What’s the Most Significant Hack in History?


© Illustration: Vicky Leta/Gizmodo

On some level, all of us are waiting for the big one—the hack that downs the internet, paralyzes infrastructure, maybe launches a couple nukes. If that day never arrives, it will be largely thanks to the legions of malefactors who, over the years, have hacked this or that government or corporation and thus forced those institutions to plug up their vulnerabilities, or at least try to. Some of these hacks have been staggering in scope—acts of sabotage and/or theft inconceivable in an unconnected world. But which of these can lay claim to being the most destructive? What was, in other words, the most significant hack of all time? For this week’s Giz Asks, we reached out to a number of experts to find out.

Director and Professor, Criminal Justice, Michigan State University, whose research focuses on computer hacking and malware, among other things

The first that comes to mind is the Morris worm, from 1988. A college student named Robert Tappan Morris wrote a piece of code that he claimed he thought would simply ping servers and assess the size of the internet at that time. But there was either a deliberate or unfortunate error in the code, and instead of simply pinging and reporting back, it started to replicate and spread, and effectively caused a denial-of-service attack against almost the entire internet. Morris claims this wasn’t intentional, but he nonetheless became one of the first people successfully prosecuted for a piece of malicious software, and the whole incident led to the formation of the first Computer Emergency Response Team. Because the internet at that time was mostly limited to universities, NASA, government entities, etc., the idea behind CERT was to get all these different players around the table to try to figure out a rapid solution to eliminate future problems, and then shore up their resources to make sure it couldn’t be effectively used again.

Another contender for the most significant hack is the Office of Personnel Management data breach around 2014. This was thought to have been performed by China, in order to acquire the sensitive data used for FS86 forms for the government. FS86 forms are…