Some Hackers just want to see the world burn

By Matthew Olney, content manager at XQ Cyber, and finalist in the Security Serious Unsung Heroes Awards

With the new Joker movie hitting cinemas what better time to take a look at some of the most infamous incidents of hackers causing trouble just for the sake of it?

Not all cyberattacks are financially motivated but can still inflict monetary losses or tarnish an organisation hard won reputation. Not all hackers are criminal masterminds out to get rich, many carry out hacks because to them it’s a hobby or just a bit of fun.

‘Nobody panics when things go according to plan’

The latest incident of such a hack came out of Auckland, New Zealand where the Sports company Asics had to apologise after screens outside of its flagship store were hacked and streamed pornography for several hours. The ‘adult’ content was playing for up to nine hours and was only discovered at 10am on Sunday when staff arrived for work.

To many such an incident is humorous, but Asics and some members of the public were not amused. The hack may on the surface appear to just be a bit of fun, but to Asics and its customers it might raise some concerns over its cybersecurity.

The hack saw the company issue an apology via its Facebook page.

“We would like to apologise to anyone who may have seen this. An unknown person gained access to the screens above our central Auckland store and some objectionable content was displayed on the screens. We are working with our software and online security suppliers to ensure this doesn’t happen again,” the post said.

There have been many such hacks reported over the years with the common factor being to cause as much mischief as possible.

Upset the established order, and everything becomes chaos’

In May 2015, the citizens of Atlanta’s affluent Buckhead neighbourhood got a rude awakening when on a huge digital billboard appeared a naked man performing a lewd act. The populace was shocked by the scene with some even reporting it to the police. Later it was revealed that a hacker group called the Assange Shuffle Collective took responsibility.

On a Reddit post they said; “Hello friends, we are the Assange Shuffle Collective, and we’re responsible for the happy afternoon entertainment. Ironically, we didn’t realise that Buckhead was an incredibly affluent neighbourhood, which makes the whole thing terrifically good fun. Burn the rich.”

The hack highlighted just how vulnerable the billboards are to cyberattacks. Such billboards are often completely unprotected, dangling on the public internet without a password or any kind of firewall. 

‘The only sensible way to live in this world is without rules’

Causing carnage just because they can is another common theme for such hackers. In 2014 a German steel mill suffered considerable structural damage after a cyberattack allowed hackers to take control of the mills production software.

According to an investigation the hackers gained access via a spear phishing email that allowed them to infiltrate the mills network. Once in control, the hackers destroyed human machine components and even prevented the blast furnace from activating its security settings in time. The result was serious damage to the buildings infrastructure. 

You may be wondering how you could possibly protect yourself from such chaotic hackers, well it may surprise you that the methods needed to implement are the same as any other.

‘The night is darkest before the dawn, but the dawn is coming’

Getting the basics of cybersecurity right such as introducing an incident response plan and implementing measures such as turning on a firewall, using strong passwords, using an up to date antivirus, introducing access controls and making regular backups of your businesses data can massively reduce the risks.

There’s no point locking your front door if you then leave the windows wide open. Implementing the NCSC’s 10 steps guidance for example and ensuring a robust awareness campaign that really drives the message home to staff is introduced will prevent the most basic of attacks.

Most cybercriminals are opportunistic creatures seeking an easy score. Of course, there are those who are more persistent and capable, but If you make yourself an easy target then it’s pretty much a certainty that you will become another victim.