The Cyber Crime Hall of Fame 145
DigitalDame2 writes "Not all hackers are bad guys, but a few fall prey to the dark side and use their talents for evil — not good. In compiling this list of the craziest cyber crimes, PC Mag looked for a few things: ingenuity (had it been done before?), scope (how many computers, agencies, companies, sites, etc. did it affect?), cost (how much in monetary damages did it cause?), and historical significance (did it start a new trend?). Read on about famous hackers John Draper, Robert Morris, Kevin Poulsen, and others."
Trouble compiling (Score:5, Funny)
In compiling this list of the craziest cyber crimes, PC Mag looked for a few things:
I'm having trouble replicating their results. I'm getting errors no matter which compiler I use. Did they use some expensive proprietary compiler?
Re: (Score:1, Funny)
try turning off all the advertisements
Re:Trouble compiling (Score:5, Funny)
An AC wrote:
If you turn off the ads at your end, you're just a user.
If you turn off the ads at the server end, you're a hacker.
They forgot one big hacker (Score:5, Funny)
Michael Bolton.
The criminal mastermind who successfully laundered (To clean... no, I mean... to channel money through a source or by an intermediary.) thousands of dollars from his employer, Initech.
Like any great hacker, he was not caught due to the fact that all physical evidence of his crime disappeared...
Re: (Score:3, Funny)
Re:They forgot one big hacker (Score:5, Funny)
I believe the term is "no-talent ass clown" ;)
Re: (Score:2, Funny)
Personally, I celebrate his entire catalog.
Re: (Score:2)
Not the first. (Score:2)
Must be said! (Score:5, Funny)
Re:Must be said! (Score:5, Funny)
He is actually Free Now... The slogan have since changed to "PUT KEVIN BACK!".
Re:Must be said! (Score:4, Funny)
Re:Must be said! (Score:4, Funny)
Re: (Score:2)
Re: (Score:3, Informative)
http://www.mitnicksecurity.com/ [mitnicksecurity.com]
Already been done and now he's doing quite well for himself. He was wrong for doing what he did, and yes so to was the government.
However he is now doing fairly well for himself with his books and appearances on TV. I think AMW last year he was working to help profile a computer hacker.
You want him free? Done and Done.
Re: (Score:3, Funny)
He means free as in beer!
Free (as in beer) Kevin Mitnick!
Re: (Score:2)
You want him free? Done and Done.
No, now you have to pay for him
Re: (Score:2)
Schedule a meeting, offer a Free Hat. [wikipedia.org]
Re: (Score:1, Insightful)
Free Lamo
Re: (Score:2)
Re: (Score:2, Funny)
*With purchase of equal or lesser value.
Students (Score:3, Insightful)
Balls (Score:2, Interesting)
Unsolved Cyber Crime (Score:5, Interesting)
Re: (Score:1)
greatest known unsolved exploits maybe?
Re: (Score:1, Informative)
http://en.wikipedia.org/wiki/WANK_(computer_worm) [wikipedia.org]
Look at the references (heck, read the entire book), for some information about this worm.
Re:Unsolved Cyber Crime (Score:5, Interesting)
history be judge (Score:5, Interesting)
I agree with them as far as the "historic significance" goes. For the more recent ones, I'm not so sure. Maybe that's because most of those who actually did it first weren't caught. But the most important trends at this time are stuff like organized crime, spam (and the connection between the two) and extortion. The singular trend behind all these is that those early guys were curious people who did things "because they can", as the article states. But they're dinosaurs today. Money is the reason these days, not curiosity. To miss that one vital trend is to miss everything that's happened in security for the past years.
Re: (Score:3, Insightful)
I agree. The TJX break-in that revealed the private information of hundreds of thousands of consumers was recent but also groundbreaking because it brought to the fore the importance of data security. Before TJX, IT budgets were probably being cut to make room for Sarbanne-Oxley compliance. After TJX got screwed, I'm sure IT security budgets went through the roof.
Gary McKinnon (Score:3, Funny)
Why do I find this so funny!
Re: (Score:1, Funny)
I do not know human. Tell me.
