Throughout 2020 the world saw multiple major hacks and breaches of schools, governments, and private companies as more systems moved online and the world adapted to the coronavirus pandemic — here are five of the most notable hacks and breaches of 2020.
The term hack, which entered general usage with a new, nontechnological sense of “solution” or “work-around,” as in the phrase “life hack,” in the previous decade has undergone an impressive divergence in meanings since it entered the English lexicon hundreds of years ago.However, as with the synonym kludge (also spelled kluge), the etymological origin of the word is disputed. The hack began as early as March when malicious code was snuck into updates to popular software that monitors computer networks of businesses and governments. The malware, affecting a product made by U.S. Company SolarWinds, gave elite hackers remote access into an organization’s networks so they could steal information.
- Hack is also defined as the act of breaking into computers or computer networks. My definition is a combination of both. To me, a hack is a clever or unexpectedly efficient means of getting something done. A good hack should feel like cheating because the value created by the hack feels completely disproportionate from the work done.
- China is 'the leading suspect' in the pair of major breaches that compromised deeply personal data for millions of federal employees, according to Director of National Intelligence James Clapper.
- Russia-Linked SolarWinds Hack Snags Widening List of Victims (Bloomberg) - It was clear from the start that a cyber attack by suspected Russian hackers aimed at several U.S. Government agencies.
In 2020 many services and companies moved online as the coronavirus pandemic made it increasingly hard to operating normally. Hackers saw this as a fantastic opportunity to make some money (and cause mayhem). Soon multiple companies, governments, schools, and hospitals were subject to data breaches, ransomware attacks, and general hacks.
Here are some of the worst hacks and data breaches that took place in 2020.
1: The SolarWinds Hack — Which Hit the U.S. Government
Breitbart News reported earlier this month that hackers may have gained access to the networks of the U.S. Treasury and Commerce departments by sneaking malware into a recent SolarWinds software update.
SolarWinds CEO Kevin Thompson said in a statement that the company believes that products it released in March and June of this year were modified in a “highly-sophisticated, targeted and manual supply chain attack by a nation state.”
Currently, the FBI and the Department of Homeland Security’s cybersecurity arm are investigating what many experts believe to be a large-scale penetration of U.S. government agencies.
In a recent statement, National Security Council spokesperson John Ullyot stated that the U.S. government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”
SolarWinds produces an extremely popular piece of server software used by hundreds of thousands of organizations globally. Most Fortune 500 companies and many U.S. federal agencies utilize the software and will be working hard to secure their networks following news of the hack.
SolarWinds boasts 300,000 customers worldwide including all five branches of the U.S. military including the Pentagon, the State Department, NASA, the NSA, the Department of Justice, and the White House. The 10 leading U.S. telecommunications companies and top five U.S. accounting firms are also SolarWinds customers.
A Microsoft security research blog has since claimed that a second group may have been involved in the hack, stating: “The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor.”
2: Twitter’s Bitcoin Scam Hack
In July, Twitter was subject to a major hack that saw multiple high-profile accounts hijacked and used to spread malicious links as part of a scam to steal Bitcoin. It was later revealed that the hacker was a 17-year-old from Florida.
The accounts hijacked included Joe Biden, Former President Barack Obama, Tesla CEO Elon Musk, Microsoft founder Bill Gates, and the official accounts of ridesharing service Uber and tech giant Apple.
The Daily Mail reported that hackers have received approximately $116,000 worth of Bitcoin (12.8 Bitcoin) from over 300 people. One intelligence official told the New York Times that the idea that hackers could easily gain access to the accounts of world leaders was “scary.”
Alex Stamos, the director of the Stanford Internet Observatory and the former chief security officer at Facebook, commented: “It could have been much worse. We got lucky that this is what they decided to do with their power.”
Kevin Mitnick, a hacker turned security consultant, commented that if hackers gained access to the Direct Messages of world leaders, the information contained in those messages could open up the victims to blackmail causing a threat to national security. “You can imagine if those messages were released or if these hackers threatened to release them,” said Mitnick.
3: Hospital Ransomware Attacks
In July, Breitbart News reported that the University of California, San Francisco (UCSF) was forced to pay a $1.14 million ransom to hackers that had placed an encryption hold on data stored on university servers.
In a statement, the university said that they are working to reinforce their cybersecurity to prevent a similar breach from occurring in the future.
