Since then, hackers have evolved and become more malicious. From hacking major companies, to stealing millions of dollars and revealing government secrets, hackers are now a major part of modern society. Here’s a look at the most notorious hacking groups of all time and what they’ve done.

7. Lizard Squad - Active

The Lizard Squad originally announced that it disbanded in 2014, but it actually didn’t go anywhere. This hacking group appears to mostly be run by teenagers and young adults. They have mainly hacked gaming-related services like League of Legends and PlayStation. 

The group has claimed responsibility for hacks against Facebook, although Facebook denies that they were ever hacked. In general, the Lizard Squad has a reputation for claiming to have performed hacks when they haven’t actually done anything. They even made a false bomb threat against a Sony executive. The group did manage to successfully hack Taylor Swift’s Twitter account though, but nothing came of it.

Several members of the Lizard Squad have been arrested and charged for their activities. However, that hasn’t stopped the group from continuing to hack. Most recently, they attacked the Labour Party in the United Kingdom.

6. Carbanak - Active

Very little information is known about this mysterious hacking group, but so far it has managed to steal millions from banks. Carbanak (also known as Fin7) started in 2013 and has been one of the most successful hacking groups to date. So far, the group has managed to steal $1 billion from banks around the world. 

The alleged mastermind behind the group was arrested in 2018 along with two other high ranking members. However, Carbanak has carried on successfully without them. A recent report from Bitdefender alleges that the group is still alive and well. Carbanaks modus operandi seems to be to remain unnoticeable; so far they have managed to stay in the shadows. 

5. Syrian Electronic Army - Active

The Syrian Electronic Army emerged in 2011 as a pro-Assad group of hackers. Given the group’s avid support of the Assad regime, it is widely believed that the group has government ties, and Assad has publicly stated his support of the hacking group.

The hackers have primarily focused on targeting US media outlets and social media pages. The Washington Post was a victim of the hacking group (twice), as was the New York Times. Their most notorious attack was when they hacked the Associated Press’s Twitter account, claiming that the White House was under attack and that then President Barack Obama had been injured.

Over the past few years, the Syrian Electronic Army has stayed out of the headlines as it has focused on targets closer to home. However, in 2018 it was discovered that they have been developing malware for Android phones. To date, only one member of the hacking group has been arrested, while others are wanted by the FBI.

4. Lazarus Group - Active

The Lazarus Group (also known as Guardians of Peace) is a group believed to be run by the North Korean government, and it has been very successful. The hacking group seems to have started in 2009, and mostly uses malware in its attacks. 

However, in 2014 the Lazarus Group caught the world's attention when it hacked Sony Pictures in retaliation for the movie The Interview being released. It is also responsible for Wannacry, a ransomware software that requires users to pay to have their data given back to them.

The Lazarus Group has also had a large amount of success with cryptocurrency. So far they have managed to steal $471 million from different cryptocurrency exchanges, and they are responsible for nearly bankrupting the Japanese crypto exchange CoinCheck. The United States government currently has sanctions placed on the hacking group and has frozen any known financial assets associated with them. 

3. Fancy Bear - Active

While the name may sound cute, this hacking group certainly is not. Fancy Bear (also called Sofacy) is a Russian hacking group that is firmly believed to be working under the Russian government. They tend to target foreign governments, embassies, media companies, defence organizations, energy companies, Russian dissidents, and even the Olympic games.

The hacking group got its start in 2008 when it targeted the Georgian government and has been going strong ever since. Fancy Bear was allegedly responsible for the Democratic National Convention hack prior to the last presidential election in the United States. They have also been responsible for the recent attacks on the German Parliament, and tried to influence the French elections in 2017. The group’s members remain largely unknown, and they show no sign of stopping. 

2. Equation Group - Active

If this name doesn’t sound familiar, you’ve probably heard of the organization it is allegedly tied to - The National Security Agency (NSA). Kapersky first announced its discovery of the Equation Group in 2015, lauding it as the most advanced hacking group it had seen to date.

