Keeping up with the pwnses: CNET's spreadsheet of recent hacking attacks


Elinor Mills at CNET has posted a chronological chart that documents recently publicized hacking events:

By our count, there have been more than 40 computer attacks, network intrusions, or data breaches in the last few months. And they seem to be a daily occurrence.
The chart shows which hackers and groups are identified as being behind each attack, and the methods and motives believed to be involved. As you skim through, remember that the date on which a given hack is made public isn't necessarily the date that target was breached: sometimes, a breach occurs long before the target or the attacker tells the world about it.

Mills adds that CNET will to update the chart as time goes on, and they're soliciting updates.

Here's a link to the article, and here's a direct link to the spreadsheet.


  1. I am reluctantly moving toward thinking that hackers that just screw things up because they can, or for fun, should be led out into the sunshine on July 4th and dispatched by a squad of riflemen dressed in War Of Independence livery. I truly hate the bastards.

    1. Well, if you are going to have a hacker – the one that doesn’t want to overthrow your country/business/whatever is probably the best kind. I’d rather find out my security weaknesses on them than from an actual threat.

    2. Last time I checked, Anonymous, LulzSec, etc aren’t out to replace the government with their own rule. They’re just out to get people to realize there are security holes in their systems which they realllly need to take seriously, lest their system crumbles after a LEGITIMATE threat just blows on the house of cards. Oh, and for the lulz.

      So sure, let’s just shoot the guys who are actually ENCOURAGING companies and governments to do right by us and themselves, albeit by forcing people’s hands rather than just “asking nicely” (because when has asking nicely ever worked?). That’s like shooting the guys who were against the PATRIOT ACT, Bush Administration’s wiretapping and so forth because they were being “unpatroitic”.

  2. Countdown until LulzSec hacks into it…

    Back ‘in the day’ virus writers were just jerks who did it for sadistic pleasure. Then someone figured out how to make money from them and made Big Business out of it (on both sides). Now we’re back to people hacking things just because they’re assholes again.

    Not that information security doesn’t need a serious overhaul, because it does. That Citibank ‘break in’ last week could have been done by literally anyone browsing their site without any particular knowledge. But my rule is that if you can do something useful while being an asshole you can be 10x as useful if you’re not an asshole.

    1. As if “being an asshole” changes the fact that your actions have helped bring some light to major security holes that need fixing. As in, “oh, well he’s an asshole” means that you DON’T need to fix any of the problems that their attack brought to everyone’s attention and that they disappear after declaring someone to be an “asshole”.

      People have this obsession with trying to “be right” or “do right”, to the degree that, whatever legitimate problems someone has, “it doesn’t count” when their declared enemies bring it to their light.

      The way I see it, the best thing to ever happen to anyone is the formation of enemies, because at least your enemies have the balls to tell you what’s wrong with you, which in turn forces you to either shape up or die. (OK, it’s not AS good when your enemies start saying “we’re gonna start killing people because you’re wrong”, but unlike dead people and destroyed buildings, you can at least restore your hacked and pwned site with a backup.)

      1. The way I see it, the best thing to ever happen to anyone is the formation of enemies, because at least your enemies have the balls to tell you what’s wrong with you

        Then you have lousy friends. Enemies only tell you what’s wrong with you for their own benefit. Your friends tell you what’s wrong with you for both of your benefit.

        I never said LulzSec or Anonymous weren’t doing something valuable, I just said their bedside manner is atrocious. Frankly, they’re just lazy.

  3. Here’s a business idea: offer hacking services to any company’s IT department. You use all available means to demonstrate the vulnerabilities in their software or website, and they pay you for it.

  4. Well, I wish the [folks] who hacked the site of the software we use for our yoga studio had just said here are some holes in your security instead of totally [shutting down] me and a few hundred other studios.

  5. The ease with with most of these hacks have been done points out, once again, how unprofessional the whole IT world is. Imagine if a doctor went into an operating theatre and started washing peanut butter and jelly off his hands prior to the operation and then was told to stop doing that because “we’re paying you to do operations; not this doctor-nerd stuff about ‘infections’ that we don’t understand or care about.” If the doctor said “OK” and just did the operation at that point, for any reason, we’d call him “unprofessional”. And yet exactly that kind of behaviour goes on every day in almost every IT department in the world w.r.t. security.

    1. I agree. I think the problem runs even deeper. There’s a very anti-intellectual slant to all of american society. As long as these IT nerds remain unemployed and bitter, the hacks will continue. Maybe this needs to happen?

  6. Well I’m currently writing an e-commerce system (for fun and a small profit) and I personally think these hacks have been great. I read about each one in fine detail and keep getting new examples of what I should be securing myself against!

    I’ve quite enjoyed learning from these epic security fails…

Comments are closed.