51 comments

[ 25.8 ms ] story [ 1618 ms ] thread
Pretty poor article given it’s just one guy listing a few things off the top of his head.
> Pretty poor article given it’s just one guy listing a few things off the top of his head

But it's not, it's 4 guys, and they do seem to be somewhat qualified to answer the question.

Except it's not! I thought the same thing but then spotted that stupid "Continue Reading" thing there near the end.

Why do sites do that? It doesn't seem to serve any purpose that I can see. Is it loading some kind of tracker or ad things that uBlockO is blocking or something>?

In any case, there's a few more answers there. I thought it was interesting to see a few opinions.

I always assumed it was so they could stuff some more ads at the bottom. I'm sure someone here knows the real answer, though.
Ads are part of it, certainly.

It allows the page to initially load more quickly because the browser doesn't have to grind through all the ad and site effluvia before rendering. Lots of work can be deferred asynchronously while the user is reading the first part of the page.

It provides a signal that the visitor actually stayed and read more than the first paragraph. Handy for tracking "engagement".

It can reduce total load on the site and its services, by only making requests for all the artifacts if the user clicks the "read more". That can reduce bandwidth and serving costs.

tl;dr optimization

To be honest, I thought this was an “ask HN”, not an actual article. Thanks for saving me the click. I’d be interested to hear what other people here could come up with.

What’s the metric? Financial gain? Damage done? Most Clever? Most visible? Most lives improved?

(Just read TFA, and the author seems to be going with “most destructive”. Meh.)

Does social engineering count? Facebook hacking the human condition has to be the biggest data exposure event in history.
I thought I meant hack, like as in "clever trick" or "way to game the system" but it means Breach here.

I think the most clever hack is to put a lever around an axel to make an auger/drill.

That or the rock on a string to make sure your stone walls are proper vertical.

Good callout. Good hacks are a different thing. Sadly, it's quite hard to compose a good internet search to find a list of the "best" ones. Generally all results are breaches and cracks. That, or dumb "life hacks".
(comment deleted)
I was thinking of the Apollo 13 air scrubbing setup; depends how you count
My vote for the most significant hack in American history is the Russian hack of Hillary's emails that gave us 4 years of Donald Trump

"In all, some 70 gigabytes of data were exfiltrated from Clinton’s campaign servers and some 300 gigabytes of data were obtained from the DNC’s network."

https://techcrunch.com/2019/04/18/mueller-clinton-arizona-ha...

Have you heard of anyone who voted for Trump (or, I guess, stayed home instead of voting for Hillary) because she learned from the DNC emails that Clinton and the DNC had conspired against Sanders? Or for any other reason connected to those emails?

I haven't.

"Hillary Clinton would probably be president if FBI Director James Comey had not sent a letter to Congress on Oct. 28. The letter, which said the FBI had “learned of the existence of emails that appear to be pertinent to the investigation” into the private email server that Clinton used as secretary of state, upended the news cycle and soon halved Clinton’s lead in the polls, imperiling her position in the Electoral College."

https://fivethirtyeight.com/features/the-comey-letter-probab...

It wasn't that long ago; don't act as if we can't remember it. Comey's comments were not about the DNC emails. They were about emails that FBI discovered on a laptop owned by Anthony Weiner and Huma Abedin. Apparently FBI had the laptop as part of an investigation into Weiner for sending unsolicited messages. Do you mean to imply that "the Russians" exfilled emails from DNC and sent them to FBI? That seems... unlikely. Maybe future secretaries of state won't try to hide 30,490 official emails from the oversight of the public...
I've made no claims whatsoever, wacky or otherwise, on this topic. Nor have I identified myself as a Clinton fan - you've constructed a straw man from the wisps of the aether.

Re: Email behavior in other administrations:

"The State Department has discovered a dozen emails containing classified information that were sent to the personal email accounts of Colin L. Powell and close aides of Condoleezza Rice during their tenures as secretaries of state for President George W. Bush."

https://www.nytimes.com/2016/02/05/us/politics/state-dept-cl...

