Security

10 Hacks That Made Headlines

In our first Rogues Gallery, we looked at ten infamous social engineers -- con men who exploited human weaknesses rather than technical vulnerabilities.

But there have been computer and network hacks for, well, pretty much as long as we've had computers and networks. The motives behind these intrusions have ranged from curiosity to paranoia (see McKinnon, Gary), through today --when most high-profile hacks are driven by either greed or some form of ideology.

[Related slideshow: Rogues Gallery 2: Ten infamous hacks and hackers]

Here are ten hacking incidents through history that made some of the biggest headlines.

Markus Hess hacks on behalf of the KGB

A German citizen recruited by the KGB to spy for the Soviets in the 1980s, Hess was tasked with breaking into U.S. military computers to obtain classified information.

From the University of Bremen in Germany, Hess used the German Datex-P network via satellite link or transatlantic cable to the Tymnet International Gateway. He was able to eventually attack 400 U.S. military computers, including those at military installations in Germany and Japan, as well as machines at MIT in Cambridge, Massachusetts and the OPTIMIS Database at the Pentagon.

Hess's activity was eventually detected by Clifford Stoll, an astronomer turned systems administrator of the computer center of the Lawrence Berkeley Laboratory (LBL) in California. Hess was found guilty of espionage and sentenced to one to three years in prison.

After Hess's capture, Stoll wrote about the experience in a book titled "The Cuckoo's Egg."

Robert Morris hacks the Internet

As a graduate student at Cornell University in 1988, Robert Morris created what would come to be known as the first worm on the Internet. Morris has said he created the worm not for damage, but to give him an idea of the size of the web. In order to hide the worms origins at Cornell, Morris released it from MIT, unleashing it to exploit vulnerabilities in Unix sendmail, finger, and rsh/rexec. However, a design flaw caused the worm to replicate itself at higher levels than Morris has intended, overloading systems and causing damage significant damage.

After he was identified as the source of the worm, Robert Morris became the first person convicted under the Computer Fraud and Abuse Act in 1990. Morris was sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision.

Vladimir Levin hacks Citibank

In what is seen by many as one of the first high-profile instances of financially-motivated hacking, Russian crime ring leader Vladimir Levin managed to gain access to accounts located in the Citibank network and stole millions of dollars in 1995.

Working as part of a larger crime group and using a computer based in London, Levin was able to get a list of customer codes and passwords that allowed him to log in many times over a several-week period and transfer money into accounts controlled by the crime organization. Officials said Levin managed to transfer $3.7 million illegally.

[Slideshow: 15 worst data breaches]

The FBI eventually caught up with Levin at a London airport and he was tried and convicted in the U.S. and sentenced to three years in jail in 1998. He was also ordered to pay Citibank $240,015 in restitution.

Jonathon James hacks NASA

Known by the hacker name c0mrade, Jonathon James was 16 when, in 1999, he hacked into the Marshall Space Flight Center in Huntsville, Alabama, and downloaded proprietary software for the International Space Station. The software supported the International Space Station's physical environment and was responsible for critical control of humidity and temperature for living in space.

NASA officials valued the documents stolen by James at around $1.7 million. The incident forced NASA to shut down its computer systems for three weeks and cost them about $41,000 to fix.

Adrian Lamo hacks the New York Times

In 2002, at age 19, Adrian Lamo hacked into the internal network of the New York Times and accessed many sensitive records, including an extensive database of op-ed writers the paper had used in the past.

The records contained names and, in some instances, phone numbers, home addresses and payment history on contributors such as Democratic strategist James Carville, former secretary of state James Baker, and (ironically, Sneakers movie veteran) actor Robert Redford. Lamo added his own name to the list of "experts" and under "expertise" he wrote "Computer hacking, national security, communications intelligence."

Gary McKinnon hacks the US military

Scottish hacker Gary McKinnon, who went by the handle Solo, was accused of hacking to several US military computers in 2001 and 2002. McKinnon allegedly wanted to know what the government knew about UFOs.

Military officials said the damage caused by McKinnon included the deletion of critical files from operating systems, prompting a shut down the US Armys Military District of Washington network of 2,000 computers for 24 hours. McKinnon also allegedly deleted weapons logs at the Earle Naval Weapons Station. Officials said the cost of cleanup from McKinnons hack was over $700,000.

McKinnon is currently in London and has been fighting US extradition orders for over a decade. He could face a sentence of over 60 years in prison if convicted of the charges against him.

Albert Gonzalez hacks TJX (and many more)

Albert Gonzalez was the convicted ring leader of a group of cyber criminals which, from 2005 through 2007, stole more than 90 million credit and debit card numbers from TJX and other retailers, including shoe sellers DSW, OfficeMax, BJs Wholesale Club and Dave & Busters. Gonzalez was also the mastermind behind the hacking that caused the massive records breach of Heartland Payment Systems in 2008.

In 2009, Gonzalez was sentenced to two concurrent 20-year prison sentences, the lengthiest sentence ever imposed in the United States for hacking or identity-theft.

Anonymous hacks HB Gary

In early 2011, Antisec group Anonymous got angry when Aaron Barr, at the time the CEO of HB Gary Federal, alluded to plans to reveal the identities of several Anonymous members at the Security B-Sides conference. In retaliation, the group compromised the systems of both HBGary Federal and sister firm HB Gary Inc. Anonymous then copied and made public thousands of private HBGary documents, including emails.

[HBGary's Hoagland identifies lessons in Anonymous hack]

In one of the first events to really bring "hacktivism" to the attention of the mainstream press, it was reported that some of the documents stolen by Anonymous revealed HBGary Federal was working with Bank of America to respond to Wikileaks' planned release of BOA internal documents. The HBGary documents detailed some planned shady tactics, including launching a "dirty tricks" campaign against Wikileaks and disrupting a Salon.com reporter who was assumed to be sympathetic to Wikileaks.

Lulzsec hacks Sony

An offshoot of Anonymous, hacktivist group Lulzsec in June 2011 hacked into Sony Pictures via SQL Injection attack and stole data that included names, passwords, e-mail and home addresses of thousands of customers.

Lulzsec, saying the attack was retaliation for Sony's legal action against hacker George Hotz for jailbreaking into the PlayStation 3, claimed to have compromised over one million accounts. Sony has claimed the number of compromised accounts was much lower.

[RSA Conference 2012: Why we kept Lulzsec safe]

Founding Lulzec member Sabu (real name Hector Xavier Monsegur) was arrested by federal agents in June 2011 and agreed to become an FBI informant, providing the FBI with details that lead to the arrest of five other "hacktivists" associated with the groups Anonymous, Lulzsec and Antisec. Sabu himself eventually plead guilty to criminal charges, including multiple counts of conspiracy to engage in computer hacking and is awaiting sentencing.

News of the World hacking scandal

Employees of British paper News of the World were found to have hacked into the phones of celebrities, politicians and even murder victims in pursuit of stories for the tabloid.

In an investigation that dated back to 2002, it was eventually revealed that reporters, as well as private investigators hired by the paper, had hacked into the voicemail accounts of celebrities such as model Elle McPherson and actress Sienna Miller, as well as members of the British Royal Family. In one instance, a PI working for the paper had tampered with official police evidence by listening to and inadvertently deleting the voicemails of murdered school girl Milly Dowler.

The 168-year-old paper was eventually shuttered in the wake of the scandal.

Subscribe to the Security Watch Newsletter

Comments