Slashdot Mirror
The Cyber Crime Hall of Fame
DigitalDame2 writes "Not all hackers are bad guys, but a few fall prey to the dark side and use their talents for evil — not good. In compiling this list of the craziest cyber crimes, PC Mag looked for a few things: ingenuity (had it been done before?), scope (how many computers, agencies, companies, sites, etc. did it affect?), cost (how much in monetary damages did it cause?), and historical significance (did it start a new trend?). Read on about famous hackers John Draper, Robert Morris, Kevin Poulsen, and others."
In compiling this list of the craziest cyber crimes, PC Mag looked for a few things:
I'm having trouble replicating their results. I'm getting errors no matter which compiler I use. Did they use some expensive proprietary compiler?
Michael Bolton.
The criminal mastermind who successfully laundered (To clean... no, I mean... to channel money through a source or by an intermediary.) thousands of dollars from his employer, Initech.
Like any great hacker, he was not caught due to the fact that all physical evidence of his crime disappeared...
FREE KEVIN!
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Don't forget the MIT http://yro.slashdot.org/article.pl?sid=08/08/09/1812256 students. After all, its not everyday one get censored by the government. Can't have those "hackers" releasing info.
Actually, the person who created this: http://www.symantec.com/security_response/writeup.jsp?docid=2007-042705-0108-99&tabid=2 has some nerve.
I'd love to see the companion to this article. Greatest unsolved computer exploits. They never seem to get much publicity when they are not caught.
I agree with them as far as the "historic significance" goes. For the more recent ones, I'm not so sure. Maybe that's because most of those who actually did it first weren't caught. But the most important trends at this time are stuff like organized crime, spam (and the connection between the two) and extortion. The singular trend behind all these is that those early guys were curious people who did things "because they can", as the article states. But they're dinosaurs today. Money is the reason these days, not curiosity. To miss that one vital trend is to miss everything that's happened in security for the past years.
Assorted stuff I do sometimes: Lemuria.org
Why do I find this so funny!
from planet Vulcan?
Hold your flamethrower! I'm not making fun of Gary McKinnon's look. I'm a huge fan of Spock, and I do think he looks so COOL. XD
Windows 98?
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
"Vladimir Levin transferred a sum of $10.7 million to accounts in the U.S., Finland, the Netherlands, Israel, and Germany... sentenced to three years in jail, and ordered to pay $240,015 in restitution to CitiBank."
"In 1999, David Smith released the Melissa worm... All told, the worm hit over 300 companies worldwide, including Microsoft, Intel, and Lucent Technologies, forcing them to shut down their e-mail gateways due to mass overcrowding and causing estimated damages nearing $80 million... After pleading guilty, Smith's prison sentence was reduced to 20 months..."
"Jonathan James found out just how much the source code documents for the NASA's International Space Station are worth: $1.7 million... James received six months in prison and probation until he turned 18."
"In February 2000, Calce launched a denial-of-service attack that struck 11 major Web companies... analyst estimates range as high as $1.7 billion Canadian (that's currently about $1.6 billion U.S)... handed a sentence of eight months "open custody," limited Internet use, a small fine, and one year of probation."
" In 2001 and 2002, British hacker Gary McKinnon gained access to Air Force, Army, Navy, NASA, Pentagon, and Department of Defense computersâ"97 in totalâ"in a quest for evidence of flying saucers... Officials claim damages from his entry range close to $700,000... McKinnon is currently facing extradition to the U.S., which could mean up to 70 years in prison."
Anybody spot a GLARING, COMPLETELY LUDICROUS issue here?
Don't talk to me about Govt or National Security; He caused NO significant financial loss and caused NO national security issues past what was already there through inept administration.
Finally had enough. Come see us over at https://soylentnews.org/
A worm is not a virus. Neither is a trojan. It drives me nuts when the media uses these words interchangeably. I usually forgive the likes of ABC, but you would think PC Magazine would get it right.
Insert Generic Sig Here:
"Though charged and convicted in the U.K., McKinnon is currently facing extradition to the U.S., which could mean up to 70 years in prison."
