The Top Six dumbest Hacks of All Time

Alan Wlasuk, believes that not all hackers are geniuses and most of them are average folks who are either smart or may be even dumb just like a normal human being!

With advanced technology, high speed internet and availability of much more technologically advanced gadgets it has helped hackers to get easy access to our personal and confidential credentials be it bank accounts or access to social networking sites. Normally, people are scared of the cyber crooks and hackers as these people are believed to be extraordinarily smart and genius who can get access to our data be it on smaller scale or even huge organisational level.

However, CEO of 403 Web Security, Alan Wlasuk, has given us examples which indicate that to consider all hackers as genius is a myth. In fact, Alan believes that most of the hackers are as smart as or as dumb as any normal person.

In this article we have compiled Top 6 examples which indicates that hackers are average people who are capable of making few dumb mistakes either in the way they attack or the clues which they left behind that could trace them. 

World’s Dumbest Cyber criminal

Four years back, in 2011, a dumb hacker hacked Kelly Osbourne’s (the one from Dancing with the Stars fame) email account. The hacker not only traced her old and new emails but also forwarded them to his own personal email account which could be easily traced. This is considered to be one of the world’s dumbest hacking incidence which indicates that the hacker was so dumb that by forwarding the emails to his personal account he actually invited police to trace and arrest him.

Self proclaimed hactivist Shahee Mirza:

Way back in 2008, a group of people defaced the military website of Bangladesh government which is known as Rapid Action Battalion (RAB). The website was sabotaged and forced to temporarily shut down.  Moreover, when people entered the elite security site they found a message posted which stated: ‘Hacked by Shahee_Mirza’.

Mirza, a twenty one year student of Saic Institute of Management and Technology in Mirpur, plead guilty and also told the authorities that he did not have any ill intent in hacking the site. The authorities were able to retrieve the site after about 24 hours and it was also found that Shahee had earlier hacked the websites of 22 organization including one that belonged to the army. It was found that the name and e-mail address which Shahee Mirza had posted after hacking the RAB site were all found to be real.

Further, the self proclaimed hacker, Mirza had also left a message on the website alleging the Bangladesh government for not taking sufficient steps for developing the IT industry in the country though it had passed sufficient laws to prevent the cyber crimes. Shahee claimed:


Obviously that was not a ‘Ginious’ act of the young hacker as mentioned in his hack. Shahee Mirza might end up with 10 years of federal imprisonment as per the law in Bangladesh.

Samy Kamkar’s blog post boasting of his hacking feat

Samy Kamkar acquired fame for his ‘Samy Worm’ which he released in the year 2005. Samy Worm first tried a self propagating cross site scripting worm that would infect the MySpace accounts. The worm carried a payload which would display a string “Samy is my hero” on the profile of the victim’s home page which would ultimately cause the victim to send a friend request to Kamkar.

Whenever, the user viewed their profile the malicious virus would have got planted on the homepage of their MySpace account. Within a matter of 20 hours of releasing the malware, Samy was able to spread the virus to over one million users. The MySpace team had to shut down their website temporarily to fix the problem. Samy also boasted his hacking feat in one of his blog post and ultimately got caught by the United States Secret Service.

Unfortunately for Samy, his blog contained an image with license plate in background which helped the officials to trace him. In 2006, Kamkar was raided by U.S. Secret Service and Electronic Crimes Task Force for releasing the worm. Kamkar pleaded for guilty and he was prohibited from using the computer for next three years. Ultimately since 2008, Kamkar is into independent computer security and privacy research and consulting. He is also making famous hacking gadgets after outgrowing the dumb hack of 2005.

Daquan Mathis clicked his selfies using the stolen phone and sent it via victim’s email ID

In 2009, 20 year old Sayaka Fukuda was robbed of her iPhone when she was on the N train platform at the Fifth Avenue station near 59th Street in New York. The thief, Daquan Mathis clicked his selfie using Sayaka’s iPhone while he was still wearing the same clothes that he wore when he robbed her. Later, the dumb robber also sent this image to his email address via victim’s email ID.

Fukuda was able to access her iPhone email account via internet. Unfortunately, for Mathis,  Fukuda was much smart and she immediately noticed that the thief had sent some email from her outbox to his email account. With the details of email address it was much easy to trace Mathis and with his profile picture attached it only made matter much simpler for the cops.

Eduard Lucian Mandru, though a clever hacker, was traced through email ID

Comparatively we can say that Eduard Lucian Mandru was a much clever hacker. It was in the year 2006 that Mandru who called himself “Wolfenstein” broke into the secure computer network that belonged to the Department of Defense (DoD) and infected several systems.

Mandru was able to hide himself from the authorities as they did not have any clue to this hacker except his email address  ([email protected]). The authorities had a tough time locating Mandru as he was much smarter and was accessing the network through some compromised servers in Japan. Besides, he was also deleting all the access logs making it impossible to trace him.

However, after about 2 years Mandru was unemployed and thus had to apply for jobs and then he opted to use this same yahoo email address on his resume which led to his arrest. It seems if he had not used this email address he would have been safe!!!

Foiling Euro Traffic cameras by using Drop Database Tables

A clever hacker in a way realized that the recent speed traps use the Euro Traffic cameras which can automatically register the speed in addition to clicking the photograph of the license plate. By using character recognition the authorities can even translate the license plate number into a format which they can further use as a lookup with the DMV database.

In the year 2010, this hacker changed his license plate number to (‘ZU 0666’, 0, 0) which is a Drop Database Table. This is a SQL Injection method of licence plates and if the DMV uses this string of characters in their database lookup then there is a good chance that all the database records which contain his actual licence plate number (ZU 0666) would get deleted. This is an intelligent and creative move; however Alan is not sure if this hack is just for fun or is it real.

The security breaches always point out some mistakes which the victim did like reusing the passwords or not running the firewall software. Sometimes the hacker could be actually pretty smarter than the victim. As per Marc Maiffret, CTO of eEYE Digital Security, in general hackers are “very calculating and successful, so there aren’t a lot of ‘dumb hackers’ out there”. So it is always advisable that all the online users always remain alert of such hackers and take apt precaution to save themselves from the getting hacked.

Let us know your views on the hackers, whether they are genius or dumb…… in the comments section below.

Resource : IT Business Edge.