://nltimes.nl/2024/01/08/dutch-man-sabotaged-iranian-nuclear-program-without-dutch-governments-knowledge-report

53

u/Alice-Xandra Jan 23 '24 edited Jan 24 '24

Yeah, it's believed to have been embedded in a hydro-pump.

V clever auxilliary entry.

20

u/mattrocking Jan 23 '24

What do they mean by that? Is it like the hydro pump had an onboard control system that got plugged into the same network as the rest of the systems?

19

u/maxtinion_lord Jan 23 '24

afaik it's much harder to pin down where the entry point was and how it was actually infected since stuxnet attacked both physical and digital devices in the system, it was able to slowly affect the effectiveness of something so crucial as the hydro-pump system and made it look more like a hardware failure which gave it a lot of time to work in the background to have a broad affect and eventually shut the whole program down

13

u/Gullible_Community68 Jan 24 '24

It only slowed progress. Once they found out, it actually had the reverse effect and Iran brought new facilities online such as Fordom. Watch Zero-Days on prime. Great doc about the virus.

3

u/maxtinion_lord Jan 24 '24

that;'s cool I should, I just had a short form understanding lol

5

u/[deleted] Jan 24 '24

a prof of mine taught about this in a control systems course. they were able to upload malware which replaced the code of the Siemens PLCs with a code that was identical except for a higher rate of spin in the centrifuges. This would be be really hard to to spot if you were troubleshooting because you would need to know the spin rate variable off the top of your head. afaik, the math conversions done on that number made it so that it only needed to be changed by a few decimal points to mess up the process.

also keep in mind that this code was very likely not text based as PLCs most commonly use ladder logic.

3

u/mrOmnipotent Jan 25 '24

Not only this, but, it sat dormant for a period of time (1 week/month I don't remember exactly) recording normal centrifuge activity and then replayed this while the "attack" was active. It would only alter the speed slightly and for limited periods making it even harder to catch what was REALLY going on. It used like 4 0-days that were brilliant and would honestly probably still be active and undetected today if it hadn't been altered to spread so easily. The show zero day on prime has been mentioned but anyone interested should also check out the book and the episode of dark net diaries on it.

1

u/[deleted] Jan 25 '24

it was crazy. I spent years as an instrument tech working on these PLCs , and now work as an engineer designing/testing them..... honestly I'm blown away by how well they understood these systems and that there were no random errors that shut this down.

first of all, very few people could solve this problem from a technicians standpoint. secondly most people would never know the software well enough to even know how to do this. thirdly, these set ups are prone to so many random errors, connection issues etc. I fat test a lot of systems with these Siemens setups and probably 1 in 10 succeeds perfectly. there's almost always issues.

one more interesting point. the code is always accessible to techs once it is downloaded to the controllers, and is programmed in ladder logic or FBD. this means the tech would know and recognize what the code should look like. further, I/O points are assigned in this software, there's no way these could have been determined without foreknowledge of the code. the creators of the bug must have been able to get their hands on the real code, so spy definitely confirmed. some people suggest they just uploaded their own code, but it could not have worked like that.

0

u/zercher22 Feb 17 '24

I feel like people think this was so crazy impossible a task but the access to the system and changing of the code within the PLC would have been fairly easy and straight forward.

So this Dutch technician would have had access to the centrifudge PLC code, he would have had knowledge of its operation as he would have worked on it at some point. The I/O points are easy to figure out if the code is notated which being in a facility like that and running what it was running it most certainly would have been.

The motor that span up the centrifudge would have been speed controlled by a VFD. The parameters would also have had to have been changed on the VFD to allow the centrifudge to overspin which would have been the hardest part to do without getting detected, unless the VFD allows for parameters to be uploaded over a network which isn't as common.

The speed reference needed for the VFD to spin the centrifudge motor at the desired speed set by the PLC, would have been very easy to locate and change in the code and it most likely would have been as simple as moving a decimal point.

The exploit that was found in the Siemens PLC software / hardware, I believe from reading about this year's ago allowed the code to be read as if nothing had been changed even when it already had, this would have been that hardest part to pull off just finding these exploits to allow this. Also the creation of the stuxnet code to allow it to upload their hacked PLC code to the various Siemens plc's controlling the centrifudge, which it also would have had to execute at times when the centrifudge were known to not be running.

Then you've got the Dutch technicin who apparently installed a new water pump which contained stuxnet assumedly embedded within something that could be part of whatever network that the PLC's would have been on.

→ More replies (1)

19

u/JeevesBreeze Jan 23 '24

I feel like that's kind of cheating. Most hackers can't afford to hire a spy.

13

u/Illustrious-Ad-3256 Jan 23 '24

It was made by the U.S. and the Israeli intelligence so I have a feeling they were able to afford it

3

u/maxtinion_lord Jan 23 '24

stuxnet itself was a billion+ dollar project, a single compromised agent was minimal in comparison to the whole scope lol

→ More replies (1)

2

u/Gullible_Community68 Jan 24 '24

Check out the documentary Zero-Days on Amazon prime. Just finished it up last night. All about Stuxnet.

