From WikiLeaks to Colonial Pipeline, a history of cyberattacks in the US

A year before the invention of the World Wide Web, a 23-year-old Harvard University graduate named Robert Morris unleashed the first cyberworm, grinding computers to a halt. While the worm didn’t destroy or damage any files, it did slow operating systems and delayed emails for days, costing somewhere between $100,000 and $1 million in damage. Morris’ worm, which was conceived as an experiment and prank, inspired many of the other hackers on this list and opened the public’s eyes to the dangers of relying so heavily on vulnerable computers.

A decade after the Morris Worm, the United States experienced its first cyberespionage attack. Crooks from the Russian Academy of Science (a government-sponsored organization) hacked both the Department of Defense and the Department of Energy, as well as several of the organizations’ civilian and military contractors, stealing thousands of sensitive but unclassified documents. Authorities attempted to identify the group responsible for the attacks by using a honeypot—a method that had been employed in identifying Markus Hess—but were unable to ever pin down exactly who was responsible.

The first episode of state-sponsored espionage from China began as early as 2003. Titan Rain was a series of highly coordinated attacks that breached Department of Defense computers in the United States as well as government computers in the United Kingdom. The People’s Liberation Army of China is believed to have gotten its hands on thousands of documents, even gaining access to NASA and FBI computers, and the discovery of the security breach had a hand in creating the tension that exists between the countries to this day.

In 2008, a flash drive loaded with a malicious computer code was plugged into a U.S. military laptop somewhere in the Middle East. From there, the code uploaded onto a U.S. Central Command network, spreading into both classified and unclassified systems, allowing data and military plans to silently be transferred to foreign servers. Dubbed Operation Buckshot Yankee, the cyberattack has been called “the most significant breach of U.S. military computers ever,” and led to the creation of U.S. Cyber Command.

Beginning in 2009, dozens of companies, including Google, Adobe, Yahoo, and Dow Chemical, were hacked through a combination of encryption, stealth programming, and a previously unknown hole in Internet Explorer. The hackers responsible, a group associated with the People’s Liberation Army of China, were after the brands’ source code, which, at the time, was completely unprotected. Google was the first to speak openly about the hack in a blog post in 2010, and anti-virus firm McAfee declared it the worst cyberattack to have ever been taken against commercial industrial companies.

Most of the cyberattacks propagated against the U.S. military and government have been from outside forces, like China and Russia, with one major exception: WikiLeaks. Over the years, the hacker group, which was founded by Australian hacker Julian Assange, has leaked a number of classified documents and videos, which are often sourced from American informants. One perfect example of this type of cyberwarfare is the Collateral Murder footage, which was given to the organization by U.S. Army Private Chelsea Manning, who was later charged with violating the Espionage Act and served seven years in prison.

For three years, beginning in 2011, Iranian hackers used false social media accounts that presented them as journalists working for a fake news site (NewsOnAir.org) to befriend military and political leaders in the United States. Once they’d established relationships with their victims, the hackers would then send malicious software, disguised as NewsOnAir articles or web portals, to the victims, gaining access to their computers and all the information on them. Operation Newscaster, as it’s been called, is one of the most elaborate “social engineering” cyberespionage campaigns to date, according to Reuters.

In response to economic sanctions placed on Iran in 2013, a group of government-backed hackers from the Middle Eastern country unleashed a stream of attacks on American banks called Operation Ababil. These attacks, called DDoS or distributed denial of service attacks, flooded online banking sites with so much traffic that they collapsed. Ultimately no money was stolen and no accounts were breached, but the attacks demonstrated that the entire banking system could effectively be shut down in an instant, preventing millions of Americans from accessing their hard-earned money.

In 2013, the biggest known breach of a company’s computer network occurred when Yahoo had all 3 billion of its user accounts hacked. To this date, it’s still not known exactly who hacked the internet giant or what they did with the billions of usernames, passwords, birthdays, security questions, and other data points they stole. However, in 2017, an Eastern European group began quietly selling the data, which could be bad news for the millions of users who use the same password for multiple accounts and could easily find themselves hacked all over again.

Cybersecurity firm Cylance released a report in 2014 that revealed some 60 companies around the world, including 10 in the United States, had been the subjects of an ongoing attack by an Iranian group. From what the firm could tell, the group had broken into systems that contained confidential data, trade secrets, and intellectual property, using custom and publicly available malware tools, and had slowly been gathering the information they’d need to launch a much bigger attack somewhere down the line. Security experts continue to warn the compromised companies, who were never publicly named, that they are still at risk and may be subject to a terrorist attack.

Sony Pictures Entertainment had huge amounts of data, including emails, scripts, and unreleased films, stolen from their network in 2014 by a North Korean group called the Guardians of Peace. After leaking a huge chunk of the data to the press, who wrote embarrassing articles about the company’s drama, the group threatened to launch a string of terrorist attacks against theaters that showed “The Interview” (a comedy that painted Kim Jong-un in an unflattering light). The attack not only had major consequences for Sony, which lost millions of dollars, but for the movie industry as a whole and the United States’ foreign relations.

