Greatest hacker attacks

In early January, hackers carried out a DDoS attack on the site of Angela Merkel. They put pressure on Germany to stop financial and political support from the Ukrainian authorities. The data center that hosts Merkel’s official website was seriously attacked, and the website of the German Foreign Ministry was also affected.
The pro-Russian hackers from the Cyberkut group took responsibility for the cyber attacks. The Cyberkkut grouping made itself known in early 2014. However, the American company FireEye, specializing in computer security, concluded that a group of hackers codenamed ATP28 has been operating since 2007 in the interests of the Russian government.
Hackers have declared themselves fighters against euromaidan and the arbitrariness of the Ukrainian authorities. They declared war on the "Right Sector" and repeatedly attacked political Internet resources supporting a military operation against the separatists. For example, they brought down the website of the Central Election Commission of Ukraine on the day of parliamentary elections.
2014
From the beginning of 2014, Ukrainian web resources repeatedly fell under a powerful stream of DDoS attacks. Basically this year, the resources of state bodies of the SBU, the Cabinet of Ministers, the Ministry of Internal Affairs, the Ministry of Foreign Affairs, the Central Election Commission were attacked. Experts recorded the highest number of attacks on various web resources of government agencies in April, during the May holidays, before the presidential elections and before the Independence Day.
An important indicator is not the number of attacks, but its duration and power of the stream. Many short-term attacks in one day will not cause much harm. A long-term attack (from several hours to several days or even weeks) with a powerful stream (several tens or even hundreds of Gbit / s) is more destructive.
For example, the power of the stream during the DDoS attack on the resource mfa.gov.ua (website of the Ministry of Foreign Affairs of Ukraine) on the Independence Day of Ukraine reached 3-5 Gbit / s and lasted for several hours. The attack on the site was conducted mainly from China, but this does not mean that China was attacked by us, it just turned out to be the largest number of infected computers.
Spring 2014
In the spring of 2014, an attack was made on leading Russian banks, large companies and government agencies. The average power of DDoS attacks was 70-80 Gbit / s, and at peak times it reached a record 120 Gbit / s. To this, powerful DDoS attacks in Runet were recorded in 2013, their capacities did not exceed 60 Gbps.
During the attacks, more than 15 organizations suffered. In some of them, during attacks that could last for hours, the key systems were unavailable or interrupted: websites, remote banking systems, and even ATMs.
The victims of the attacks in March 2014 were banks - Sberbank, Gazprombank, Alfa Bank, VTB 24, the websites of the Russian authorities - Roskomnadzor, the Central Bank, the presidential administration. Kaspersky Lab itself was also under attack, as well as media sites: Lifenews, Channel One, Russia Today, and Komsomolskaya Pravda.
Hackers used a vulnerability in the NTP protocol (Network Time Protocol), which, according to antivirus company, allows you to increase attack power up to 550 times. This vulnerability was discovered in January 2014 by the US Office of the US-CERT, which coordinates response to Internet threats and reports on the detection of vulnerabilities. In the West, attacks with peaks up to 400 Gbit / s are already registered.
The attacks were carried out with the substitution of the source address and it is impossible to say exactly where they came from and who exactly stands behind them. Most of the attacks were related to events in Ukraine, and their goal was a public effect. Responsibility for most of the attacks was taken by people who call themselves part of the international hacker movement Anonymous.
May 2014
Three days before the presidential and local elections Ukraine, the site of the Central Election Commission of Ukraine was subjected to a hacker attack. According to experts who study the mechanics of hacking, customers set two tasks for cybercriminals: to disrupt the elections completely or to issue a pre-prepared result with the winner Yarosh, which would give the opportunity not to recognize the result of the election.
The attacks on the CEC servers began several months before the election. However, at the end of April, hackers managed to hack into the computer system administrator’s computer using a trojan. Interestingly, Kaspersky Anti-Virus installed on this PC did not respond to the presence of harmful. The attackers put the software, which took screenshots and recorded all keystrokes. The collected data was sent to a computer whose IP address is registered in Europe.
Thus, cybercriminals managed to obtain information about all passwords and software that is installed in the system. Already a few days before the presidential election, they chose the moment when the administrator was not in the workplace (which became possible only with an informant inside the CEC), and started formatting backup tapes (system administrators did not protect after recording). In the database itself, hackers have started rewriting, when some blocks are written on top of others randomly and randomly. That is, the information was deleted professionally. Then, to cover their tracks, they wiped out the data in all the system logs. The attackers also got access to the internal server, which presented false results about the leadership of Yarosh.

