Top 5 Hackers in the World
5. Nasa Hacker Gary McKinnon
Gary McKinnon (born 10 February 1966) is a Scottish systems administrator and hacker who was accused in 2002 of perpetrating the “biggest military computer hack of all time,” although McKinnon himself states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the public. On 16 October 2012, after a series of legal proceedings in Britain, Home Secretary Theresa May withdrew her extradition order to the United States.
Alleged crime
McKinnon was accused of hacking into 97 United States military and NASA computers over a 13-month period between February 2001 and March 2002, at his girlfriend’s aunt’s house in London, using the name ‘Solo’.
The US authorities stated he deleted critical files from operating systems, which shut down the United States Army’s Military District of Washington network of 2,000 computers for 24 hours. McKinnon also posted a notice on the military’s website: “Your security is crap”. After the September 11 attacks in 2001, he deleted weapons logs at the Earle Naval Weapons Station, rendering its network of 300 computers inoperable and paralyzing munitions supply deliveries for the US Navy’s Atlantic Fleet. McKinnon was also accused of copying data, account files and passwords onto his own computer. US authorities stated the cost of tracking and correcting the problems he caused was over $700,000.
Judicial review
In January 2010 Mr Justice Mitting granted McKinnon a further judicial review of the decision of Home Secretary Alan Johnson to allow McKinnon’s extradition. Mitting distinguished two issues which were arguable, the first being whether psychiatrist Jeremy Turk’s opinion that McKinnon would certainly commit suicide if extradited means that the Home Secretary must refuse extradition under section 6 of the Human Rights Act 1998 (which prevents a public authority from acting in a way incompatible with convention rights). The second was whether Turk’s opinion was a fundamental change to the circumstances that the courts had previously considered and ruled upon. Mitting ruled that if the answer to both questions was “Yes”, then it was arguable that it would be unlawful to allow the extradition.
4. Kevin Poulsen
Kevin Lee Poulsen (born November 30, 1965) is an American former black-hat hacker and a contributing editor at The Daily Beast. He was born in Pasadena, California, on November 30, 1965.
Black-hat hacking
On June 1, 1990, he took over all of the telephone lines for Los Angeles radio station KIIS-FM, guaranteeing that he would be the 102nd caller and win the prize of a Porsche 944 S2.
When the Federal Bureau of Investigation started pursuing Poulsen, he went underground as a fugitive. A storage company cleared out a storage shed in Poulsen’s name due to nonpayment of rent, where computer equipment was discovered which was furnished to the FBI for evidence. When he was featured on NBC’s Unsolved Mysteries, the show’s 1-800 telephone lines mysteriously crashed. Poulsen was arrested in April 1991.
In June 1994, Poulsen pleaded guilty to seven counts of conspiracy, fraud, and wiretapping.He was sentenced to five years in a federal penitentiary, as well as banned from using computers or the internet for 3 years after his release. He was the first American to be released from prison with a court sentence that banned him from using computers and the internet after his prison sentence. Although Chris Lamprecht was sentenced first with an internet ban on May 5, 1995, Poulsen was released from prison before Lamprecht and began serving his ban sentence earlier. (Poulsen’s parole officer later allowed him to use the Internet in 2004, with certain monitoring restrictions).
Journalism
Poulsen has reinvented himself as a journalist since his release from prison and sought to distance himself from his criminal past. Poulsen served in a number of journalistic capacities at California-based security research firm SecurityFocus, where he began writing security and hacking news in early 2000. Despite a late arrival to a market saturated with technology media, SecurityFocus News became a well-known name in the tech news world during Poulsen’s tenure with the company and was acquired by Symantec. Moreover, his original investigative reporting was frequently picked up by the mainstream press. Poulsen left SecurityFocus in 2005 to freelance and pursue independent writing projects. In June 2005, he became a senior editor for Wired News, which hosted his blog, 27BStroke6, later renamed Threat Level.
In October 2006, Poulsen released information detailing his successful search for registered sex offenders using MySpace to solicit sex from children. His work identified 744 registered people with MySpace profiles and led to the arrest of one, Andrew Lubrano.
In June 2010, Poulsen broke the initial story of the arrest of U.S. service member Chelsea Manning and published the logs of Manning’s chats with Adrian Lamo regarding WikiLeaks.
In June 2019, Poulsen was accused of doxing Shawn Brooks, a 34-year-old Trump supporter living in The Bronx, when Poulsen revealed his identity in an article published in the Daily Beast on June 1, 2019, for being the alleged creator and disseminator of a fake video, which showed Nancy Pelosi speaking in a slurred manner.
3. Albert Gonzalez
Gonzalez had three federal indictments. The first was in May 2008 in New York for the Dave & Busters case (trial schedule September 2009). The second was in May 2008 in Massachusetts for the TJ Maxx case (trial scheduled early 2010). The third was in August 2009 in New Jersey in connection with the Heartland Payment case.
On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.
Gonzalez, along with his crew, was featured on the 5th season episode of the CNBC series American Greed titled: “Episode 40: Hackers: Operation Get Rich or Die Tryin’”.