McKinnon was never convicted in the UK. IIRC the Computer Misuse act hadn't been passed then. See here: http://www.theregister.co.uk/2008/08/28/mckinnon_european_appeal_rejected/
He's currently being extradited under the disgraceful one sided treaty where we (i.e. British) hand over anyone the USA asks for without the need to demonstrate a primae facia case.
That'll be the special relationship where we bend over and USA screws us.
<GrayBeardMode> I was working at PR1ME when the Morris Worm hit. Nobody really new what was going on at first. Then word was getting out that there was something running rampant over the internet and our feed was taken down. Later it was learned that our systems had the wrong architecture and we were safe from the attack, but the impact on the net was so great that everything was glacially slow. </GrayBeardMode>
There's a great write-up by Don Seeley, Department of Computer Science, University of Utah that (as posted by Francis Litterio). (I used to work with Fran - Hi there!) Anyway, the link to it from wikipedia (Morris Worm) is broken, but I found a copy in Google's cache at "A Tour of the Worm". There are other links available (e.g. to a pdf) if you search Google for this title, but I don't want to unnecessarily bog down someone's server. Highly recommended!!
It should be "Hall of shame". These idiots cause more harm than most terrorists.
(engage festival Deep-Scottish-American accent mode) How do you want to go away today? Mwaaahhhhaaaahhhhaaa!
From the article: "then teenage super hacker". I'm sorry but downloading a script from the internet and being stupid enough to run it does not make you a super hacker.
I think the Republicans and the NSA top the list.
Surveillance of an entire "free" nation, and getting taxpayers to pay for their own oppression... Now THAT is the hack of the century!
It's not a crime if you used your powers to make it not be defined as one.
You just got troll'd!
I was hoping to see Pengo, the East German hacker, but it seems history has forgotten about him.
Watch the Teaser Trailer for "The Lightning Thief" Her
There was that time I wrote a program that inserted random gibberish into files it found on the school's network.
That was zany. And daring.
I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
They missed Jeffery Ward, the first person to do jail time for computer crime.
This was the stone age of computer crime. Ward was convicted of grand theft for stealing a proprietary plotting program from ISD for the benefit of his employer, UCC. One of UCC's customers. Shell, was also an ISD customer, and they had a remote terminal, a UNIVAC 1004, with a card reader, printer, (optional) card punch, and 2400 baud synchronous modem. The customer used the same terminal ID (wired into a plugboard; there weren't really passwords then) to use both UCC and ISD. Ward used a similar terminal at UCC to impersonate the customer's terminal and connect to ISD. Then he submitted a job (on punched cards!) to request that the binary for the plotting program be sent to his terminal and punched on the card punch.
And that's his plan started looking like "America's Dumbest Criminals". The customer terminal he was impersonating didn't have a card punch. So the ISD computer instead punched the desired card deck on a punch in ISD's computer room, and printed a message for the operator indicating who wanted the card deck. The card deck was then packaged up by ISD staff and mailed to Shell.
The package was received at Shell. Since they hadn't ordered it, they sent it back to ISD with a request for a refund. The ISD staff took a look at the card deck, and after some puzzlement, someone realized what it was.
It took a while to figure out what was going on, but the Alameda County DA's office and the Oakland police were brought in, and the first search warrant ever for the search of a computer was issued, to be served on UCC. Nobody was really sure how to do this, but an outside consultant with UNIVAC experience was brought in for the search.
So the big day came. Oakland cops, an assistant DA, and the UNIVAC expert show up at the front door of UCC in Oakland. It's not clear that a search would have found anything; most data back then was on magnetic tape, and the UCC data center had thousands of reels of tape. However, Ward was in the building at the time, and he decided to grab all the incriminating material and duck out the back door.
Big mistake for Ward. Cops know about covering the back door. Ward was quickly arrested, and since he had all the incriminating data, the search was unnecessary and Ward was carted off to jail.
