Hacking is big news at the moment, with the exploits of LulzSec showing up more and more security holes in trusted online institutions. But hacking covers a wide range of pursuits, both legal and illegal, from DIY hardware modification to political action.
10. Traffic sign hacking warns of zombies
Although the results are impressive, hacking into traffic signs requires less technical ability and more by way of a reckless spirit and ownership of a pair of bolt cutters. Both information on how do it - the portable dot matrix sign boards have a built-in keyboard which is often minimally secured, if at all - and information on their default passwords is widely available online.
You can see plenty of hacked signs from around the world at SignHacker and stories about amusing sign hacks make "and finally" style news fillers on a regular basis. Before any of you start getting ideas, we'd like to note that hacking road signs - whether you break into them or not - is illegal and presents a potential danger to road users. Even if the sign says "sign not in use".
Plus, the passwords for British signs aren't as widely published as their US equivalents, and we're almost positive they'd be different. (ps. If you see anything amusing on the North Circular in the next few days, then they weren't different. Also, we didn't do it.)
9. Stuxnet worm allows crackers to sabotage Iranian nuclear facilities
Industrial control computers were at one time considered safe - isolated from outside networks and running dedicated software or firmware. However, the spread of total connectivity and the Windows operating system means that now, even the computers that control factories, oil pipelines and power stations suffer from the key vulnerabilities associated with those systems. More importantly, the wide availability of Windows makes it easier for malware writers to find a testbed for their work.
Stuxnet, though, is very cleverly and specifically designed. It requires not only Windows, but also the specific architecture of Siemens' S7 PLC controllers and the software the runs them. The origins of Stuxnet remain shrouded in mystery, with fingers being pointed at the US and Israeli governments, Mossad and shadowy figures in the underground malware economy. Whoever created it, Stuxnet has proved that industrial hardware is no longer immune to cyberwarfare.
8. The Chaos Computer Club plays Tetris on the side of a building
Berlin's Chaos Computer Club was one of the earliest hacker groups to achieve public notoriety during the l80s, famously transferring and returning money from German banks and breaking into US government computers. The 1990s and 2000s saw the group take on a role now more associated with hacktivism - security hacking in order to draw attention to particular issue or make a political point. They protested against nuclear testing, drew attention to Microsoft security holes and proved the flaws in Germancy's nascent biometric identity systems.
For the CCC's 20th anniversary, the group set up Project Blinkenlights, an art installation that transformed the side of a building into the world's largest computer display by arranging computer controlled lamps behind each window. While this hardware hack is a long way from the group's past and present security hacking activities, it's one of the most spectacular displays of computer-controlled ingenuity around.
Our favourites are the 2008 Stereoscope installation in Canada and 2002's Arcade in France, which allowed members of the public to call a number to play one of several games displayed on the building, including Space Invaders and Tetris. Check out the Project Blinkenlights website for video footage and more information about how they do it.
7. Microsoft loses Windows 2000 SP1 source code to unknown hackers
In February 2004, the source code of Microsoft's forthcoming Windows 2000 Service Pack 1 and NT4 was partially leaked via peer-to-peer sharing networks. It was only 15% of the total code, but included networking components. The main concern was that the availability of the uncompiled source would make it easier for hackers to device exploits.
A few days later, an IE5 and Outlook Express exploit emerged, evidently based on vulnerabilities discovered in the code. Fortunately for Microsoft - and for affiliate Mainsoft, from whose server the code was swiped - there were no further publically visible consequences beyond the embarrassment of the loss. No perpetrator was ever identified, despite investigation by the FBI.
6. Gary McKinnon vs. the USA
Scottish sysadmin Gary McKinnon's penetration of US military and NASA computers might not have been inherently spectacular and certainly didn't result in any visible consequences, but you'd think otherwise based on the reaction of the US government.
McKinnon claims that he was looking for evidence of UFO cover-ups and that the only changes he made to US defence computers was in adding notes about their poor security. Meanwhile, the US government claims that he deleted critical logs and files, temporarily disabling thousands of computers.
In November 2002, McKinnon was incited in the US for seven counts of computer crime, each of which has a potential sentence of ten years in jail. He's currently fighting against a US extradition request on medical and human rights grounds.
5. Kevin Mitnick vs the USA
Over a decade earlier, Kevin Mitnick was the USA's most wanted computer criminal. In the days before anyone even knew (or thought they knew) what a hacker was, 12-year old Kevin Mitnick was making his own punch-card tickets to get free transit throughout the Los Angeles bus system. At 16, he hacked into a computer networking belonging to computer manufacturer DEC and sold their software. After hacking into telecoms provider Pacific Bell's voicemail systems, a warrant was issued for his arrest and he spent two and half years on the run.
