Forgot your password?
typodupeerror
Hardware Hacking

The Cyber Crime Hall of Fame 145

Posted by CmdrTaco
from the do-they-get-cool-bronze-statues dept.
DigitalDame2 writes "Not all hackers are bad guys, but a few fall prey to the dark side and use their talents for evil — not good. In compiling this list of the craziest cyber crimes, PC Mag looked for a few things: ingenuity (had it been done before?), scope (how many computers, agencies, companies, sites, etc. did it affect?), cost (how much in monetary damages did it cause?), and historical significance (did it start a new trend?). Read on about famous hackers John Draper, Robert Morris, Kevin Poulsen, and others."
This discussion has been archived. No new comments can be posted.

The Cyber Crime Hall of Fame

Comments Filter:
  • by Anonymous Coward on Monday September 08, 2008 @11:33AM (#24920443)

    In compiling this list of the craziest cyber crimes, PC Mag looked for a few things:

    I'm having trouble replicating their results. I'm getting errors no matter which compiler I use. Did they use some expensive proprietary compiler?

  • by Anonymous Coward on Monday September 08, 2008 @11:38AM (#24920501)

    Michael Bolton.

    The criminal mastermind who successfully laundered (To clean... no, I mean... to channel money through a source or by an intermediary.) thousands of dollars from his employer, Initech.

    Like any great hacker, he was not caught due to the fact that all physical evidence of his crime disappeared...

  • by TheRealMindChild (743925) on Monday September 08, 2008 @11:39AM (#24920515) Homepage Journal
    FREE KEVIN!
  • Students (Score:3, Insightful)

    by TechwoIf (1004763) on Monday September 08, 2008 @11:42AM (#24920545) Homepage
    Don't forget the MIT http://yro.slashdot.org/article.pl?sid=08/08/09/1812256 [slashdot.org] students. After all, its not everyday one get censored by the government. Can't have those "hackers" releasing info.
  • Balls (Score:2, Interesting)

    by Anonymous Coward
    Actually, the person who created this: http://www.symantec.com/security_response/writeup.jsp?docid=2007-042705-0108-99&tabid=2 [symantec.com] has some nerve.
  • Unsolved Cyber Crime (Score:5, Interesting)

    by pigphish (1070214) on Monday September 08, 2008 @11:43AM (#24920575)
    I'd love to see the companion to this article. Greatest unsolved computer exploits. They never seem to get much publicity when they are not caught.
  • history be judge (Score:5, Interesting)

    by Tom (822) on Monday September 08, 2008 @11:43AM (#24920577) Homepage Journal

    I agree with them as far as the "historic significance" goes. For the more recent ones, I'm not so sure. Maybe that's because most of those who actually did it first weren't caught. But the most important trends at this time are stuff like organized crime, spam (and the connection between the two) and extortion. The singular trend behind all these is that those early guys were curious people who did things "because they can", as the article states. But they're dinosaurs today. Money is the reason these days, not curiosity. To miss that one vital trend is to miss everything that's happened in security for the past years.

    • Re: (Score:3, Insightful)

      by darkmeridian (119044)

      I agree. The TJX break-in that revealed the private information of hundreds of thousands of consumers was recent but also groundbreaking because it brought to the fore the importance of data security. Before TJX, IT budgets were probably being cut to make room for Sarbanne-Oxley compliance. After TJX got screwed, I'm sure IT security budgets went through the roof.

  • by stewbee (1019450) on Monday September 08, 2008 @11:44AM (#24920593)
    FTFA

    Never underestimate the power of curiosity. In 2001 and 2002, British hacker Gary McKinnon gained access to Air Force, Army, Navy, NASA, Pentagon, and Department of Defense computers--97 in total--in a quest for evidence of flying saucers.

    Why do I find this so funny!

    • Re: (Score:1, Funny)

      by Anonymous Coward

      I do not know human. Tell me.