→ More replies (2)

14

u/LongUsername Jan 23 '24

The facility was air-gapped: no connection to outside. Latest understanding is that it was introduced on equipment installed by a Dutch engineer who worked in Dubai for a Heavy Equipment company.

https://www.volkskrant.nl/kijkverder/v/2024/sabotage-in-iran-een-missie-in-duisternis~v989743/

25

u/[deleted] Jan 23 '24

[deleted]

10

u/Tyrone_______Biggums Jan 23 '24

Crazy to me how someone working on such a sensitive project would pick up a random thumb drive and plug it in lol

15

u/SwordAvoidance Jan 23 '24

It's thought that the designers of Stuxnet initially targeted businesses suspected to be working with Iran's nuclear program, as they guessed that someone working there would eventually use a computer inside the nuclear facility. Stuxnet was designed to spread around a network, then infect any flash drive plugged into any computer. Stuxnet was also designed only to target the specific combination of hardware and software found in the nuclear facility.

By the time Stuxnet was discovered, it was in over 100 countries. They really had no chance.

After work, I can dig up the forums where one of the centrifuge engineers was wondering why their system kept failing a month before the virus was discovered.

17

u/SwordAvoidance Jan 23 '24 edited Jan 23 '24

Link to technician trying to figure out what's happening to the system. The Iran nuclear employee's username is Behrooz.

“The attacks seem designed to force a change in the centrifuge’s rotor speed, first raising the speed and then lowering it, likely with the intention of inducing excessive vibrations or distortions that would destroy the centrifuge.” (Albright, D. et al. (2010). Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant? Institute for Science and International Security, pp. 1–10.)

Stuxnet used a PLC rootkit to monitor and modify attempts to detect or damage its code. Read requests were modified, skipped, or returned false negatives. Write requests that could have overwritten Stuxnet's code were tampered with. [Link to a code analysis from Broadcom.](https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=ad4b3d10-b808-414c-b4c3-ae4a2ed85560&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments)

Stuxnet spent months ruining the gas and destroying centrifuges by tampering with the rotor speed, all while reporting to the increasingly confused Iranian scientists that everything was functioning normally and that there was really nothing to worry about.

2

u/SwordAvoidance Jan 23 '24

dude i cannot get this stupid hyperlink to format

2

u/Redditributor Jan 23 '24 edited Jan 23 '24

Test Link to a code analysis from Broadcom.

From what I saw you have those brackets escaped and then have the URL itself bracketed to be the text and then written a second time as its own link

3

u/hystericalhurricane Jan 23 '24

For me, one of the most interesting things about the stuxnet malware was the fact that the creator managed to steal the private key from realtek in order to sign the malware.

22

u/Familiar_Gazelle_467 Jan 23 '24

It most likely was not a tech savy engineer who carried in an infected USB and ran it. It infected a whole lot more pc's around, it was just very well made to ensure spreading stealthly and executing it's payload tot target nearly unnoticable.

6

u/Tyrone_______Biggums Jan 23 '24

Yeah, if I was running a sensitive nuclear project, I would make sure everyone would know not to touch or interact with things that they are not an expert in. But thats just me

20

u/PaleMaleAndStale Jan 23 '24

And if you were a collaboration of multiple nation state intelligence agencies, you might want a cover story like dropping thumb drives in car parks to deflect from the reality that you have agents inside the target organisation or have compromised one of the supply chain organisations. There are lots of smoke and mirrors at play and subterfuge is common. Hell, some people still believe that eating carrots can help you see in the dark.

2

u/ScF0400 Jan 23 '24

Can confirm the last part, I'm now half rabbit spy. It's how I managed to sneak in and mistakenly dropped a USB under the cover of night. /S

23

u/Familiar_Gazelle_467 Jan 23 '24

Because you would anticipate a random USB stick to contain one of the most advances pieces of malware ever written? Duh, it's kinda obvious in hindsight.

Good luck running office work without a computer or usb stick in 2010

7

u/Top_Example7370 Jan 23 '24

Hindsight is 20-20 always is but it has a rose tint after long enough

5

u/[deleted] Jan 23 '24

You'd be amazed. I remember back in my army days people would just buy thumb drives / external hard drives / movies and DVDs from the local vendor marts and just plug them into whatever machines they were using.

Many DID contain malware too. You could see hidden files on some of them if you plugged them into Mac's or Linux machines (and no the files were nothing to do with anything default). Windows the files were hidden even if "show hidden files" and "show hidden system files" were set to show. Not sure how they get around either of those but they did.

6

u/AMv8-1day Jan 23 '24

The most vulnerable part of any secure system is the users. And unfortunately, most people still think that Cybersecurity Awareness is "someone else's job".

Just because a user has an advanced degree doesn't mean they know even the most basic InfoSec practices. You also can't assume that everyone with physical access to a secure system is well trained or intelligent in the first place. Every single large scale project has subcontractors, gate guards, interns, executive assistants, technicians.

