2014 Cyber Crime Timeline

January

SEA hacks Skype



The hacker's group 'Syrian Electronic Army', claimed to have taken over Skype's Twitter, Facebook and blog accounts. Skype, which is owned by Microsoft, acknowledged the hack, also stating that no information was compromised as the credentials were soon reset after the hack.

Snapchat Hack



Phone numbers and usernames of as many as 4.6 million accounts on Snapchat were downloaded by a website calling itself SnapchatDB.info SnapchatDB reportedly gained access to the Snapchat data through a vulnerability disclosed by a group of security researchers.

Russia Intrudes Cyberspace



The Russian Government was allegedly reported to have attacked companies in the USA, Europe and Asia for financial gains. Manufacturing, healthcare and construction companies were hit by this alleged Cyber Espionage.

February

Bitcoin system attacked by DDOS



A group of unknown hackers attacked the Bitcoin system using a DOS attack hampering the transactions of many customers. Severe problems were faced by three major Bitcoin exchanges that caused them to halt withdrawals of Bitcoins preventing customers from withdrawing bitcoins from their own wallets.

Project Funding 'Kickstarter' hacked



Kickstarter, a global project funding website was hacked and hackers gained access to customer data. Though no credit card data was lost, Kickstarter advised its users to reset their passwords as data accessed by hackers included names, email addresses, phone numbers and encrypted passwords.

Internet Explorer vulnerability leads to France's aerospace engine hack



Snecma, the aerospace engine manufacturing company in France was hacked through a vulnerability in Microsoft's Internet Explorer browser. Analysing the malicious code, Seculert, an Israeli Cyber security firm, suspected involvement of different group of hackers.

Botnet Pony steals bitcoins from online wallets



Trustwave, a cyber security found proof that the 'Pony botnet' group had stolen around 85 virtual wallets containing Bitcoins and other digital currencies in one of the biggest attacks on virtual currencies. The 'Pony botnet' group is active and is expected to strike again.

March

NATO hacked as reaction to Crimea



A number of NATO websites were brought down by hackers using a Distributed Denial of Service Attack (DDoS). Though cyber attacks on NATO computers are common according to an anonymous source, this attack was more extensive as opposed to other attacks.

April

Bad password habits cause credit card fraud in South Korea



Hackers forcefully accessed the servers of a firm that carries out processing of payments and stole card numbers, expiry dates and user passwords for the loyalty card issued by the store as a loyalty program. Many customers had the same passwords for the loyalty cards and the credit cards and the hackers used this habit by creating forged credit cards with fabricated and stolen data. 120 million won were stolen using forged credit cards created with stolen information of about 200,000 users.

Heartbleed vulnerability in Canadian tax agency



Hackers stole social security numbers and other private information in a targeted attack on the Canadian tax-collection agency. The hackers exploited the 'heartbleed' vulnerability in the 'Open SLL' encryption system, to gain access to this information.

Global Shipping fleet exposed to hacking threat



Hackers used computer malwares and viruses to attack ships and container vessels at sea. The hackers used navigational devices and attacked the computers that were connected to the Antwerp port in Belgium to locate particular ships and alter their data. Around 400 million pounds are lost every year due to cyber attacks as reported by the British Government.

Fake Operation "Clandestine Fox"



Many companies in the United States were attacked under the guise of a fake campaign called 'Operation Clandestine Fox'. This campaign was reported to be targeted towards companies working in the defense and finance sectors. A vulnerability in Internet Explorer by Microsoft was exploited to conduct these attacks.

May

Chinese alleged cyber espionage on US companies



U.S. authorities charged five Chinese military officers accusing them of hacking into American nuclear, metal and solar firms to steal trade secrets. The secret unit "61398" was charged for hacking into the computer systems of the said companies which were denied by China.

