A “black hat” hacker is a hacker who violates computer security for little reason beyond maliciousness or for personal gain. Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are the epitome of all that the public fears in a computer criminal. Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network.
A black-hat is a term in computing for someone who compromises the security of a system without permission from an authorized party, usually with the intent of accessing computers connected to the network. To accompany the technological advancements of the computer world and the constant changing definition of a hacker, we thought it was time to look back at ten of the most notorious black hat hackers and the legendary hacks that earned them such a title.
10. Vladimir Levin
Vladimir Levin is a Russian-born Jewish individual famed for his involvement in the attempt to fraudulently transfer US$10.7 million via Citibank’s computers. However, his career as a hacker was only short lived, with a capture, imprisonment and recovery of all but $400,000 of the original $10 million. During Levin’s 1997 trial in the United States, he was said to have coordinated the first ever internet bank raid. The truth is Levin’s ability to transfer Citibank client funds to his own accounts was possible through stolen account numbers and PINs. Levin’s scam was a simple interception of clients’ calls while recording the punched in account numbers.
9. Albert Gonzalez
Albert Gonzalez is a computer hacker and computer criminal who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 through 2007—the biggest such fraud in history. Gonzalez’s team used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet-sniffing (specifically, ARP Spoofing) attacks, allowing him to steal computer data from internal corporate networks. When he was arrested, authorities seized $1.6 million in cash including $1.1 million found in plastic bags placed in a three-foot drum which had been buried in his parents’ backyard. On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.
8. Kevin Poulsen
The notorious ’80s black hat hacker, Kevin Poulsen, also known as Dark Dante, gained recognition for his hack of LA radio’s KIIS-FM phone lines, which earned him a brand new Porsche, among other items. Law enforcement dubbed him “the Hannibal Lecter of computer crime.”
Authorities began to pursue Poulsen after he hacked into a federal investigation database. During this pursuit, he further drew the ire of the FBI by hacking into federal computers for wiretap information. His hacking specialty, however, revolved around telephones. Poulsen’s most famous hack, KIIS-FM, was accomplished by taking over all of the station’s phone lines. In a related feat, Poulsen also “reactivated old Yellow Page escort telephone numbers for an acquaintance who then ran a virtual escort agency.” Later, when his photo came up on the show Unsolved Mysteries, 1-800 phone lines for the program crashed. Ultimately, Poulsen was captured in a supermarket and served a sentence of five years, which was the longest sentence ever given for hacking at the time. However, since serving time, Poulsen has worked as a journalist and is now a senior editor for Wired News. Poulsen’s most note-worthy article details his work on identifying 744 sex offenders with MySpace profiles.
7. Robert Tappan Morris
Robert Tappan Morris is an American computer scientist, best known for creating the Morris Worm in 1988. That was considered the first computer worm on the Internet. Also he was the first person convicted under the Computer Fraud and Abuse Act.
Morris created the worm while he was a graduate student at Cornell University. He released the worm from MIT to conceal the fact that it actually originated from Cornell. The worm took down one-tenth of the Internet, crippling 6,000 plus computer systems. It didn’t take long for the police to track him down. Due in part to the need for social acceptance that seems to be common among many young hackers, Morris made the fault of chatting about his worm for months before its release on the Internet. Morris claimed it was just a stunt, and added that he truly regretted causing $15 million worth of damage: the estimated amount of carnage his worm left behind.
Morris was one of the first to be tried and convicted under the Computer Fraud and Abuse Act . In December, 1990, was sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision.
6. Michael Calce
A high school student from West Island, Michael Demon Calce best known as “MafiaBoy”. He launched a series of widely known denial-of-service attacks against large commercial websites, including Yahoo!, Amazon.com, Dell, eBay, and CNN. He hacked Yahoo! when it was still the web’s leading search engine and caused it to shutdown for about an hour. Like many hackers, Calce exploited websites primarily for pride and establishing dominance for himself and his cybergroup, TNT. In 2001, the Montreal Youth Court sentenced Calce to eight months of open custody, one year of probation, restricted use of the Internet, and a minimal fine.
5. Kevin Mitnick
A self-proclaimed “hacker poster boy,” Mitnick went through a highly publicized pursuit by authorities. His mischief was hyped by the media but his actual offenses may be less notable than his notoriety suggests. The Department of Justice describes him as “the most wanted computer criminal in United States history.” His exploits were detailed in two movies: Freedom Downtime and Takedown.
Mitnick gained unauthorized access to his first computer network in 1979, at 16, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DEC’s computer network and copied their software, a crime he was charged with and convicted of in 1988. According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He used cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country’s largest cellular telephone and computer companies. Mitnick also intercepted and stole computer passwords, altered computer networks, and broke into and read private e-mail.