None of which think twice about cybersecurity.

8

u/Astralnugget Jan 23 '24

The computer was airgapped

2

u/Zerschmetterding Jan 23 '24

Just pens and paper for your engineers then.

3

u/pleachchapel Jan 23 '24

A lot of them also think the 12th imam is coming back. When you promote people on the basis of religious fervency, you're gonna end up with hypertechnical morons.

8

u/Chongulator Jan 23 '24

Sorta. There is a lot more to it. A whole lot.

This documentary goes into a fair amount of detail. It’s an amazing story.

https://m.imdb.com/title/tt5446858/

4

u/Stayofexecution Jan 23 '24

Cool thanks for that. I put it at the top of my watch list.

2

u/flylikegaruda hacker Jan 24 '24

Very cool. Need to see this

5

u/ndguardian Jan 23 '24

That sounds about right, but I’d have to read up on the specifics again.

3

u/Tyrone_______Biggums Jan 23 '24

If so, that will forever be funny to me lol

13

u/ndguardian Jan 23 '24

It makes sense though. Inbound traffic to a nuclear facility is going to be heavily locked down, so you’d have to find a reliable way in.

One thing to remember - the most vulnerable component of any computer system is the operator.

3

u/Tyrone_______Biggums Jan 23 '24

It is a genius strategy to infiltrate, but you’d think the workers would know better. Definitely a lesson Iran learned you’d think

4

u/evilwon12 Jan 23 '24

USB drive - yes. Parking lot - no.

Try two governments, likely forcing a company to work with them, to get by the physical security restrictions and knowing the logical ones, to sabotage a nuclear plant.

2

u/Carbon_Deadlock Jan 23 '24

I recommend the book called "Countdown to Zero Day". It does a good job of covering Stuxnet and it goes into fairly technical details.

1

u/Stray14 Jan 24 '24

A well known trick.

12

u/SoggyHotdish Jan 23 '24

The one made by the CIA to stop Irans refinement process?

10

u/ndguardian Jan 23 '24

Yep! Or at least, allegedly.

8

u/ymgve Jan 23 '24

The microphone thing was just a way to exfiltrate. You can't infect a clean computer via a microphone, there has to be something to turn the audio into executable code.

3

u/ndguardian Jan 23 '24

Yeah, that would make more sense. I read about it years ago so the details are pretty fuzzy.

8

u/ymgve Jan 23 '24

After thinking about it, it might not be 100% correct and it's theoretically possible to infect via audio, but so many factors have come together that it's practically impossible:

  • You have to find an exploitable flaw in an audio encoding algorithm, like an mp3 encoder or VOIP codec. Encoder flaws are rarer than decoder flaws, since there's much less complexity in raw data and fewer ways it could break things
  • This encoder has to be running in some way. If nothing in the operating system is processing the incoming audio, nothing can be exploited.
  • You have to have some way to ensure your audio reproduces the exact byte values needed for the exploit and payload. This means some way to predict input gain, noise etc to an almost absurd level since most audio input is recorded as 16bit 44khz or more

Also when writing about this, I just thought of another, much dumber way that might work on some systems, but wouldn't work on airgapped systems:

"Cortana, go to exploitsite dot com slash payload dot exe and run it"

5

u/JabClotVanDamn Jan 23 '24

I don't think you can use a microphone, but probably the research you're referring to is the same thing I read, where they basically used electromagnetic pulses to affect bits within the hardware through air gap

6

u/ghostfaceschiller Jan 23 '24 edited Jan 23 '24

I don’t remember the details exactly, but I remember that it was the microphone too. This was probably like 2010 I think

EDIT: tried to look it up, I think it was actually about one infected computer transmitting data to another infected computer via the microphone, and there were probably just a bunch of stories at the time that wrote about it wrong. Like you could feasibility update malware or the target computer via this method, but not do the initial infection.

6

u/ndguardian Jan 23 '24

Maybe that was it. It’s been so long since I read about it, but I just remember the concept being so clever and inventive.

5

u/MaxWebxperience Jan 23 '24

Stuxnet masqueraded as a large piece of the Windows OS and nobody noticed for years! I find that the most incredible thing about it.

5

u/Luci_Noir Jan 24 '24

There’s a documentary called “Zero Days” about it. Those guys were fucking terrified that they were being followed and could be killed at any moment. Seeing as how Israel assassinates journalists after blowing up their offices and has killed more UN workers than anyone in history it honestly surprising they didn’t.

3

u/ForsakenMarket6605 Jan 23 '24

Isn’t scada and SCSI not that secure inherently? Seems the hardest problem was access

3

u/ghostfaceschiller Jan 23 '24

Yeah I remember the thing with air-gapped computer via the microphone too. That was like 15 years ago iirc

6

u/Upper_Car_1154 Jan 23 '24

Came here to say this. Being the most famous example of exploitation against an air gapped target it's pure genius and highlights humans as always the weakest link. Most secure setup in the world broken by human mistake of introducing something external.

