Ten of the most infamous ‘black hat’ hackers

The mail attacker - David L. Smith

Smith was the writer of the Melissa Worm, which in 1999 became the first major e-mail macro virus. He deliberately posted an infected document to an alt.sex usenet newsgroup from a stolen AOL address. The worm, believed to be named after a stripper he knew in Florida, forwarded itself to the first 50 accessible addresses in Microsoft Outlook address books.

Companies like Microsoft, Intel, Lockheed Martin and Lucent Technologies were believed to have had to shut down their email gateways due to the large amount of email the virus was generating. In his federal plea, he acknowledged that he cost caused more than $80 million to North American business, and was sentenced to 20 months in jail.

The Canadian teen – MafiaBoy

MafiaBoy was the alias for a 15-year old Canadian boy who launched a denial-of-service attack that crippled sites such as Amazon, Dell, eBay eBay and Yahoo in 2000, which led to an estimated $1.7 billion cost in damages. The affected sites were bombarded with thousands of simultaneous messages, preventing users from accessing for up to five hours.

Although by Canadian law his name was not released by authorities, media outlets later revealed that his name was Mike Calce. Courts sentenced him to eight months custody in a youth detention centre.

The proxy intruder - Adrian Lamo

Currently a journalist and public speaker, Lamo is infamous for breaking into the New York Times and Microsoft. He was also said to have breached Yahoo, Bank of America and Citigroup. His technique was to take advantage of proxy servers which businesses use to let internal employees access the wider internet and to prevent access from intruders into the internal network.

Normally it should be a one-way door, but Lamo took advantage of badly configured proxy servers which allowed two-way entries. He could then access private internal networks from the outside. Breaking into the New York Times, he managed to view personal information on contributors, as well as gain access to social security numbers.

Dark Dante - Kevin Poulsen

Now a senior editor at Wired.com specialising in cybercrime, he was formerly a black hat hacker dubbed ‘Dark Dante’. He was responsible for many high profile stunts, his most famous hack being when he took over the lines of an LA radio station to make him the 102nd caller, which earned him a Porsche.

The FBI started to pursue Poulsen, and he went into hiding. When the law finally caught up, Poulsen was sentenced to 51 months in jail. He has now made his name as a journalist, as well as being interviewed for media outlets such as the BBC and CNN. In 2006, Poulsen lead a computer assisted investigation on MySpace which lead to a paedophile’s arrest as well as lead to policy changes at the social networking website.

The disgruntled employee - Timothy Lloyd

In 1996, Lloyd attacked Omega Engineering using a ‘logic bomb’, apparently due to being fired from his job at the company which he had worked for 11 years. He achieved this by planting lines of malicious code in the system which ‘exploded’, deleting manufacturing software from Omega, who had clients including NASA and the US Navy.

Chief financial officer Ralph Michel testified in court that the bomb destroyed programs and code generators which allowed the company to manufacture 25,000 different products and 50,000 different designs.

It caused around $10 million worth of damage - and possible caused layoffs - as well as dislodge Omega’s foothold in the industry. The incident was investigated by the US Secret Service as well as data recovery and forensic experts leading to his conviction. He was sent down for 41 months.

The C0mrade - Jonathan Joseph James

Nicknamed C0mrade on the internet, James is known as the first juvenile to be incarcerated for cybercrime in the US at age 16. In 1999, he committed a series of crimes, including that of the website BellSouth

By far his most serious crimes involved high-profile organisations such as the Defence Threat Reduction Agency (DTRA) which is part of the Department of Defence. He also targeted NASA computers, who alleged that he downloaded software worth $1.7 million, shutting them down for 21 days.

He gained access to the DTRA by gaining access to a computer server and installing a backdoor. The program intercepted 3,300 messages from DTRA staff as well as user names and passwords from military computers. He was sentenced for six months in a detention facility.

Jonathan James died in May of this year.

Email to a friend

Print this page