To accompany the technological advancements of the computer world and the constant changing definition of a hacker, we thought it was time to look back at ten of the most notorious black hat hackers and the legendary hacks that earned them such a title. First, it should be known that a black hat hacker is computing slang for a person who engages in illegal or malicious hacking. A white hat hacker is a computer hacker who intends to improve internet security. It is note-worthy that many white hat hackers, such as Steve Jobs of apple, Mark Zuckerberg of Facebook, and even many hackers listed below, were once black hat hackers.
a.k.a. Dark Dante
The notorious ’80s black hat hacker, Kevin Poulsen, gained recognition for his hacking of the telephone lines for LA radio station KIIS-FM, securing himself a place as the 102nd caller and winning a brand new Porsche 944, among other prizes. Law enforcement dubbed Poulsen the “Hannibal Lecter of computer crime.” Poulsen went underground as a fugitive when the FBI began its search for him, but in 1991, he was finally captured.
He pleaded guilty to seven counts of mail, wire and computer fraud, money laundering, obstruction of justice, and for obtaining information on covert businesses run by the FBI. Kevin Poulsen was sentenced to 51 months in prison (4 years and 3 months), which was the longest sentence ever given for hacking at the time. However, since serving time, Poulsen has worked as a journalist and is now a senior editor for Wired News. Poulsen’s most note-worthy article details his work on identifying 744 sex offenders with MySpace profiles.
Cyber-criminal Albert Gonzalez has been accused of masterminding the biggest ATM and credit card theft in history; from 2005 to 2007, he and his cybergroup had allegedly sold more than 170 million card and ATM numbers. Gonzalez’s team used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet-sniffing (specifically, ARP Spoofing) attacks, allowing him to steal computer data from internal corporate networks. When he was arrested, authorities seized $1.6 million in cash including $1.1 million found in plastic bags placed in a three-foot drum which had been buried in his parents’ backyard. In 2010, Gonzalez was sentenced to 20 years in federal prison.
It’s almost like the opening of a James Bond movie: in 1994, while working from his laptop from his Russian apartment in St. Petersburg, Vladimir Levin transferred $10 million from the accounts of Citibank clients to his own accounts around the world.
However, Levin’s career as a hacker was only short lived, with a capture, imprisonment and recovery of all but $400,000 of the original $10 million. During Levin’s 1997 trial in the United States, he was said to have coordinated the first ever internet bank raid. The truth is Levin’s ability to transfer Citibank client funds to his own accounts was possible through stolen account numbers and PINs. Levin’s scam was a simple interception of clients’ calls while recording the punched in account numbers.
Robert Tappan Morris
On November 2, 1988, Robert Morris released a worm that took down one-tenth of the Internet, crippling 6,000 plus computer systems. It didn’t take long for the police to track him down. Due in part to the need for social acceptance that seems to be common amongst many young hackers, Morris made the fault of chatting about his worm for months before its release on the Internet. Morris claimed it was just a stunt, and added that he truly regretted causing $15 million worth of damage: the estimated amount of carnage his worm left behind.
Morris was one of the first to be tried and convicted under the Computer Fraud and Abuse Act but only had community service and a fine as his penalty. The defense for such a light sentence was that Morris’ worm didn’t destroy the actual contents of affected computers. Morris now works in the department of Electrical Engineering and Computer Science at Massachusetts Institute of Technology (MIT).
In February of 2000, Michael Calce launched a series of widely known denial-of-service attacks against large commercial websites, including Yahoo!, Amazon.com, Dell, eBay, and CNN. He hacked Yahoo! when it was still the web’s leading search engine and caused it to shutdown for about an hour. Like many hackers, Calce exploited websites primarily for pride and establishing dominance for himself and his cybergroup, TNT. In 2001, the Montreal Youth Court sentenced Calce to eight months of open custody, one year of probation, restricted use of the Internet, and a minimal fine.
Smith’s fame is due to being the author of the infamous e-mail virus, Melissa. Smith claims that the Melissa virus was never intended to cause harm, but its simple means of propagation (each infected computer sent out multiple infected emails) overloaded computer systems and servers around the world. Smith’s virus takes an unusual turn in that it was originally hidden in a file that contained passwords to 80 well-known pornography websites. The name Melissa was derived from a lap dancer Smith met while on a trip in Florida. Even though over 60,000 email viruses have been discovered, Smith is the only person to go to federal prison in the United States for sending one.
