- Get link
- Other Apps
Hackers Are a Diverse Group
There are young, prank hackers like Lizard Squad, who infamously used a DDOS attack to take down Playstation and Xbox networks during Christmas (it's a pretty sinister prank to target children like that). Some hackers are older and often work as "computer security consultants" who advise companies on how to protect themselves. Some hackers are in it for monetary gain, while others are in it for the lulz and the power.
More and more there are state-sponsored groups that have Hollywood-style capabilities. The best-known example of this is Stuxnet, an Israeli (as well as probably American) worm that infected Iran's nuclear facilities. Stuxnet caused the nuclear centrifuges to go haywire while the control system displays for those centrifuges would read normally.
It had the power to create a devastating explosion while monitoring stations appeared normal. The scariest part is that it could be refitted easily for just about any industrial operation. Since a virus like Stuxnet is much harder to pull off than a DDOS attack, most of the groups on this list are state-sponsored.
Disclaimer: I don't have outstanding technical knowledge on the subject, feel free to critique in the comments.
10 Famous Hacking Groups
Here are 10 famous and very powerful hacking groups. These groups have the ability to pull off some crazy maneuvers, like the kind of things you would normally see in a movie.
North Korea has tried to get into the hacking game in recent years, despite their outdated technology.
10. Bureau 121
Although most technology in North Korea is extremely outdated, their government still has shown interest in hacking. According to defectors, military hackers live extravagant lives in North Korea. Top students are handpicked from straight out of their "University of Automation" school. The primary wing of this hacking group is known as Bureau 121. It comprises about 1,800 people that work around the world (because the internet infrastructure in NK is pretty terrible).
Most of the Bureau's activity has been focused on South Korea. Attacks have ranged from malicious gaming apps targeted at South Korea, hacking the website of the South Korean President, and destroying the data of banks and broadcasting companies. Guardians of Peace, the group behind the famous Sony hack might have been a Bureau 121 proxy. That particular hack cost Sony about $15 million.
By just injecting a website with a few lines of malicious code, hackers can do some serious damage.
9. Chaos Computer Club
Chaos Computer Club (CCC) is probably only one of two groups on this list with any sort of moral code. It also is probably the oldest, as it was founded by a small group of Germans in 1981.
Today it is a large association of mostly German-speaking hackers. CCC has made a number of hacks where they first consulted legal experts to make sure that what they were doing was legal. Although they almost permanently reside in or around legal grey-area, this willingness to operate within legal bounds has allowed their survival. Not only have they survived, but they've been accepted, recognized, and sometimes glorified by the press. Since it is a large disorganized association of people with exceptional computer security technical knowledge, not everyone has always behaved according to law.
CCC gained notoriety in the '80s when they notified the Deutsche Bundespost of flaws in their online system. Deutsche Bundespost was somewhat of an ideal target for an early hacktivist group, because they actively tried to keep more technologically advanced startups from competing. Deutsche Bundespost's system provider responded by assuring everyone that the system was secure. Of course, CCC still hacked the system and stole DM 134,000. They returned the money the next day.
8. Morpho
Morpho, a.k.a. Wild Neutron, is a well-funded group that has executed dozens of high profile hacks since 2011 on tech, pharmaceutical, and investment companies. They're likely not state-sponsored because their hacks usually steal insider information for monetary gain. They've hit Microsoft, Apple, Facebook, and Twitter via zero-day exploits. Since zero-day exploits are unknown to the software vendor as long as they are undiscovered, they give powerful access to the hacker. This is a contrast to something simple like a DDOS that just overloads server traffic for a period of time.
Morpho is particularly interesting because they are likely a sophisticated small group. Some of their signatures include multi-platform malware, well-documented code, bitcoins to pay hosting providers, and multi-staged command and control networks with encrypted virtual machines. They are English-speaking and are very good at covering their tracks.
Despite its name, the Syrian Electronic Army may actually be based in another Middle-Eastern country.
7. Syrian Electronic Army
The Syrian Electronic Army (SEA) is a hacker group with Syrian sympathies as well as connections to Iran and Hezbollah. They've shown a wide array of attack capabilities. Most famously, they've defaced many major Western news outlets, but they have also managed to locate opposition rebels using malware. Also, if you're a fan of The Onion, you should read the Onion's response to a SEA hack.
The SEA is unique because of its varied tone and style. For example, it tweeted from the AP's account that then-president Obama had been injured in explosions at the White House. This one simple tweet sparked a dramatic temporary fall in the DOW Jones Index. On the lighter side, they've tweeted from BBC Weather that "Saudi weather station down due to head on-collision with camel". Their familiarity with English colloquialism and humor raises questions about the SEA's identity, but the NYT has stated that the SEA is probably Iranian.
The logo for the Anonymous hacking collective.
6. Anonymous
Anonymous is probably the most recognizable hacking group for Americans. They originated in 2003 on 4chan, and have grown to be a significant force on the internet. Anonymous draws some power from being extremely decentralized, and they therefore can keep operations running even if someone is arrested (as many have been). Most of their hacks historically have been of the liberal hacktivist variety, although others have been extremely serious or extremely light-hearted in nature.