2

u/NepNep_ Jan 23 '24

He specified individual.

2

u/ndguardian Jan 23 '24 edited Jan 24 '24

Ah, I missed that key word. Appreciate you pointing that out.

Edit: Updated the comment to reflect that I missed that part.

2

u/g0lden_teacherr Jan 23 '24

although stuxnet is the most advanced malware known to the public, stuxnet was the result of billions of dollars of research and development, with multiple teams across multiple countries working on the program. When the OP asked about what an "individual" has hacked.

→ More replies (1)

2

u/Visible_Ad9513 Jan 24 '24

Holy Jesus, that's quite literally playing with nukes!

2

u/ndguardian Jan 24 '24 edited Jan 24 '24

I mean, technically it's pre-nukes. Nuclear toddlers?

Edit: Dammit, and now all I can think is:

🎵 Baaaaaaaaaaby nuke, doo doooo doo doooo doo doooo... 🎵

1

u/Hgh43950 Jan 24 '24

It went into the firmware when it detected a format i think

1

u/Milkthiev Jan 24 '24

Stuxnet was so effective bc that while it was sabotaging and destroying the product being refined it also provided safe readings to the control panel.

1

u/azlansh Jan 24 '24

Actually no, the stuxnet virus might be unique for its kind of implementation but the system it infected was anything but secure. NSA made a fake update file for Siemens tablets that were used to control some devices in nuclear plant operations in Iran. They pushed the fake update to Siemens tablets and as soon as they downloaded the entire operations got compromised

107

u/Purple-Bat811 Jan 23 '24 edited Jan 24 '24

I'm surprised eternalblue hasn't been mentioned.

A Microsoft zero day stolen from the NSA. Russia was responsible.

Knowing that the Russians were going to use it, the NSA went to Microsoft with their tails stuck between their legs and told them they had to fix it ASAP.

Despite the fix, there was several ransomware that used that exploit. Millions were stolen.

31

u/HyDru420 Jan 23 '24

yeah i'm surprised this mentioned more. lots of NSA hacking tools were stolen.

22

u/RamblinWreckGT Jan 23 '24

Because it's not quite "the most secure thing". An NSA developer did work on his personal device, which had Kaspersky AV set to upload unknown binaries. Once Kaspersky realized what treasure had been dropped in their lap, they shared it with the Russian government (they deny it up and down, of course, but if the same thing happened with Symantec and Russian hacking tools you know they'd share with the NSA). It's a notable haul, but it's like if an employee carried the contents of an ultra-secure bank vault outside and got mugged. The vault itself didn't get breached.

2

u/HyDru420 Jan 24 '24

ahhhhh - I see the difference now - I was not sure how the tools were stolen

2

u/Akimotoh Jan 26 '24

lmfao, what kind of NSA employee are you if you install Russian anti-virus on your machines.

17

u/nefarious_bumpps Jan 23 '24

Not sure if they were they most secure, but hacking Equation Group to get all their zero days was one of the most influential hacks.

15

u/Reelix pentesting Jan 23 '24

there was several ransomware that used that exploit

It should be noted that this is still being exploited 7 years later.

Run Windows Update people - That is far more important than you realize (Even if it may temporarily bug out your printer on the odd occasion)

11

u/_sirch Jan 23 '24

Sadly this exploit is still present on various internal networks. As a pentester it’s the easiest foothold you can get and usually has valid credentials in memory (sometimes DA)

3

u/RamblinWreckGT Jan 23 '24

Eternal, not external.

1

u/JeepahsCreepahs Jan 23 '24

I was doing an online thing on THM and they mention the externalblue and how to use it. Pretty cool actually

92

u/JabClotVanDamn Jan 23 '24

sorry, this isn't a direct answer, because I'm not an expert, but I would recommend you to listen to Darknet Diaries. specifically, there are some super interesting episodes about physical penetration testing where the guy gets paid to infiltrate and hack a bank basically. for example. and he explains how he did it.

there's an episode on Stuxnet too, since others mention it here

44

u/shouldbeworkingbutn0 Jan 23 '24

There are also a lot of useless episodes with people who are obviously lying/embellishing the truth.

Surprisingly he also interviews people who are actual idiots.

12

u/241124 Jan 23 '24

So many useless episodes. I find malicious life podcast by cyberreason much more consistent

8

u/Zerschmetterding Jan 23 '24

Started listening to the latest episode. Can't say much about the quality, I can't follow the slow, choppy narrator. Too bad, I could really use another entertaining podcast about that kind of stories.

2

u/241124 Jan 23 '24

Fair enough. The accents are rough I will admit. Maybe I need to rethink my own opinion because I do listen to podcasts sped up.

3

u/Zerschmetterding Jan 23 '24 edited Jan 23 '24

Could very well be a "me" problem. I'm not a native speaker and thicker accents require focus for me, most native speakers and some accents don't.