Re: (Score:1)
Re: (Score:2)
Of course, it's also funny that this British nutjob was completely pwned by a crack team of US lawyers who will probably send him to a Federal PMITA Prison. I just hope they have the decency to dress up as little grey men for the
Extradit Gary McKinnon (Score:2)
Hold your flamethrower! I'm not making fun of Gary McKinnon's look [ziffdavisinternet.com]. I'm a huge fan of Spock [wikipedia.org], and I do think he looks so COOL. XD
Oooh! Oooh! I know! (Score:5, Funny)
Windows 98?
Re: (Score:2)
-Weatherbug
Probably the biggest of all time: Solitaire
Re: (Score:1)
Anyone see something WRONG here? (Score:5, Insightful)
"In 1999, David Smith released the Melissa worm... All told, the worm hit over 300 companies worldwide, including Microsoft, Intel, and Lucent Technologies, forcing them to shut down their e-mail gateways due to mass overcrowding and causing estimated damages nearing $80 million... After pleading guilty, Smith's prison sentence was reduced to 20 months..."
"Jonathan James found out just how much the source code documents for the NASA's International Space Station are worth: $1.7 million... James received six months in prison and probation until he turned 18."
"In February 2000, Calce launched a denial-of-service attack that struck 11 major Web companies... analyst estimates range as high as $1.7 billion Canadian (that's currently about $1.6 billion U.S)... handed a sentence of eight months "open custody," limited Internet use, a small fine, and one year of probation."
" In 2001 and 2002, British hacker Gary McKinnon gained access to Air Force, Army, Navy, NASA, Pentagon, and Department of Defense computersâ"97 in totalâ"in a quest for evidence of flying saucers... Officials claim damages from his entry range close to $700,000... McKinnon is currently facing extradition to the U.S., which could mean up to 70 years in prison."
Anybody spot a GLARING, COMPLETELY LUDICROUS issue here?
Don't talk to me about Govt or National Security; He caused NO significant financial loss and caused NO national security issues past what was already there through inept administration.
Re: (Score:2, Insightful)
He's a terrorist.
[Best Republican Redneck Drawl]
Man's gettin' what he deserves! He should thank his lucky UFOs he's going to Federal Pound-me-in-the-ass Prison for 70 years, and not gitmo for life.
[end Best Republican Redneck Drawl]
Seriously, if there was ever a time to question the lack of proportionality in our post-9/11 Bushite anti-terror legislation, this is it. Unfortunately, the fact that the man in not from the US, and doesn't have a very powerful lobbying base in the US, probably means this parti
Re:Anyone see something WRONG here? (Score:5, Insightful)
Re: (Score:1)
Re: (Score:3, Interesting)
Re:Anyone see something WRONG here? (Score:4, Insightful)
They want to make an example of McKinnon. Mess with the government and you'll spend the rest of your life in prison. Screwing with banks? Cause financial damage? Yeah, we'll give you hell for it. But screw with the government. Oh, you are SO going down. Nevermind that it's already been established that security on U.S. government systems is horribly inept [findarticles.com] to the point of being almost ridiculous [pcworld.com].
Re: (Score:1)
Which, BTW, is the real reason Kevin Mitnick was given such a hard time. He hacked into ARPANet in the early 80s.
Re: (Score:2)
The same happens here in the UK. Rob a Post Office and you'll get years in jail for stealing from the Crown. Kill someone, and you'll be out after a year or so.
Typical govt behaviour
Re: (Score:2)
Those with faith in their security don't need to make examples and thus rarely do.
It's the ones who can't sleep a
Re: (Score:2)
Sometimes the attempt is punished even though there's no actual damage. Or do you think attempted murder should be a misdemeanor?
Re: (Score:2, Insightful)
Sometimes the attempt is punished even though there's no actual damage. Or do you think attempted murder should be a misdemeanor?
There was no attempt. He fully succeeded in accessing the systems. The claim is that punishment doesn't reflect the severity (or lack there of) of the crime.
Do you believe in capital punishment for streaking?
Re: (Score:1, Funny)
Do you believe in capital punishment for streaking?
Depends what she looks like.
Re: (Score:2)
Re: (Score:1)
The point is that McKinnon hasn't been sentenced yet and the others have -- the term they're mentioning is the maximum he's eligible for. We still have to see which side of the fence that will fall on.
