I asked cybersecurity experts to name the hackers who have had the biggest impact, good or bad, across the years. This is what they said.
Hacking is a controversial topic. More to the point, defining a hacker is almost guaranteed to kick off the kind of impassioned debate you might ordinarily associate with sports team rivalry. For this article, however, I deliberately backed away from the hacker or cracker debate. Instead, I opted to take the broadest possible meaning within the context of the cybersecurity industry: someone who explores methods to breach computer system defenses be that to improve defensive capability, for criminal gain, as part of a nation-state intelligence operation or cyber-attack, political protest, just for fun or even to advertise their own ‘cybersecurity’ services.
Whether the hacker concerned wears a black hat, a white hat or a shade in-between, I wanted to know who the individuals, or groups, were who have made the most impact upon security as we know it today. I don’t expect everyone to agree with the rankings, and there will be plenty of names that have been omitted, no doubt. There will also be surprises, perhaps even of Parasite Oscar-winning proportions, who knows?
Anyway, before I move on to the rankings, in reverse-order, I should point out that this isn’t my opinion but that of the industry experts that I reached out to and who are accredited next to each entry. Please don’t blame the messenger.
“Regardless of the truth of his exploits in NASA,” Amanda Finch, CEO of the Chartered Institute of Information Security (CIISec), says, “McKinnon gains his spot through becoming a cause celebre of some of the central arguments around hacking: what is the difference between damage and innocent curiosity? How do we decide the jurisdiction of hacking attacks? And what constitutes an appropriate reaction to individuals who are accused or caught?”
“In the late ’90s, a 15-year-old self-trained Norwegian software engineer called Jon Lech Johansen, became famous for his involvement in successfully writing the program DeCSS,” says Tom Lysemose Hansen, CTO at Promon which recently disclosed the Android ‘Strandhogg’ vulnerability. “Hailed as one of the first DVD piracy tools, DeCSS fueled significant outrage and media attention, meanwhile earning the Norwegian teenager the nickname, DVD-Jon. This was to be a monumental milestone, and while a new generation of hackers has since emerged on the scene, pioneers like DVD-Jon remain pivotal figures in the heritage and history of hacking.”
“Mudge was an old skool hacker, a member of the hacker collective known as “The L0pht”, Dr. Richard Gold, head of security engineering at Digital Shadows, says. “He was the author of one of the original buffer overflow articles, testified before Congress on the dangers of the BGP protocol and how the Internet could be taken down and now works on a “Cyber Underwriters Laboratory” called Cyber ITL where he works on evaluating and designing defensive mitigations at Internet-scale. His hacker ethos and impactful contributions make him a natural choice!”
“The former Facebook engineer took on the giants of the tech world by developing the first iPhone carrier-unlock techniques,” says Mark Greenwood, head of data science at Netacea, “followed a few years later by reverse engineering Sony’s PlayStation 3, clearing the way for users to run their own code on locked-down hardware. George sparked an interest in a younger generation frustrated with hardware and software restrictions being imposed on them and led to a new scene of opening up devices, ultimately leading to better security and more openness.”
“Barnaby, who sadly passed away in 2013, was most well-known for his appearance at a Blackhat conference in 2010, where he demonstrated how to exploit ATMs and have them dispense money,” Tristan Liverpool, senior director of systems engineering at F5 Networks, says. “He also showed how he could hack a pacemaker, which could have potentially life-threatening effects by stopping a person’s heart. He established early on that software is highly exploitable and embedded everywhere. It was important work that continues to be influential. With the world of IoT growing more and more, application security requires more planning, focus and execution than ever.”
FIN7 isn’t an individual, but the first hacking group to feature in this listing. “FireEye has been tracking and responding to breaches which we attribute to FIN7 for many years and their ability to change tactics and adapt to new methods of attacking their victims lists them as one of the most sophisticated financially motivated groups we track,” says Jens Monrad, head of intelligence (EMEA) at FireEye. “In August 2018, when the US Department of Justice announced that they had three members in custody, the indictments revealed how FIN7 had been using a front company in an attempt to disguise their activities as a legitimate security testing company. Using the front company, they actively sought to “hire” security professionals who unknowingly played a part in their operation against a variety of targets across the United States.”
“James Forshaw of Google Project Zero gets my vote,” Richard Braganza, director of engineering at Redscan, says. “For many years, James has been one of the world’s foremost bug bounty hunters, with his work once placing him at the top of Microsoft’s top researcher list. The MSRC top researcher list for 2020 will be announced later this year, and I still expect James to feature highly. He has an almost unique ability to think up new types of attacks that few people would otherwise consider.”
Sticking with bug bounty hunters, number 13 on the list is actually a platform rather than an individual or group, but one powered by some of the best hackers around. As such, it is deserving of entry into this list. Several HackerOne hackers have become millionaires as a result of the bounties paid.