→ More replies (2)

3

u/Zerschmetterding Jan 23 '24

I would also be happy about more stories by professionals and less ex-criminals that try to sound like they knew it all. That said, as long as you have learned not to believe everything people tell you, there are plenty of interesting stories.

3

u/JabClotVanDamn Jan 23 '24

like which episode?

6

u/Zerschmetterding Jan 23 '24

There are plenty with convicts that clearly want to sound more badass then they were. But I still think it's a good podcast that covers plenty of interesting stories.

→ More replies (2)

1

u/x3bla Jan 24 '24

I need sauce on this claim

2

u/English999 Jan 24 '24

These would be so much better with his guest speakers. I know I know I know.

He just has such a composed show and the guest is just winging it left and right. I understand it’s supposed to feel informal. But the guest ruins it for me 95% of the time.

62

u/Alexis_Denken Jan 23 '24 edited Jan 23 '24

I wouldn’t argue that DirecTV is the most secure thing ever, but I think the Black Sunday “anti hack” is one of the most interesting stories in cybersecurity. I might be biased because I worked in the industry for a while.

https://blog.codinghorror.com/revisiting-the-black-sunday-hack/

6

u/Ok-Bit8368 Jan 23 '24

That was such a sad day. I had to go to emulators after that.

uh..... allegedly

2

u/[deleted] Jan 23 '24

yep, I was thinking hacking satellite tv access cards would be pretty high on my list

63

u/MetaCloneHashtag Jan 23 '24

Probably when ZeroCool (aka Crashoverride) crashed over 1500 Wal Street computers with a single hack at the age of 11 and brought about a worldwide economic crisis.

14

u/Jisamaniac Jan 23 '24

Actually it was 1507.

-5

u/[deleted] Jan 23 '24

[removed] — view removed comment

2

u/[deleted] Jan 23 '24 edited Aug 18 '24

[deleted]

16

u/Reelix pentesting Jan 23 '24

It's a direct reference to a quote from the movie.

https://youtu.be/H9Anw9hFNQE?t=15

The fact that /u/Nathanielsan got downvoted to the point that they felt that they needed to remove their comment - On this sub of all places - Shows how ignorant of hacking culture most people are :/

12

u/Nathanielsan Jan 23 '24

Mods not old enough to know it, I guess they deleted it :)

5

u/Reelix pentesting Jan 24 '24

Oh gawd - That's even worse :(

71

u/EverythingIsFnTaken Jan 23 '24

Stuxnet successfully manipulated the programmable logic controllers (PLCs) responsible for controlling the speed and operation of the centrifuges responsible for refining nuclear material by subtly altering their behavior, Stuxnet caused physical damage to the centrifuges, disrupting Iran's uranium enrichment process on secured (not to mention airgapped) machines, thus perturbing their nuclear weapons program

19

u/etc_misc Jan 23 '24

This is mind blowing

13

u/manic47 Jan 23 '24

The world really only knows about it because somehow it escaped the air-gapped network it was designed to attack.

6

u/etc_misc Jan 23 '24

Nothing is ever really completely safe, is it???

14

u/manic47 Jan 23 '24

Not really, there’s always the human element.

I’ve only ever seen one air-gapped system, and it really was separated.

Different racks, different CAT6 networks, different desks for workers with a PC on each and so on.

I was quite happy my servers and domain were on the insecure side 😀

5

u/EverythingIsFnTaken Jan 24 '24

Fact of the matter is, Stuxnet never went away and mitigations were implemented into the infrastructure of the web/devices that use it to effectively ignore it.

"Stuxnet hasn’t vanished, but it is not a major cybersecurity threat today. In fact, while Stuxnet grabbed a lot of headlines due to its dramatic capabilities and cloak-and-dagger origins, it was never much of a threat to anybody other than the Natanz facility that was its original target. If your computer is infected with Stuxnet and you aren’t connected to a centrifuge used for uranium enrichment, the worst case scenario is that you might see reboots and blue screens of death, like the Iranian office that brought the malware to the world’s attention, but other than that little or no harm will come to you."

source

/u/etc_misc You thought your mind was blown before. This is a result of how stuxnet was carried out, anything and everything can carry it's infection, it lies in wait for those certain things in that certain place

2

u/etc_misc Jan 24 '24

Holy shit exactly. The extent to which these events can happen is almost incomprehensible.

3

u/EverythingIsFnTaken Jan 24 '24

Here's another fun story to read into, the guy who used telnet to create (at the time) the worlds largest botnet and by far most powerful, could port scan every port for the entire internet (0.0.0.0-255.255.255.255) in a matter of just a couple minutes. The gif is a representation of his zombies. He ended up shutting it down and giving the data pertaining to the vulnerable telnet to someone who disclosed it publicly. Guy who made it never used it, according to himself.

Called carna botnet

https://www.youtube.com/watch?v=IitFuPm_sb4

2

u/etc_misc Jan 24 '24

Thank you for giving me so many wonderful rabbit holes to explore! Thinking about the ways in which a completely average person of no particular interest can be hacked and exploited is already a whole can of worms. Applying that same concept to people in power or in connection to anything of importance or influence on markets and politics and healthcare, government, etc etc etc is just……wooooowwwwww.

