1

August 2016 Hacks: 8 of the Largest Hacks, Breaches and Cyber Incidents

Sep 11, 2016 By Paul Curran

Summer 2016 has been a hot one for hackers, and August continued the trend of persistent attacks and breaches seen in June and July. This August, American institutions across all levels were hit particularly hard as the Democratic Party was hacked again by Guccifer 2.0, the National Security Agency had one of their sophisticated cyber weapons stolen and put up for auction and the FBI warned that the Board of Elections in two separate states had been targetted by possibly foreign hackers.

 

August 2016 hacks were unusual, such the release of patients’ urology information in Ohio, and alarming as seen in the theft of over $80 million dollars from the Bangladesh Bank over the long weekend. Read on to discover more of the cyber threats that targetted governments, citizens and financial institutions around the world in August 2016. 

August 2016 Hacks and Breaches

1  – “Peace” Dumps Yahoo User Data on the Dark Web

August 1st

Well-known cyber criminal Peace listed 200 million records of Yahoo user credentials on for sale on the dark web at the beginning of August. This data included usernames, passwords that were hashed using the md5 algorithm and dates of birth. This data was apparently collected illegitimately during a 2012 hack. The price for this hacked data? 3 Bitcoins, or about $1,860 USD. Without confirming the hack, Yahoo has acknowledged that they are aware of Peace’s claim.

Read more here.

August 2016 hacks - Yahoo data for sale on the dark web

Listing that advertises the stolen Yahoo data for sale on the dark net,

 

2 – Secure Mobile Messenger Users Outed in Iran

August 2nd

15 million Iranian users of the security-conscious mobile messaging app Telegram have had their accounts had their accounts, and phone numbers, identified by what experts believe to be the state-sponsored Iranian hacking group Rocket Kitten. In addition to the 15 million identified accounts, dozens of users have had messages intercepted which has prompted fears that dissidents and individuals active within human rights organizations could have been targeted by Iran’s notorious security apparatus.

Read more here.

 

3 – Pro-Ukrainian Hackers Hit Ohio Below the Belt

August 2nd

In an unusual hack by the Ukranian hacking group Pravy Sector, 150 GB of sensitive health data from the Central Ohio Urology Group was dumped online with a link to this data posted on Twitter. The highly personal details available within this hack included what treatments patients have received, addresses, full names and dates of birth. Given the sensitivity of this personal health information (PHI) many patients, doctors and even insurance companies could be facing damage to their reputation.

Read more here.

 

4 – Two Phase Olympic Attack: Anonymous Brazil Turns Off Several Sites

August 5th

In an effort to protest the negative effect that the Olympics were having on the indigenous populations of Brazil, the Brazilian Anonymous group took down a number of Brazilian government websites related to Olympic games. These sites included the federal government page for the Olympics, the local portal for the state government for Rio de Janiero as well as the ministry of sports and official 2016 Olympics website (rio2016.com).

Phase two of the attack included a data dump of personal, financial and login details from numerous Brazilian sporting confederations such as handball, boxing and pentathlon.

Read more here.

5 – From the DNC to DCCC, Guccifer 2.0 Continues Hacking the Democratic Party

August 12th

The increasingly notorious hacker Guccifer 2.0 released a data dump on his blog of personal details and addresses, phone numbers and more of around 200 Democratic House members in an apparent attempt to show off the fact that he has now hacked both the Democratic National Committee (DNC) as well as the Democratic Congressional Campaign Committee (DCCC). In a blog post he detailed his motive for the hack which seemed to center around the lack of transparency in the elections as “everything is being settled behind the scenes.” The data released also includes documents which appear to have been taken from senior Democratic congresswomen Nancy Pelosi’s computer.

 

Read more here.

6 – For Sale: Sophisticated NSA Cyber Weapon

August 15th

A little-known hacking group that calls itself Shadow Brokers released what is viewed as a sophisticated cyber weapon used by the National Security Agency (NSA) to break into the networks of foreign governments. While the stolen code dates from 2013, this is still an incredibly alarming hack against the agency that holds some of the biggest secrets of the United States of America. Edward Snowden has loosely connected Shadow Broker to the Russian government. The stolen cyber weapon was posted for sale for 1 million bitcoins ($500 million USD).

 

Read more here.

7 – FBI Warning: Election Boards are Being Hacked

August 30th

In late August the FBI released memos detailing the hacks over the summer that targeted the Board of Elections in both Arizona and Illinois. In Arizona the attackers used malware to hack the Board of Elections, yet no data was downloaded. Earlier in the summer, in the more serious attack, hackers used an SQL injection (SQLi) to access voter data of 200,000 citizens. While this data was already publicly available, it does present a serious cause for concern as election hacks have become more and more frequent over 2016. The perpetrators have yet to be confirmed, however the FBI is investigating possible foreign involvement.

august 2016 hacks - US election hacks infographic

Click here to view a full infographic of the Board of Elections hacks.

Read more here.

 

8 – SWIFT Warns Bangladesh Bank Heist is just the Beginning

August 31st

Sometimes the biggest bank heists happen online and this is the case in the recent huge cash grab in Bangladesh as unknown hackers used the SWIFT messaging system to steal over $80 million USD from Bangladesh Bank. This has prompted the Society for Worldwide Interbank Financial Telecommunication (SWIFT) to issue banks warnings about staying more vigilant about large monetary transfers, especially over holidays and long weekends. The attackers almost got away with a transfer of $1 billion, however a typo stopped the transaction as it raised suspicion. SWIFT warns that this is just the beginning and banks should increase security as more attacks are expected.

Read more here.

jumping 1

Summer 2016 has been hot for hackers, read about the biggest hacks and breaches in July 2016 here.

The following two tabs change content below.

Paul Curran

Content Specialist at Checkmarx
With a background in mobile applications, Paul brings a passion for creativity reporting on application security trends, news and security issues facing developers, organizations and end users to Checkmarx's content.

Latest posts by Paul Curran (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.