Sicurezza

The Most Dangerous People on the Internet This Decade

In the meantime, Facebook has been used again and again to spread mass disinformation, from hate speech that fueled the massacre of Rohingya muslims in Myanmar to WhatsApp propaganda that helped elected far-right Jair Bolsonaro in Brazil, to troll armies tasked with attacking the enemies of Philippines president Rodrigo Duterte and Donald Trump. In almost every instance, Zuckerberg has been slow to react, or even initially dismissive of concerns. The result has been a decade of disastrous effects, for both privacy and politics, across the globe. As Facebook has claimed a near-monopoly on social media, there’s little sign that Zuckerberg is willing to slow his company’s rapacious growth to prevent the next catastrophe.

Julian Assange

Julian Assange first came on the general public’s radar in a 2010 WikiLeaks video called Collateral Murder. It represented a radical new model of secret-spilling that empowered whistleblowers by offering them a digital dead drop, one that protected with their anonymity with strong encryption. WikiLeaks would follow up with one blockbuster leak after another, with hundreds of thousands of classified files from the war in Afghanistan and then Iraq, followed by a quarter million secret cables from the State Department. With those megaleaks from his tiny group, Assange successfully upended parts of the global order, hastening the US pullout from Iraq and helping to touch off the Arab Spring with its revelations about the Tunisian dictator Ben Ali—even as WikiLeaks was accused of also endangering innocents like State Department sources whose names were included in the files. But Assange would have another, unexpected second act in 2016, when Russian agents would exploit WikiLeaks to launder documents stolen from the Democratic National Committee and the Clinton campaign. After all, Assange never cared much for distinctions between whistleblowers and hackers. Throughout those years, Assange always maintained that the US intended to imprison him—that US hegemony considered him too dangerous to be left free. When Assange was pulled out of the Ecuadorean embassy in April and put in a British prison awaiting extradition to face US hacking and espionage charges, he was proven right.

ISIS

Violent Islamist group ISIS integrated terrorism with the internet like no one else in history. From its initial takeover of Mosul in 2014, ISIS both horrified the world with its acts of barbarism and also carried out a deeply effective online recruiting campaign. With grisly propaganda videos and lies about the Islamist paradise it sought to create posted to YouTube and other social media, it convinced many young Muslims across the globe to rally to its cause, turning Iraq and Syria into magnets for juvenile, misguided bloodletting and forcing every tech company to consider how the most violent humans in the world might misuse their services. But ISIS also successfully turned the internet into a means of distributing its violence physically, persuading lone wolves to carry out unspeakable attacks from Paris to Nice to London to New York. Even as ISIS’s caliphate has been dismantled and its founder killed by US forces, that placeless call to violence still rings out across the internet, and may yet pull more troubled young men under its sway.

Lazarus

North Korea may have largely cut off its populace from the internet. But it makes a few very notable exceptions, including for the North Korean hackers broadly known as Lazarus, which has carried out some of the most aggressive hacking operations ever seen online. Lazarus first shocked the world with its attack on Sony Pictures in retaliation for its Kim Jong-un assassination comedy, The Interview. Under the cover story of a hacktivist group known as “Guardians of Peace,” they breached the company, spilled thousands of its emails online, extorted the it for cash, and destroyed hundreds of its computers. Since then, Lazarus has shifted its tactics in part to purely profit-motivated cybercrime, stealing billions of dollars around the world in bank fraud operations and cryptocurrency thefts. Those cybercriminal operations hit a new low in May of 2017, when Lazarus released WannaCry, a ransomware worm that exploited the leaked NSA hacking tool EternalBlue to automatically spread to as many computers as possible before encrypting them and demanding a ransom. Thanks to errors in its code, WannaCry didn’t make much money for its creators. But it had a far larger effect on its victims: It cost somewhere between $4 and $8 billion globally to repair the damage.

NSO Group

At the beginning of this decade, hacking contractor firms and sellers of techniques known as “exploits” were barely heard of. The few known cybermercenaries were subjects of scandal and accused of digital arms dealing. Today, the Israeli firm NSO Group has made them all look tame by comparison. The company has sold techniques for remotely breaking into iPhones and Android phones with little or no interaction from the victim. In some cases, the company and its customers were able to plant malware on a target phone simply by calling it on WhatsApp. And despite the company’s repeated insistence that it doesn’t sell its hacking services to human rights abusers, the targets of its hacking have shown otherwise: Activist Ahmed Mansour, one of the first high-profile victims of NSO’s exploits, is now serving a 10-year prison sentence in the United Arab Emirates. NSO malware targets in Mexico have included activists who have lobbied for a soda tax and the wife of a slain journalist. When WhatsApp sued NSO in October, it accused the firm of helping to hack 1,400 victims across the globe, including dissidents, diplomats, lawyers, and government officials. All of that makes NSO’s spying-for-hire operation just as dangerous as many of the world’s most brazen state-sponsored hackers.