Some of their more focused campaigns have been the Occupy Movement, anti-child pornography, and anti-Church of Scientology (some of which involved a physical presence as well as an internet one). Although they have certain collective symbols, such as Guy Fawkes masks and taglines, there is no single person giving commands. If a person becomes too narcissistic and starts to use their own name for things, that person will be chastised and encouraged to leave. Anonymous is an idea, and it is an idea with unprecedented staying power.
5. Tarh Andishan/Ajax
Understandably, Iran was not pleased with Stuxnet. It jeopardized the country's nuclear power (and if you're more cynically-inclined, also its nuclear bomb) ambitions. Iran decided it was best to aggressively upgrade its cyber capabilities. They did this in at least two ways: they created an independent state-sponsored group, Tarh Andishan, and consulted and hired existing Iranian hacktivist groups (like Ajax).
Ajax was better known for website defacement, but after Stuxnet it's likely they were consulted for patriotic espionage (pioneered by the Chinese). Ajax is most famous for "Operation Saffron Rose" in which they attempted to gain information on U.S. defense industry officials with advanced phishing attacks.
Tarh Andishan is actually a little scarier for the average civilian because they've gained access to airport gate control systems in South Korea, Saudi Arabia, and Pakistan. Such access would allow them to spoof security credentials in an airport. They've also hacked industrial targets like oil, gas, and telecommunications companies.
4. Dragonfly
Another likely state-sponsored group, this time out of Eastern Europe and Russia, is Dragonfly. Dragonfly is likely state-sponsored due to its targets: electric grids, energy industry, and other control systems in U.S. and Europe. They're designated as an APT (Advanced Persistent Threat).
Their most common attacks are spear-phishing and watering hole attacks. This is not unusual for APT groups. They've also demonstrated capabilities to embed trojans in legitimate software for industrial control systems, which is very reminiscent of Stuxnet.
When Stuxnet was first found, it was recognized to be universal for many industries. It might be that we are starting to see Stuxnet-like worm capabilities for organizations other than the United States and Israel. In recent years, Dragonfly has continued its assault on the US energy grid, with repeated attempts to get inside the systems of critical infrastructures.
3. APT28 (Fancy Bear)
APT28 (also known as Fancy Bear) is unsurprisingly an Advanced Persistent Threat group. They're Russian, and they might share funding sources with Dragonfly (although I don't know so I didn't group them together). All of their targets are targets that the Russian government is interested in, they speak Russian, and they've been traced back to a government sponsor in Moscow so it seems like a possibility.
APT28 uses pretty well-known hacking methods and uses them successfully and often. They've hacked NATO, Polish government websites, Georgia ministries, and OSCE among many others. They're unique in that they've been caught framing the Cyber Caliphate (ISIS) for their attacks. Just like other organizations on this list, they operate in areas with no extradition treaty to the U.S., so they are immune to legal repercussions.
Additionally, they have hacked many different sporting organizations such as the World Anti-Doping Agency, the International Association of Athletics Federation, and the Swedish Sports Confederation. The World Anti-Doping Agency (WADA) leak was notable as it was in retaliation to Russia's doping scandal and subsequent ban from Olympic competition.
2. Elderwood Group and 20 other Chinese APTs
Elderwood Group, Axiom, Unit 61398, Comment Crew, Putter Panda, Hidden Lynx, are just some of the bigger hacking groups originating from China. China pioneered the state-sponsored hacking group, and they've continued to perfect the practice. Often it is difficult to tell whether the Chinese government is pulling the strings, funding, or even has an affiliation with a group. I'm trying not to be ominous, but the list of hacks and zero-day exploits of these groups are rather long.
One of the more famous attacks came in 2010 under the name "Operation Aurora". We in part know about Operation Aurora because Google came forward and announced it had been hacked. Common targets included defense industries, human rights campaigns, and supply-chain firms. Elderwood group is a blanket term for all the groups involved. Sub-groups include Hidden Lynx (targeted defense industry and Japanese users), Linfo (manufacturing firms), Sakurel (aerospace companies), and Vidgrab (Uyghur dissidents). Such a coordinated, advanced, well-funded attack had to be orchestrated by the Chinese government. It is unclear what precautions will be taken to protect against increasingly sophisticated and persistent attacks in the future.
If that wasn't enough, the Chinese have vast troves of personal secrets of United States government employees.
The logo for the National Security Agency (NSA).
1. Tailored Access Operations, NSA
If it weren't for Edward Snowden, we probably wouldn't know about Tailored Access Operations (TAO). TAO has some of the best capabilities in the world and has collected about all the American telephone data you can imagine. Once revealed, more and more details have continued to come out about them.
We now know they have 600 employees in the main NSA complex in Fort Mead, Maryland. There are also branches in Hawaii, Georgia, Texas, and Denver. They have sophisticated unique abilities that are difficult to even dream up. One of those capabilities is QUANTUMSQUIRREL, which allows them to appear on the internet anywhere as anyone. They've also compromised very common computer systems often with physical access or cooperation with network or hardware companies. They are known to force companies to insert vulnerabilities into their own systems for TAO to exploit.
Just about all the details of the organization are Orwellian. Take, for example, WARRIOR PRIDE, its iPhone and Android software that can turn on a phone remotely, turn the microphone of the phone on and listen, track using geolocation, and has its own tamper-proofing and stealth programming. That's just one that we know about but there are probably many more out there being used without the public knowing a thing.