Top Ten Most Expensive Network Attacks in History

Thursday, August 18, 2011




An interesting article in The Business Pundit filed by "Julian" documents the author's picks for the top ten most expensive cyber attacks in history.

While quantifying the cost of a cyber attack over the long term is admittedly subjective on some levels given that the scope of the impact may not be readily reportable and that additional collateral damage is difficult to pinpoint, the author does manage to assemble a viable list of what is arguably some of the most devastating network attacks to date.

A brief summary of the top ten list is as follows:

10. Citigroup

  • 2011- "Over 200,000 customers’ names, contact details, account numbers and other information were compromised in the attack, as the thieves made off with $2.7m from credit card accounts. That’s a bad day at the office..."

9. Titan Rain

  • 2004 - "Titan Rain is the FBI code-name for an extensive series of infiltrations into US military security, companies such as Lockheed and even NASA. It is believed to have been perpetrated by cells of operatives on behalf of the Chinese government, although it is unknown whether this is actually the case or whether these were simply the actions of rogue hackers...

8. Heartland Payment Systems

  •  2008 - "By secretly infesting the company’s computer network with spyware, the criminal gang responsible were able to steal over 100 million individual card numbers... As for Heartland, the episode ended up costing them around $140m..."

7. Hannaford Bros

  • 2007 - "Over 4.2 million credit and debit card numbers were exposed, along with other sensitive information. This feat of cyber-criminality was achieved through the installation of malware on store servers, which stands in contrast to the more common tactic of hacking company databases. Experts table the costs incurred at an estimated $252m..."

6. TJX

  • 2005 - "The gang were able to get their hands on over 45 million credit and debit card numbers, a selection of which they then used to fund a multi-million dollar spending spree from Wal-Mart’s stock of electronics equipment. Initially estimated at around $25m, the damage from the data-breach ended up costing over $250m in total..."

5. Sven Jaschan

  • 2004 - "Sven Jaschan unleashed a virus which infected millions of computers around the world... An estimated $500 million worth of damage was generated...

4. Michael Calce

  • 2000 - "Calce, aka MafiaBoy, conducted notorious attacks against huge companies with high levels of security. Amongst those attacked were computer manufacturer Dell, media giant CNN, and shopping sites Amazon and Ebay. Prosecution for the estimated $1.2bn worth of damage..."

3. Sony

  • 2011 - "The personal information — including credit and debit card data — of tens of millions of users was stolen by an as yet unknown group of assailants. Experts predict that the damage may range from $1 to $2bn..."

2. Epsilon

  • 2011- "Epsilon is another as of yet undetermined candidate for the costliest cyber-heist of all time. The Dallas-based firm provides marketing and email-handling services to organizations as large as Best Buy and JP Morgan Chase... Estimated at having a potential cost that ranges from $225m to $4bn..."

1. The Original Logic Bomb

  • 1982 - "The US managed to blow up a Siberian gas pipeline, creating a monumental and historically unprecedented method of explosion. The method used, known as a “logic bomb,” involved the insertion of a portion of code into the computer system overseeing the pipeline, causing computational chaos..."

For more details on each of the attack, see the full article filed by "Julian" at The Business Pundit here:


Possibly Related Articles:
breaches Heartland Hannaford Attacks Sony hackers Epsilon Citigroup Titan Rain
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.