http://www.pcmag.com/article2/0,2817,2329604,00.asp There are all sorts of crimes, but the ones that probably happen most often and hurt the most are crimes of opportunity—breaking into a house with an open window, nabbing the wallet from a purse left unattended, stealing an unlocked car, etc. Now, for the average Joe, breaking into NASA's infrastructure and bringing online giants like Amazon to a grinding halt would not fall into that category; for someone with in-depth networking and computer know-how, though, it's a different story altogether. Often the greatest tech crimes in history have little more reason behind them than "because it was there." More often than not, a hacker sees an open window—a hole in system's security, a backdoor, etc.—and climbs on through. And they don't do it for any real worldly gain, but merely to prove that they can. That's not to say that there isn't malicious intent underlying some attacks (take Vladimir Levin's $10.7 million hoax on CitiBank, for example). And we're not saying that all hackers are bad guys, but a few fall prey to the dark side and use their talents for evil—not good. What does it take for a cyber crime to catch our eye? In compiling our list, we looked for a few things: ingenuity (had it been done before?), scope (how many computers, agencies, companies, sites, etc. did it affect?), cost (how much in monetary damages did it cause?), and historical significance (did it start a new trend?). Only one of the nine crimes we highlight ranks on all four counts. No matter how you slice it, though, each one of these security cracks warrants a, well, we'll let you fill in the exclamation. John Draper Possibly best known by the moniker Cap'n Crunch (yes, like the cereal), John Draper is one of the first people to which the term "hacker" can be applied. In the 1970s, Draper used a toy whistle found in Cap'n Crunch cereal to hack phone lines and make calls. Draper realized the whistle produced the exact tone necessary to signal that an active call on a phone line had ended—2600 Hz, to be precise—when in fact it had not, thus allowing the call to continue even after the exchange thought it had ended. Draper was found out in 1972 when the phone company flagged his strange billing patterns; he was eventually sentenced to two months in prison. "Phreaking," or the hacking of telecom systems, as it's now called, can be directly traced to Draper. Ranks For: Ingenuity, Historical Significance Kevin Mitnick Though Kevin Mitnick landed on the hacking radar in 1981 (at age 17), he didn't hit the really big time until 1983. While a student at USC, Mitnick gained access to ARPANet, an Internet predecessor used by large corporations, universities, and the U.S. Army. Getting into ARPANet provided him with access to the Pentagon and all the Department of Defense's files, but he didn't actually steal any data. It's a glory thing. After the system administration got wise, Mitnick was arrested on the USC campus and served a short stint in a youth detention center—the first sentence for illegally accessing a computer system. The incident marked Mitnick's second arrest, but he would continue to be on the FBI radar and has since been the subject of many more arrests, investigations, and court cases. Ranks For: Ingenuity, Scope Robert Morris Not every hacker reaches superstar status for wanton malicious tactics—sometimes things can just go awry. Such was the case in 1988 for 23-year-old Cornell graduate student Robert Morris, who released 99 lines of code that became known as the Morris Worm, infecting and crashing computers across the country. Morris has said that the original intention of the code was to gauge the size of the Internet by counting the number of machines currently connected to it. After his arrest in 1989, Morris became the first person to be indicted under the Computer Fraud and Abuse Act of 1986 and was subsequently sentenced to probation, community service, and a fine of about $10,000. Ranks For: Historical Significance, Scope Kevin Poulsen Twenty-four-year-old Kevin Poulsen had been in the FBI's sights for quite a while when he was arrested in 1989 for hacking computer and telephone servers. Before going to trial, though, Poulsen fled, leading the FBI on a 17-month chase, which ended shortly after his most infamous hack job. Los Angeles radio station KIIS-FM held a call-in contest that would give a Porsche 944-S2 to the 102nd caller; taking control of the switchboard lines and blocking all incoming calls, Poulsen made sure he was the 102nd caller and claimed his prize. He was apprehended at a Los Angeles-area supermarket thanks to an anonymous tip in 1991. Ranks For: Ingenuity Vladimir Levin It's a scheme we've seen so many times in the movies that we assume it's old hat in the hacking world, but the first time anyone succeeded in illegally transferring a large sum of money from a major bank was 1994. Gaining access to several major corporate account user names and passwords through CitiBank's analog wire transfer network, Vladimir Levin transferred a sum of $10.7 million to accounts in the U.S., Finland, the Netherlands, Israel, and Germany. Three of Levin's accomplices were apprehended when attempting to make withdrawals from accounts, but Levin himself was not detained until 1995 during a layover at London's Stansted Airport. He was eventually extradited to the United States in 1997, sentenced to three years in jail, and ordered to pay $240,015 in restitution to CitiBank. The bank has said they managed to recover all but $400,000 of the stolen funds. Ranks For: Ingenuity, Historical Significance, Cost David Smith Everyone wants to be the first at something and claim their spot in history; though being the first hacker tried for releasing a virus isn't exactly the sort of "first" Mom's going to brag about. In 1999, David Smith released the Melissa worm from a computer in New Jersey through a stolen AOL account. The worm automatically forwarded itself to the first 50 people in a user's Outlook address book, and also was apt to insert a quote from The Simpsons into documents. All told, the worm hit over 300 companies worldwide, including Microsoft, Intel, and Lucent Technologies, forcing them to shut down their e-mail gateways due to mass overcrowding and causing estimated damages nearing $80 million. After pleading guilty, Smith's prison sentence was reduced to 20 months when he began working undercover for the FBI to help sniff out new viruses and their authors. Ranks For: Ingenuity, Historical Significance, Scope, Cost Jonathan James In late June 1999, Jonathan James found out just how much the source code documents for the NASA's International Space Station are worth: $1.7 million. James, then 15, gained access to NASA computers with the help of a stolen password at the Marshall Space Flight Center in Alabama. As a result, NASA was forced to shut down its computer network for several weeks in July 1999. The code in question was responsible for controlling the environment on the Station, including temperature and humidity. Sixteen at the time of his sentencing, James received six months in prison and probation until he turned 18. Ranks For: Scope, Cost MafiaBoy At the time of his hack, Mike Calce could only be referred to as MafiaBoy since Canadian laws prevented news outlets from releasing the name of the then teenage super hacker. In February 2000, Calce launched a denial-of-service attack that struck 11 major Web companies—including Amazon, eBay, E*TRADE, and Dell—via 75 computers on 52 networks. While there's no hard data to quantify how much monetary damage was done, analyst estimates range as high as $1.7 billion Canadian (that's currently about $1.6 billion U.S). When tried in 2001, Calce was handed a sentence of eight months "open custody," limited Internet use, a small fine, and one year of probation. Ranks For: Scope, Cost Gary McKinnon Never underestimate the power of curiosity. In 2001 and 2002, British hacker Gary McKinnon gained access to Air Force, Army, Navy, NASA, Pentagon, and Department of Defense computers—97 in total—in a quest for evidence of flying saucers. Officials claim damages from his entry range close to $700,000. Though charged and convicted in the U.K., McKinnon is currently facing extradition to the U.S., which could mean up to 70 years in prison. Ranks For: Scope