"At least six of President Trump’s closest advisers occasionally used private email addresses to discuss White House matters, current and former officials said on Monday.

The disclosures came a day after news surfaced that Jared Kushner, the president’s son-in-law and adviser, used a private email account to send or receive about 100 work-related emails during the administration’s first seven months. But Mr. Kushner was not alone."

https://www.nytimes.com/2017/09/25/us/politics/private-email...

Did you mean for this comment to go somewhere else? This seems to have nothing to do with the difference between DNC emails and Anthony Weiner emails. [EDIT:] The point of this thread is whether alleged Russian hacks of the DNC turned the election in Trump's favor. This seems extremely dubious to me, and references to both Comey's letters and Colin Powell's dozens of email indiscretions seem completely beside the point.
I don't think most voters understood or believed in the distinction. Further, I think you know that, and that you are arguing in bad faith. To wit: you've repeatedly edited the portion of a parent comment in which you made reference to other administrations' use of state department email resources.

I'm going to stop responding now.

Have a nice day.

It doesn't matter whether any voter understood the distinction. These are two different events, neither of which had any effect on the other. I'm not convinced most voters were even aware of the DNC email leaks. The USA news media certainly didn't want to emphasize something that put the USA news media in such a bad light.
Have you ever heard anyone give an honest, principled reason for voting for Trump? People who do stupid things usually don't understand why they're doing them.
Certainly not! But we shouldn't hold Trump and Clinton to different standards.
The books Democracy For Realists and then Why We Are Polarized cured me of remaining notions that any signicant fraction of people vote based on platforms, ideas, policy.

Federal and statewide races are about activating identities and anti-partisanship. We're lucky when people bother to vote down ballot.

On August 10, 1988, 11-year-old Seattle resident Dade Murphy crashed 1507 computers, causing a 7 point drop in the New York Stock Exchange. His family was fined $45,000, and he was legally forbidden from touching a computer until he turned 18 years old. They made a documentary film about it 7 years later in 1995.
Was Hackers referencing a real event?
(comment deleted)
No, parent is just joking :) The general idea of the original zerocool hack does bear a slight resemblance to the Morris worm. https://en.m.wikipedia.org/wiki/Morris_worm
Hack the Planet!
They're trashing our rights! They're trashing, trashing!!!
RISC architecture is going to change everything
Crazy to think "THE Plague" and "Ben" from Short Circuit 2 are the same actor.
That OPM hack was pretty brutal. It set back clearance investigations for years. They still take twice as long as they used to. All of the contracted agencies got fired and everything started over. Effectively every detail of my past, personal life, medical status, and everyone else with a clearance has been in the hands of China for 6 years. The SF-86 is extremely thorough. It centralizes much more of your personal data than any other source. A lot of this is stuff you would not normally disclose anywhere.

Other than that, I've give a vote to the original hack, the Bletchley Park cracking of Enigma. Most of the other hacks have just hurt people and exploited systems with poor security or no security at all. These people helped bring down Naziism and broke what was the best military grade encryption in existence at the time.

Yeah, it's crazy that even things like my fingerprints are out there somewhere.

I've sorta lost track of what's happening, but the credit monitoring thing they're offering has been really good, and seems to be extended indefinitely.

Bizarrely it's given me some peace of mind; no matter what other breaches I'm part of, it can't get worse.

It's funny you say it gives peace of mind. I had this exact conversation not long ago with some former co-workers. It's a sort of forced acceptance that you can't change something. In some ways it's desensitized me to disclosures of breaches and the constant notices I receive in email etc.

Who knows what the ultimate impact is long term, but whatever it is, there's no hiding from it.

When I hacked your mom?
martinlutherking .org is a hack? seriously?
I'd argue Stuxnet was a pretty major one: https://en.wikipedia.org/wiki/Stuxnet

Between 2005 and 2010 the US military wrote a virus that destroyed many of Iran's uranium-enriching centrifuges. It featured Windows 0-days, infected USB flash drives, a rootkit, and was self-replicating once it crossed the airgap. Once it found the target machine, it would send malicious signals to the PLC causing the centrifuge to spin too fast.

