Recently, we’ve written a series of articles looking the at various ways the coronavirus intersects with cybersecurity concerns. And while we don’t want to downplay the importance of maintaining cybersecurity practices throughout the crisis, we could all use a little distraction from time to time. So, we decided to have some fun today. And what is more fun than hearing stories about hackers who completely and totally messed up? So, without further ado, we present three major hacker fails to keep your mind off the news for a few minutes.
Hacker Fail #1: The Spy Who Hacked Me (Then Posted it on YouTube)
This should go without saying, but if you’re going to install malware on hospital computers, you probably shouldn’t upload a video of yourself doing it. As it happens, that is exactly what Jesse William McGraw did. McGraw was a night security guard at Northern Central Medical Plaza in Dallas. One night he decided to film a video of himself pretending to be a spy who was infiltrating the premises (with James Bond music and all). Of course, as a security guard, he had access to the entire building and wasn’t actually doing anything illegal. That is, until he started installing malware on a dozen of the hospital’s computers.
Authorities quickly arrested McGraw and discovered he was actually the leader of a hacking group called the Electronik Tribulation Army. For his part, McGraw was sentenced to 9 years in prison and ordered to pay over $30,000 in restitution.
Hacker Fail #2: VPN FML
This story involves one of the most news-worthy cyber-attacks in the past few years: and hack and leak of emails from the Democratic National Committee. The documents were leaked online over the course of few months by a hacker calling himself Guccifer 2.0. While leaking the documents, Guccifer portrayed himself as a lone hacker conducted the attack for the fun of it.
Of course, we know now that this hack was instead conducted by the Russian government, specifically the GRU, Russia’s intelligence agency. As it turned out, tracing the hack back to the GRU didn’t take much work because Guccifer made a very simple mistake: he forgot to turn on his VPN. VPN’s help users stay anonymous online by connecting to the internet using shared IP addresses. Guccifer routinely used a VPN to cover his tracks online, but at one point simply forgot to turn it on before logging onto a social media site. The mistake allowed authorities to trace the hackers location directly back to GRU headquarters.
And the rest, they say, is quite literally history.
Hacker Fail #3: Hoist with his own petard
We saved the stupidest for last. For a while now, a transcript of a chat between hackers has been passed around the internet. In the chat, two rivals hackers were arguing with one another and threatening to attack the other. One of the hackers claimed to be using a program that allowed him to remotely delete a hard drive by simply entering in the target’s IP address. Calling his bluff, the other hacker shared his IP in the chat. However, instead of giving his actually IP, he gave him a loopback address that pointed right back at the would-be hacker’s own computer. So, when he ran the IP address through the program, he ended up wiping out his own hard drive instead of his rival’s.
Subscribe to our blog here: https://mailchi.mp/90772cbff4db/dpblog