[ISN] The Decade's 10 Most Dastardly Cybercrimes

From: InfoSec News <alerts_at_private>
Date: Thu, 31 Dec 2009 20:27:59 -0600 (CST)

By Kevin Poulsen
Threat Level
December 31, 2009

It was the decade of the mega-heist, when stolen credit card magstripe 
tracks became the pork bellies of a new underground marketplace, Eastern 
European hackers turned malware writing into an art, and a nasty new 
crop of purpose-driven computer worms struck dread in the heart of 

Now that the zero days are behind us, it's time to reflect on the most 
ingenious, destructive or groundbreaking cybercrimes of the first 10 
years of the new millennium.

2000 - MafiaBoy

Once upon a time, "distributed denial of service attacks" were just a 
way for quarreling hackers to knock each other out of IRC. Then one day 
in February 2000, a 15-year-old Canadian named Michael "MafiaBoy" Calce 
experimentally programmed his botnet to hose down the highest traffic 
websites he could find. CNN, Yahoo, Amazon, eBay, Dell and eTrade all 
buckled under the deluge, leading to national headlines and an emergency 
meeting of security experts at the White House.

Compared to modern DDoS attacks, MafiaBoy's was trivial. But his was the 
cyberstrike that put the internet's security issues on a national stage, 
and inaugurated an era where any pissed off script kiddy could take down 
part of the web at will.

2002 - California Payroll Database Breach

On April 5, 2002, an unidentified hacker penetrated a California server 
housing the state government's payroll database, gaining access to 
names, Social Security numbers and salary information for 265,000 state 
workers from the governor on down. The breach itself was small potatoes, 
but when it emerged that the California Controller's Office had waited 
two weeks to warn the victims, angry lawmakers reacted by passing the 
nation's first breach disclosure law, SB1386.

The law requires hacked organizations to promptly warn potential 
identity theft victims. Its passage pulled the rock off the string of 
major corporate breaches that companies would have preferred to hush up. 
Today, 45 states have enacted similar laws.


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
Received on Thu Dec 31 2009 - 18:27:59 PST

This archive was generated by hypermail 2.2.0 : Thu Dec 31 2009 - 18:38:21 PST