    • by drseuk (824707)
      Because Argos does telescopes for GBP 7.99?
    • Because a single British nutjob ex-sys-admin who believed in UFOs had the where-with-all to outfox the security systems and, by extension, the sys-admins of 97 US Armed Forces/Defence computers? It's funny because our fruitcakes are more competent than their best-and-brightest ;)

      Of course, it's also funny that this British nutjob was completely pwned by a crack team of US lawyers who will probably send him to a Federal PMITA Prison. I just hope they have the decency to dress up as little grey men for the
  • from planet Vulcan?

    Hold your flamethrower! I'm not making fun of Gary McKinnon's look [ziffdavisinternet.com]. I'm a huge fan of Spock [wikipedia.org], and I do think he looks so COOL. XD
  • by $RANDOMLUSER (804576) on Monday September 08, 2008 @11:48AM (#24920633)

    PC Mag looked for a few things: ... scope (how many computers, agencies, companies, sites, etc. did it affect?), cost (how much in monetary damages did it cause?), and historical significance...

    Windows 98?

    • by g0dsp33d (849253)
      Was thinking the same thing, not so much 98 as ME / Vista.

      -Weatherbug

      Probably the biggest of all time: Solitaire
  • by L4t3r4lu5 (1216702) on Monday September 08, 2008 @11:55AM (#24920721)
    "Vladimir Levin transferred a sum of $10.7 million to accounts in the U.S., Finland, the Netherlands, Israel, and Germany... sentenced to three years in jail, and ordered to pay $240,015 in restitution to CitiBank."

    "In 1999, David Smith released the Melissa worm... All told, the worm hit over 300 companies worldwide, including Microsoft, Intel, and Lucent Technologies, forcing them to shut down their e-mail gateways due to mass overcrowding and causing estimated damages nearing $80 million... After pleading guilty, Smith's prison sentence was reduced to 20 months..."

    "Jonathan James found out just how much the source code documents for the NASA's International Space Station are worth: $1.7 million... James received six months in prison and probation until he turned 18."

    "In February 2000, Calce launched a denial-of-service attack that struck 11 major Web companies... analyst estimates range as high as $1.7 billion Canadian (that's currently about $1.6 billion U.S)... handed a sentence of eight months "open custody," limited Internet use, a small fine, and one year of probation."

    " In 2001 and 2002, British hacker Gary McKinnon gained access to Air Force, Army, Navy, NASA, Pentagon, and Department of Defense computersâ"97 in totalâ"in a quest for evidence of flying saucers... Officials claim damages from his entry range close to $700,000... McKinnon is currently facing extradition to the U.S., which could mean up to 70 years in prison."

    Anybody spot a GLARING, COMPLETELY LUDICROUS issue here?
    Don't talk to me about Govt or National Security; He caused NO significant financial loss and caused NO national security issues past what was already there through inept administration.
    • Re: (Score:2, Insightful)

      by FreeUser (11483)

      He's a terrorist.

      [Best Republican Redneck Drawl]
      Man's gettin' what he deserves! He should thank his lucky UFOs he's going to Federal Pound-me-in-the-ass Prison for 70 years, and not gitmo for life.
      [end Best Republican Redneck Drawl]

      Seriously, if there was ever a time to question the lack of proportionality in our post-9/11 Bushite anti-terror legislation, this is it. Unfortunately, the fact that the man in not from the US, and doesn't have a very powerful lobbying base in the US, probably means this parti

    • by Madball (1319269) on Monday September 08, 2008 @12:13PM (#24920893)
      What I see is a comparison of several actual sentences and a theoretical maximum sentence. The two, at least in the US, tend to differ widely.
      • by drseuk (824707)
        Quite. The "differing widely" bit should be unconstitutional much as the passing of vague laws are (theoretically).
        • Re: (Score:3, Interesting)

          Not really, the point of that is so that the judge can have some leeway in deciding the seriousness of the offence, and sentence accordingly. The real problem is when laws call for mandatory sentencing and you get people in jail for years for stealing a pizza.
    • by morgan_greywolf (835522) on Monday September 08, 2008 @12:14PM (#24920913) Homepage Journal

      They want to make an example of McKinnon. Mess with the government and you'll spend the rest of your life in prison. Screwing with banks? Cause financial damage? Yeah, we'll give you hell for it. But screw with the government. Oh, you are SO going down. Nevermind that it's already been established that security on U.S. government systems is horribly inept [findarticles.com] to the point of being almost ridiculous [pcworld.com].