Re: (Score:2, Funny)
Not really. He'll be serving those 70 years aboard an alien spaceship that will be moving
Re: (Score:2)
the military doesn't like to look incompetent. after all, if they can't defend themselves against a computer hacker, how can they defend our nation from 'real' threats?
so, since he embarrassed us, let's just lock him up and throw away the key--set an example of him to deter other curious/non-malicious hackers rather than actually address the gaping holes in our security.
after all, it's not like hostile governments or potential terrorists would ever risk 70 years in jail by hacking into our network--problem
I know it's a pet peeve (Score:5, Insightful)
A worm is not a virus. Neither is a trojan. It drives me nuts when the media uses these words interchangeably. I usually forgive the likes of ABC, but you would think PC Magazine would get it right.
Re:I know it's a pet peeve (Score:5, Funny)
Re: (Score:1, Informative)
not to mention their blatant misrepresentation of hackers. These guys were more aptly termed as crackers since they used their skills for malicious purposes.
They may have been hackers initially, but their move to the dark side changed that. I just think it gives people a warped idea of what a real hacker really does.
Re: (Score:2)
Why is this flamebait? Hacker != Criminal, even if all of them are in this article. The news media typically portrays all hackers as such, but that doesn't mean that we should.
Re: (Score:1)
Re: (Score:2)
The irony of this is so profound.
TFA is wrong (Score:5, Interesting)
"Though charged and convicted in the U.K., McKinnon is currently facing extradition to the U.S., which could mean up to 70 years in prison."
McKinnon was never convicted in the UK. IIRC the Computer Misuse act hadn't been passed then. See here: http://www.theregister.co.uk/2008/08/28/mckinnon_european_appeal_rejected/
He's currently being extradited under the disgraceful one sided treaty where we (i.e. British) hand over anyone the USA asks for without the need to demonstrate a primae facia case.
That'll be the special relationship where we bend over and USA screws us.
Re: (Score:2)
hey, just because you don't live in this country doesn't mean that our laws don't apply to you!
i mean, our rights don't apply to you. you don't get habeas corpus or anything like that.
but our laws, yea, those apply to everyone.
Re: (Score:2, Funny)
To imply that we only screw the UK is an insult, we've spent the last 8 years trying to prove to the world that we'll screw anybody for any reason possible.
I insist that when discussing how the US screws other countries you please remember that we would never limit this activiy to just the UK. We're just like a 16 year old boy, we'll screw anybody. To imply otherwise is simply barbar
Robert Morris' Worm (Score:5, Interesting)
<GrayBeardMode> I was working at PR1ME when the Morris Worm hit. Nobody really new what was going on at first. Then word was getting out that there was something running rampant over the internet and our feed was taken down. Later it was learned that our systems had the wrong architecture and we were safe from the attack, but the impact on the net was so great that everything was glacially slow. </GrayBeardMode>
There's a great write-up by Don Seeley, Department of Computer Science, University of Utah that (as posted by Francis Litterio). (I used to work with Fran - Hi there!) Anyway, the link to it from wikipedia (Morris Worm [wikipedia.org]) is broken, but I found a copy in Google's cache at "A Tour of the Worm" [64.233.169.104]. There are other links available (e.g. to a pdf) if you search Google for this title, but I don't want to unnecessarily bog down someone's server. Highly recommended!!
Re: (Score:2)
Re: (Score:2)
Actually, no; I should have been clearer in my original post. I got a 403 (forbidden) error instead of the usual 404 (file not found) error when I tried to follow the Wiki link. I took a guess that the publicity from this PC Magazine article might have caused load issues.
If it were up to me, the easiest way to deal with it would be to change the permissions, temporarily. Later, when the load drops off, I'd just restore the permissions. So, assuming that's the case, th
"The name's Gates, Bill Gates" (Score:1)
Re: (Score:2)
Can I get a copy of Deep-Scottish-American? I'm getting sick of ked.
MafiaBoy (Score:5, Insightful)
From the article: "then teenage super hacker". I'm sorry but downloading a script from the internet and being stupid enough to run it does not make you a super hacker.
Re: (Score:2)
gH for life! hehe.. no mention of the whitehouse.gov hack? =(
Re: (Score:2)
I just realized, if I killed somebody, I would be murderer..