The Equation Group only came to light because it’s members made a number of errors over the years. Given that the group was mostly targeting countries and governments considered to be enemies of the United States (such as Russia and Iran) and that the group seemed to have an unlimited budget, suspicions arose that the Equation Group had government ties.

While it has never been confirmed that this hacking group is working under the NSA, there is strong evidence that it probably is. Obviously, the NSA isn’t going to confirm this connection. Very little is known about the Equation Group, and they likely intend to keep it that way.

1. Anonymous - Inactive

This is probably the most recognizable hacking group on our list. Known for wearing Guy Fawkes masks, the Anonymous group has been behind some of the largest hacks of the 2000s. The group emerged out of 4chan in the early 2000s, and are some of the most well-known “hactivists” to date. 

Anonymous has been involved with a large number of hacks including the Church of Scientology, the Occupy Wall Street movement, the Canadian government, the Westboro Baptist Church, ISIS, and many more. While some of the group’s reasoning for their attacks was questionable at best, most people think of Anonymous as a Robin Hood-esque group of hackers, helping to better the world.

What has made the group so successful is that it is largely decentralized; members do not often know the identities of others in Anonymous. Anonymous has been responsible for 45% of all hacks in the last four years, however, the group now seems to be defunct… or at least very quiet

Honorable Mention: Legion of Doom - Inactive

No list of hacking groups would be complete without The Legion of Doom. This legendary hacking group is no longer active, but it is a hacking group that has gone down as being the most influential of all time. The group was active through the mid-80s to early 2000s, but they are mostly known for their work from 1984-1991. The group is also responsible for penning the infamous Hacker’s Manifesto.

At the time, the most common type of hacking was that of phone companies. This included setting up phone lines that could not be billed by phone companies. The Legion of Doom feuded with another hacker group called Masters of Deception, and their battle royale to decimate one another became known as The Great Hacker War. 

In comparison to the hacking we see nowadays, their activities seem very tame, but it was some of the biggest cyber warfare at the time. Most of the members are still largely unknown.

Conclusion

Since hackers emerged, they have become more and more nefarious. Hacking groups have gone from setting up free phone lines to attempting to destroy whole governments. We have certainly seen a rise in government-sanctioned hacking groups. While protection against cyber warfare is a necessity in today’s age, it would be nice to see governments focus more on preventing attacks instead of initiating them.

Individuals are very rarely the targets of hacking groups (unless you are a high profile individual). However, that doesn’t mean there isn’t potential for your personal data to be compromised as the result of a hack. Major companies and social media platforms are amongst the most common targets.

If you’ve been the victim of a data breach or hack (you can check on the website Have I Been Pwned?), it’s important to know what could happen to your personal data afterwards. Most people aren’t able to prevent a hack, but there are a number of things you can do to protect yourself, and it’s vital that you do your due diligence. If anything, hacking groups are only going to become more advanced as time goes on.

It’s an innovative way that malicious actors gain access to your personal data, and also money, that is incredibly difficult to prevent. In this article, we will dive into what social engineering actually is, the most common types of hacks, and how you can avoid being a victim.

What is social engineering?

The term social engineering originates from the famous hacker Kevin Mitnick, although the technique itself has been around for a long time. In essence, social engineering is the art of manipulating people into giving up valuable personal information or access to devices and buildings. In these cases, hackers are usually trying to get your log-in details or bank/credit card details so that they can take your money.

Criminals use social engineering because it is far easier to manipulate someone's trust than it is to hack into someone’s computer or execute a data breach. Our natural inclination is to trust someone; it is the backbone of many aspects of our lives, and it is surprisingly easy to manipulate. 

A social engineering hack usually goes like this. The hacker will first prepare the ground for their attack. This may involve doing some research into their target, including determining the best method to conduct their approach. 