      • Which, BTW, is the real reason Kevin Mitnick was given such a hard time. He hacked into ARPANet in the early 80s.

      • The same happens here in the UK. Rob a Post Office and you'll get years in jail for stealing from the Crown. Kill someone, and you'll be out after a year or so.

        Typical govt behaviour

      • by Chyeld (713439)

        They want to make an example of McKinnon. Mess with the government and you'll spend the rest of your life in prison. Screwing with banks? Cause financial damage? Yeah, we'll give you hell for it. But screw with the government. Oh, you are SO going down. Never mind that it's already been established that security on U.S. government systems is horribly inept to the point of being almost ridiculous.

        Those with faith in their security don't need to make examples and thus rarely do.

        It's the ones who can't sleep a

    • by nomadic (141991)
      Anybody spot a GLARING, COMPLETELY LUDICROUS issue here? Don't talk to me about Govt or National Security; He caused NO significant financial loss and caused NO national security issues past what was already there through inept administration.

      Sometimes the attempt is punished even though there's no actual damage. Or do you think attempted murder should be a misdemeanor?
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Sometimes the attempt is punished even though there's no actual damage. Or do you think attempted murder should be a misdemeanor?

        There was no attempt. He fully succeeded in accessing the systems. The claim is that punishment doesn't reflect the severity (or lack there of) of the crime.

        Do you believe in capital punishment for streaking?

        • Re: (Score:1, Funny)

          by Anonymous Coward

          Do you believe in capital punishment for streaking?

          Depends what she looks like.

      • Attempted murder, now honestly, what is that? Do they give a Nobel Prize for attempted chemistry?

    • by hkz (1266066)

      The point is that McKinnon hasn't been sentenced yet and the others have -- the term they're mentioning is the maximum he's eligible for. We still have to see which side of the fence that will fall on.

    • Re: (Score:2, Funny)

      by halcyon1234 (834388)

      " In 2001 and 2002, British hacker Gary McKinnon gained access to Air Force, Army, Navy, NASA, Pentagon, and Department of Defense computers (97 in total) in a quest for evidence of flying saucers... Officials claim damages from his entry range close to $700,000... McKinnon is currently facing extradition to the U.S., which could mean up to 70 years in prison."

      Anybody spot a GLARING, COMPLETELY LUDICROUS issue here?

      Not really. He'll be serving those 70 years aboard an alien spaceship that will be moving

    • the military doesn't like to look incompetent. after all, if they can't defend themselves against a computer hacker, how can they defend our nation from 'real' threats?

      so, since he embarrassed us, let's just lock him up and throw away the key--set an example of him to deter other curious/non-malicious hackers rather than actually address the gaping holes in our security.

      after all, it's not like hostile governments or potential terrorists would ever risk 70 years in jail by hacking into our network--problem

  • by krgallagher (743575) on Monday September 08, 2008 @11:57AM (#24920737) Homepage
    Here is the quote:

    "Everyone wants to be the first at something and claim their spot in history; though being the first hacker tried for releasing a virus isn't exactly the sort of "first" Mom's going to brag about. In 1999, David Smith released the Melissa worm from a computer in New Jersey through a stolen AOL account."

    A worm is not a virus. Neither is a trojan. It drives me nuts when the media uses these words interchangeably. I usually forgive the likes of ABC, but you would think PC Magazine would get it right.