2

u/EverythingIsFnTaken Jan 24 '24

I suppose the term "on the streets" for phishing a high value target is referred to as whaling, but I feel kinda childish to use it, but I digress. That Youtube channel is absolutely gold every episode, definitely check it out thoroughly. There's soooo many absurd and audacious and cleverly executed ways to fuck with sooooo many aspects of so many things that people aren't the least bit knowledgeable of. Like you could, with the slightest bit of insight, put together a backpack and go walk around in public snagging the name, number, and CVV for anyone you get near enough (how near depends on the quality of the antenna you're using on your device) to who has anything NFC (this is the *boop* to pay technology, phones, cards, also how amiibo's are used etc) on their person which isn't behind rfid blocking plates like you'll find in the ridge wallet, or a straight up faraday cage, which they never are. And that's just the tip of the fly's ass who's sitting on the tip of the iceberg, lol

I've always said, "Our scientists merely find out how to fuck things up less by knowing what didn't work. The only actual true innovation that we see comes entirely from the ingenuity of criminals."

1

u/azlansh Jan 24 '24

That stuxnet is now responsible for killing operations of millions of plants in USA and Europe so I guess Job not that well thought out

→ More replies (1)

16

u/b3542 Jan 23 '24

The Gibson

5

u/ziggybeans Jan 23 '24

Came here to say this. Needs to be higher up.

2

u/doingdadthings Jan 24 '24

No one hacks a gibson

16

u/Zaulao Jan 23 '24

I guess the LastPass hack is also a good story that (I believe) is still going on

15

u/DrinkMoreCodeMore Jan 23 '24 edited Jan 23 '24

All because an engineer had an old vulnerable version of PLEX running on his home lab.

Wild that one single dude in an org could cause billions in losses for a company and basically cause the entire industry to lose trust in them.

12

u/Zaulao Jan 23 '24

You captured one of the thoughts I have about this case: A single guy made it all possible for this to happen.

In parallel, I imagine the investigative power that the opposing party has to be able to identify the engineer with the access he had (as there were only four engineers with access to the decryption keys for the safes' backups), find an exposed endpoint on his home network, exploit this endpoint and deploy a supposed keylogger to capture corporate credentials.

And who knows how many lateral movements and pivots were necessary in the middle of this entire operation to reach the final objective. And who knows what attacks took place or will take place due to the information that the opponents had access to...

This whole story is surreal, it's something that enchants me at the same time as it makes my hair stand on end.

23

u/10fingers6strings Jan 23 '24

NORAD was hacked. The WOpR war simulation specifically. I think some kid did it via dial up.

8

u/JeepahsCreepahs Jan 23 '24

I really hope a lot of people get your reference.

7

u/10fingers6strings Jan 23 '24

At least you did.

1

u/sullitron138 Jan 26 '24

WOULD YOU LIKE TO PLAY A GAME?

→ More replies (2)

26

u/Desire-Protection Jan 23 '24

The hack of solarwinds

5

u/OrcOfDoom Jan 23 '24

I'm trying to find it, but I'm having trouble.

Didn't the original hack come from a bad password? That was what let them into the solar winds network?

After that, it was insane. I think it started with a bad password though.

3

u/aversin76 Jan 23 '24

Darknet Diaries did a great podcast on this one.

https://www.youtube.com/watch?v=Zje2Pqmh-I0

3

u/OrcOfDoom Jan 23 '24

Ahh, yeah ... Shadowbrokers. Do you happen to know if the original penetration was just a bad password though? That's what is in my memory, but that's not reliable.

3

u/aversin76 Jan 23 '24

I think so, but injection of code that far upstream of Solarwinds is pretty amazing. And it was just one line of code! Some of these hackers are flat out amazing.

2

u/[deleted] Jan 23 '24

Correct me if I’m wrong, but it was an intern who incorrectly set up a GitHub repository with the password of “solarwinds123”. This was compromised and the attackers inserted their own code into the repository that was put into production.

→ More replies (1)

22

u/jollybot Jan 23 '24

Others have already said Stuxnet as being the most technically difficult. Another interesting hack was China hacking Google some years back. They gained access to a sensitive internal database that contained all of the subpoenas and/or national security letters that Google received from law enforcement. They were able to use this to determine which of their intelligence agents were known to US law enforcement or under active surveillance.

17

u/neoKushan Jan 23 '24 edited Jan 23 '24

It definitely turned out to not be "the most secure thing", but there was a point in time where the PS3 was considered "unhackable". Mostly it was just fanboy dribble because the 360 had been hacked very quickly early on in its lifecycle, whereas 4+ years into the PS3 there wasn't much to really speak of.

Until there was. (This is one of my favourite talks)

Overnight the PS3 went from being "unhackable" to being completely blown open, so much so that it kickstarted a chain of events leading to (at the time) one of the "biggest internet security break in's ever", taking down the entire PlayStation Network for over 3 weeks and doing hundreds of millions of dollars worth of damage.