There was a later civil settlement between UCC and ISD. ISD got four tape drives and a "CTMC", a 32-line async port controller. (This was a truckload of 1970s technology.) I worked for ISD when that gear arrived, and it was not in good shape, but we got it working.
One of Mitnick's first arrests (as an adult) resulted from his breaking into The Santa Cruz Operation. Yes, that S.C.O..
The reason he got caught was because SCO thought it was their competition who was breaking in.
It took an extremely motivated effort to track him down, due to the way the Telco's worked at the time, and Mitnick knew it. What he didn't know was that SCO was very determined (for the wrong reason).
Note that, contrary to all the published nonsense out there, Mitnick was NEVER prosecuted for breaking into SCO. They were afraid of pressing charges. He was nailed because SCO's competition wasn't afraid to press charges.
Has anyone noticed that all of these 'hackers' actually got caught, that's hardly cause for fame ..
davecb5620@gmail.com
What about shlashdot? How many servers have buckled under the strain of being slashdoted? And how many Companies fell victim for Millions of dollars from the Microsoft Windows Vista virus?
"Be wary of the man who urges an action in which he himself incurs no risk."
~Joaquin Setanti
They missed out the #1 hacker of all time, Matthew Broderick. And Eugene "The Plague" Belford...a very bad man.
Between the falling angel and the rising ape
And those hackers in the '70s?
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
I don't see one fatality because of these "idiots" -- quoted because obviously some amount of intelligence is needed to pull off what they did.
I don't think terrorism should be blown out of proportion, the way it often is in the US, but terrorists actually kill people.
Are you saying that ten million dollars in damage is comparable to killing several thousand people? In other words, that the value of a human life not only can be measured, but that you consider it to be less than a thousand dollars?
Don't thank God, thank a doctor!
was when Phil Zimmerman exported munitions to teh terrists!
He 'hacked the Gibson' AND got to swim with Angelina Jolie.
The list was a compilation of hacking firsts. Bolton didn't make the list since he got his idea from Richard Pryor in Superman III.
Support Right To Repair Legislation.
MafiaBoy At the time of his hack, Mike Calce could only be referred to as MafiaBoy since Canadian laws prevented news outlets from releasing the name of the then teenage super hacker. In February 2000, Calce launched a denial-of-service attack that struck 11 major Web companiesâ"including Amazon, eBay, E*TRADE, and Dellâ"via 75 computers on 52 networks. While there's no hard data to quantify how much monetary damage was done, analyst estimates range as high as $1.7 billion Canadian (that's currently about $1.6 billion U.S). When tried in 2001, Calce was handed a sentence of eight months "open custody," limited Internet use, a small fine, and one year of probation. Ranks For: Scope, Cost
He basically found out how to do a DDOS, which was the first of it's kind. Before that, the main exploits ranged from SMURF.c to PEPSI.c to SLICE3.c (for some reason they were a lot of soft drink names). MafiaBoy went into an irc channel (I am omitting the name) bragging about how he could "down" anything. A few suggestions were made for what at the time were the biggest sites on the web. Once he packeted one, the spectators were unsure that it was really him until he made large website after large website a "404". The rest is history.
Anything and Everything about the Net
He made the FBI's Top 10 most wanted list and is still a FBI cyber fugitive probably living in his native Morocco now.
Starting in 2003 he paid for DDoS attacks on his online Satellite TV retailer competition. These DDoS attacks did collateral damage on the various hosting and CDNs providers that these competitors turned to for support. The costs were estimated to be as high as $2,000,000 by Attorney General John Ashcroft. The prosecutor for the case, assistant U.S. attorney Arif Alikhan, head of the Los Angeles computer crimes section, said: "I think it's the first case of its kind involving a DDoS for commercial advantage or for hire, ..."
An update to older coverage. In 2005, criminal complaints against those techincally involved were dismissed
Not a single mention of that nefarious hacker, Rick Astley, who has managed to hijack so many hyperlinks to relevant videos in so many online discussions?
The real cyber criminals are out now, making hundreds of thousands of dollars on credit card and investmens scams, spam, selling of id information, drugs and who knows what else.
