The Top Six dumbest Hacks of All Time
Alan Wlasuk, believes that not all hackers are geniuses
and most of them are average folks who are either
smart or may be even dumb just like a normal human
being!
With advanced technology, high speed internet and
availability of much more technologically advanced
gadgets it has helped hackers to get easy access to our
personal and confidential credentials be it bank accounts
or access to social networking sites. Normally, people
are scared of the cyber crooks and hackers as these
people are believed to be extraordinarily smart and
genius who can get access to our data be it on smaller
scale or even huge organisational level.
However, CEO of 403 Web Security, Alan Wlasuk, has
given us examples which indicate that to consider all
hackers as genius is a myth. In fact, Alan believes that
most of the hackers are as smart as or as dumb as any
normal person.
In this article we have compiled Top 6 examples which
indicates that hackers are average people who are
capable of making few dumb mistakes either in the way
they attack or the clues which they left behind that could
trace them.
World’s Dumbest Cyber criminal
Four years back, in 2011, a dumb hacker hacked Kelly
Osbourne’s (the one from Dancing with the Stars fame)
email account. The hacker not only traced her old and
new emails but also forwarded them to his own personal
email account which could be easily traced. This is
considered to be one of the world’s dumbest hacking
incidence which indicates that the hacker was so dumb
that by forwarding the emails to his personal account he
actually invited police to trace and arrest him.
Self proclaimed hactivist Shahee Mirza :
Way back in 2008, a group of people defaced the military
website of Bangladesh government which is known as
Rapid Action Battalion (RAB). The website
www.rab.gov.bd was sabotaged and forced to
temporarily shut down. Moreover, when people entered
the elite security site they found a message
posted which stated: ‘Hacked by Shahee_Mirza’.
Mirza, a twenty one year student of Saic Institute of
Management and Technology in Mirpur, plead guilty and
also told the authorities that he did not have any ill
intent in hacking the site. The authorities were able to
retrieve the site after about 24 hours and it was also
found that Shahee had earlier hacked the websites of 22
organization including one that belonged to the army. It
was found that the name and e-mail address which
Shahee Mirza had posted after hacking the RAB site
were all found to be real.
Further, the self proclaimed hacker, Mirza had also left a
message on the website alleging the Bangladesh
government for not taking sufficient steps for developing
the IT industry in the country though it had passed
sufficient laws to prevent the cyber crimes. Shahee
claimed:
“GOVERNMENT DOES NOT TAKE ANY STEP
FOR ICT DEVELOPMENT. BUT PASSED A LAW
ABOUT ANTI-CYBER CRIME. YOU DO NOT
KNOW WHAT IS THE CYBER SECURITY OR
HOW TO PROTECT OWNSELF. LISTEN.
HACKERS R NOT CRIMINAL. THEY R 10
TIME BETTER THAN YOUR EXPERT. WE ARE
GINIOUS THAN YOU CAN’T THINK. DEFACED
FROM BANGLADESH.”
Obviously that was not a ‘Ginious’ act of the young
hacker as mentioned in his hack. Shahee Mirza might
end up with 10 years of federal imprisonment as per the
law in Bangladesh.
Samy Kamkar’s blog post boasting of his hacking
feat
Samy Kamkar acquired fame for his ‘Samy Worm’ which
he released in the year 2005. Samy Worm first tried a
self propagating cross site scripting worm that would
infect the MySpace accounts. The worm carried a
payload which would display a string “Samy is my hero”
on the profile of the victim’s home page which would
ultimately cause the victim to send a friend request to
Kamkar.
Whenever, the user viewed their profile the malicious
virus would have got planted on the homepage of their
MySpace account. Within a matter of 20 hours of
releasing the malware, Samy was able to spread the
virus to over one million users. The MySpace team had
to shut down their website temporarily to fix the
problem. Samy also boasted his hacking feat in one of
his blog post and ultimately got caught by the United
States Secret Service.
Unfortunately for Samy, his blog contained an image with
license plate in background which helped the officials to
trace him. In 2006, Kamkar was raided by U.S. Secret
Service and Electronic Crimes Task Force for releasing
the worm. Kamkar pleaded for guilty and he was
prohibited from using the computer for next three years.
Ultimately since 2008, Kamkar is into independent
computer security and privacy research and consulting.
He is also making famous hacking gadgets after
outgrowing the dumb hack of 2005.
Daquan Mathis clicked his selfies using the
stolen phone and sent it via victim’s email ID
In 2009, 20 year old Sayaka Fukuda was robbed of her
iPhone when she was on the N train platform at the Fifth
Avenue station near 59th Street in New York. The thief,
Daquan Mathis clicked his selfie using Sayaka’s iPhone
while he was still wearing the same clothes that he wore
when he robbed her. Later, the dumb robber also sent
this image to his email address via victim’s email ID.
Fukuda was able to access her iPhone email account via
internet. Unfortunately, for Mathis, Fukuda was much
smart and she immediately noticed that the thief had
sent some email from her outbox to his email account.
With the details of email address it was much easy to
trace Mathis and with his profile picture attached it only
made matter much simpler for the cops.
Eduard Lucian Mandru, though a clever hacker,
was traced through email ID
Comparatively we can say that Eduard Lucian Mandru
was a much clever hacker. It was in the year 2006 that
Mandru who called himself “Wolfenstein” broke into the
secure computer network that belonged to the
Department of Defense (DoD) and infected several
systems.
Mandru was able to hide himself from the authorities as
they did not have any clue to this hacker except his
email address (wolfenstein_ingrid@yahoo.com). The
authorities had a tough time locating Mandru as he was
much smarter and was accessing the network through
some compromised servers in Japan. Besides, he was
also deleting all the access logs making it impossible to
trace him.
However, after about 2 years Mandru was unemployed
and thus had to apply for jobs and then he opted to use
this same yahoo email address on his resume which led
to his arrest. It seems if he had not used this email
address he would have been safe!!!
Foiling Euro Traffic cameras by using Drop
Database Tables
A clever hacker in a way realized that the recent speed
traps use the Euro Traffic cameras which can
automatically register the speed in addition to clicking
the photograph of the license plate. By using character
recognition the authorities can even translate the license
plate number into a format which they can further use as
a lookup with the DMV database.
In the year 2010, this hacker changed his license plate
number to (‘ZU 0666′, 0, 0) which is a Drop Database
Table. This is a SQL Injection method of licence plates
and if the DMV uses this string of characters in their
database lookup then there is a good chance that all the
database records which contain his actual licence plate
number (ZU 0666) would get deleted. This is an
intelligent and creative move; however Alan is not sure if
this hack is just for fun or is it real.
The security breaches always point out some mistakes
which the victim did like reusing the passwords or not
running the firewall software. Sometimes the hacker
could be actually pretty smarter than the victim. As per
Marc Maiffret, CTO of eEYE Digital Security, in general
hackers are “very calculating and successful, so there
aren’t a lot of ‘dumb hackers’ out there”. So it is always
advisable that all the online users always remain alert of
such hackers and take apt precaution to save
themselves from the getting hacked.
Let us know your views on the hackers, whether they are
genius or dumb…… in the comments section below.
Resource : IT Business Edge.