    • by SPQR_Julian (967179) on Monday September 08, 2008 @12:28PM (#24921061)
      Only on Slashdot would a post explaining the technical differences between viruses, trojans, and worms be modded offtopic. Naturally, my mod points expired yesterday.
    • Re: (Score:1, Informative)

      by xaositects (786749) *

      not to mention their blatant misrepresentation of hackers. These guys were more aptly termed as crackers since they used their skills for malicious purposes.

      They may have been hackers initially, but their move to the dark side changed that. I just think it gives people a warped idea of what a real hacker really does.

      • by snl2587 (1177409)

        Why is this flamebait? Hacker != Criminal, even if all of them are in this article. The news media typically portrays all hackers as such, but that doesn't mean that we should.

      • whatever juvenile computer chip concubine modded this as flamebait can kiss my ass. I doubt there are many real hackers who actually like being compared to the scum of society on a daily basis.
  • TFA is wrong (Score:5, Interesting)

    by Anonymous Coward on Monday September 08, 2008 @11:58AM (#24920753)

    "Though charged and convicted in the U.K., McKinnon is currently facing extradition to the U.S., which could mean up to 70 years in prison."

    McKinnon was never convicted in the UK. IIRC the Computer Misuse act hadn't been passed then. See here: http://www.theregister.co.uk/2008/08/28/mckinnon_european_appeal_rejected/

    He's currently being extradited under the disgraceful one sided treaty where we (i.e. British) hand over anyone the USA asks for without the need to demonstrate a primae facia case.

    That'll be the special relationship where we bend over and USA screws us.

    • hey, just because you don't live in this country doesn't mean that our laws don't apply to you!

      i mean, our rights don't apply to you. you don't get habeas corpus or anything like that.

      but our laws, yea, those apply to everyone.

    • Re: (Score:2, Funny)

      For the record we here in the USA equally screw all nations, usually with the help of the puppet governments we install.

      To imply that we only screw the UK is an insult, we've spent the last 8 years trying to prove to the world that we'll screw anybody for any reason possible.

      I insist that when discussing how the US screws other countries you please remember that we would never limit this activiy to just the UK. We're just like a 16 year old boy, we'll screw anybody. To imply otherwise is simply barbar
  • Robert Morris' Worm (Score:5, Interesting)

    by martyb (196687) on Monday September 08, 2008 @11:59AM (#24920765)

    <GrayBeardMode> I was working at PR1ME when the Morris Worm hit. Nobody really new what was going on at first. Then word was getting out that there was something running rampant over the internet and our feed was taken down. Later it was learned that our systems had the wrong architecture and we were safe from the attack, but the impact on the net was so great that everything was glacially slow. </GrayBeardMode>

    There's a great write-up by Don Seeley, Department of Computer Science, University of Utah that (as posted by Francis Litterio). (I used to work with Fran - Hi there!) Anyway, the link to it from wikipedia (Morris Worm [wikipedia.org]) is broken, but I found a copy in Google's cache at "A Tour of the Worm" [64.233.169.104]. There are other links available (e.g. to a pdf) if you search Google for this title, but I don't want to unnecessarily bog down someone's server. Highly recommended!!

    • You fixed the wiki link... right?
      • by martyb (196687)

        You fixed the wiki link... right?

        Actually, no; I should have been clearer in my original post. I got a 403 (forbidden) error instead of the usual 404 (file not found) error when I tried to follow the Wiki link. I took a guess that the publicity from this PC Magazine article might have caused load issues.

        If it were up to me, the easiest way to deal with it would be to change the permissions, temporarily. Later, when the load drops off, I'd just restore the permissions. So, assuming that's the case, th

  • (engage festival Deep-Scottish-American accent mode) How do you want to go away today? Mwaaahhhhaaaahhhhaaa!
  • MafiaBoy (Score:5, Insightful)

    by SirLestat (452396) on Monday September 08, 2008 @12:06PM (#24920821)

    From the article: "then teenage super hacker". I'm sorry but downloading a script from the internet and being stupid enough to run it does not make you a super hacker.

