Hackers are often seen as malicious, foul creatures that try to break into companies to gain personal data. Reporters are always eager to talk about the shocking new breach of security, and the hacker being brought to justice. Movies and television portray hackers as serious loners living in their parents’ basements, putting hacking before hygiene.
Of course, not all hackers are malicious. Some hackers act as whistleblowers. They find security flaws, contact the websites involved, and if necessary, report their findings to the public. Other hackers are hired to find existing flaws and patch them. Reporting security flaws can be profitable. A few hackers do not attempt to earn information or money, but instead try to gain internet fame. These are five of the sassy hackers and the stunts they pulled.
Andy and the Auto-Retweeting Heart -Hack Type: Cross-Site Scripting Attack
Andy, also known by his Twitter handle “@derGeruhn”, is an IT student living in Karlsruhe. He is a fan of the social media website Twitter and uses Tweetdeck, an auxiliary service that tracks conversations to make them easier to find. One of the things users could do in Tweetdeck was post tweets. On June 11th, 2014, Andy discovered the box to post a tweet didn’t filter HTML code. This meant a malicious Tweetdeck user could cause numerous problems on the website.
Andy decided the best way to tell Tweetdeck about this issue was by using a Tweet. One hundred and thirty-nine characters was all it took for Andy to create a tweet that would retweet itself whenever a Tweetdeck user looked at it. The tweet would give the user the notice “XSS [Cross-Site Scripting] in Tweetdeck”. His final character was a heart. Tweetdeck users were only able to see the heart. People on Twitter itself could see all of the code. The tweet retweeted itself over seventy-two thousand times.
After he tweeted the tweet, Andy assumed his account would be taken down. He posted a goodbye to the world and waited for Twitter to disconnect him. Twitter fixed the issue in under an hour, and to thank him, let him keep his account. The account is still available to the public.
Basit, Amjat and Brain – Hack Type: Boot Sector Overwrite
Brain was one of the first computer viruses ever created. It was made by two Pakistani brothers, Amjat and Basit Farooq Alvi. They realized the new Dot-Matrix Operating System was less secure than previous operating systems. Because they ran a computer service company, they knew they could create something to show computer makers how weak their system was.
In 1989, the brothers released their virus. The virus moved itself and the computer’s boot sector to a different sector on the drive, which it marked as unusable. The virus then changed the name of the volume to “Brain” or “asher” [sic]. It travelled via floppy disks and hard drives, infecting computers all over the world.
The code for Brain contained a message from the creators. There were multiple versions of the message, according to the computer security company F-Secure. One message told users the contact information they could use to be “vaccinated”. Another mourned the loss of the viruses that had been inspired by it.
The brothers had put their real business information in the virus code. When calls from the United States came flooding in, they were stunned. Brain Computer Systems, the company the brothers own, appears to no longer be in business.
Mandev and Happy Birthday Joshi – Hack Type: Ransomwere
Mandev Joshi, an Indian programmer, created a virus in 1990. Like Brain, Mandev’s virus spread via floppy disks and hard drives. Unlike Brain, it didn’t appear to do anything.
Three hundred sixty four days of the year, the virus would only replicate itself onto other disks and drives. If the computer boots and finds the date is January 5th, it stopped the user. The user would not be able to use their computer until a specific requirement was met.
Some hackers would request money from their infected users. Others might ask their users to complete a real-world task. Happy Birthday Joshi simply asked users to type a message: “Happy Birthday Joshi”. Once this message was entered, the system would run as normal.
American Military and the Siberian Pipeline – Hack Type: Logic Bomb
What happens when two groups of government-funded hackers meet? The United States Military was able to answer this question when they discovered the Soviet Union was taking some code for monitoring oil pipelines. The Americans decided to insert some extra code into the pipeline data.
This code, like Happy Birthday Joshi, spent most of its time waiting. The code ran thousands of times normally. After running thousands of times, the fuse of the logic bomb ran out. The extra code changed the way pipeline pressure was monitored. It allowed pressure to build in the pipelines.
Nobody noticed the problem with the pressure until the pipelines burst, causing huge fires. The Soviet government lost a huge amount of revenue that day. They learned that stealing code from the United States was not worth it.
MI6 and Operation Cupcake – Hack Type: File Host Takeover
In June of 2011, MI6 were looking for websites connected to terrorism. They discovered a magazine run by al-Qaeda members. It taught new members tools of terror, including instructions to make a bomb. The team responsible for controlling the website knew the terrorist would notice if his file was gone. They decided to have a bit of fun replacing the terrorist guide with instructions to make cupcakes.
Why? Maybe someone in the office didn’t have lunch, or maybe it was funny. Either way, the MI6 officers hacked into the al-Qaeda leader’s website and replaced the terror file with cupcake instructions. The Telegraph reported on the incident on June 2nd, 2011. Unfortunately, the cupcake overwrite did not stop al-Qaeda from distributing their magazine, but the internet had a field day over the concept of suicide bombers making vanilla cupcakes with bright pink frosting.
Over the years, hundreds of thousands of hacks have occurred. Some are malicious, some are demonstrative, but a few are ridiculous. Those few are the ones that are able to make their work known without facing ire from the world- though the government may be upset. They exist as digital jesters, playing with our technology just for a laugh.
