To some people, hackers are modern-day Robin Hoods or Guy Fawkeses. They’re fighting a moral battle against people and systems that they feel are oppressors. On the other hand, there are people who simply view hackers as vandals and criminals.
One group that you may notice missing from the list is Anonymous, and that is because their membership is too loose and fluid to be included. One of the few tenets of Anonymous is that it can be anyone. According to a former member, “It’s an amorphous group of people that can include anyone who wants to use the brand to put forth their cause.” So while they are notorious hackers, it is more of a movement than a cohesive group, so it was omitted.
10. Marcel Lehel Lazar
One of the biggest issues for American voters in the 2016 election was the fact that Hillary Clinton used a private email server, instead of a government one, when she was Secretary of State. One of the people who supposedly helped expose that server was Romanian cab driver Marcel Lehel Lazar, who went under the username Guccifer.
Unlike a lot of the other people on this list, Lazar was not trained in computers. Instead, he apparently read the Wikipedia page of the person he wanted to hack and tried to figure out their passwords. By using this system, between 2012 and 2014, Lazar managed to hack the email accounts of over 100 people. Many of them were American celebrities, politicians, and business people. One of his most infamous hacks was breaking into former president George W. Bush’s family’s email and then posting some of Bush’s self-portrait paintings in 2013.
In May 2014, Lazar was extradited to the United States and he pleaded guilty to aggravated identity theft and unauthorized access to a protected computer. He was sentenced to 52 months in prison in September 2016.
9. Chad Davis
In Spring 1999, the FBI was investigating a group of hackers called globalHell, who had vandalized the White House’s web page. Their investigation led them to the apartment of 19-year-old Chad Davis, who lived in Green Bay, Wisconsin. The FBI suspected Davis of being one of the founders of globalHell, who went under the username Mindphasr. They searched his apartment and took his laptop; however, they didn’t find much. The only thing they could do was fine him $165 for being underage and having a beer in his fridge.
Most people would have considered themselves lucky to avoid the clutches of the FBI, but Davis was not one of those people. Just a few weeks later, on June 28, Davis hacked the US Army’s homepage and posted the message “Global Hell is alive. Global Hell will not die.” Davis was arrested shortly afterwards.
It’s believed that when Davis was arrested, globalHell had hacked into 17 corporate and personal websites. He was sentenced to six months in prison and fined $8,054. He was also forbidden from using a computer after his release.
8. Herbert Zinn
In 1987, Herbert Zinn was a 17-year-old high school dropout. Instead of going to school, Zinn spent a lot of time using his computer in his Chicago home. During this time, Zinn managed to hack into AT&T, NATO, and the Department of Defense. When Zinn hacked AT&T he supposedly stole an artificial intelligence program that hadn’t been released, which was worth $1 million.
While Zinn may have been a good hacker, he was by no means a criminal mastermind. He was caught after he bragged about the hacks on message boards under the name Shadow Hawk, and on one of his postings he left his phone number. Smooth.
Zinn was sentenced to nine months in prison and fined $10,000.
7. Gary McKinnon
Gary McKinnon was born in Glasgow in 1966 and got his first computer when he was 14. When McKinnon was 17, he dropped out of school to be a hairdresser. However, he hadn’t lost his love for computers and in the 1990s, he got his qualifications in computers.
Between February 2001 and March 2002, McKinnon hacked into 97 United States military and NASA computers. Sometimes, he’d leave messages on their websites saying, “Your security is crap.” McKinnon was arrested in his apartment in England in March 2002. The police didn’t have a hard time tracking him down because McKinnon didn’t cover his tracks properly. In an interview with the BBC, McKinnon said, “I almost wanted to be caught, because it was ruining me. I had this classic thing of wanting to be caught so there would be an end to it.”
The American government said that in the wake of the September 11 attacks, McKinnon altered or deleted files, which shut down their systems. McKinnon denied this and said he was just looking at files and didn’t do any real damage. For over 10 years, the American government tried to get McKinnon extradited, but it was ultimately blocked. In 2012, the Crown Prosecution Service chose not to pursue charges against McKinnon.