Largest breach hits Ebay



Ebay discovered a three month old hack into their systems where 145 million user records including email addresses, birth dates, physical addresses and passwords of the users having accounts on Ebay, were stolen by the hackers.

iPhones locked using Find My iPhone service



The anti-theft feature, 'Find my iPhone', on iOS devices that locks phones that are reported lost, was used to lock Australian users' iPhones and attackers demanded moey in return for unlocking them. Two Russian teenagers were aaccused for the crime and arrested by the Russian Cyber Crime Department.

June

Hactivism on world cup related websites



Hackers used a DDoS attack against some government sites, a sponsor and companies partnering with FIFA. There was also defacement of some government sites through the attack. The attack was carried out against companies that hactivists thought promoted corrupt sports events.

Domino's customer data theft



Customer names, delivery addresses, phone numbers, email addresses and passwords of 600,000 Domino's Pizza customers were stolen from its online ordering system. An anonymous Twitter user threatened to publish these details unless the company paid a ransom of 30,000 euros.

DdoS attack on genealogy website



Hackers temporarily shut down websites of ancestry.com and findagrave.com using a Distributed Denial of Service (DdoS) attack. The website's database holds more than 14 billion records and draws up to 60 million family trees. However, none of this information was stolen during the attack.

July

Hackers steal data from photocopier



Hackers took over the photocopier of "Next Media" founder, Jimme Lai Chee and stole over 900 files including bank account details, bills, documents and email exchanges. They paralysed the company's server by bombarding it with 143 million cyber attacks per second.

China's alleged cyber Espionage on US government



Chinese hacker group 'Deep Panda' allegedly associated with the Chinese government, targeted U.S. experts on Iraq in geopolitical matters after few rebel groups from Iraq attacked an oil refinery. The hackers conducted a cyber-espionage by using a "drive-by-download" exploit, and the popular "Prison Ivy" malware.

US government computers breached allegedly by Chinese hackers



Chinese hackers hacked into the database of candidates who applied for top-secret security related posts in the US government

Credit card details stolen from Supervalu branches



Cyber criminals managed to get access to the transaction handling network of Supervalu, a Minnesota based firm, and stole the credit card details and personal information of customers who had made purchases across any of the firm's 200 countrywide shops.

NRC computers of Canada broken into



Canada accused Chinese hackers for attacking a key computer network of the government and lodged a protest with Beijing. They allegedly hacked into the National Research Council, the government's leading research body.

August

Half of South Korean population's details hacked



Hackers targeted registration pages of online gaming and gambling sites and online ringtone and movie ticket stores to access personal information of over half of South Korea's population. The details of 27 million people and 220 million records were stolen in this data breach. Sixteen hackers who were allegedly performing this hack were arrested for this money laundering scheme which earned them $390,000.

Hospital Network Failure due to "Heartbleed" bug



Community Health Systems, which operates 206 hospitals across the United States, fell prey to a data breach in which hackers stole data of 4.5 million patients. Hackers gained access to their names, Social Security numbers, physical addresses, birthdays and telephone numbers. The hackers took advantage of Heartbleed bug, the infamous SSL vulnerability to carry out the attack.

Sony Playstation servers taken down by DdoS attack



A group of hackers calling themselves "Lizard Squad" took down several popular online video game networks and possibly diverted an American Airlines jet carrying a Sony executive. Hackers flooded their networks with illegitimate traffic using Distributed Denial of Service (DdoS) attack.

Criminals harness Russian nationalism to spread malware



A hacking campaign started by a Hactivist group in Russia used nationalism and patriotic sentiments to spread malware. The hackers sent an email to the victims asking them to install the malware if they love their nation. The malware, Kelihos botnet, is a Trojan that can communicate with other bots, steal Bitcoin wallets, send spam, as well as capture FTP credentials and other stored credentials on the host system.

Indiegogo campaign hacked



A campaign page run by Indiegogo, an international crowdfunding site, was hacked and the page was taken down, making it appear as if the Indiegogo team itself had closed the page. The 8-digit alpha-numeric password was broken by hackers, who were involved in an online controversy withgamers. The password was soon reset and the campaign was back online.

