Black Hat Crackers
The Internet abounds with hackers, known as crackers or "black hats," who work to exploit computer systems. They are the ones you've seen on the news being hauled away for cybercrimes. Some of them do it for fun and curiosity, while others are looking for personal gain. In this section we profile 10 of the most famous and interesting "black hat" hackers.-
Jonathan James: James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was sentenced at 16 years old. In an anonymous PBS interview, he professes, "I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off."
James's major intrusions targeted high-profile organizations. He installed a backdoor into a Defense Threat Reduction Agency server. The DTRA is an agency of the Department of Defense charged with reducing the threat to the U.S. and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive emails and capture employee usernames and passwords.
James also cracked into NASA computers, stealing software worth approximately $1.7 million. According to the Department of Justice, "The software supported the International Space Station's physical environment, including control of the temperature and humidity within the living space." NASA was forced to shut down its computer systems, ultimately racking up a $41,000 cost. James explained that he downloaded the code to supplement his studies on C programming, but contended, "The code itself was crappy . . . certainly not worth $1.7 million like they claimed."
Given the extent of his intrusions, if James, also known as "c0mrade," had been an adult he likely would have served at least 10 years. Instead, he was banned from recreational computer use and was slated to serve a six-month sentence under house arrest with probation. However, he served six months in prison for violation of parole. Today, James asserts that he's learned his lesson and might start a computer security company.
-
Adrian Lamo: Lamo's claim to fame is his break-ins at major organizations like The New York Times and Microsoft. Dubbed the "homeless hacker," he used Internet connections at Kinko's, coffee shops and libraries to do his intrusions. In a profile article, "He Hacks by Day, Squats by Night," Lamo reflects, "I have a laptop in Pittsburgh, a change of clothes in D.C. It kind of redefines the term multi-jurisdictional."
Lamo's intrusions consisted mainly of penetration testing, in which he found flaws in security, exploited them and then informed companies of their shortcomings. His hits include Yahoo!, Bank of America, Citigroup and Cingular. When white hat hackers are hired by companies to do penetration testing, it's legal. What Lamo did is not.
When he broke into The New York Times' intranet, things got serious. He added himself to a list of experts and viewed personal information on contributors, including Social Security numbers. Lamo also hacked into The Times' LexisNexis account to research high-profile subject matter.
For his intrusion at The New York Times, Lamo was ordered to pay approximately $65,000 in restitution. He was also sentenced to six months of home confinement and two years of probation, which expired January 16, 2007. Lamo is currently working as an award-winning journalist and public speaker.
-
Kevin Mitnick: A self-proclaimed "hacker poster boy," Mitnick went through a highly publicized pursuit by authorities. His mischief was hyped by the media but his actual offenses may be less notable than his notoriety suggests. The Department of Justice describes him as "the most wanted computer criminal in United States history." His exploits were detailed in two movies: Freedom Downtime and Takedown.
Mitnick had a bit of hacking experience before committing the offenses that made him famous. He started out exploiting the Los Angeles bus punch card system to get free rides. Then, like Apple co-founder Steve Wozniak, dabbled in phone phreaking. Although there were numerous offenses, Mitnick was ultimately convicted for breaking into the Digital Equipment Corporation's computer network and stealing software.
Mitnick's mischief got serious when he went on a two and a half year "coast-to-coast hacking spree." The CNN article, "Legendary computer hacker released from prison," explains that "he hacked into computers, stole corporate secrets, scrambled phone networks and broke into the national defense warning system." He then hacked into computer expert and fellow hacker Tsutomu Shimomura's home computer, which led to his undoing.
Today, Mitnick has been able to move past his role as a black hat hacker and become a productive member of society. He served five years, about 8 months of it in solitary confinement, and is now a computer security consultant, author and speaker.
-
Kevin Poulsen: Also known as Dark Dante, Poulsen gained recognition for his hack of LA radio's KIIS-FM phone lines, which earned him a brand new Porsche, among other items. Law enforcement dubbed him "the Hannibal Lecter of computer crime."
Authorities began to pursue Poulsen after he hacked into a federal investigation database. During this pursuit, he further drew the ire of the FBI by hacking into federal computers for wiretap information.