I'd concur. Stuxnet truly created infrastructure attacks as a design goal of malware. The US has only itself to blame for placing direct damage to physical assets in play for cyber warfare.
The NSA and Israeli Unit 8200 wrote Stuxnet, over the course of years, with multiple beta versions released to the wild before its "final version", where upon its release, the most sophisticated and arguably dangerous worm written was open sourced for any nation state actor to modify and use for their own nefarious purposes*
Stuxnet, to this day, is utterly amazing....

The docu from microsoft team on it was very interesting to listen to...

Whats amazing, is that DUQU, stuxnets 'brother' was also ultra-zero-day and super complex...

Its super cyberpunk, that entire story...

(comment deleted)
The OPM breach targeted data from SF86 forms (Standard Form 86) not “FS86” forms as the article states. Now, this isn’t really useful on its own, but it does make you wonder if any high level google search was ever carried out to fact check anything else in the article. An obvious typo like this would be discovered easily — but other things? Maybe not.
The Solar Winds hacks were professional, far reaching, political, and probably far from over. We'll be sorting that out with all the other Russian hacking for years.

Runner up, nobody's mentioned the Experian hack. 24 million extremely private credit records were released and will be feeding consumer fraud over and over.

https://threatit.com/articles/lists-of-companies-affected-by...

https://www.infosecurity-magazine.com/news/experian-data-bre...

SolarWinds is orders of magnitude more significant (or will be, in the fullness of time) than anything that targeted the personal data of individuals.

Back in the early 2000s I was a mod on shadowcrew (served my time for that) and the volume of personal data that was being shared was staggering. Most multinationals I can name that existed at the time were trivially infiltrated by botnets and had every accessible database and file scrutinised. Hundreds of millions of people have had most of their pseudoprivate information exfiltrated. Mostly it just caused inconvenience - not to diminish the harm done when it was more than that. The point is that each datum relates to one person and requires a lot of effort to exploit. By contrast, national or international organisations and people or groups of prominence have much higher value secrets.

The most significant one that's public that I know of is the T-mobile hack by ethics [0] - full access during 2003-2004 to every message, photo, email and internal tools. Among other things, the US Secret Service were using T-mobile as their email and phone service provider. Every USSS communication was able to be monitored in realtime, and many were being live posted to IRC. Same for hundreds of celebrities, politicians, and criminals. I doubt the USSS were the only organisation compromised then, but they are the only one I know of for certain.

I would be absolutely amazed if there aren't more significant and recent similar hacks given the increasing centralisation of communication and information infrastructure.

0: https://www.theregister.com/2005/01/12/hacker_penetrates_t-m...

I agree with the folks saying Stuxnet but about 15 years ago I was selling PHP services to small businesses. Drupal, Joomla, and Wordpress. I woke up one morning to what was apparently at that time the largest automated attack in history. Almost all of my clients pages were defaced with a few different versions of the same site. The background of the page was dark blue with the silhouette of a man on a horse waving a scimitar over his head. The sites had gifs of gold 3D text that spun around. I don’t remember what it said, but I do remember the message varied slightly on each site. Also the pages autoplayed audio, again not consistent site to site but I remember most played recordings of a Muslim call to prayer. The imagery and audio seemed inconsistent ideologically so I never felt it was religiously motivated, it felt more like some white boys trying to do shit they thought would freak out other white folks.

The hacks didn’t destroy anything, they for sure could have after I looked into the exploit. It was an easy fix though. I think I remember reading that a hundred thousand or more PHP sites were hit. I saved copies of the sites because I honestly thought it was exciting. My customers did not share my excitement. I’m also moved to Python after that. I never looked into it more, I’m gonna go do some digging and see if the folks who did it piped up to own it.