3,000,000,000 accounts (essentially every account held at Yahoo), including email, Tumblr, Fantasy and Flickr. Names, email addresses and passwords were breached but no financial data was captured. This constituted the largest data breach ever. Yahoo claimed state actors had perpetrated the hack, but many industry professionals doubt Yahoo’s claim.  Ultimately, the FBI brought charges against 4 men, two of whom worked for Russia’s Federal Security Service (FSB) in March of 2017. Karim Baratov ultimately pled guilty to hacking at least 80 email accounts on behalf of his Russian contacts. He was charged with 9-counts of hacking and sentenced to 5-years and ordered to pay $2.25 million in restitution to his victims.  By November 2016, 23 separate lawsuits relating to the hack were filed against Yahoo. 5 of the suits were combined into a class action suit that was heard in 2017.  Verizon and Altaba offered 200 million total users $50 million and two-years of free credit monitoring to settle certain aspects of the case. The presiding judge in the case ultimately rejected the settlement offer and Yahoo eventually agreed to settle for $117.5 million.

Equifax disclosed that hackers stole the personal information of 147.7 million Americans from its servers.  Among the stolen items were customer names, social security numbers, birthdates and addresses affecting more than half of the U.S. population. Making matters worse, several Equifax executives exercised their stock options and sold shares worth nearly $2 million before the details of the hack were publicly disclosed. This activity led to an SEC investigation and then CEO Rick Smith was forced to step down.  It still remains unclear who was responsible for the hack and security experts don’t know for certain how the stolen data has been used. Ironically, Equifax hasn’t faced many consequences for its carelessness. On the anniversary of the breach, the GAO released a PDF detailing how they believe the hack took place. Essentially, the hack began on March 17, 2017 and continued virtually unnoticed by Equifax “cybercops” for 76-days. During that time, hackers stole data piece by piece from 51 databases so they wouldn’t raise alarms. They were discovered finally on July 29th and had access cut off the following day.

Sony Pictures Entertainment (SPE) is the U.S. subsidiary of Sony Corporation of Japan.  The company accounts for approximately 11% of Sony Japan’s total revenue in 2014. SPE first became aware of the hack in November 2014. Hackers going by the name “Guardians of Peace” claimed to have gained entry into Sony’s servers and stole over 100 terabytes of confidential information, including employee’s Social Security numbers and health records, private emails, and unreleased films such as Still Alice and Annie. SPE immediately turned to the FBI to determine the source of the hack. On December 8, the hackers posted more confidential information and demanded that SPE “stop immediately showing the movie of terrorism which can break the regional peace and cause the War.” Though not specifically stated, it was widely assumed the picture the hackers wanted stopped was a film entitled “The Interview,” a comedy depicting an attempt to assassinate North Korean dictator Kim Jong Un. On December 16th the threat became more explicit when the group threatened 9/11-style consequences and Sony pulled the film cancelling its release.

SolarWorld was in the business of harvesting solar energy.  Between May and September of 2012, while themselves a litigant against Chinese manufacturers (for alleged dumping of solar panels into the United States at below fair market prices), SolarWorld found themselves at the same time the victim of a network hack, for which purpose was the theft of IP. In May 2014, U.S. Federal prosecutors indicted 5 Chinese nationals on charges of espionage, trade secret theft, and computer fraud for hacking the networks of 6 U.S. companies, including the U.S. subsidiary of SolarWorld AG, lasting a period of over 8-years.  The breach of SolarWorld’s servers enabled the Chinese to illegally obtain proprietary pricing information placing SolarWorld (and its subsidiaries) at a huge market disadvantage to the firms that benefited from the theft. The loss of this competitive advantage caused SolarWorld to lose 35% of its market value and ultimately led to its insolvency.

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Hackers exploiting cyber vulnerabilities began using the Mirai source code to launch a broad-based attack on DDoS targets.  According to the Institute for Critical Infrastructure Technology, Mirai exploited devices that work with the Internet of Things (IoT) with factory default or hardcoded usernames and passwords and used them to create and build a botnet which overwhelmed these IoT targets with traffic. Among the affected were Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.

Cyber-attacks cut the electricity to nearly a quarter of a million people in the Ukraine two days before Christmas, 2015.  One year later, hackers hit the power grid again.  These attacks, prophetic from the point of view that the Cyber-Cassandras had predicted it for years, signaled a seminal shift from causing digital mayhem to causing real physical damage to the world. Michael Hayden, former director of the NSA and CIA said, “…[T]his has a whiff of August 1945…Somebody just used a new weapon, and this weapon will not be put back in the box.”  “Russia will never accept a sovereign, independent Ukraine.” A pro-Russian group calling itself CyberBerkut – an entity with links to the Kremlin hackers who later breached Democratic targets in the 2016 Election – rigged the website of the Ukrainian Central Election Commission to announce that Dmytro Yarosh (an ultra-right presidential candidate) the winner. The hack was discovered less than one hour before the election results were to be declared. This emboldened Russia’s prelude into digital warfare and the cyberattacks that resulted from this attack have only escalated since.

Satellites as Weapons? Hackers allegedly took over the U.S.-German ROSAT X-Ray satellite by gaining access to the mainframe computers at Goddard Space Flight Center.  The hackers instructed the satellite to turn its solar panels directly at the Sun resulting in totally destroying the satellite’s batteries and ruining the satellite.  According to William Akoto, a scholar who studies cyber conflicts, hackers taking control of satellites orbiting Earth could have dire consequences.  Such consequences could range from hackers merely shutting down the satellites (at the banal end of the spectrum) and denying their services to those accessing them to jamming or spoofing signals from satellites potentially causing havoc to critical infrastructure such as power grids, water networks and transportation systems.  Taken to the extreme, satellites could be steered into one another or crashed into the International Space Station.  Akoto has noted that some hackers have already waged this type of warfare against satellites.