But if I killed a RICH GUY.... I'd be a SUPER MURDERER!
Pengo? (Score:5, Insightful)
I was hoping to see Pengo, the East German hacker, but it seems history has forgotten about him.
What about ME?!?!?! (Score:2)
There was that time I wrote a program that inserted random gibberish into files it found on the school's network.
That was zany. And daring.
Re: (Score:2)
That was bold. And exciting.
Re: (Score:2)
They missed Jeffery Ward, the first one (Score:5, Interesting)
They missed Jeffery Ward [google.com], the first person to do jail time for computer crime.
This was the stone age of computer crime. Ward was convicted of grand theft for stealing a proprietary plotting program from ISD for the benefit of his employer, UCC. One of UCC's customers. Shell, was also an ISD customer, and they had a remote terminal, a UNIVAC 1004, with a card reader, printer, (optional) card punch, and 2400 baud synchronous modem. The customer used the same terminal ID (wired into a plugboard; there weren't really passwords then) to use both UCC and ISD. Ward used a similar terminal at UCC to impersonate the customer's terminal and connect to ISD. Then he submitted a job (on punched cards!) to request that the binary for the plotting program be sent to his terminal and punched on the card punch.
And that's his plan started looking like "America's Dumbest Criminals". The customer terminal he was impersonating didn't have a card punch. So the ISD computer instead punched the desired card deck on a punch in ISD's computer room, and printed a message for the operator indicating who wanted the card deck. The card deck was then packaged up by ISD staff and mailed to Shell.
The package was received at Shell. Since they hadn't ordered it, they sent it back to ISD with a request for a refund. The ISD staff took a look at the card deck, and after some puzzlement, someone realized what it was.
It took a while to figure out what was going on, but the Alameda County DA's office and the Oakland police were brought in, and the first search warrant ever for the search of a computer was issued, to be served on UCC. Nobody was really sure how to do this, but an outside consultant with UNIVAC experience was brought in for the search.
So the big day came. Oakland cops, an assistant DA, and the UNIVAC expert show up at the front door of UCC in Oakland. It's not clear that a search would have found anything; most data back then was on magnetic tape, and the UCC data center had thousands of reels of tape. However, Ward was in the building at the time, and he decided to grab all the incriminating material and duck out the back door.
Big mistake for Ward. Cops know about covering the back door. Ward was quickly arrested, and since he had all the incriminating data, the search was unnecessary and Ward was carted off to jail.
There was a later civil settlement between UCC and ISD. ISD got four tape drives and a "CTMC", a 32-line async port controller. (This was a truckload of 1970s technology.) I worked for ISD when that gear arrived, and it was not in good shape, but we got it working.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
They also missed my mate John who frauded the Internet voting system for "Stars in Their Eyes" in 1997. How we chortled when Matthew Kelley said "We've had an amazing response from our internet voting" hahaha
Re: (Score:3, Informative)
Interesting that he had to pay $305,000 for a plotting program in 1971.
One of ISD's competitive advantages in the early 1970s is that they offered remote plotting, using CALCOMP pen plotters, when almost nobody else did. Engineering companies liked this. The remote plotting was implemented by emulating a UNIVAC 1004 on a very small minicomputer, then hooking up a plotter which was fed from the "output card punch" stream. Since the printer/plotter message protocol had checking and retransmit, this could
Re: (Score:2)
ISD was Information Systems Design, a time-sharing service bureau for engineering computation. UCC was University Computing Company, a larger company in the same business. Both used UNIVAC mainframes. ISD was originally in Oakland (and shared a building with the Oakland Raiders), then moved to Santa Clara. UCC had its headquarters in Dallas, with facilities in LA and in Oakland.
An amusing bit of trivia about Mitnick (Score:5, Interesting)
One of Mitnick's first arrests (as an adult) resulted from his breaking into The Santa Cruz Operation. Yes, that S.C.O..
The reason he got caught was because SCO thought it was their competition who was breaking in.
It took an extremely motivated effort to track him down, due to the way the Telco's worked at the time, and Mitnick knew it. What he didn't know was that SCO was very determined (for the wrong reason).