    • by cez (539085)
      lol... that "super hacker" part got me too, and I'm sure anyone from undernet who knew him. But eh, MASSIVE POSSIBLE $$$ DAMAGING DOS = SUPER HACK I suppose to the media... How bout some props to Soulblaze (yeah yeah you sold out to M$ - ohwell) and the other folks who wrote those handly lil scripts for ummm...bandwidth testing.

      gH for life! hehe.. no mention of the whitehouse.gov hack? =(

      • I just realized, if I killed somebody, I would be murderer..

        But if I killed a RICH GUY.... I'd be a SUPER MURDERER!

  • Pengo? (Score:5, Insightful)

    by gambit3 (463693) on Monday September 08, 2008 @12:17PM (#24920947) Homepage Journal

    I was hoping to see Pengo, the East German hacker, but it seems history has forgotten about him.

  • There was that time I wrote a program that inserted random gibberish into files it found on the school's network.

    That was zany. And daring.

  • by Animats (122034) on Monday September 08, 2008 @12:21PM (#24920979) Homepage

    They missed Jeffery Ward [google.com], the first person to do jail time for computer crime.

    This was the stone age of computer crime. Ward was convicted of grand theft for stealing a proprietary plotting program from ISD for the benefit of his employer, UCC. One of UCC's customers. Shell, was also an ISD customer, and they had a remote terminal, a UNIVAC 1004, with a card reader, printer, (optional) card punch, and 2400 baud synchronous modem. The customer used the same terminal ID (wired into a plugboard; there weren't really passwords then) to use both UCC and ISD. Ward used a similar terminal at UCC to impersonate the customer's terminal and connect to ISD. Then he submitted a job (on punched cards!) to request that the binary for the plotting program be sent to his terminal and punched on the card punch.

    And that's his plan started looking like "America's Dumbest Criminals". The customer terminal he was impersonating didn't have a card punch. So the ISD computer instead punched the desired card deck on a punch in ISD's computer room, and printed a message for the operator indicating who wanted the card deck. The card deck was then packaged up by ISD staff and mailed to Shell.

    The package was received at Shell. Since they hadn't ordered it, they sent it back to ISD with a request for a refund. The ISD staff took a look at the card deck, and after some puzzlement, someone realized what it was.

    It took a while to figure out what was going on, but the Alameda County DA's office and the Oakland police were brought in, and the first search warrant ever for the search of a computer was issued, to be served on UCC. Nobody was really sure how to do this, but an outside consultant with UNIVAC experience was brought in for the search.

    So the big day came. Oakland cops, an assistant DA, and the UNIVAC expert show up at the front door of UCC in Oakland. It's not clear that a search would have found anything; most data back then was on magnetic tape, and the UCC data center had thousands of reels of tape. However, Ward was in the building at the time, and he decided to grab all the incriminating material and duck out the back door.

    Big mistake for Ward. Cops know about covering the back door. Ward was quickly arrested, and since he had all the incriminating data, the search was unnecessary and Ward was carted off to jail.

    There was a later civil settlement between UCC and ISD. ISD got four tape drives and a "CTMC", a 32-line async port controller. (This was a truckload of 1970s technology.) I worked for ISD when that gear arrived, and it was not in good shape, but we got it working.

    • by Sryn (976155)
      Great story. Must be told up there with the 'greats'. Sryn
    • by Thelasko (1196535)
      They also missed that guy who hasn't been caught yet. Because we all know, the guy who hasn't been caught yet is a far bigger threat than any of the people on this list.
    • by DrSkwid (118965)

      They also missed my mate John who frauded the Internet voting system for "Stars in Their Eyes" in 1997. How we chortled when Matthew Kelley said "We've had an amazing response from our internet voting" hahaha

  • by Anonymous Coward on Monday September 08, 2008 @12:24PM (#24921005)

    One of Mitnick's first arrests (as an adult) resulted from his breaking into The Santa Cruz Operation. Yes, that S.C.O..