As for why he did it, McKinnon said that he wanted to find out if the U.S. Government knew about UFOs, aliens, and free energy and were keeping it a secret. He thought it was his moral obligation to expose the truth. McKinnon claims he did see some evidence of UFOs, like recorded accounts of people seeing them and he said he possibly saw a picture of a UFO, but nothing definitive.
6. Lizard Squad
On Christmas Eve 2014, both the X-Box Live and PlayStation Network (PSN) crashed, and each was still down on Christmas day when many people woke up to a new system under the tree. In total, up to 160 million people were affected.
The crash was the result of a hack by a group called Lizard Squad, which crashed the networks with a distributed denial of service (DDoS) hack. A DDoS attack is when a system is flooded with traffic from a botnet, which is like a horde of zombie computers being controlled by a user or a group of users, overloading the network and causing it to crash.
In order to get the attacks to stop, internet entrepreneur Kim Dotcom (no, that’s not his real name) offered Lizard Squad members 3,000 vouchers to his encrypted cloud storage service called Mega. They agreed and the systems went back online shortly afterward.
When asked why they did it, a member of the Lizard Squad, who only identified himself as Ryan, said that Microsoft and Sony make billions of dollars, but thought they kept too much for themselves and didn’t put enough money into security, so they did it to raise awareness. They said they felt bad that gamers couldn’t get online, but didn’t feel bad that Microsoft and Sony lost money due to their systems being down.
Four members of the group have been identified and charged, but none of them faced jail time, even though some of them were convicted on 50,700 counts of instances of aggravated computer break-ins
The first big target of LulzSec (which mean Lulz, or laugh, security), was Fox.com. After hacking them, they managed to steal the personal data of 75,000 X-Factor contestants. They said they did it because a talking head on Fox News called the rapper/actor Common “vile.”
After Fox.com, LulzSec hacked into PBS and planted a fake news story saying that Tupac Shakur and Christopher “Notorious B.I.G.” Wallace were still alive in New Zealand. This was followed by a hack into Sony’s PlayStation Network, which brought it down for a few days, and they stole the data of 24.6 million people.
The group’s downfall was that they got cocky and took down an FBI affiliated site for a few hours. This caught the FBI’s attention (naturally) and just four days later, on June 7, the group’s leader, Sabu, logged onto an Anonymous chat forum without using a Tor system, which anonymizes data connections.
A short time later, the FBI knocked on the door of Hector Xavier Monsegur, a freelance programmer who lived in Manhattan. The FBI gave him a choice: he could go to jail or he could give up the rest of his group. He said he had just gotten parental custody of his two nieces, so he chose to help the FBI.
The four other members lived in England and they were all arrested by September. None of the hackers knew each other in real life. The four hackers were sentenced to two to two-and-a-half-years in prison, while Monsegur spent seven months in prison.
Most of the hackers on this list were destructive and/or greedy. However, where we start to get into James Bond-type villains is ASTRA, an unidentified Greek hacker who was 58 when he was arrested in 2008, after being wanted for five years.
ASTRA, who was a mathematician and an experienced hacker, broke into the computer network of French defense contractor Dassault Group. For over five years, he stole weapon technology and aircraft data. He then sold the information to 250 different people in Brazil, France, Germany, Italy, South Africa, and some countries in the Middle East that weren’t identified. Dassault said that the hacks led to $360 million in damages, and that ASTRA sold the secrets for $1,000 a batch. He was convicted and given a six year prison sentence.
3. The Guardians of Peace
The most devastating cyber-attack on an American corporation was the Sony Pictures hack, which happened on November 24, 2012. They leaked the staff’s personal data, private emails, and unreleased movies. The hack was performed by a group call Guardians of the Peace (GOP) and they demanded that Sony pull their upcoming movie The Interview, which is about a TV show host and his producer trying to assassinate North Korean leader Kim Jong-un. If Sony didn’t pull the movie, there would be a terrorist attack. Theater owners around America decided not to screen the movie and the day after the hack, Sony canceled the theatrical run of The Interview.