Next the criminal will begin deceiving their victim using a foothold, usually some type of story. Sometimes the hacker will take a long term approach, and interact with their victim several times before executing their hack. Once the hacker has the information they want, they bring their scheme to a natural end and remove all traces of what they’ve done.

What makes social engineering so effective is that it relies on human error rather than technology. Human mistakes are a lot harder to thwart than malware.

Common social engineering hacks

There are three types of social engineering hacks: in-person, on the phone, and digital. We’re going to cover each one, including the most common types of hacks.

1. In-Person Social Engineering

These tactics are normally used to gain access to a building or devices. Typically the criminal will pretend to be an employee or service technician of some kind. The perpetrator will then be able to enter a secure building and/or be able to access computers, phones, servers, etc.

The hacker will then directly use devices to install things like malware. Alternatively, they may also leave something behind like a USB with malware on it. Most people will plug in a USB to see what is on it, and by the time they do, their computer has been compromised.

2. Phone Social Engineering

You have probably already experienced this type of hack. A criminal will call you pretending to be someone in a position of authority, a relative, your bank, or an employee from a service company or charity. They will then convince you to hand over sensitive information like your bank details, login information, passwords, and more. Occasionally, the criminal will catfish their victim, maintaining a relationship in order to get their victim to send them money.

This is a scam that overwhelmingly targets senior citizens, and unfortunately, they are quite successful. The most common is when a criminal pretends to be the grandchild of their target and requests money in order to get out of a tricky situation like jail or being stuck in another country.

Recently, the FBI helped take down a ring of criminals who were phoning people and telling them that they had kidnapped their child. Victims were told that they needed to pay a large sum of money to get their child back. What made it so effective was another person in the background screaming for help. While it didn’t work every time as the criminals were cold calling people, it worked well enough for them to walk away with a large profit.

3. Digital Social Engineering

This type of social engineering hacks are probably the most common these days. We’ve all received suspicious emails asking us to download something or submit personal information. Most of the time, we know to ignore them, but criminals are getting better at hiding their methods.

Phishing scams are by far the most common. Generally, hackers will email you from a seemingly legitimate email address. They might even use the logo of the company they are trying to impersonate, and model their emails closely on the ones you normally receive. The key here is to check the email address. Usually there is some small typo, an extra character, or change in domain (for example .biz instead of .com).

What makes phishing scams work (some of the time) is that they create a sense of fear, urgency, or curiousity. These are powerful emotions. If you receive an email that looks like it is from Netflix telling you that you need to update your billing information, your natural inclination is to do what the email says. Malicious actors are counting on you not taking a closer look.

There is another type of phishing called spear phishing. The premise is the same, but requires a lot more work on the part of the hacker and has a great reward. Spear phishing is personalized to the victim of the attack, and the criminal puts in a lot of time and effort into making themselves appear legitimate. Criminals find all the personal information they can about their target in order to trick them into installing malware or handing over personal data.

Another common digital social engineering hack is scareware. This involves victims being bombarded with warnings and false alarms claiming that there is some type of threat. Typically, victims are told that their computer is infected with some type of malware and that they need to install some type of software to fix the problem.

How to protect yourself from social engineering hacks

Social engineering plays off of your emotions, so it can be difficult to stop. That being said, there are a number of things you can do to prevent yourself from becoming a victim:

• Don’t open emails and attachments from suspicious sources. If you don’t know the sender, don’t open the email. If you do know the sender but the message seems off, it never hurts to do a bit of research. You can call the company (or person if you know them) to confirm whether they actually need this information or not. You can also check the email address; criminals will often make a small but important change to trick you.
• Be cautious of tempting offers. If it sounds too good to be true, it probably is. When in doubt, you can always do a quick Google search to determine if the offer is legitimate or not.
• Install an antivirus or security suite. It’s important that your computer can spot malware in case you miss it. Antivirus software could save you a lot of trouble when it comes to preventing malware.
• Keep your software up to date. Most updates for software and applications include important security patches. You can turn on auto updates to make it even easier.
• Take things slowly. Our natural instincts can sometimes hinder us. It’s natural to panic if you receive an email from the IRS asking you to pay more taxes. Take a deep breath and assess the situation. Is it normal for this service or agency to send important information by email? Usually that is not the case.
• Trust your email software. Most email providers are pretty good at spotting a suspicious email. If you feel like it isn’t doing enough to filter out spam, you can probably change your settings to increase the effectiveness of your spam filters.
• Enable two-factor identification. This is the easiest way to see if someone is trying to log into your accounts after you have shared personal information. It also makes it far harder for criminals to gain access to your accounts.

Conclusion

It is highly likely that social engineering hacks will continue to develop given their current effectiveness. In fact, the second half of 2018 saw an increase of over 500% in social engineering attacks. A big part of prevention is awareness, so it is important that we talk about social engineering and warn others about it. Given that the elderly are so susceptible to these types of attacks, more work should be done to inform and protect senior citizens.

Even government agencies can fall victim. In 2016 the Department of Justice fell victim to a social engineering hack which led to tens of thousands of employees having their data leaked. It’s hard to believe that a government body would fall for such a scheme just a few years ago.

Criminals are constantly adapting, and it is vital that we take a proactive approach to protecting our personal data. If not, you could end up not only losing control over your personal information, but could also lose a lot of money too.

For many, the question remains - what actually happens to your personal data once it’s been stolen? In this article we cover the typical use cases, including what type of data is most valuable and why hackers hack in the first place. 

Why hackers hack

There are a number of reasons why hackers steal data in the first place. The most popular and most obvious reason is financial gain. The majority of hackers want to make a profit, and they can easily do so by stealing information like bank or login details. They can steal your money from your accounts, apply for a credit card or loan under your name, or they can also resell your information to another criminal on the internet. The dark web is full of criminals buying and selling stolen personal information. 

In the past few years, there has been a new development in hacking for financial gain. It has become increasingly popular for hackers to break into your device and encrypt the data on it. It’s called ransomware, and malicious actors hold your files hostage until you pay the ransom within a certain period of time. If you don’t pay, the data is usually destroyed by the hacker. 

Surprisingly, not all hackers are in it for the money; some steal information and act as shadowy vigilantes. Known as “hacktivism”, groups or individuals work together to take down terrorist groups, oppressive regimes, governments, and trafficking rings. We’ve all heard of Edward Snowden, probably one of the most well known hacktivists, who leaked data from the National Security Agency. There’s also the Anonymous group, which has been behind 45% of hacktivism in the past four years. However, the group now seems to be defunct, or at least very quiet. 

A very small number of hackers just want to show off what they can do, and they have no intention of stealing information or making a profit. Sometimes they launch a hack to show how poor a corporation’s cybersecurity is. An example of this is the infamous Ashley Madison data breach, where the profiles of 32 million users were made publicly available. The hackers didn’t want money; they just wanted the website taken down. Ashley Madison is a dating platform for people seeking extramarital affairs, and the leak quite literally tore some families apart.

What data is the most valuable?

There are typically five types of data that malicious actors will want to steal:

1. Payment information - Given that financial gain is the primary reason why hackers hack in the first place, payment data is the most valuable. 
2. Authentication details - Once a hacker has gained access to one account, chances are they can get into others too. The more accounts they hack, the more information they collect.
3. Copyrighted material - Most software can be pretty pricey, and hackers would rather not pay. 
4. Medical records - This might come as a surprise, but medical identity theft is extremely common. Perpetrators will use your information to gain access to healthcare for themselves. 
5. Classified information - While this won’t affect most people, classified information is very valuable for blackmail purposes. 

What happens to your data after it’s stolen?