Its claimed that, while evading police, he hacked into numerous authorities to created falsified identity documents, made free cell phone calls and wire-tapped the California Department of Motor Vehicles. He was arrested for none of these, but an impressive record of hacking into systems belonging to Nokia, Sun Microsystems and Motorola was enough to ensure his ultimate conviction.
He was captured in 1995 after a large-scale manhunt and spent four and-a-half years in prison before he even came to trial, where he confessed to wire fraud and computer fraud as part of plea bargain arrangements. After his conviction, he served eight months in solitary confinement - he claims that this was because a judge believed that he might "start a nuclear war by whistling into a pay phone" (whistling data tones was a basic form of analogue phreaking in the 1980s).
Mitnick was released in 2000. Initially banned from using any communications technology more advanced than a landline telephone, but successfully fought against the ruling. In a common move for reformed computer criminals, he now works in the computer security industry and runs Mitnick Security Consulting LLC.
4. China (allegedly) hacks Google
In March 2010 and again in January 2011, Gmail accounts belong to Chinese human rights activists and senior US government officials were hacked, with all evidence pointing towards the Chinese government.
Although Google initially stopped short of accusing the Chinese government of being behind the attacks, internet speculation was rife, particularly since news that the Internet Explorer vulnerability that was exploited was discovered by a Chinese "freelance security consultant". A US analyst quoted by the Financial Times claimed that the Chinese government had "privileged access to these researchers' work". Google's response was to threaten to close its Chinese operation and saying that it would no longer censor search results on google.cn in accordance with Chinese law.
The Chinese government has continued to maintain that Google's claim that the hacking attacks had originated in China were "groundless" and that the accusation was "unacceptable". UK Secretary of State Hillary Clinton described the allegations of the hacking of US officals' accounts as "very serious" and said that they would be investigated by the FBI.
The issue continues to be unresolved, with all sides apparently unwilling to take overt action.
3. The News of the World phone hacking scandle
In a story that continues to drag the reputation of the British tabloids through even more muck than they're accustomed to wallowing in, the continuing saga of The News of the World's involvement and commissioning of phone hacking has been going on for years.
Editor of the time, Andy Coulson, resigned in 2007 over the allegations, although he continued to maintain that he'd had no personal involvement or knowledge of what was described as the actions of one rogue staff member. During an enquiry, Coulson stated that "my instructions to the staff were clear - we did not use subterfuge of any kind unless there was a clear public interest in doing so. They were to work within the PCC code at all times". Despite his emphatic claims of ignorance, a resurgence of interest in the case was enough to prompt his resignation as Tory communications director in 2011, though.
Far from the isolated affair it was originally claimed to have been, News of the World staff and contractors are thought to have hacked into the voicemail messages of dozens of politicions, actors, sportspersons and members of the royal family, among others.
The latest development saw a £20,000 settlement with disgraced sports pundit Andy Gray on the 11th of June, making him the fifth claimant to receive compensation.
2. Using PS3s to make a super-computer
In the realm of hardware hacking, the increasing power and relatively low unit prices of games consoles makes them ideal for alternative uses, whether it's shunting Linux on to an old Xbox or making the legendary PS3 supercomputer. The PS3 Cluster Guide details the reasons for using the consoles as the basis for a more powerful cluster computer: "In short, the Cell Processor ‘packs a punch’. One of the authors (Khanna) estimates that his MPI computations run much faster than on desktop workstation chipsets, and that his original 8 PS3 (i.e. 64 core) Cell cluster had comparable if not better performance to a 200 Node IBM Blue Gene system."
Unfortunately, the days of the PS3 supercomputer may have come and gone. In 2010, Sony removed the option of installing other operating systems from its firmware. Since then, keen hackers have worked on creating modified firmwares to re-introduce the option. You can get them from the OtherOS++ wiki, which means that your dream of a PS3 cluster might not be dead after all. We're fairly sure that Sony won't be happy about it, but as it turns out, the technology giant has had other things to worry about lately …
1. LulzSec takes out the PlayStation Network
Whether you regard them as public-spirited hacktivists or a bloody nuisance, the impact of LulzSec's attacks can't be underestimated. They've brought security hacking into the headlines and shown up massive multinationals such as Sony and Nintendo.
The group deliberately uses the basic fundamentals of security penetration - techniques such as SQL injection, in which SQL commands are used to gain access to a database, often through a web interface that lacks sufficient protective sanitization. While LulzSec has drawn criticism from the security community for its methods, it's also shown that the faith we've put in the well-known and well-regarded companies that we're so willing to give our credit card details to may be misplaced.
Do you have a favourite legendary hack? Let us know in the comments.
Conversion Conversion Emoticon Emoticon