UCSF said in a statement that it was working to improve its cybersecurity in an attempt to prevent another breach in the future. The university said:
While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible. Since that time, we have been working with a leading cyber-security consultant and other outside experts to investigate the incident and reinforce our IT systems’ defenses. We expect to fully restore the affected servers soon.
In September, Universal Health Services, a major hospital system with over 400 locations, faced a major cyberattack that left the computer systems of multiple hospitals unusable.
Computer security engineer Kenneth White said at the time that disabling hospital IT systems can have devastating consequences for patients. “When nurses and physicians can’t access labs, radiology or cardiology reports, that can dramatically slow down treatment, and in extreme cases, force re-routing for critical care to other treatment centers. When these systems go down, there is a very real possibility that people can die.”
4: iPhone’s Remote Hacked — by Google Researchers
In a slightly less serious hack, a Google Project Zero security researcher discovered that he could gain complete access to iPhone’s entirely remotely. The major security failing by Apple allowed hackers to take total remote control of iPhones within WiFi range, allowing the hackers to download all the data on the phone and even activate the phone’s cameras and microphones. The vulnerability was not just a theoretical security flaw but one that a Google security researcher was able to demonstrate by taking full remote control of an iPhone in another room.
The exploit was demonstrated by Google Project Zero security researcher Ian Beer. Project Zero aims to identify and notify developers of vulnerabilities before hackers can discover and exploit them. Project Zero founder Chris Evans told Ars Technica that this security vulnerability was particularly worrying as it did not require any user interaction at all and leaves no clues that the device was accessed by hackers.
Leading The Game Hacking Scene Since
Evans stated: “This attack is just you’re walking along, the phone is in your pocket, and over Wi-Fi someone just worms in with some dodgy Wi-Fi packets.” The vulnerability lies in Apple’s Wireless Direct Link (AWDL) which is used by iPhones to send photos or files.
5: Major Robinhood Stock Trading Account Hack
In October, 2,000 Robinhood stock trading accounts were compromised in a hack that stole customer funds. The finding indicates that hacks were more widespread than previously believed. A source with knowledge of the internal investigation provided the estimated figures to Bloomberg.
When the hack was first reported, Robinhood disclosed few details about the extent of the hack. The online brokerage claimed that “a limited number” of customers had been struck by cyber-criminals who accessed user accounts by breaching personal email accounts outside of Robinhood. Some victims so far have acknowledged that their emails were hacked while others deny the claim.
The public reaction to the hack was immediate across social media with investors claiming that they were unable to call the brokerage to gather more details about their accounts. Robinhood now has more than 13 million customer accounts and is now considering adding a customer service phone number.
In March of 2020, Robinhood’s app crashed, preventing customers from executing stock trades for an entire day. As Breitbart Tech reported at the time, “One user wrote: ‘One of the most anticipated trading days and your service is down at market open.’ Another user wrote: ‘What is going on — I can’t do any trades — you will lose me as a customer going forward. This is ridiculous.’”
These are just some of the worst hacks and data breaches of 2020, hopefully 2021 will bring a greater focus on cybersecurity resulting in a tougher time for hackers, whether they are Florida teenagers or hacking teams backed by foreign nations.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolanor email him at lnolan@breitbart.com
The cyber security firm FireEye revealed that it has been the victim of a massive, long-running hack of its network. Given FireEye’s stature in the tech community, that alone would have made headlines, but the company went on to explain that the hackers were able to gain access to their system through corrupted software updates dispatched by SolarWinds, a company whose network monitoring programs are used by the vast majority of the Fortune 500; top U.S. telecom companies; every branch of the U.S. military; the departments of Justice, State and Defense; the White House Executive Office; the National Security Agency; the Department of Energy and National Nuclear Security Administration; a number of state governments and private sector actors; and many more.
Even in a year like 2020, this is massive news.
Why It Matters:
This is a nightmare scenario for the U.S. government: A private sector company hired by multiple U.S. agencies was used as Trojan horse to gain access to wide swaths of some of the most sensitive data the U.S. government possesses. Cyberattacks like this are called “supply chain attacks,” where hackers hijack trusted software updates provided by legitimate companies to break into their customers’ networks. While the perpetrators have yet to be conclusively identified, the resources needed to pull off this kind of operation and keep it undetected for months—the compromised updates started going out in March and continued as recently as this past weekend—mean nation-states are the prime suspects. Given its history with these kind of attacks and the desire for payback against the NSA and CIA for past cyber operations as revealed by Edward Snowden and data dumps like Vault 7, the leading suspect is Russia. More specifically, suspicion has fallen on a group known as APT29, aka Cozy Bear, which is affiliated with Russia’s foreign intelligence service, the SVR.