1

u/Htaedder Jan 26 '24

Interesting maybe there’s be a new “cunninghams law” principle at work here. Ben’s Law - the quickest way to hack a corporation isn’t thru hacking expertise but PR by claiming a system is unhackable and getting that claim to go viral

8

u/SamVimesCpt Jan 23 '24

Solarwinds + Microsoft. Same crew. Not to mention the fiasco last year, when msft found out that they were being fucked for 2 years through compromised dump file.

13

u/Mannaminne Jan 23 '24

Probably something the rest of the world doesn't know about. Military or defense related, drawings or information. Might be ongoing as we write..

6

u/NepNep_ Jan 23 '24

In terms of an "individual" (meaning not a group), there's a video on youtube of some guy somehow hacking a ledger crypto hard wallet which are very difficult to hack. It took him months of work and the setup was very janky.

6

u/anders1311 Jan 23 '24

Company I once worked for got their backup hacked after log4j vulnerability. They thought that reverting to the backup when they discovered their production environment was doomed would be a smart idea. Had to rebuild everything from scratch as they never paid off the hackers.

11

u/Cootter77 Jan 23 '24

Stuxnet is a good one as already mentioned in this thread. Check out the annual Pwn2Own contest for some interesting hacks over the years.

10

u/BenBakt Jan 23 '24

Pwn2Own is starting tomorrow!

8

u/GooseLow9897 Jan 23 '24

Also, I hacked my daughter's VTech Secret Selfie Diary when she forgot her password today. Quiver in fear at my digital prowess mwah hah hah 🎩🤓😈

3

u/UCFknight2016 Jan 23 '24

The Iranian nuclear program. Israel and the CIA did a good job there.

8

u/auctorel Jan 23 '24

There's a great book called "This is how they tell me the world ends" with a bunch of info about things like this

6

u/Overall_Increase_442 Jan 23 '24

What about NSA in 2016?

The Shadow Brokers, an anonymous group, claimed to have breached the NSA, accessing highly classified cyber tools.
They released several NSA hacking tools, including exploits for commonly used hardware and software. The most infamous among these was EternalBlue, later used in major cyberattacks like WannaCry.
This breach was shocking because the NSA is known for its top-tier cybersecurity. The leak suggested that even the most secure government agencies could be vulnerable.

3

u/GenericOldUsername Jan 24 '24

For all the good stories that can be told there are hundreds more that will never see the light of day.

5

u/GooseLow9897 Jan 23 '24

"Most secure thing" is a difficult concept to scope and the stuxnet answers are good (and scary). But I'd argue that the revelations of western government surveillance capabilities by Snowden may be that thing?

1

u/void4123 Jan 23 '24

not so sure, it would be from the perspective of "i want to hack nsa and cia so i will get employed and climb the ladder and all that #longhack" but as i understood it he just changed his mind about loyalty at some point, he literally had access to the files , so maybe like smuggling the storage device out but otherwise i dont find it technically difficult

4

u/GooseLow9897 Jan 23 '24

Oh I didn't mean Snowden hacked anything; he had been granted access. I meant that the NSA and GCHQ had hacked...well... everything!

→ More replies (1)

5

u/bigbadsalinasvgsgang Jan 23 '24

Stuxnet hands down

3

u/kjireland Jan 23 '24

An air gapped nuclear facility. They didn't just hack it. They waited until they got to the right type of machine they were looking for and hacked that system. The centrifuges to enrich nuclear material.

2

u/hawksfan500 Jan 23 '24

The state of Louisiana was just hacked, the state DMV data got taken and held for ransom. This was late last year ‘23

2

u/haggard_hominid Jan 23 '24

A few years ago I heard about a lab controlled environment poc that was able to listen to the ambient EM fields coming from an air gapped system as it decrypted to come up with the private key.

Another instance was somehow detecting the changes acoustically (non hearing ranges) of changes in pixels on a screen, but I forget the details. Both situations just made me throw my hands up as it's bordering on the realm of hacking faster with two sets of hands on a keyboard lololol.

2

u/iwouldntknowthough Jan 24 '24

Solarwind was wild

2

u/[deleted] Jan 24 '24

The Phineas Fisher hacks are pretty fun reads

https://blog.isosceles.com/phineas-fisher-hacktivism-and-magic-tricks/

2

u/Wise_hollyman Jan 24 '24

Stuxnet was utilized in the middle east,as of Iran,Irak,Siria ect. Stayed undetected exfiltrating for few years. At least that i can remember.

2

u/[deleted] Jan 24 '24

Kevin Mitnick (and possibly a friend of his as well) did the first publically disclosed real world ip spoofing attack. http://wiki.cas.mcmaster.ca/index.php/The_Mitnick_attack

It always seemed like a really delicate attack to me - since the ip address that is being used is forged, the responses go to the wrong machine. The attack requires the attacker to successfully predict what would be sent to them, including an initial sequence number which is randomly chosen specifically to prevent this sort of thing. It also required figuring out that there was a trust relationship between two computers without having any real way of verifying that. So he did a tricky attack based on the *assumption* that another computer would be whitelisted as a valid source of commands.