    The reason he got caught was because SCO thought it was their competition who was breaking in.

    It took an extremely motivated effort to track him down, due to the way the Telco's worked at the time, and Mitnick knew it. What he didn't know was that SCO was very determined (for the wrong reason).

    Note that, contrary to all the published nonsense out there, Mitnick was NEVER prosecuted for breaking into SCO. They were afraid of pressing charges. He was nailed because SCO's competition wasn't afraid to press charges.

  • Has anyone noticed that all of these 'hackers' actually got caught, that's hardly cause for fame ..
    • by Nathrael (1251426)
      That's because the most skilled hackers usually never get known and thus can't be famous.
  • What about shlashdot? How many servers have buckled under the strain of being slashdoted? And how many Companies fell victim for Millions of dollars from the Microsoft Windows Vista virus?
  • by adona1 (1078711) on Monday September 08, 2008 @12:42PM (#24921251)
    They missed out the #1 hacker of all time, Matthew Broderick [wikipedia.org]. And Eugene "The Plague" Belford [wikipedia.org]...a very bad man.
  • And those hackers in the '70s?
  • by Anonymous Coward on Monday September 08, 2008 @12:49PM (#24921355)
    was when Phil Zimmerman exported munitions to teh terrists!
  • by nickswitzer (1352967) on Monday September 08, 2008 @01:56PM (#24922347) Homepage

    MafiaBoy At the time of his hack, Mike Calce could only be referred to as MafiaBoy since Canadian laws prevented news outlets from releasing the name of the then teenage super hacker. In February 2000, Calce launched a denial-of-service attack that struck 11 major Web companiesâ"including Amazon, eBay, E*TRADE, and Dellâ"via 75 computers on 52 networks. While there's no hard data to quantify how much monetary damage was done, analyst estimates range as high as $1.7 billion Canadian (that's currently about $1.6 billion U.S). When tried in 2001, Calce was handed a sentence of eight months "open custody," limited Internet use, a small fine, and one year of probation. Ranks For: Scope, Cost

    He basically found out how to do a DDOS, which was the first of it's kind. Before that, the main exploits ranged from SMURF.c to PEPSI.c to SLICE3.c (for some reason they were a lot of soft drink names). MafiaBoy went into an irc channel (I am omitting the name) bragging about how he could "down" anything. A few suggestions were made for what at the time were the biggest sites on the web. Once he packeted one, the spectators were unsure that it was really him until he made large website after large website a "404". The rest is history.

  • by Psion (2244) on Monday September 08, 2008 @02:50PM (#24923231)
    Not a single mention of that nefarious hacker, Rick Astley, who has managed to hijack so many hyperlinks to relevant videos in so many online discussions?
  • How about Markus Hess [wikipedia.org], whose exploits (and the tracking thereof) back in 1986 were the basis of Cliff Stoll's book The Cuckoo's Egg [wikipedia.org]? He broke into multiple military computers and sold stolen information to the KGB. I think he deserves at least an honorable mention.

  • Dumbest. Article. Ever.

    Mitnick never broke into anything. He called people up, and they relinquished their passwords.

    BIG difference between comprising a printer buffer overflow to gain root and calling Sally the administrator and asking for her password.

    As soon as I hit that one, I quit reading.
  • Levin was not the first to engineer an unauthorized wire transfer. Stanley Mark Rifkin stole 10.2 million dollars that way in 1978.

    Frank Abagnale once committed a felony remarkable for its technical elegance. He printed some checks with contradictory routing and account information which, given the technology and human factors of the time, would go into an infinite loop in the clearinghouse system. He opened accounts with them, and closed the accounts after enough time elapsed that his victims figured the c

Is a person who blows up banks an econoclast?

Working...