Weapon of choice: 10 of the world’s most notorious hacker groups
1
Lizard Squad
The group also claimed responsibility for the cyber attacks on Malaysia Airlines in January 2015, which resulted in website visitors being redirected to a page which read “404 – plane not found”, as well as a DDoS attack on Facebook, which downed the popular social media network.
Facebook still denies it was hacked and Malaysia Airlines claimed its domain had only been temporarily redirected elsewhere.
But if there’s one company the Lizard Squad seems to have a serious vendetta against, it is Sony. In August 2014, for example, it tweeted a threat against an airliner on which Sony’s president of online entertainment was travelling. The plane ended up making an emergency landing.
That same month, the group posted the ISIS flag on Sony’s servers and has made other allusions to the “cyber caliphate”.
02
Anonymous
The group became known for a series of attacks on government, religious, and corporate websites. It has attacked the Pentagon, threatened to take down Facebook, threatened Los Zetas (a Mexican drug cartel) and declared war on the Church of Scientology.
Since 2009, dozens of people have been arrested for involvement in Anonymous cyber attacks, in countries including the US, UK, Australia, the Netherlands, Spain, and Turkey. Anonymous generally protests these prosecutions and describes these individuals as martyrs to the movement.
In 2012, Time named Anonymous one of the “100 most influential people” in the world. Critics have even called these digital Robin Hoods as a “cyber lynch mob”.
The group’s motto is “We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.”
03
Syrian Electronic Army
While it is unclear exactly what relationship the group has with the government of President Bashar al-Assad, it is known for employing methods including spamming, phishing, malware, DDoS and more to target political opposition, the media and even neutral NGOs.
It calls itself “a group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria”.
Back in 2012, Anonymous and the SEA also exchanged attacks and threats, which lead to Anonymous ‘declaring cyber war’ on the SEA.
To delve even deeper into the rabbit hole, the SEA has also been linked with posing as female supporters of Syrian rebels in order to steal war plans to use in the country’s ongoing conflict, leading to the death of a large number of rebels.
04
The Impact Team
New to the game, the group stole and exposed personal information of users of the two websites owned by Canadian company Avid Life Media (ALM), namely Ashley Madison and Established Men.
Its reasoning was that the company charges a $19 fee for completely removing a user’s personal information from its websites. It alleged the company was scamming users, be
05
The Hacking Team
The Italian company that has reportedly sold spyware to 21 countries and has targeted journalists and human rights activists is perhaps most notorious because of how secretive it tries to be, even within its own company.
Despite these conflicts, the company continues to operate and export its software.
According to hacked emails posted by WikiLeaks, the Saudi Arabian government came close to buying controlling share of this ‘legit’ company, but the deal collapsed in early 2014 after Prince Bandar bin Sultan was removed as head of the Saudi intelligence service.
An analyst noted that despite increasing publicity over the last few years about The Hacking Team’s nefarious customers, the company suffered little blowback from exploit sellers. “In fact, by raising their profile, these reports served to actually bring Hacking Team direct business.”
Weirdly enough, in July, the firm that is famous for helping governments spy on their citizens was itself hacked by a single attacker. A massive leak (400 GB) of sensitive internal data was posted online.
The recent information leak from the company confirmed certain inner workings and business practices hinted at by earlier disputes with the Italian government, hacker collective Anonymous, lawsuits against its own employees, and even a United Nations panel monitoring the implementation of sanctions on Sudan.
06
LulzSec
The group announced itself with a hack against Fox.com, and then Sony Pictures in 2011. The group even took the CIA website offline.
LulzSec is well known for ridiculing its victims after an attack, which made the analysts compare its hacks to internet pranks. In June 2011, a ’50 days of Lulz’ statement announced that the group had fallen out.
However, on 18 July, the News Corporation was hacked by the group, which then proceeded to post false news about the death of Rupert Murdoch.
In 2012, a few LulzSec members were arrested by the FBI after the group’s leader, Sabu, turned them in. Prosecutor Sandip Patel said the group thought of themselves as “latter-day pirates”.
07
Chaos Computer Club
It gained worldwide notoriety in 1981 by hacking into a German computer network and debiting 134,000 Deutsche Marks from a Hamburg bank. It returned the money the next day, having proven that the system’s security was flawed.
The group’s primary mission is to expose security flaws. The CCC also weighs in on wider political debates over data privacy.
Members recently called for the encryption of all online communications to protect against government surveillance, a stance that puts its at odds with increasingly terror-leery European Union (EU) officials.
In an interview, CCC member Falk Garbsch spoke about mass surveillance: “There have to be consequences. The work of intelligence services has to be reviewed – as does their right to exist. If necessary, their aims and methods will have to be redefined. We have to think about how these [shared] data are processed and where they can be allowed to resurface. And this is not just the challenge for 2015, but for the next 10 years.”
The group has protested French nuclear tests, stolen money on live TV via Microsoft’s ActiveX, and examined the German government’s own malware.
08
Bureau 121
Founded in the 1980s, Bureau 121 has grown exponentially to become one of the world’s largest cyber organisations.
It’s based in Pyongyang, but also reportedly works out of the basement of a North Korean hotel and a restaurant in Shenyang, China. The unit is estimated to have recruited nearly 6,000 programmers.
A 2014 investigative report by Hewlett Packard identified Bureau 121 as being able to deliver multi-staged, coordinated attacks that could spread malware and disable or evade anti-virus protections.
In 2013, North Korea was reportedly behind a widespread attack on three South Korean broadcasters and a major bank. The attack froze thousands of news broadcasters’ computers and ATMs across the country were unable to disperse cash.
In March 2015, South Korean authorities blamed North Korea for a massive data breach on Korea Hydro and Nuclear Power – the company that operates South Korea’s 23 nuclear reactors.
A 2014 data breach report found that nearly half of all US companies had been hacked. Even so, there is limited evidence of any North Korean involvement – except for the Sony Pictures case where all the executives’ dirty laundry was hung out in public.
09
Hidden Lynx
Hidden Lynx, according to Symantec, “are the pioneers of the ‘watering hole’ technique” used to ambush targets. It has early access to zero-day vulnerabilities (a hole in software that is unknown to the vendor), and has the tenacity and the patience of an intelligent hunter to compromise the supply chain to get at the true target.
Among other stunts, during one 2012 campaign, it hacked the authentication keys used by application whitelisting company Bit9, allowing it, as Ars Technica notes, to “infect more valuable targets inside military contracting firms who used the service”.
All indications seem to point to China as Hidden Lynx’s main base of operations, but it isn’t certain whether it is some sort of a state-sponsored entity or a powerful mercenary group.
The members’ advanced skills and techniques – as well as the fact that their infrastructure and command and control servers all originate in China – make it highly unlikely that the group is unsupported.
10
Deep Panda
Lacking a name for the unit, the security firm CrowdStrike gave it one: Deep Panda.
Active since 2007, the group allegedly works out of People’s Liberation Army-owned buildings.
The hackers’ latest handiwork may have been the massive Anthem data breach, which exposed the personal information of more than 80 million insurance policyholders.
That cyber attack put Anthem customers at risk for identity theft throughout their lives.
Deep Panda has been tied to cyber attacks on US foreign policy think-tanks and individuals who are experts on the Middle East and Australian media outlets.
A 2014 investigation by CrowdStrike also blamed the group for sending malware to organisations across the US defense, healthcare and technology sectors.
“This group uses a wide variety of tools, including generic hacking utilities, in order to gain access, establish persistent network access, and move laterally though the victim network,” an FBI official stated in a memo.