Hacking career
ShadowCrew
While in Kearny, he was accused of being the mastermind of a group of hackers called the ShadowCrew group, which trafficked in 1.5 million stolen credit and ATM card numbers Although considered the mastermind of the scheme (operating on the site under the screen name of “CumbaJohnny”), he was not indicted. According to the indictment, there were 4,000 people who registered with the Shadowcrew.com website. Once registered, they could buy stolen account numbers or counterfeit documents at auction or read “Tutorials and How-To’s” describing the use of cryptography in magnetic strips on credit cards, debit cards and ATM cards so that the numbers could be used. Moderators of the website punished members who did not abide by the site’s rules, including providing refunds to buyers if the stolen card numbers proved invalid.
In addition to the card numbers, numerous other objects of identity theft were sold at auction, including counterfeit passports, drivers’ licenses, Social Security cards, credit cards, debit cards, birth certificates, college student identification cards, and health insurance cards. One member sold 18 million e-mail accounts with associated usernames, passwords, dates of birth, and other personally-identifying information. Most of those indicted were members who actually sold illicit items. Members who maintained or moderated the website itself were also indicted, including one who attempted to register the .cc domain name Shadowcrew.cc.
TJX Companies hack
While cooperating with authorities, he was said to have masterminded the hacking of TJX Companies, in which 45.6 million credit and debit card numbers were stolen over an 18-month period ending in 2007, topping the 2005 breach of 40 million records at CardSystems Solutions. Gonzalez and 10 others sought targets while wardriving and seeking vulnerabilities in wireless networks along U.S. Route 1 in Miami. They compromised cards at BJ’s Wholesale Club, DSW, Office Max, Boston Market, Barnes & Noble, Sports Authority and T.J. Maxx. The indictment referred to Gonzalez by the screen names “cumbajohny”, “201679996”, “soupnazi”, “segvec”, “kingchilli” and “stanozolol.” The hacking was an embarrassment to TJ Maxx, which discovered the breach in December 2006. The company initially believed the intrusion began in May 2006, but further investigation revealed breaches dating back to July 2005.
One of his alleged co-conspirators was 7-foot-tall Stephen Watt, known in the hacker world as “Unix Terrorist” and “Jim Jones.” Watt worked at Morgan Stanley in New York City and wrote the sniffer program.
2. Jonathan James
Jonathan Joseph James (December 12, 1983 – May 18, 2008) was an American hacker who was the first juvenile incarcerated for cybercrime in the United States. The South Florida native was 15 years old at the time of the first offence and 16 years old on the date of his sentencing. He died at his Pinecrest, Florida home on May 18, 2008, of a self-inflicted gunshot wound.
Initial Department of Defense intrusion
Between August 23, 1999, and October 27, 1999, James committed a series of intrusions into various systems, including those of BellSouth and the Miami-Dade school system. What brought him to the attention of federal authorities, however, was his intrusion into the computers of the Defense Threat Reduction Agency (DTRA), a division of the United States Department of Defense, the primary function of which is to analyze potential threats to the United States of America, both at home and abroad. James later admitted to authorities that he had installed an unauthorized backdoor in a computer server in Dulles, Virginia, which he used to install a sniffer that allowed him to intercept over three thousand messages passing to and from DTRA employees, along with numerous usernames and passwords of other DTRA employees, including at least 10 on official military computers.
It was later revealed that the precise software obtained was the International Space Station’s source code controlling critical life-sustaining elements. According to NASA, “the software supported the International Space Station’s physical environment, including control of the temperature and humidity within the living space.” This intrusion, when detected, caused NASA to shut down its computers for three weeks that July, costing $41,000 to check and fix its systems. Jonathan James did this using only a Pentium Computer.
Arrest, conviction and sentencing
James’s house was raided on January 26, 2000, by agents from the Department of Defense, NASA and the Pinecrest Police Dept. James was formally indicted six months later. On September 21, 2000, he entered into an agreement with U.S. Attorney Guy Lewis: he would plead guilty to two counts of juvenile delinquency in exchange for a lenient sentence.
James was sentenced to seven months’ house arrest and probation until the age of eighteen and was required to write letters of apology to NASA and the Department of Defense. He was also banned from using computers for recreational purposes. James later violated that probation when he tested positive for drug use and was then subsequently taken into custody by the United States Marshals Service and flown to an Alabama federal correctional facility where he ultimately served six months.
Legal experts have suggested that, given the extent of his intrusions, he could have served at least ten years for his crimes if he had been an adult. Both Attorney General Janet Reno and prosecuting attorney Guy Lewis issued statements claiming the James case was proof the Justice Department was willing to get tough with juvenile offenders accused of cybercrime.