Using a method that’s never been fully clear, a group of government-backed Chinese hackers gained access to the Office of Personnel Management network in 2015, stealing tons of information about civilian government employees. Items stolen included fingerprints, social security numbers, addresses, and other sensitive information. One of the largest breaches of government data in our country’s history, the attack came after multiple warnings that the network was not secure. It also remains unknown whether the hacker group sold the data or used it to compile a database of their own.

Just because you’ve never had a Yahoo account or been a government employee, doesn’t mean your personal information is safe. In fact, the 2015 IRS Hack almost guarantees that it isn’t. That year, a group of unidentified hackers used information they had gathered elsewhere to gain access to the agency’s “Get Transcript” application, walking away with the social security numbers, addresses, and incomes of some 700,000 taxpayers. The information the group collected could potentially allow them to steal the identities of the victims.

Private citizens having their personal information leaked is nothing compared to the hundreds of thousands of FBI and Homeland Security employees who had their names, addresses, phone numbers, and emails leaked by a group referring to themselves as @DotGovs. The scary security breach happened just months after a teenage hacker gained access to the CIA Director’s personal email account (as well as all the sensitive information his correspondence contained).

Arguably, no other cyberattack has affected the course of American history to the same degree as the presidential campaign hacks of 2016 have. At the end of 2015, a group of Russian hackers used phishing emails to gain access to the inboxes and computers of several members of the Democratic National Committee. From there, the group released documents and data with the intent to ensure Donald Trump would beat out Hillary Clinton. 

A year later, one of the individuals believed to be a part of the 2016 presidential campaign hacks struck again. This time, the Russian-speaking hacker, nicknamed Rasputin, breached two dozen American universities as well as several government organizations, stealing customer information that could be sold at a premium to competitors. In order to obtain the information, Rasputin used a proprietary SQLi tool, illustrating the fact that even in 2017 most companies weren’t adequately equipped to fend off hackers intent on profiting off of them.

In 2017, the news broke that the private GitHub coding site used by Uber, as well as the Amazon Web Services account where the company stored its data, had both been hacked. The criminals responsible stole the names, phone numbers, email addresses, and locations of some 50 million riders as well as the driver’s license numbers of some 7 million people. Rather than report the breach to their customers as it should have, the company quietly paid the group responsible $100,000 to delete the data and stayed mum about the event until regulators ousted them.

Despite what you may think, hackers aren’t always after government secrets, military intel, or super personal information like social security numbers. In some cases, like in the 2018 MyFitnessPal breach, they’re simply after email addresses and consumer information, which can both command a hefty price tag on the black market. Under Armour, the parent company of MyFitnessPal didn’t reveal how the hackers were able to access the information they stole but did reveal that its size landed it among the top five data breaches to date.

One spring evening in 2018, hackers found a vulnerability in an internet port. Using the hole, the group was able to deploy ransomware that shut down automated dispatches for all the 911 and 311 calls made in Baltimore. While the city was able to handle and respond to emergency calls manually, the attack shut down the system for over 36 hours, scared local residents, and cost nearly $200,000.

Another municipality found itself on the receiving end of a cyberattack in 2018. This time it was Atlanta that found that a group of shadowy individuals, who named themselves SamSam, had used ransomware to lock up its programs and files, relabeling them “I’m Sorry,” and giving the city a week to pay up before they were locked out permanently. After five days and $51,000 in Bitcoin, the attack ended, but the event represented a serious escalation from previous attacks of a similar nature, like the one in Baltimore.

A Coast Guard crew aboard a merchant vessel had a scary experience in February 2019 when a form of malware called Emotet was used to gain access to their ship’s critical control systems. While the crew managed to avoid losing complete control over the ship, the incident was certainly a wake-up call, especially as experts have no idea how the malware was introduced to the system. A Marine Safety Alert released later that year suggested that cybersecurity assessments be undertaken in order to better understand the organization’s vulnerabilities.

A former Amazon employee was charged with illegally obtaining 100 million Capital One credit card applications and accounts in the summer of 2019. She was able to gain access to the bank and all of its confidential information by exploiting a misconfigured firewall, using information she’d likely uncovered in her former position. According to investigators, the woman had attempted to sell the data online, seeking a financial come up while risking the hard-earned money of many American and Canadian citizens who could have seen their entire bank balances wiped out.

At the height of the COVID-19 pandemic, the United States accused Chinese hackers, who were working on behalf of their government, with attempting to steal information related to vaccine development. These accusations came just days after officials accused Russia of the same type of activity. Both groups used illegally obtained credentials to hack into the companies' networks and steal the information, highlighting how difficult it’s become to keep intellectual property secure in today’s world.

Late in 2020, a group of hackers injected a tiny piece of secret code into an update of a popular software called SolarWinds. Then, when hundreds of companies downloaded the update onto their computers, they suddenly became vulnerable to theft and spying. While the scope of the attack is yet unknown, experts are pointing to the case as an example of how supply chains can make governments and private companies vulnerable even while they may otherwise be impenetrable.

Most recently, DarkSide, a Russian ransomware gang, hacked the Colonial Pipeline, which transports the majority of the East Coast’s fuel. The gang likely gained access to the company’s system through the administrative side, sending an email with a link to an unwitting employee who clicked it. One of the biggest attacks on critical national infrastructure in history, the episode caused fuel supplies to be cut off for six days before the company paid a $4 million ransom to have their systems restored.