I was running a personal Jenkins instance on a cloud VM. I got an email from the provider saying my CPU had been running at 100% for a while. I logged in and found someone was using it to mine Monero.
Once upon a time I was setting up a fresh Windows 2000 Server with a public IP address, it got hacked before I was done installing the operating system, and patching it to the latest service pack. (< 30 minutes) I did all my OS installs with a private address after that.
I was a script kiddie in middle school back in the 90s, and WinNuke and BackOrifice were easy GUI tools back then for exploiting Windows installations over the internet.
BO was basically a remote control trojan that would install itself on a victim's computer and become a daemon that could control all system functions. I hid it in some shareware and sent it to my friend.
The first week, I did nothing at all, just to make sure he wouldn't be suspicious. Gradually I'd ramp it up, initially just displaying fake but semi-plausible error messages that confused him. Then I'd start playing loud screams at night and opening and closing his CD tray randomly. He would call me freaking out, complaining about his haunted PC. Sometimes I'd do it while we were playing Command & Conquer together, and he'd run off into the other room screaming obscenities and yelling uncontrollably. It was glorious.
Eventually I felt bad about it and fessed up, after which the school got involved somehow. I was called into the principal's office and made to explain it all. They really struggled to understand things like protocols and ports and instead grilled me on the name "BackOrifice" and how inappropriate it was. It was a weird scene, being stuck in the office with a bunch of sixty somethings, talking about buttholes, because none of the adults knew anything about computers. I had to explain what a modem was and how computers could network to each other across homes.
They made me apologize to my friend, which of course I did anyway. We both had a good laugh. Well, at least one of us did. Then instead of punishing me, they made us both lab techs for the school Mac lab. We discovered how to use the System 8 (old macOS) debugger to bypass their security software to browse questionable websites, which the young internet had many of. Once in a while we'd help people with their Excel homework or edit their MathBlaster scores too...