Once a hacker has your data, there are a few things they can do. The first step is to scan your data for important and/or valuable information like bank details, login information, photos, emails, or messages. The perpetrator will then decide whether they are going to keep the files or sell them to a third party (often called a “broker”). 

Typically, hackers will sell your data. This reduces risk for them, and also gives them an immediate profit. The price for stolen personal information depends on how valuable it is. For example, personal data from a government official or a celebrity is far more valuable than that belonging to the average person. 

As mentioned earlier, credit card and payment details are the most popular on the dark web, and clearing funds from your account is dead easy. Usually a “broker” will buy your card details on a marketplace and resell them to a “carder”. The carder will then get as much money out of your accounts as possible before you or your bank notices. 

They can generally replicate a card by printing one themselves, but more commonly they will use them for a gift card shell game. What happens is the carder will use your payment details to buy online gift cards, and then make purchases with the gift cards. Typically, they will purchase electronics because they are always in demand and can be easily resold, making them relatively low risk. 

The risk of losing your funds is very small with a credit card compared to the risk involved with debit cards. Banks usually have policies in place for credit card fraud and are quite good about spotting suspicious purchases. Debit cards are unfortunately a different story; not much can be done if your funds are stolen. Debit cards are far more common in Europe than in North America, and they are extremely valuable on the dark web. 

Personal information is far less valuable on the black market, since it is already widely available. Your name, birthday, address, and email can sometimes just be gathered by looking at your social media accounts. As a result, there has been a huge growth in extortion regarding personal data.

Malicious actors will obtain your personal information and threaten to release it to the public. This is very common with explicit photos and messages, as hackers will hold them for a ransom. If you don’t pay up, your reputation could sadly be ruined. Naturally, this data is even more valuable if the victim is a public figure, such as when the National Enquirer allegedly threatened to release photos of Jeff Bezos and his mistress. 

Companies, in particular financial organizations, have tried to fight identity and financial crime by implementing Know Your Customer (KYC) procedures. This requires companies to verify the identity of their users by using personal documents such as passports or other forms of government-issued ID. However, this has led to an increase in theft of personal documents, tax information, and insurance numbers. 

KYC information contains everything a malicious actor needs to commit fraud and steal your identity. By having your passport or driver’s license, they can apply for loans, and claim your tax credits and your insurance claims. While this type of hack is very difficult to orchestrate, it is one of the most valuable, making it more and more appealing to criminals. 

How to prevent your data from being stolen

Unfortunately, it is difficult to tell if your data has been stolen, but there are a number of preventative measures you can take. One crucial step is to use a password manager in order to create unique passwords for all of your individual accounts. This prevents hackers from being able to access more of your accounts if they gain access to one.

Blockchain technology can also be of use here. Decentralized identity (DID) gives you far more control over what data you share and who you share it with. Through DID, you prove your identity once to a trusted third party, and said third party handles all requests for identity and access so you don’t have to. Not only is it more convenient, it is far safer.

Lastly, keep an eye on your finances. They are likely to be the first target in any type of hack and you can do things like freeze your credit or place a fraud alert on your accounts for extra protection.

Conclusion

As we’re aware by now, having your personal information stolen is not a problem that is going to go away any time soon. Unfortunately, there is no true way to prevent your data from being hacked as long as you are not in charge of the security of your data. This is why digital identity management solutions like the ESelfKey Identity Wallet have become so popular - it puts you back in control of your own data. It’s not enough to blindly trust big corporations like Facebook anymore. 

If you are worried that your data has been breached (the answer is yes), you can check on the website Have I Been Pwned. You can also set up notifications so you are aware if your accounts have been compromised. 

Your data, and most of your life, is online. Every action you take or interaction you have could potentially put you at risk. It is vital to take a proactive approach when it comes to managing your personal data. It can be annoying, but it’s probably worth your time to understand how your data is protected on the websites and apps you use regularly. Be cautious and vigilant, because crime never sleeps.