The CEC system administrators still managed to repel the attack. They recovered data from week-old copies and blocked access to the system. Fortunately, hackers did not have time to erase all backups, otherwise recovery would not be possible (you should always check the quality of the backup before removing it from the drive), which would lead to the main order - disruption of elections throughout the country.
The most shocking detail is the fact that several days before the hack, the IT infrastructure of the CEC received a certificate of compliance KSZI (integrated information protection system) from the Department of Special Telecommunications Systems and Information Protection SBU (DSTSZI), now DSTSZI intend to withdraw it. But why was the system that hackers rather easily hacked been certified as fully protected? Nonprofessionalism and security from both the CEC and the inspecting body? The fact of corruption collusion or treason? But there were more at stake than simply postponing the elections - in fact, it was a question of whether there would be peace and stability in the state of Ukraine, or because of the disrupted elections, the country would continue to move into the abyss.
Obviously, a massive cyber war is being waged against Ukraine. Therefore, the new government of Ukraine, which, by the way, could become so, thanks to the prevention of a complete breakdown of the CEC server, should realize that if not to take measures to increase the level of information security, in this war the state will have no chance of winning, and therefore not there will be chances for the existence of an independent state. Ukraine needs a strong defense system and experienced specialists who will help protect it from defeat.
November 2014
On November 24, Sony Pictures' computers were blocked, and a threatening message appeared on the monitors signed by #GOP. Evil is associated with the comedy "Interview", which is due to be released in the US and Canada on December 25. According to the plot of the film, two journalists who are going to interview Kim Jong-un are being recruited by the CIA for his murder.
Suspicions that the DPRK is behind cybercriminals, which arose after an investigation, which revealed the presence of Korean words in the elements of the malicious code embodied on Sony Pictures computers. The final document of the FBI reveals the technical details of the malicious software and the case of the consequences of its use.
According to the FBI, hackers using this software have already caused serious damage to companies in South Korea and the Middle East, where oil Saudi Aramco lost data from 30,000 computers as a result of the attack.
Responsibility for the attack took a group of hackers who call themselves the "Law Enforcement of the World." Experts believe that cybercriminals worked on behalf of the governments of North Korea and Iran. However, the FBI warning spread about an "unknown" group of hackers.
2013
March 2013
A large-scale, “the largest in the history” DDoS attack of anonymous hackers unfolded in March 2013 on Spamhaus servers. The attack was committed as a result of the conflict of the non-profit organization Spamhaus, which helps e-mail services to fight spam and the Dutch hosting company Cyberbunker.
According to the official position of Spamhaus, the attack began after the organization added the Cyberbunker provider to its “black list”, which is used to protect 1,770,000,000 e-mail boxes. The “greatest in history” cyber attack was dubbed that its capacity was up to 300 Gbit / s, which slowed down the work of the Internet around the world.
Wanting to stabilize their own web servers, Spamhaus turned to Cloudflare, a company specializing in providing cyber security. Cloudflare specialists managed to cope with a DDoS attack, which the company reported on in its blog, which is the only open source where it says about the power of a cyber attack of 300 Gbit / s.
Spamhaus is an organization with offices in London and Geneva dedicated to countering spamming. To do this, Spamhaus maintains a database in which the servers used to send spam messages are entered. The company also supports several services that block mailings from suspicious servers.
November 2013
Unknown hacked a number of Ukrainian government websites: the sites of the Prosecutor General’s Office of Ukraine, the Ministry of Education, the Military Medical Administration of the Security Service of Ukraine of Ukraine and the Laboratory of Legislative Initiatives. When trying to go to any of the above resources, the user saw a message that NATO forces blocked the activities of the site.
The hackers are hackers from the international group Anonymous, who announced the beginning of Operation Independence. Hackers oppose the European integration of Ukraine and argue that the country should be independent from Europe and Russia and go its own way. In protest, Anonymous promised to attack the web resources of countries and organizations "that threaten the freedom and independence of Ukraine."
2012
January 2012
On January 22, hackers attacked a number of Polish government Internet resources, in particular, the websites of the Sejm (parliament) and Prime Minister Donald Tusk were blocked.
The cyber attack was linked to the plans of the Polish authorities to sign the Anti-Counterfeiting Trade Agreement (ACTA), which tightens control over copyright compliance on the Internet. In this regard, the group of hackers Anonymous threatened to conduct a "full-scale attack on the Polish government", which is going to restrict Internet freedom.
ACTA provided for the introduction of new requirements for Internet providers, in particular, the obligation to report violations of copyright by users. In addition, permission for customs officers to inspect computers and other devices on which pirated content can be stored.
The group Anonymous repeatedly made attacks on government sites. For example, in September 2011, hackers blocked the Internet resources of the Mexican government, and in November attacked the websites of the Israel Defense Forces (IDF), as well as the special services Shabak and Mossad.
February 2012
After the closure of the largest file-sharing resource ex.ua in February 2012, powerful attacks began on the Ukrainian government websites. Access was blocked on the pages of both the authorities and some parties. The site of the president was actively attacked, which received 140 thousand requests every second. Participation in cyber attacks took, in particular, representatives of the international hacktivist movement of The Anonymous, known for the collapse of the sites of a number of payment systems.
The websites of the President of Ukraine, the Cabinet of Ministers, the Ministry of Internal Affairs and the Security Service of Ukraine, the National Bank, the State Tax Service and the Constitutional Court were blocked. In addition, access to the websites of the Party of Regions and the Communist Party was difficult - the pages either opened with difficulty or did not open at all.
The first to start the attack began to recover in the presidential administration. Specialists of the State Service for Special Communications and Information Protection (GSSSIZIU) began to rescue the official page of the head of state.
As soon as government websites started to go to bed one after another, rumors spread on the Internet that the hacktivists (politically motivated hackers) The Anonymous were behind the attacks. They gained world fame after a series of successful attacks on the websites of large payment systems, US congressmen and leaders of Middle Eastern states - so they avenged their persecution of the notorious WikiLeaks site, and before that - for trying to close the popular file hosting service Pirate Bay.

The Anonymous as a group did not participate in the attack on the Ukrainian sites. Usually, when there is a massive attack by members of the movement from different countries on any target, a “operation” is announced in special closed chats or on social networks - the target, the time of the attack, the number of participants are discussed.
The main part of DDoS attacks, due to which government and party websites were inaccessible, was coordinated through social networks, mainly “V Kontakte”, where several groups were formed at once (from 500 to 1,500 members each), who discussed and prepared the attacks.
Most of the hacker attackers did not have the necessary skills, but simply on the advice of more experienced users, they installed a special program Low-Orbit Ion Cannon (LOIC) on their computers, which simplifies the process of organizing a DDoS attack. That is, as a rule, act and "anonymous". The number of participants in the attack is estimated at 20 thousand.
The spontaneous surge in Internet user activity demonstrated the weakness of government agencies that could not resist a simple DDoS attack carried out by non-professionals.