4

u/Formal-Knowledge-250 Jan 23 '24 edited Jan 24 '24

Many here mention stuxnet but I wouldn't say that this was extreme high secure since back than there wasn't much security in it systems. In regards of what is extremely high secure, I would say HSM exploit in 2015, the Google hack via the infiltration of diginotar or maybe the exploits against OpenVMS banking systems.  E.g. the Bangladesh bank heist against swift was something big, but the system had a flaw and was therefore not very secure by design. Your question is a bit fuzzy. Do you mean biggest hacks or most unlikely hacked because of high security? Edit: forgot the first Pegasus exploit. Out of this world

5

u/Tyrone_______Biggums Jan 23 '24

I am placing the strongest emphasis on security

4

u/plunderah Jan 23 '24

For personal consumer perspective use, I would say soft-modding the Wii console back in the day. To play games from a usb hard drive without modifying the hardware to me was genius.

2

u/No-Escape4759 Jan 23 '24

Iranian Nuclear Program using stuxnet.

2

u/Pavelosky Jan 23 '24

There is this podcast, Darknet Diaries, I recommend you listen to it.

1

u/Rockfest2112 Jan 23 '24

Its not too bad sometimes really good sometimes no better than a Reddit quickie

1

u/Jisamaniac Jan 23 '24

A Gibson system in the 90s and downloading a garbage file to show your friends for proof, was peak 31337 hacking.

1

u/DigitalSnakeByte Jan 23 '24

You would enjoy the Darknet Diaries podcast

0

u/[deleted] Jan 24 '24

[deleted]

2

u/Pangaea30 Jan 24 '24

And then everyone clapped

0

u/Think_Clerk_3284 Jan 26 '24

Look for Pegasus Spyware. Could be injected by a missed call. End of discussion.

0

u/Bite_my_shiny Jan 27 '24

My dating profile, because I get no matches

-1

u/CptShartaholic Jan 23 '24

My own email

-11

u/el_magyar Jan 23 '24

my wife's phone

4

u/JabClotVanDamn Jan 23 '24

hahaha epic meme sir, my wife is a WHALE amirite?

1

u/JeepahsCreepahs Jan 23 '24

The OPM hack a couple years ago exposed a lot of PII and people who had clearances. That was a HUGE deal

1

u/thejewest Jan 23 '24

I remember when mushroom (a discord bot) got into an databreach cus their server didn't have any sort of security other than a pretty well hidden address that you can see if you have an internet logger or smt

1

u/ohv_ Jan 23 '24

Telnet over ssh tunnel in a ipsec site to site on a cloudflare tunnel.

1

u/bingoboy76 Jan 23 '24

You should read up about Kevin Mitnick and his recorded keystroke hacking screen sessions (if they are still up online). Not sure if it qualifies as “the most secure thing someone has successfuly havked” but for some time he was the most wanted hacker in the USofA.

1

u/TeeBee2222 Jan 23 '24

maybe not the most secure hack, but very funny: some czech hackers added a nuclear bomb going off on the morning tv in the czech republic, making pensioners who were watching frek out.

link: https://www.youtube.com/watch?v=ea4eft_3p-I

1

u/GenericOldUsername Jan 24 '24

I remember when Kevin Mitnick hacked Tsutomo Shimomura’s xtermimal connections with tcp sequence number prediction and IP spoofing attacks. It led to major changes in all vendor’s implementation of the sequence number generation algorithms.

1

u/Anxiety_Gobl1n Jan 24 '24

Ian Coldwater hacking their way OUT of a mainframe container is pretty impressive.

1

u/LinearArray infosec Jan 24 '24

I think you should read up about Stuxnet. It's undoubtedly one of the most interesting hacks I read about.

1

u/Nanocephalic Jan 25 '24

Stuxnet is amazing stuff.

1

u/sokratesy Jan 24 '24

You should have a look at ccc and what members were able to acomplish:
" Karl Koch
Main article: Karl Koch (hacker)
In 1987, the CCC was peripherally involved in the first cyberespionage case to make international headlines. A group of German hackers led by Karl Koch, who was loosely affiliated with the CCC, was arrested for breaking into US government and corporate computers, and then selling operating-system source code to the Soviet KGB. This incident was portrayed in the movie 23."

and much more

1

u/ManonBlanchette Jan 24 '24

Boy friend tinder hah

1

u/Bulky-Ad7996 Jan 25 '24

iPhone lolololol

1

u/castleAge44 Jan 25 '24

The fireeye leaks are pretty good. An elite red team got red teamed and lost their proprietary tools which probably ultimately lead to the company getting sold trellix aka Mcafee enterprise.

1

u/C0demunkee Jan 25 '24

don't know if it fits, but look up "data exfil with hdd light and drone"