Note that, contrary to all the published nonsense out there, Mitnick was NEVER prosecuted for breaking into SCO. They were afraid of pressing charges. He was nailed because SCO's competition wasn't afraid to press charges.
the Cyber Crime Hall of Fame .. ? (Score:2)
Re: (Score:1)
Missed Two (Score:1)
Could be a better article (Score:4, Funny)
What about ZeroCool! (Score:1)
Re: (Score:2)
What about Superman III? (Score:2)
My favorite Cybercrime (Score:3, Funny)
Explanation of MafiaBoy (Score:4, Interesting)
MafiaBoy At the time of his hack, Mike Calce could only be referred to as MafiaBoy since Canadian laws prevented news outlets from releasing the name of the then teenage super hacker. In February 2000, Calce launched a denial-of-service attack that struck 11 major Web companiesâ"including Amazon, eBay, E*TRADE, and Dellâ"via 75 computers on 52 networks. While there's no hard data to quantify how much monetary damage was done, analyst estimates range as high as $1.7 billion Canadian (that's currently about $1.6 billion U.S). When tried in 2001, Calce was handed a sentence of eight months "open custody," limited Internet use, a small fine, and one year of probation. Ranks For: Scope, Cost
He basically found out how to do a DDOS, which was the first of it's kind. Before that, the main exploits ranged from SMURF.c to PEPSI.c to SLICE3.c (for some reason they were a lot of soft drink names). MafiaBoy went into an irc channel (I am omitting the name) bragging about how he could "down" anything. A few suggestions were made for what at the time were the biggest sites on the web. Once he packeted one, the spectators were unsure that it was really him until he made large website after large website a "404". The rest is history.
I'm Unimpressed (Score:3, Funny)
Cuckoo's Egg (Score:2)
*sigh* (Score:2)
Dumbest. Article. Ever.
Mitnick never broke into anything. He called people up, and they relinquished their passwords.
BIG difference between comprising a printer buffer overflow to gain root and calling Sally the administrator and asking for her password.
As soon as I hit that one, I quit reading.
Missing two bank jobs (Score:2)
Levin was not the first to engineer an unauthorized wire transfer. Stanley Mark Rifkin stole 10.2 million dollars that way in 1978.
Frank Abagnale once committed a felony remarkable for its technical elegance. He printed some checks with contradictory routing and account information which, given the technology and human factors of the time, would go into an infinite loop in the clearinghouse system. He opened accounts with them, and closed the accounts after enough time elapsed that his victims figured the c
Re: (Score:2)
The dollar value of a human life? (Score:4, Insightful)
I don't see one fatality because of these "idiots" -- quoted because obviously some amount of intelligence is needed to pull off what they did.
I don't think terrorism should be blown out of proportion, the way it often is in the US, but terrorists actually kill people.
Are you saying that ten million dollars in damage is comparable to killing several thousand people? In other words, that the value of a human life not only can be measured, but that you consider it to be less than a thousand dollars?
Re: (Score:2)
Worse, its not even real "damage". In most of these cases no actual property was destroyed. Its all just made up numbers for the value of people's time when they had to track down and stop the attacks, or when they were being inconvienenced. But all that money would have been paid anyway, the companies would just have got more work out of it.
If productivity losses counts for "damage", then NCAA's March Madness
Re: (Score:2)
In most of these cases no actual property was destroyed. Its all just made up numbers for the value of people's time when they had to track down and stop the attacks, or when they were being inconvienenced.
Well, by the same token, the balance in my bank account is just "made up numbers", too. I see your point, but I wouldn't go so far as to say it's not "real" damage -- true, most of them aren't, but at least one of them really was pulling actual dollars out of actual bank accounts.
As for being "inconvenienced", forget lost productivity -- consider the ones that actually lost data. Lost productivity can't be measured as easily, as there are so many other factors -- everything from sheer laziness to a fire in
Not even that... (Score:2)
And when it comes down to it, it's normally money that they should have spent IN THE FIRST PLACE!
If I secured my front door with string and someone came along and cut it to get in and stole all my stuff...what should I do? Call the insurance company and say I'd like the cost of all my stolen goods PLUS someone to come in and tidy up at a rate 10 times what I pay my regul
Re: (Score:2)
Fair enough -- and there's always the "wargames" scenario, where the computer in question actually controlled real weapons.
But none of the hacks listed qualify, and the vast majority don't.