Nicknamed “the homeless hacker,” Adrian Lamo used coffee shops, libraries and internet cafés as his locations for hacking. Apart from being the homeless hacker, Lamo is widely-known for breaking into a series of high-profile computer networks, which include The New York Times, Microsoft, Yahoo!, and MCI WorldCom. In 2002, he added his name to the The New York Times’ internal database of expert sources and utilized LexisNexis account to conduct research on high-profile subjects. The Times filed a complaint, and a warrant for Lamo’s arrest was issued, followed by a 15-month investigation by federal prosecutors in New York.
After several days in hiding, he finally surrendered to the US Marshals, and then to the FBI. Lamo was ordered to pay approximately $65,000 in damages and was sentenced to six months house arrest at his parents’ home, with an additional two years of probation. In June 2010, Lamo disclosed the name of Bradley Manning to U.S. Army authorities as the source of the July 12, 2007 Baghdad airstrike video leak to Wikileaks. Lamo is presently working as a threat analyst and donates his time and skills to a Sacramento-based nonprofit organization.
The name of the acclaimed jailbreak artist, George Hotz, will forever be associated with the April 2011 PlayStation breach. Being one of the first hackers ever to jailbreak the Sony PlayStation 3, Hotz found himself in the midst of a very relentless, public and messy court battle with Sony – perhaps worsened by Hotz’s public release of his jail breaking methods. In a stated retaliation to Sony’s gap of the unstated rules of jail breaking – never prosecute – the hacker group Anonymous attacked Sony in what would be the dubbed as the most costly security break of all time to date.
Hackers broke into the PlayStation Network and stole personal information of some 77 million users. However, Hotz denied any responsibility for the attack, and added “Running homebrew and exploring security on your devices is cool; hacking into someone else’s server and stealing databases of user info. is not cool.”
Jonathan James, 16-year-old black hat hacker, became the first juvenile imprisoned for cybercrime in the United States. James gained his notoriety by implementing a series of successful intrusions into various systems. At an amazingly young age of 15, James specialized in hacking high-profile government systems such as NASA and the Department of Defense. He was reported to have stolen software worth over $1.7 million. He also hacked into the Defense Threat Reduction Agency and intercepted over 3,000 highly secretive messages passing to and from the DTRA employees, while collecting many usernames and passwords.
On May 18, 2008, at the age of 25, James committed suicide using a gun. The words in his suicide note provide some insight into this obviously brilliant but troubled youth who thought he would be a scapegoat and blamed for cyber crimes he did not commit: “I have no faith in the ‘justice’ system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.”
In 2002, an exceptionally odd message appeared on a US Army computer screen: “Your security system is crap,” it read. “I am Solo. I will continue to disrupt at the highest levels.” It was later identified as the work of Scottish systems administrator, Gary McKinnon.
McKinnon suffers from Asperger’s syndrome, which is the least severe form of autism. The symptoms of Asperger’s syndrome certainly match Gary’s actions: that is, highly intelligent with an exceptional understanding of complex systems. Though sufferers often have difficulty reading social cues and acknowledging the impact of their often-obsessive behavior, they tend to be geniuses in one particular subject. For Gary, it was computers.
Gary has been accused of executing the largest ever hack of United States government computer networks — including Army, Air Force, Navy and NASA systems. The court had recommended that McKinnon be apprehended to the United States to face charges of illegally accessing 97 computers, causing a total of $700,000 in damage. Even more interesting are McKinnon’s motives for the large scale hackings, which he claims were in search of information on UFOs. He believed the US government was hiding such information in its military computers.
Kevin David Mitnick (born on August 6, 1963) is an American computer security consultant, author, and hacker. In the late 20th century, he was convicted of various computer- and communications-related crimes. At the time of his arrest, he was the most-wanted computer criminal in the United States. Mitnick gained unauthorized access to his first computer network in 1979, at 16, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DEC’s computer network and copied their software, a crime he was charged with and convicted of in 1988.
According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He used cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country’s largest cellular telephone and computer companies. Mitnick also intercepted and stole computer passwords, altered computer networks, and broke into and read private e-mail.
Due to his fame he is included as a bonus entry here.