His hacking specialty, however, revolved around telephones. Poulsen's most famous hack, KIIS-FM, was accomplished by taking over all of the station's phone lines. In a related feat, Poulsen also "reactivated old Yellow Page escort telephone numbers for an acquaintance who then ran a virtual escort agency." Later, when his photo came up on the show Unsolved Mysteries, 1-800 phone lines for the program crashed. Ultimately, Poulsen was captured in a supermarket and served a sentence of five years.
Since serving time, Poulsen has worked as a journalist. He is now a senior editor for Wired News. His most prominent article details his work on identifying 744 sex offenders with MySpace profiles.
Robert Tappan Morris: Morris, son of former National Security Agency scientist Robert Morris, is known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. As a result of this crime, he was the first person prosecuted under the 1986 Computer Fraud and Abuse Act.Morris wrote the code for the worm while he was a student at Cornell. He asserts that he intended to use it to see how large the Internet was. The worm, however, replicated itself excessively, slowing computers down so that they were no longer usable. It is not possible to know exactly how many computers were affected, but experts estimate an impact of 6,000 machines. He was sentenced to three years' probation, 400 hours of community service and a fined $10,500.Morris is currently working as a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. He principally researches computer network architectures including distributed hash tables such as Chord and wireless mesh networks such as Roofnet.
Gary McKinnon has been accused of what one US prosecutor claims is the “biggest military computer hack of all time”. Between February 2001 and March 2002, he reportedly exploited 97 United States military, Department of Defense, and NASA computers. McKinnon allegedly deleted critical files from operating systems that shut down the US Army’s Military District of Washington network of 2,000 computers for 24 hours. He supposedly deleted US Navy Weapons logs, causing a naval base’s network of 300 computers unusable after the September 11th terrorist attacks. McKinnon is also charged with copying of sensitive data, account files, and passwords onto his own computer. He expresses that he was only looking for evidence of free energy suppression, a cover-up of UFO activity, and other technologies that may be useful to the public. At present, McKinnon is awaiting extradition to the United States.
- Vladimir Levin is known for his involvement in the attempt to illegally transfer 10.7 million US dollars via Citibank’s computers. In 1997, Levin was brought into U.S. custody, and he admitted to only one count of conspiracy to defraud and to stealing $3.7 million. The following year, he was convicted and sentenced to three years in prison, and ordered to pay more than $200,000. Of the stolen $10.7 million, Citibank claimed that only around $400,000 had been recovered. At the moment, Levin is free and now lives in Lithuania.
- Markus Hess is a German hacker in the late 1980s that was recruited by the KGB and was involved in a Cold War computer espionage incident. All the way from Germany, he was able to access computer systems from the Lawrence Berkeley Laboratory (LBL) located in California. By using LBL to “piggyback” to ARPANET and MILNET, Hess attack 400 U.S. military computers including OPTIMIS Database (The Pentagon), Anniston Army Depot, U.S. Air Force (Ramstein Air Base, West Germany), Fort Buckner, Camp Foster (Okinawa, Japan). He went to trial in 1990 and was found guilty of espionage. Hess was sentenced to a one to three year prison sentence but was eventually released on probation.
- In February 2000, Michael Calce (a.k.a. MafiaBoy) launched a series of highly publicized denial-of-service attacks against large commercial websites. His victims include Yahoo!, Amazon.com, Dell, eBay, and CNN. He hacked Yahoo! when it was still the web’s leading search engine causing it to shutdown for about an hour. Calce exploited websites primarily for pride and to establish dominance for himself and his cybergroup named TNT. In 2001, the Montreal Youth Court sentenced him to eight months of open custody, one year of probation, restricted use of the Internet, and a small fine.
- Albert Gonzalez is a cyber-criminal accused of masterminding the biggest ATM and credit card theft in history. From 2005 through 2007, he and his group have allegedly sold more than 170 million card and ATM numbers. Gonzalez’s team used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet-sniffing (specifically, ARP Spoofing) attacks, which allowed him to steal computer data from internal corporate networks. When he was arrested, authorities seized $1.6 million in cash including $1.1 million in plastic bags placed in a three-foot drum buried in his parents’ backyard. Earlier this year, Gonzalez was sentenced to 20 years in federal prison.
No comments:
Post a Comment