Whoever was behind it, the damage to U.S. national security (and the reputation of its key agencies that are responsible for protecting and deploying the country’s most sophisticated cyber weapons) is substantial. The hack has revealed that U.S. critical infrastructure and sensitive data remain vulnerable to threats from cyberspace. But we already knew that (see the Office of Personnel Management attacks from a few years ago); the real question is what the U.S. can do about it. And therein lies the problem.
What Happens Next:
For the next months (at least), the focus will be on assessing the damage done, patching up any remaining vulnerabilities, and rooting out hackers who may have used the initial breach to gain “persistent” access to sensitive networks. Rather than downloading all the critical data immediately, the attackers used their access to install additional backdoors and cover their tracks, allowing them to monitor developments over the course of the year. In other words, the hack remains “ongoing”.
The next goal will be to determine the actual purpose of the cyberattack, which will be critical in forming the official response of the U.S. government. If it’s decided this was a more classic attempt at espionage—albeit updated for our 21st century reality—then more defensive cyber tools (like beefed-up firewalls) will be deployed in response to shore up network defenses. A Biden administration would also try do this as part of a coordinated international effort, which makes sense as SolarWinds—a publicly-traded company—has multiple international corporations and other governments as clients as well. The overall U.S. response in this scenario will be measured, part of the business of 21st century politics, and will focus on targeting individuals and entities responsible for the attack, but nothing sweeping against Russia (or whatever state) perpetrated it.
Why not more aggressive? Two critical reasons—the first is that the U.S. has never had solid responses to existing cyberattacks given the amount of confusion inherent in them, and things can quickly escalate unintentionally in the cyber realm. The second, and arguably more critical reason, is that the U.S. engages in similar activities, and escalating the response also runs the risk of exposing covert U.S. activities under way.
That doesn’t mean foreign adversaries aren’t keeping a close eye on the response. While the timing of the attack wasn’t intended to target the incoming Biden administration as it was first launched months ago, its exposure on the cusp of Biden assuming office means that how the new administration team responds will set the tone for the next four years of cyber competition. In addition to shoring up defenses, network defenders have already begun targeting the SolarWinds hackers’ command-and-control systems, by seizing IP addresses used in the operation. At the organizational level, look for a White House cyber czar to be coming back, a position that was cut during John Bolton’s tenure at the National Security Council. That makes sense given the need for coordination across the government as the U.S. braces for more of these types of hacks, both because of the growing sophistication of hackers (and the tools they’ve stolen over the years, both the newly disclosed theft from FireEye and the earlier theft of hacking tools from the NSA which were later leaked by a group known as the Shadow Brokers) and because there are just evermore digital targets as our lives and huge chunks of the global economy are increasingly ported over to cyberspace.
But if it’s determined that the hackers were after critical infrastructure (with the potential of costing American lives) or to kneecap U.S. industries, then the response gets more serious and aggressive. We’re just unlikely to hear about it. That’s because…
The One Major Misconception About It:
The U.S. is not engaging in the same kinds of cyber operations against our adversaries. Don’t believe it. The U.S. has the same, if not greater, offensive capabilities than other nation states out there. But cyberspace isn’t like more traditional domains of conflict, where you want your adversary to know you have the bigger and better weapon to act as a deterrent; it’s wiser to keep your most advanced capabilities under wraps. Another reason you don’t hear about U.S. cyberattacks? Because many of the countries that are the targets of U.S. cyber operations—Russia, China, and North Korea—are authoritarian regimes that would never publicize their failures. In the U.S., exposing hacks like this leads to short-term political embarrassment, but also stronger cyber systems over the long run as key weaknesses are addressed. Think of it as the inherent long-term tech advantage of operating in an open political system.
The One Thing to Say About It on a Zoom Call:
America’s reliance on the private sector, one of its greatest strengths in a traditional economy, is also the source of one of its biggest vulnerabilities in the digital world if left unaddressed. SolarWinds just proved that; what’s left to be seen is how well the government can adapt to this new reality. Yet one more urgent thing on Biden’s plate come January 20th.
Sign up for Inside TIME. Be the first to see the new cover of TIME and get our most compelling stories delivered straight to your inbox.