“Ole Andre V. Ravnes is a gifted and experienced reverse engineer, whose free software ‘Frida’ has become a cult tool amongst industry professionals,” Tom Lysemose Hansen says. “In short, Frida software allows anyone who is a reverse engineer, developer, or researcher, to hook into and augment black-box proprietary software. Since Ole’s release of Libmimic in 2005, he has gone on to make a significant and lasting contribution in the cyber world, and has no doubt earned himself a place in the hall of fame!”
“The alleged Russian military hackers behind the 2016 blackout in Kiev,” Pascal Geenens, cybersecurity evangelist (EMEA) for Radware, says, “and the group behind NotPetya which was the most devastating malware to date and by far the costliest cyberattack in history with an estimated $10 billion in damages. The attack was also marked by some, including Andy Greenberg, author of the amazing book ‘Sandworm,’ as the first true Cyberwar.”
“It is still a mystery who is behind The Shadow Brokers group,” says Pascal Geenens, who continues, “some hypothesized it was NSA insiders, some believe foreign spies were behind the group. TSB tried to auction and eventually published several leaks containing internal documents, sensitive information, and cyber-attack tools stolen from the Equation Group (the Tailored Access Operations, TAO, unit of the NSA). Amongst the leaks were the 0day exploits EternalBlue and EternalRomance, which were the primary infection vectors behind some of the fastest spreading malware of all time: Wannacry and NotPetya.”
“There were quite a few surprises in store for the industry when the news broke that notorious spyware companies Gamma Group and Hacking Team were breached,” Dr. Richard Gold says, “but nothing beat the full, detailed write-ups that a hacker dubbed Phineas Fisher posted online which laid out exactly how he/she had breached his/her targets. Displaying an innovative twist on traditional tradecraft and an unyielding persistence, he/she is a dangerous adversary.”
“Also known as Impragma or PHOENiX, PRAGMA is the author of Snipr, one of the most prolific credential stuffing tools available online,” says Mark Greenwood. “While Snipr was not the first or only credential stuffing tool available, a low price, easy user interface and great online support has lowered the barriers of cybercrime to a level where a new generation is launching into cyber attacks on a huge scale from their bedrooms, often unaware of the legalities or technical complexities behind the attacks. This type of tool has brought cybercrime to the masses who take easily available credentials from breaches found online and use them to break into accounts on a global scale to steal loyalty points, in-game items, or stream music and movies.”
“Since 2012, we have been closely monitoring the activity of a prominent threat group called APT10,” Jens Monrad, says. “While APT10 operates like many other state-sponsored espionage groups, they also target managed security and service providers in an attempt to gain access to victims by abusing the trust between the provider and their clients, illustrating how organized a campaign they were running. Although the conversation around supply chain and security is nothing new, the actions of APT10 emphasize the need for companies to really vet any third-party company they work with.”
“Even attackers as skilled as Phineas Fisher,” at number nine in this list, “rely on existing tools,” Dr. Richard Gold, says. “One of the most widely-used hacking tools currently being used by both white and black hats is Mimikatz. Rightly feared for its ability to extract plain-text credentials and hashes from the memory of Windows machines, its author is an unassuming Frenchman by the name of Benjamin Delpy, who modestly describes it as “a little tool to play with Windows security.”
“In 2016, an XDA Developer by the name of John Wu launched a groundbreaking open-source rooting solution for Android, called Magisk,” says Tom Lysemose Hansen. “While many may not know or have heard too much about Wu, Magisk has revolutionized the world of Android, allowing users to boost device functionality, a service particularly helpful during the PokemonGo craze! Fortunately, Wu hasn’t gone entirely unrecognized, and last year he announced he would be heading off to Apple HQ to begin a 4-month long internship, evidence that Android’s rivals have a good eye for spotting talent!”
“As well as the first Israeli woman to give a TED talk, Elazari has also been an important voice on the power of hackers to do good,” says Amanda Finch. “In particular, by arguing that hackers and hacktivists help create a better world by exposing vulnerabilities that push the internet to become stronger and healthier, she has popularized that hackers act as an essential part of a digital immune system.”
“James Kettle is Head of Research at PortSwigger, where he is responsible for helping to develop Burp Suite, a popular application used to test web,” Richard Braganza says. “James’ ability to continually develop new attack techniques and help protect organizations against them means that he’s fully deserving of a place on the list. His work to raise awareness of RCE and host header attacks is highly regarded within the infosec community.”
“While this individual, or group, denied any ties to Russian intelligence, their 2016 attack on the Democratic National Convention helped to popularize the idea of Russian attacks on and interference in US (and other) elections,” says Amanda Finch. “As a result, we now have one of the greatest perceived threats around our elections, regardless of its real scale.”
“There are too many to name, and they all deserve a nomination,” Pascal Geenens says, “but from vulnerability to threat researchers, red teams and pen testers, incident responders and post-breach analysts, they all work behind the scenes, claim no fame, but are the reason that our internet and our infrastructure is still alive. People might not notice and never become aware of what is actually going on in the trenches of cyber, without the ethical hackers preventing our world from spiraling out of control, the impact on both in our personal and professional lives would be immeasurable.”