The 6 Most Unusual/Creative Hacks and Cyber Mysteries of All Time

I’m not talking about normal malware here. To qualify as one of these most unusual hacks or mysteries, the perpetrator must have an unusual goal or an unusually creative angle. Admittedly, there were a number of contenders but, at some point; it just came down to a subjective choice. You can add your own nominees in the comments section.

 #6 – The Day Grandma Hacked and Brought Down the Internet in Three Countries

Okay, I admit this isn’t your usual idea of a hack, but the story is too good to pass by and it is a hack in the most literal way. In 2011, a 75-year-old grandmother, from the nation of Georgia, was digging for scrap metal when she hacked through the fiber optic cable that connects Georgia with Armenia. She knocked out almost all internet access in Armenia, much of it in Georgia, and some in Azerbaijan. It seems that landslides may have exposed the cable to the Granny Hack. So the next time your grandmother heads out to do a little gardening, keep an eye on her.

#5 The Tea Kettle and Iron Hack

According to Russian news sources, numerous reports have been received of irons containing mini microphones and chips that can transfer malware to any wifi-connected devices in a home network. Electric tea kettles have also been found with similar sinister plans. Both devices can communicate with other devices up to 650 feet (200m) away and either gather information or setup a spamming botnet. The devices were traced to, who would have thought, China. But what’s the thinking behind putting a microphone in an iron? Do Russians often reveal state secrets while they’re ironing? To some extent, I get the idea of the kettle. Almost all, if not all, offices in Eastern Europe and Russia have kettles. Once the deceitful kettle wormed its way into the office, it could have access to conversations and information on computer networks. True, most conversations in government offices that I worked in in Eastern Europe revolved around how much weight Aunt Wanda gained, but you never know how this information could be leveraged in future negotiations.

#4 Car Hacking and The Strange Death of Michael Hastings

In 2010, Professor Tadayoshi Kohno of the University of Washington and Professor Stefan Savage of the University of California, San Diego published a paper entitled “Experimental Security Analysis of a Modern Automobile” which outlined the possibility that cars could be hacked. They pointed out that, once hacked, cars could be remotely controlled to produce sudden braking, brake failure or sudden acceleration. Later, at the Def Con conference in August, 2013, well-known hacker and security engineer for Twitter, Charlie Miller, demonstrated how a car’s steering could also be remotely controlled and that it wouldn’t take that much know-how. That led to some to conclude that there may have been a connection between car hacking and the death of journalist Michael Hastings two months earlier.

Michael Hastings was an award winning, though controversial, journalist. It was he who exposed the negative attitudes of the military, and especially General Stanley McChrystal, towards government officials. Hastings became more interested in government surveillance and his last story was called, “Why Democrats Love to Spy On Americans”. Just before his death, he told friends he thought he was being investigated by the FBI and worried that his car was being tampered with. At the time, he was preparing an article on CIA director John Brennan. He claimed to friends that he was working on a big story. But before this story could appear, he died in a fiery car crash. The raw video of the crash minutes after it occurred is still on YouTube. Witnesses said his car was traveling at over 100mph when it jumped a median and crashed into a tree. Drug-induced reckless driving, paranoia induced suicide, or car hacking, you’ll have to decide on your own. However, the possibility of losing control of your car due to hacking is a disturbing one and one that gains it a place on this list.

 #3 The Toilet Hack

Is nothing sacred? Japan has had smart toilets for years. However, when I first went to Japan in the 80s, the Western toilet was so new that diagrams were placed next to it with stick figures demonstrating how to use it. Now, you need to take a university course to understand all the buttons necessary to simply put it to its intended use. Toilets in Japan do things that Western toilets haven’t even considered. Toilet lids will automatically lift as you approach, some toilets will greet you, and sometimes they will play songs. They will automatically flush and dispense deodorizers. Recent toilets will even analyze your, er, downloads and give you a printout of the findings or send the information through the internet to your doctor. That’s where the problem comes in. At some point, your toilet became more intelligent than you ever wanted it to be.

The Satis smart toilet, which uses a Google app, can, according to security company, Trustware, be remotely operated by hackers. Your initial reaction may be to call in an exorcist as you watch the lid of your toilet rapidly moving up and down, while it lures you to it with greetings and music.  More disturbing is that the built in bidet may be spraying water around the room while the toilet is continuously flushing and overflowing. However, the real danger is that your toilet could be held for ransom. Who knows? The entire situation could have been orchestrated with the help of your tea kettle. In such a situation, who wouldn’t pay an arm and a leg to stop their toilet from overflowing? Come to think of it, that’s probably what you’d pay a plumber anyway.