I-Team targeted by hackers



The Law Enforcement Training and Standards board that trains 40,000 police in Illinois was infiltrated by computer hackers. The hackers were able to bypass the security firewalls but did not get their hands on any personal details of the officers.

300 oil companies hacked in Norway



In the largest cyber attack to have happened in the Scandinavia country, about 300 oil companies were hacked into. 50 oil companies were reported to have been hacked into and another 250 were warned that they may have been hit too. About 40 employees' computers were confiscated as they were being used by the hackers to get around security systems.

"Secret" app hack allows access to personal data



The iPhone and Android app, "Secret" which is supposed to protect the identity was hacked by security experts. The experts were able to hack into the system by using a basic HTTP proxy script. This hack could be used to steal personal information of friends and friends of friends.

Dairy Queen data breached



A malware was installed on the cash registers at 395 stores of Dairy Queen, an American fast food chain. It was suspected that hackers may have obtained details of customer names, debit and credit card numbers, expiration dates and social security numbers.

Hacker "Rawshark" disrupts NZ election campaign



A hacker calling himself/herself "Rawshark" hacked into the email account of a controversial blogger by using a Brute-force attack, and leaked emails and other communications of the blogger to a campaigning journalist. This resulted in the cabinet minister of New Zealand resigning from her post as a direct response to the hack.

September

iCloud data breach



A group calling themselves "hackappcom" posted online the vulnerability in the 'Find my iPhone' app which allowed hackers to brute force and gain passwords of users. As a result, a lot of Hollywood actors' iCloud accounts were accessed and their personal pictures were leaked online.

Obamacare Insurance Breach



Unknown hacker(s) broke into a computer server supporting the HealthCare.gov website and apparently uploaded malicious files. The malware uploaded to the server was designed to launch a DdoS attack against other websites but not to steal personal information.

Cyber attack hits hotel chain in San Diego



Data breach at Bartell Hotels chain led to a massive theft of credit and debit card details of 42,000 to 55,000 customers at 5 of its hotels. Hackers purportedly entered the network by exploiting the point-of-sale payment systems, where cards are swiped to check out.

5 million Google passwords leaked



5 million stolen credentials were found surfacing on Russian cybercrime forums. The source of the leak was unclear. However, the stolen data was found being shared through different file sharing networks.

Hackers steal N6.3 billion from Nigeria bank



A hacker by name Uyoyou, an IT person at a bank, allegedly conspired with few others and hacked into the unidentified bank's computer, disbursing funds to various accounts. Under the pretext of carrying out maintenance work, he gave other hackers access to execute the attack.

Amazon's Twitch interactive infected with malware



Amazon's Twitch Interactive, a live video platform for gamers, was invaded by a malware that can spend users' money. The malware can perform a number of commands including taking sceenshots, accepting pending requests and adding new friends, initiating trading and buying items.

Official website of Allahabad university hacked



The official website of Allahabad university was hacked when the website was being updated by the experts of the IT cell. The hackers took advantage, reportedly, of the security features being taken down while updating the site. The experts gained control of the site and upgraded the security measures before publishing it online.

Tanzania loses over 10bn in cyber crimes



Tanzania is reported to have lost huge sums of money through cyber related frauds, mostly involving card skimming and ATM skimmings. More than 300 cyber crime cases were reported in Tanzania.

Mass hack on Australian computers



There was a massive hack attack on more than 20,000 Australian computers. Reports say that thousands of Australian PCs were frozen and locked by hackers using a software that encrypts all files on the computers. The malware then asked for a ransom in Bitcoin to unlock the computer.

EBay data breach



For the second time in 2014, EBay was hit with a data breach where shoppers were conned into giving out credentials by being redirected to malicious websites in a password harvesting scam.

Mass hack on South African computers



Numerous South African websites appeared to have have been compromised, serving hidden links to many international websites. The hackers targeted outdated content management systems (CMSs), including WordPress and Joomla. The injected code contained links to over 30 international websites, but was hidden from visitors to the website

Military Transport Companies Hit by a Score of Cyber Attacks



More than 20 incidents over a period of 5 years of cyber-espionage affected government contractors providing transportation services to the U.S. military as found out in an investigation by the U.S. Senate Armed Services Committee according to a recently declassified report.