4. George Hotz
George Francis Hotz, alias geohot, or simply mil, is an American hacker known for unlocking the iPhone, allowing the phone to be used with other wireless carriers, contrary to AT&T and Apple’s intent. Additionally, he developed the limera1n jailbreak tool, which used his limera1n bootrom exploit.
In June, 2007, Hotz became the first person to carrier unlock an iPhone. According to Hotz’s blog, he traded his 2nd unlocked 8 GB iPhone to Terry Daidone, the founder of Certicell, for a Nissan 350Z and three 8 GB iPhones. Hotz said he wanted to give the iPhones to the other members of the team who created the hack with him. His name will forever be associated with the April 2011 PlayStation breach. Being one of the first hackers ever to jailbreak the Sony PlayStation 3, Hotz found himself in the midst of a very relentless, public and messy court battle with Sony – perhaps worsened by Hotz’s public release of his jail breaking methods. In a stated retaliation to Sony’s gap of the unstated rules of jail breaking – never prosecute – the hacker group Anonymous attacked Sony in what would be the dubbed as the most costly security break of all time to date.
At the end of April 2011, Hackers broke into the PlayStation Network and stole personal information of some 77 million users. However, Hotz denied any responsibility for the attack, and added “Running homebrew and exploring security on your devices is cool; hacking into someone else’s server and stealing databases of user info. is not cool.”
3. Adrian Lamo
Adrian Lamo is a Colombian-American threat analyst and hacker. He used coffee shops, libraries and internet cafés as his locations for hacking. Apart from being the homeless hacker, Lamo is widely-known for breaking into a series of high-profile computer networks, which include The New York Times, Microsoft, Yahoo!, and MCI WorldCom. In 2002, he added his name to the The New York Times’ internal database of expert sources and utilized LexisNexis account to conduct research on high-profile subjects.
For his intrusion at The New York Times, Lamo was ordered to pay approximately $65,000 in damages and was sentenced to six months house arrest at his parents’ home, with an additional two years of probation. In June 2010, Lamo disclosed the name of Bradley Manning to U.S. Army authorities as the source of the July 12, 2007 Baghdad airstrike video leak to Wikileaks. Lamo is presently working as a threat analyst and donates his time and skills to a Sacramento-based nonprofit organization.
2. Gary McKinnon
In 2002, an exceptionally odd message appeared on a US Army computer screen: “Your security system is crap,” it read. “I am Solo. I will continue to disrupt at the highest levels.” It was later identified as the work of Scottish systems administrator, Gary McKinnon, who was accused of perpetrating the “biggest military computer hack of all time”. He is accused of hacking into 97 United States military and NASA computers over a 13-month period between, using the name ‘Solo’.
The US authorities claim he deleted critical files from operating systems, which shut down the United States Army’s Military District of Washington network of 2,000 computers for 24 hours. After the September 11 attacks in 2001, he deleted weapons logs at the Earle Naval Weapons Station, rendering its network of 300 computers inoperable and paralyzing munitions supply deliveries for the US Navy’s Atlantic Fleet. He is also accused of copying data, account files and passwords onto his own computer.
In November 2002, McKinnon was indicted by a federal grand jury in the Eastern District of Virginia. The indictment contained seven counts of computer-related crime, each of which carried a potential ten-year jail sentence. The court had recommended that McKinnon be apprehended to the United States to face charges of illegally accessing 97 computers, causing a total of $700,000 in damage. Even more interesting are McKinnon’s motives for the large scale hackings, which he claims were in search of information on UFOs. He believed the US government was hiding such information in its military computers.
1. Jonathan James
16-year-old black hat hacker Jonathan James, became the first juvenile imprisoned for cybercrime. James gained his notoriety by implementing a series of successful intrusions into various systems. In an anonymous PBS interview, he professes, “I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off.”
James’ major intrusions targeted high-profile organizations such as NASA and the Department of Defense. He cracked into NASA computers, stealing software worth approximately $1.7 million. He also hacked into the Defense Threat Reduction Agency and intercepted over 3,000 highly secretive messages passing to and from the DTRA employees, while collecting many usernames and passwords.
Also known as “c0mrade,” James committed suicide using a gun, On May 18, 2008, at the age of 25. His suicide was apparently motivated by the belief that he would be prosecuted for crimes he had not committed. “I honestly, honestly had nothing to do with TJX,” James wrote in his suicide note, “I have no faith in the ‘justice’ system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.”