Xenotime

In August of 2017, a piece of malware known as Triton or Trisis shut down an oil refinery owned by petrochemical firm Petro Rabigh, on the Red Sea coast of Saudi Arabia. That was, in fact, a lucky outcome. The malware had actually been intended not to stop the plant’s operations, but to disable so-called safety-instrumented systems in the plant designed to prevent dangerous conditions like leaks and explosions. The malware, planted by a mysterious hacker group known as Xenotime, could have easily been the first cyberattack to have cost a human life. Xenotime’s motivations aren’t clear, nor are its origins. Though the usual suspect for any attack on Saudi Arabia is Iran, FireEye in 2018 found links between its Triton/Trisis malware and a Russian university. Since the Petro Rabigh incident, Xenotime’s target list has grown to include North American oil and gas operations, and even the US power grid. By all appearances, the group has only displayed a fraction of its destructive potential.

Cody Wilson

Over the last 10 years, Cody Wilson has developed a talent for incubating nightmares in the space between new technologies and the laws that control their most dangerous applications. In 2013, he released blueprints online for the world’s first fully 3-D printable gun, allowing anyone with a 3-D printer to create a deadly, unregulated weapon in the privacy of their home. But Wilson soon traded the sci-fi shock value of that idea for practical lethality: He sold thousands of Ghost Gunner machines capable of carving away aluminum to finish fully metal AR-15s and Glocks from fully unregulated parts. In the meantime, Wilson’s side projects have been just as controversial. He founded Hatreon, a Patreon-type donations site that funded extremists and white nationalists, as well as a bitcoin wallet designed for perfectly untraceable transactions, unlocking powerful new forms of money laundering. (That cryptocurrency project was halted only when his partner, Amir Taaki, unexpectedly smuggled himself into Syria to fight ISIS alongside the Kurds.)

Decade in Review

WIRED looks back at the promises and failures of the last 10 years

Last year, Wilson was arrested and charged with sexual assault of a minor. But by September 2019, he was already released on probation. Given how Wilson has thrived on controversy and negative press, don’t expect his bomb-throwing career to be over just yet.

Peter Thiel

Once, Peter Thiel was simply a rich libertarian eccentric, dreaming of seasteading, advocating against college education, and watching the fortune he made cofounding PayPal multiply as a major investment in Facebook. This decade, however, it’s the politics of his businesses, not their profit-making, that has raised the most eyebrows. Palantir, another company he cofounded, has become the world’s most active embodiment of Silicon Valley’s partnership with surveillance agencies, controversially offering up its data-mining software and services for undocumented immigrant-hunting at ICE, and reportedly stepping in for the Pentagon’s controversial Project Maven after Google bowed out under employee pressure. Anduril, founded by Palmer Luckey with an investment from Thiel, sells surveillance technologies designed for the southern border to Customs and Border Protection. Even earlier, starting in 2012, Thiel notoriously bankrolled a series of lawsuits designed to destroy Gawker as an apparent act of vengeance, although Thiel himself described it as “deterrence.” Regardless, his libertarian ideals seem to find their limits at press freedom, surveillance, and rights for US immigrants.

Anonymous

The faceless hacker collective known as Anonymous came into being in the late 2000s. But it hit its peak in the first years of the 2010s, with hacking operations that hit Visa, Mastercard, and Paypal with waves of junk traffic as vengeance for their financial blockade of WikiLeaks, as well as waves of hacking that tormented Sony for suing George Hotz for reverse engineering the Playstation. Anonymous’ anarchistic hacktivism peaked in the summer of 2011, when an offshoot of the group known as LulzSec went on a months-long rampage, hacking security firms, defense contractors, media, government, and police organizations. It turns out, however, that young hackers without the backing of a government nor a comfortable geographic remove from their victims isn’t exactly a sustainable form of protest. Virtually all of the most active Anonymous hackers were arrested. Some, like Jeremy Hammond, received lengthy prison sentences, while others like Hector Monsegur became informants against their former colleagues. Since then, Anonymous has largely petered out as a movement, and hacktivism has faded from the headlines, more often used as a cover story for state-sponsored hackers than a tool for idealistic agents of chaos.


More Great WIRED Stories