Hackers break into AAI network.



Hackers broke into the server of India's biggest airport operator, the Airports Authority of India (AAI), taking away crucial data. On examination it was found that disk volumes were deleted from the storage system

Hacked Apache Copter Simulator Software



The U.S. Justice Department accused four men of stealing $100 million worth of information from Microsoft Corporation and simulator software used to train Apache attack helicopter pilots. 2 gaming enthusiasts hailing from Canada and New York pleaded guilty and will be facing upto five years in prison.

October

JP Morgan Chase hack



Hackers stole 83 million customer records from JPMorgan Chase & Co., a leading global financial services firm. Customer names, addresses, phone numbers and email addresses were stolen in the attack. This breach could fuel years of fraud as this information can be used by the hackers to "phish" for customer passwords and other details.

ATM scams using malware



Criminals stole millions of dollars from ATMs worldwide using a specialized malware program that forces the machines to dispense cash on command. Rather than remotely exploiting software vulnerabilities, the attackers infected the ATMs by gaining physical access to controls that are typically protected by a locked panel.

AT&T hacked by its own employee



An employee of AT&T in violation of the company's privacy policy, gained unauthorized access to the personal details of about 1600 users, and may have obtained Social Security numbers, driver's license details and other AT&T services they subscribed to.

Bond Insurer MBIA breached, exposing user data



A misconfiguration in one of the largest bond insurer MBAI's web server exposed customer account numbers, balances and other sensitive data.

Hackers take over South Florida temple website



An international hacking group, calling itself Team System Dz took over the website of a Plantation synagogue expressing hatred for Israel and America, causing the website to be shut down.

Hundreds of alleged Dropbox passwords leaked



Hundreds of alleged username and passwords for the online document sharing site Dropbox were published on Pastebin, an anonymous information sharing site

NATO Ukraine data stolen due to bug in MS Windows



Russian hackers exploited a vulnerability in Microsoft Windows and other software to spy on computers used by NATO. The five-year cyber espionage campaign is still going on and the operation used a variety of ways to attack targets over the years, exploiting the vulnerability found in most versions of Windows.

iCloud in China attacked



Hackers that might be allegedly backed by the Chinese Government orchestrated a Man In The Middle (MITM) attack on iCloud servers to steal passwords, photographs, iMessages and contacts among other user data. The hackers diverted traffic to their own website masquerading as iCloud servers, there by intercepting and stealing all data being sent to the original iCLoud server.

White House Attacked



An anonymous cyber attack took place on what was described as an unclassified computer network that was being used by the Executive Office of the President. The attack was aimed at stealing sensitive information from the unclassified network.

November

Myki scam



Cybercriminals targeted Myki, a smartcard ticketing service, by recharging fraudulently obtained Myki cards with stolen credit card information. They then sold these cards online through eBay and Gumtree at a price lower than the amount contained in the cards. This scam cost the company approximately $1.1 million in repayments to the banks of the victims.

Home Depot Breach



53 million email addresses, in addition to 56 million credit card details have been stolen from the database of Home Depot Inc, the world's largest home improvement chain. Criminals used a third-party vendor's user name and password to enter the perimeter of its network to access and steal information.

Weather services agency of USA attacked



Four websites of the US agency that operate the National Weather Service were hacked into allegedly by the Chinese government.

The Sony Pictures Entertainment Cyber Attack



In what turned out to be the most scandalous cyber attack of 2014, Sony Pictures Entertainment was hacked into by a group of hackers calling themselves as the "Guardians of Peace" or "GOP", evidently as a retaliation over a satire 'The Interview' - a comedy about an ill-conceived CIA plot to kill the North Korean leader Kim Jong-un.

December

Anonymous hacks Oakland and Berkeley Police websites



The hactivist group "Anonymous" hacked into the Police websites of Oakland and Berkeley and sent a 3 minute threat video using a videosploit.