Death
On January 17, 2007, department chain TJX was the victim of a massive computer systems intrusion that compromised the personal and credit information of millions of customers. The same ring of hackers also committed intrusions on BJ’s Wholesale Club, Boston Market, Barnes & Noble, Sports Authority, Forever 21, DSW, OfficeMax, and Dave & Buster’s, and reportedly made a millionaire out of the group’s ringleader, Albert Gonzalez. Though he denied having done anything, James—who was friends with some of the hackers involved—was investigated by the Secret Service, who raided James’, his brother’s, and his girlfriend’s houses. Although they apparently discovered no connection to the intrusion, they did discover a legally registered firearm, which they did not take, and notes indicating he had considered killing himself; James’s father would later say that his son had been prone to depression. The criminal complaint filed against the TJX hackers mentions an additional, unnamed conspirator who was not indicted, who is identified only by the initials “J.J.”. In 2004, this co-conspirator assisted one of the hackers in stealing credit card numbers, account numbers, and encrypted PINs from an OfficeMax store via Wi-Fi. These numbers were later allegedly provided to Albert Gonzalez, for whom “J.J.” also opened a mail drop. James’s father believes “J.J.” to have been his son. However, it is plausible that the initials “J.J.” may, in fact, have been referring to “Jim Jones”, a (hacker) alias believed to be used by Stephen Watt who was a close friend of a computer hacker and criminal Albert Gonzalez.
On May 18, 2008, Jonathan James was found dead in his shower with a self-inflicted gunshot wound to the head. His suicide was apparently motivated by the belief that he would be prosecuted for crimes he had not committed. “I honestly, honestly had nothing to do with TJX,” James wrote in his suicide note, “I have no faith in the ‘justice’ system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.”
1. Kevin Mitnick
Kevin David Mitnick (born August 6, 1963) is an American computer security consultant, author, and convicted hacker, best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crimes.
Mitnick’s pursuit, arrest, trial, and sentence along with the associated journalism, books, and films were all controversial
He now runs the security firm Mitnick Security Consulting, LLC. He is also the Chief Hacking Officer of the security awareness training company KnowBe4, as well as an active advisory board member at Zimperium,a firm that develops a mobile intrusion prevention system.
Computer hacking
At age 12, Mitnick used social engineering and dumpster diving to bypass the punch card system used in the Los Angeles bus system. After he convinced a bus driver to tell him where he could buy his own ticket punch for “a school project”, he was able to ride any bus in the greater LA area using unused transfer slips he found in a dumpster next to the bus company garage. Social engineering later became his primary method of obtaining information, including usernames and passwords and modem phone numbers.
Mitnick first gained unauthorized access to a computer network in 1979, at 16, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DEC’s computer network and copied their software, a crime for which he was charged and convicted in 1988. He was sentenced to 12 months in prison followed by three years of supervised release. Near the end of his supervised release, Mitnick hacked into Pacific Bell voice mail computers. After a warrant was issued for his arrest, Mitnick fled, becoming a fugitive for two and a half years.
According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He used cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country’s largest cellular telephone and computer companies. Mitnick also intercepted and stole computer passwords, altered computer networks, and broke into and read private e-mails.
Arrest, conviction, and incarceration
Supporters from 2600 Magazine distributed “Free Kevin” bumper stickers.
After a well-publicized pursuit, the FBI arrested Mitnick on February 15, 1995, at his apartment in Raleigh, North Carolina, on federal offences related to a two and half year period of computer hacking which included computer and wire fraud. He was found with cloned cellular phones, more than 100 clone cellular phone codes, and multiple pieces of false identification.
In December 1997, the Yahoo! website was supposedly hacked, displaying a message calling for Mitnick’s release or risk an internet “catastrophe” by Christmas Day. Yahoo! responded that the worm is nonexistent, and there were claims that it was a hoax only to scare people.
Mitnick was charged with wire fraud (14 counts), possession of unauthorized access devices (8 counts), interception of wire or electronic communications, unauthorized access to a federal computer, and causing damage to a computer.
In 1999, Mitnick pleaded guilty to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication, as part of a plea agreement before the United States District Court for the Central District of California in Los Angeles. He was sentenced to 46 months in prison plus 22 months for violating the terms of his 1989 supervised release sentence for computer fraud. He admitted to violating the terms of supervised release by hacking into Pacific Bell voicemail and other systems and to associating with known computer hackers, in this case, co-defendant Lewis De Payne.
Mitnick served five years in prison—four and a half years pre-trial and eight months in solitary confinement—because, according to Mitnick, law enforcement officials convinced a judge that he had the ability to “start a nuclear war by whistling into a payphone”, meaning that law enforcement told the judge that he could somehow dial into the NORAD modem via a payphone from prison and communicate with the modem by whistling to launch nuclear missiles. In addition, a number of media outlets reported on the unavailability of Kosher meals at the prison where he was incarcerated.
He was released on January 21, 2000. During his supervised release, which ended on January 21, 2003, he was initially forbidden to use any communications technology other than a landline telephone. Mitnick fought this decision in court, eventually winning a ruling in his favour, allowing him to access the Internet. Under the plea deal, Mitnick was also prohibited from profiting from films or books based on his criminal activity for seven years, under a special judicial Son of Sam law variation.
In December 2002, an FCC Judge ruled that Mitnick was sufficiently rehabilitated to possess a federally issued amateur radio license. Mitnick now runs Mitnick Security Consulting LLC, a computer security consultancy and is part owner of KnowBe4, provider of an integrated platform for security awareness training and simulated phishing testing.