 #2 The Online Poker Hack

Imagine playing poker and being able to see all of your oponent’s cards. I’d say the odds would be pretty much in your favor. You could see when they bluff or you could lure them into betting high amounts on hands that couldn’t beat yours. Well, that’s exactly what happens if your computer gets hit with Rootkit:W32/Small.LA. You will only get this Trojan if you are an online poker player because it comes with a download of an odds-calculating program. The Trojan gives a remote user full control of your device but, most importantly, it can send screenshots of your computer while you are playing online poker.

This is just the latest in the ongoing war between hackers and online poker sites. The latest salvo was fired by the sites themselves when they stated that players would not be able to play unless they allowed the scanning of their hard drives. The sites want to see if you have malware that would give you some advantage or if you are using data mining programs. That’s right. The first practical application of data mining came from analyzing the playing style of online poker players. Ulf Johansson and Cecilia Sönströd discovered that every online player could be categorized into a certain style and, if an opponent knew this style, they could substantially increase their odds of winning.

However, online poker sites claim that they are safe and admit to only being hacked once, and this was back in 1999. It is this particular hack that makes it the second most creative hack on this list. In that year, a team of security experts from Reliable Software Technologies Software Security Group concluded that random number generators (RNG) don’t actually generate random numbers. This takes a little explanation. A true RNG would be able to choose from infinite combinations, but, since computers have limited power, there are limited choices. At the time of the article, this was about 4 billion combinations. Think of this as 4 billion shuffle combinations. This is still a lot of combinations. However, the group knew that, to start the generator, it needed to be seeded by some number. The group realized that if they knew the number of the seed, they would know the number that was generated. But the developers knew this, too. They had to find a way to make the seed change as well. The security group realized that one way to do this was to connect the seed to the server’s clock. This particular generator used the number of milliseconds since midnight. This further limited the number of possible shuffles to about 86 million. However, by synchronizing the cheater’s computer with the server’s clock, they could limit this further to 200,000 possible shuffles. This was a number a normal computer could handle in real time. Still, the computer needed information on five cards to predict which of the 200,000 possible shuffles had occurred. This was no problem because the group applied this strategy to Texax Hold’em poker. This game would give the cheater 2 cards plus reveal three cards that all players could see. After this, the cheater would know the order of all the cards and, therefore, all the hands of the opponents. The rest is up to the poker skills of the cheater.

Although computer power has increased since those days, this creative use of mathematics to hack a supposedly unhackabe site makes it earn the distinction of the second most creative hack.

#1 Cicada 3301

“Hello. We are looking for highly intelligent individuals. To find them, we have devised a test. There is a message hidden in this image. Find it, and it will lead you on the road to finding us. We look forward to meeting the few that will make it all the way through. Good luck.

3301”

So read the mysterious message on a forum site. This was the image.

cicada_2743132b

The first message appeared on January 5, 2012 and ran for one month. A new message has been published on the same date of each subsequent year. Each puzzle is interrelated. No one knows who is behind it, although some believe it may be a recruitment tool used by some intelligence agency or hacker group. Others think it is nothing more than an elaborate game. The hunt has required a knowledge of number theory, philosophy, classical music, literature, the Victorian occult, pagan Welsh manuscripts, and Mayan numerology among many other topics.

At a certain point, participants were told to call a number. This was traced to an answering machine in Texas. A voice told them to find the prime numbers in the original image. Multiplying the numbers gave them a larger prime number which happened to be the name of a website, 845145127.com. There, one found a clock that was counting down to January 9th. When the clock reached zero, 14 GPS coordinates from around the world appeared. Individuals near these points went to them and reported what they found. Generally, this was a poster attached to a lamppost with a picture of a cicada on it and a QR code which looks something like this:

qrcode.23188174

In the case of the code on the lampposts, it led to a Tor onion address on the deep web. This year’s (2014) puzzle states “Epiphany is upon you. Your pilgrimage has begun. Enlightenment awaits. Good luck. 3301.” A discussion of the quest for an answer can be followed here.

Why does it exist and who is behind it? Those are the main questions. According to some who claim to have solved the first puzzle, they were led to a forum in the deep web where they were contacted by email and asked to take a personality test. (Here is the leaked message that those solving the puzzle received.) Those claiming to have solved the puzzle say that the people behind it were individuals working on some advanced form of encryption and needed to recruit the best individuals to “save the world”. No one knows if this is true or a hoax and so all await the next puzzle in 2015.

The elaborate nature of this ongoing mystery with its requirement of special coding and encryption skills makes it the most creative and unusual cyber mystery of the day. If you think you’ve found something better, leave a comment. I’m sure there’s a lot more weirdness out there to find.

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s