Foreign Policy: Shots Fired In the past decade, international conflict has expanded to include cyber warfare. Joshua E. Keating of Foreign Policy describes the 10 worst cyber attacks initiated by both countries and private groups.
NPR logo Foreign Policy: Shots Fired

Foreign Policy: Shots Fired

A protester wearing an Anonymous Guy Fawkes mask holding a computer takes part in a demonstration against the controversial Anti-Counterfeiting Trade Agreement, on Feb. 25, 2012 in Paris. The online collective Anonymous has initiated many hacking incidents. Mehdi Fedouach/AFP/Getty Images hide caption

toggle caption
Mehdi Fedouach/AFP/Getty Images

A protester wearing an Anonymous Guy Fawkes mask holding a computer takes part in a demonstration against the controversial Anti-Counterfeiting Trade Agreement, on Feb. 25, 2012 in Paris. The online collective Anonymous has initiated many hacking incidents.

Mehdi Fedouach/AFP/Getty Images

Joshua E. Keating is a writer for Foreign Policy.

TITAN RAIN

Year: 2003-2007

Alleged source: China

Fallout: In 2004, U.S. federal investigators discovered an ongoing series of attacks, penetrating the networks of departments of Defense, State, Energy and Homeland Security as well as defense contractors and downloading terabytes of data. The investigators were able to trace the cyberspying ring — which they codenamed "Titan Rain" back to computer in Guangdong, China. While the Chinese military is widely believed to have been involved in the attacks, Beijing has consistently denied responsibility. It was reported in 2007 that attacks believed to be connected to Titan rain had also targeted the British foreign office.

SHADY RAT

Year: 2006-present

Target: Dozens

Alleged source: China

Fallout: In 2011, McAfee reported the existence of a five-year old hacking campaign it calls Shady RAT. The RAT works by sending an e-mail to an employee of a targeted of an organization, that installs a "Trojan horse" on the computer after they click and innocuous looking attachment. The 49 victims include the International Olympic Committee, the United Nations, the Association of Southeast Asian Nations, companies in Japan, Switzerland, the United Kingdom, Indonesia, Denmark, Singapore, Hong Kong, Germany, and India and the governments of United States, Taiwan, South Korea, Vietnam, and Canada. At least 13 U.S. defense contractors were also hit. The list of targets has led many analysts to suspect Chinese involvement. It has been called the biggest cyber attack of all time.

The Estonia attacks

Year: 2007

Alleged source: Russia

Fallout: One of the most devastating attacks ever unleashed on a country, the Estonia attack followed the controversial decision to remove a Soviet war memorial in central Tallinn. The operation was a distributed denial of service (DDOS), which involves using remotely commandeered computers — known as a botnet — to overwhelm a targeted web server, taking it offline. The attacks took down the websites of Estonia's major banks, government websites, and news portals. At the peak of the crisis bank cards and mobile phones were inoperable within the country. The Russian government has denied responsibility for the attack, but a State Duma Deputy from the ruling United Russia party made an offhand remark to a journalist two years later saying that one of his staff had been involved in the attack.

THE AUGUST WAR

Year: 2008

Alleged source: Russia

Fallout: During the August, 2008 Russia-Georgia war, key Georgian websites including the pages of President Mikheil Saakashvili, the Ministry of Foreign Affairs, the Ministry of Defense, and numerous corporate and media sites were taken down by cyberattacks. At one point the parliament's site was replaced with photos comparing Saakashvili to Hitler. Georgian criminals have blamed a cybercriminal group known as the Russian Business Network for the attacks. Russian president Dmitry Medvedev denied government involvement.

GHOSTNET

Year: 2009-present

Alleged source: China

Fallout: In 2009, Canadian researchers discovered a massive electronic spying network that had infiltrated 1,295 computers in 103 countries. The researchers were acting on a request from the Dalai Lama's office to see whether his personal network had been infiltrated - it had. Ministries of foreign affairs and embassies in Iran, Bangladesh, Indonesia, India, South Korea, Thailand, German and Pakistan were also affected. The Chinese government denied involvement.

STUXNET

Year: 2010

Alleged source: Israel

Fallout: Discovered in June 2010, the StuxNet worm exploits a vulnerability in Windows to attack Siemens industrial systems, such as those used in nuclear power plants. While systems in several countries -including the United States — were affected, Iran was the worst hit with over 16,000 computers infected. The virus seemed to be specifically targeting Iran's nuclear program, leading to suspicions that it has been designed by Israel. The Israeli government has neither confirmed nor denied involvement, but a 2011 New York Times investigation concluded that the worm had been developed and tested in Israel.

50 DAYS OF LULZ

Year: 2011

Alleged source: Lulzsec

Fallout: In the Spring and Summer of 2011, a group of hackers calling itself lulzsec, associated with the online collective Anonymous, went on a tear, disabling and defacing a series of prominent websites. Unlike previous large-scale cyberattacks, the group didn't seem motivated by profit or a particularly ideology, but were in fact, in it for the lulz. They did occasionally take a stand, such asposting a story alleging that Tupac Shakur is alive on the PBS website in response to a documentary about WikiLeaks that they felt was negative. The group also took down CIA.gov at one point. In its biggest operation, Lulzsec hacked into Sony Playstation's website, compromising the personal information of more than a million users. In June, the group announced through its Twitter feed that it was suspending its campaign, releasing a trove of classified AT&T documents as a parting shot. In July 2011, police arrested an 18-year-old man in the Shetland Islands said to be "Topiary," one of the Lulzsec ringleaders.

THE SOUTH KOREAN DDOS

Year: 2011

Alleged source: North Korea

Fallout: DDOS attacks in March 2004 targeted more than 40 South Korean websites including the National Assemgbly, military headquarters, U.S. Forces in Korea and several major banks. The attacks shut down the country's stock trading system for several minutes. An estimated 11,000 personal computers may have been infected by malware as part of the attack. A month later, an attack brought down the network of a major South Korean bank. The South has accused North Korea of running an ongoing cyberwarfare campaign since similar smaller attacks in 2009, but no solid link to Pyongyang has been proven.

ANONYMOUS

Year: 2011-2012

Alleged source: A loose coalition of online "hacktivists"

Fallout: The online group known as Anonymous was, until recently, best known for its attacks on the Church and Scientology and Fox News host Bill O'Reilly. But lately, it's taken on more of a political character. Anonymous targeted Egyptian government websites during the uprising against Hosni Mubarak, and when the regime took the unprecedented step of shutting the country's internet down, they went old school - flooding government offices with faxes. In response to the arrest of Megaupload founder Kim Dotcom in January, Anonymous shut down the websites of the Department of Justice and the Recording Industry Association of America, as well as several record companies and congressional offices. In February, they took credit for shutting down the website of the CIA.

India:

Year: 2012

Alleged source: India or China

Fallout: In January 2012, U.S. authorities began investigating allegations that the Indian intelligence operatives had hacked into the e-mails of the U.S.-China Economic and Security Review Commission, an American agency that monitors trade policy was China. The investigation came after hackers posted a document online purporting to show Indian military intelligence plans to target the commission as well as extracts from the e-mails in question. However, just a few weeks later, the document was found to be fake - though the e-mails were real — and investigators are now focusing on Chinese hackers as the most likely source of the breach.