The FBI concluded that the North Koreans were responsible for the attack, but North Korea has always denied it. Many hackers and cyber security experts actually believe North Korea because they don’t think the nation was capable of committing a hack of that nature.
Adding to the confusion, on December 20, 2014, the GOP supposedly posted a message on Pastebin mocking the FBI. It read:
The result of investigation by FBI is so excellent that you might have seen what we were doing with your own eyes.
We congratulate you success.
FBI is the BEST in the world.
You will find the gift for FBI at the following address.
Then there was a link to a YouTube video called “you are an idiot!” The video starts off with some Japanese words, before smiley faces appear on the screen. This is followed by the techno music and the rest of the video saying “you’re an idiot” over and over again.
So, if the GOP isn’t North Korea, then who are they?
2. Albert Gonzalez
In 2003, Albert Gonzalez was arrested for being the administrator of an underground computer network called Shadowcrew.com. The network was 4,000 members-strong and people swapped illegal information on it, like credit card numbers. Instead of taking responsibility for what he did and do his time, Gonzalez became a paid informant for the Secret Service. He set up a sting operation where he convinced hackers from Shadowcrew.com to come to a chat room that was monitored by the Secret Service. This led to 28 arrests.
After the sting, Gonzalez moved to Miami and while making $75,000 as an informant, he started up his own criminal ring called “Operation Get Rich or Die Tryin’.” During the operation, Gonzalez and his ring of hackers stole 140 million credit card numbers from OfficeMax, TJX, Boston Market, Barnes & Noble, Sports Authority, Forever 21, DSW, and Dave & Buster’s.
The Secret Service, who had no idea that Gonzalez was running his own criminal network while also a paid informant, were doing a separate investigation and ended up arresting a man named Maksym Yastremskiy for selling stolen credit cards in Turkey. On his computer, they found a chat log with a mysterious American hacker who went under the username 201679996. This eventually led back to Gonzalez and he was arrested.
Gonzalez said in court that it was never about the money, but the Secret Service found chat records of him bragging that he planned to score $15 million and then retire and live on a yacht. Instead, he was sentenced to 20 years in prison in March 2010.
1. Evgeniy Mikhailovich Bogachev
On October 11, 2006, at 2:24 a.m., a user by the name of “fliime” posted a message on the online forum Techsupportguy.com asking for someone to take a look at some mysterious code that he found on his sister’s computer. It turns out that it was vicious malware that logged keystrokes, but ran so seamlessly that users didn’t see a slowdown on their system. It was so effective that it stole more passwords in a few hours than most malware does in weeks. It was also unique because it developed ways to hide itself from things like antivirus programs. Eventually, enough computers were infected that it created a botnet.
Since the virus ran virtually undetected, security experts have no idea how many computers were infected. Things only got worse in June 2007 when Apple launched the iPhone. That’s when people started getting emails offering free iPhone wallpapers but, of course, it was actually a new variation of the ZeuS virus. This version was even worse than the original because it allowed hackers to log into commercial banks and transfer large sums of money without raising alarm.
In 2010, four years after the malware was first detected, $100 million had been stolen using ZeuS. It’s estimated that hundreds of millions have been stolen in total and it has caused billions of dollars in damage. As of 2015, it was still being used to infect computers.
What made the author of ZeuS unique is that he didn’t do the hacking. Instead, he used a middleman to sell the malware to a third party, like criminal syndicates, and they would do the hacking. However, the hacker apparently offered 24/7 tech support.
At the time, the alias of the author of ZeuS kept changing. Some of his names included A-Z, Monstr, Slavik, Pollingsoon, Umbro, and Lucky1235. His real identity was only made public in June 2014, when the FBI announced they were looking for Russian-born Evgeniy Mikhailovich Bogachev, who is 34-years-old at the time of this posting. He wasn’t identified because of a mistake he made in his coding, though. Instead, a person who knew him gave him up. There is currently a $3 million reward from the FBI for information that leads to his arrest and conviction.