Have you ever heard of truly big ones being caught?
The people mentioned in the article are of the IT w*nker types - those who can't get girls to date.
Bryce Case, Jr. anyone?
How about Markus Hess, whose exploits (and the tracking thereof) back in 1986 were the basis of Cliff Stoll's book The Cuckoo's Egg? He broke into multiple military computers and sold stolen information to the KGB. I think he deserves at least an honorable mention.
From TFA:
"In the 1970s, Draper used a toy whistle found in Cap'n Crunch cereal to hack phone lines and make calls. Draper realized the whistle produced the exact tone necessary to signal that an active call on a phone line had endedâ"2600 Hz, to be preciseâ"when in fact it had not, thus allowing the call to continue even after the exchange thought it had ended."
I guess we will never know if that special 2600Hz whistle packed in the cereal box was designed by someone that had knowledge of the phone systems and decided to release it to the masses in the hopes that some kid would figure it out. The rest, as they say, is history.
[Raises a glass to those great inventors who revel in the shadows] Cheers mate!!
Dumbest. Article. Ever.
Mitnick never broke into anything. He called people up, and they relinquished their passwords.
BIG difference between comprising a printer buffer overflow to gain root and calling Sally the administrator and asking for her password.
As soon as I hit that one, I quit reading.
Hi, I Boris. Hear fix bear, yes?
Levin was not the first to engineer an unauthorized wire transfer. Stanley Mark Rifkin stole 10.2 million dollars that way in 1978.
Frank Abagnale once committed a felony remarkable for its technical elegance. He printed some checks with contradictory routing and account information which, given the technology and human factors of the time, would go into an infinite loop in the clearinghouse system. He opened accounts with them, and closed the accounts after enough time elapsed that his victims figured the checks must have been good. Meanwhile the checks were running back and forth from coast to coast.
When they say Ten Meeellion Dollars(tm), what they really mean is One Meeellion Dollars, if they didn't hire Highly Paid Consultants.
And when it comes down to it, it's normally money that they should have spent IN THE FIRST PLACE!
If I secured my front door with string and someone came along and cut it to get in and stole all my stuff...what should I do? Call the insurance company and say I'd like the cost of all my stolen goods PLUS someone to come in and tidy up at a rate 10 times what I pay my regular cleaner PLUS the cost of installing new locks throughout my house PLUS an alarm system with PIR detectors? And should the media report my extremely ridiculous perspective instead of ridiculing my lack of security?
The answer to both is no....
and what you'll never know is the best of them all.
CHRoNoÂÂ
Jonathan James is dead. It's shocking for me considering that I am only a few years apart in age and had similar interests.
Here is an obituary from someone who knew him better.
_______
http://peanutbutterfluff.blogspot.com/2008/05/ode-to-jonathan-james.html
>>And now Jon is dead. Killed himself just a few years after the death of his mother, and there you go.
And if you Google him, you'll find the Wikipedia entry on his computer crimes - how he was the youngest person ever convicted of a federal computer crime and so on and so on, ad nauseum.
http://en.wikipedia.org/wiki/Jonathan_James_(convicted_cybercriminal)
What you won't find is this:
He was a son, a brother and a friend. One who was loved very much, and who gave of himself even at times when he didn't have much left to give, or when his spirits were at a low. He had a cat whom he loved. His mother died of breast cancer. She was a good mother. She understood her son's brilliance. She got it. He loved her. The world will be a lesser place because Jon died. Jon had potential beyond imagination. And while on paper, his legacy may be that of his computer crimes, in the bigger picture, the universe will have recognized him as something much, much more, than what mere words may be printed here or printed there.
_______
I fail to see Zero Cool on this list.
Is he simply not on it? That would be ridiculous if he weren't!
My windows XP computer got the Morris Worm, I thought my anti-virus was joking when I looked it up.
There have been several cases of 911 denial of service attacks by such things as viruses causing modems to all call in to 911, or redirecting 911 calls. If anyone ever added such an attack to a real world attack, the cost to human life could be very big.
Living in Chile