The Complete History of Hacking

2000s


[2000 Jan 15] 19-year-old Raphael Gray (‘Curador’) steals over 23,000 credit card numbers from 8 small companies. Raphael styled himself as a “saint of e-commerce”, as he hacked into U.S., British and Canadian companies during a “crusade” to expose holes in Internet security and who used computer billionaire Bill Gates’ credit card details to send him Viagra.

[2000 Feb 7] 16-year-old Canadian hacker nicknamed ‘Mafiaboy‘, carried out his distributed denial-of-service (DDoS) spree using attack tools available on the Internet that let him launch a remotely coordinated blitz of 1-gigabits-per-second flood of IP packet requests from “zombie” servers which knocked Yahoo off-line for over 3 hours. After pleding guilty ‘Mafiaboy’ was sentenced on Sep. 12 2001 to eight months in a youth detention center.

[2000 Feb 9] Two days later the DDoS attacks continued, this time hitting eBay, Amazon, Buy.com, ZDNet, CNN, E*Trade and MSN.

[2000 May] GAO (General Accounting Office) auditors were able to gain access to sensitive personal information from the Department of Defense (DOD) through a file that was publicly available over the Internet. The auditors tapped into this file without valid user authentication and gained access to employee’s Social Security numbers, addresses and pay information.

[2000 May 15] Love Bug virus sent from Philippines; AMA computer college. Michael Buen & Onel de Guzman are suspected of writing the virus.

[2000 Jun 1] Qualcomm in San Diego hacked by University of Wisconsin-Madison student Jerome Heckenkamp (‘MagicFX’).

[2000 Jun 15] An Information Technology consultant breached the security of British internet service provider Redhotant to expose security lapses. He managed to obtain the names, addresses, passwords and credit card details of more than 24,000 people, including military scientists, government officials, and top company executives just to show it could be done. The hacker said breaching the site’s security was “child’s play”.

[2000 Jul 18] AOL, based in Vienna, Virginia, confirmed that records for more than 500 so-called screen names of its customers had been hacked. Those records typically contain information such as a customer’s name, address and the credit card number used to open the account.

[2000 Jul 7] Utilities firm Powergen located in the UK was forced to ask thousands of its customers to cancel credit cards after a web site blunder left a database of card details exposed.

[2000 Jul 24] Andrew Miffleton (‘Daphtpunk’), age 25, of Arlington, Texas was sentenced in federal court to 21 months imprisonment and ordered to pay a $3,000.00 fine. Miffleton associated himself with a group known as “the Darkside Hackers”, who were interested in using unauthorized access devices to fraudulently obtain cellular telephone service through cloned cellular telephones or long distance telephone service through stolen calling card numbers.

[2000 Aug 17] United States District Judge Lewis Kaplan in New York bars Eric Corley (‘Emmanuel Goldstein’), publisher of 2600 magazine, from republishing software hacks that circumvent DVD industry encryptions. The code would enable movies to be more readily copied and exchanged as data files on the Internet.

[2000 Sep 5] A 21-year-old New Rochelle, New York man was sentenced to four months in prison for breaking into two computers owned by NASA’s Jet Propulsion Laboratory in 1998 and using one to host Internet chat rooms devoted to hacking, prosecutors said. Raymond Torricelli (‘rolex’) was a member of the hacking group ‘#conflict’ which used their computers to electronically alter the results of the annual MTV Movie Awards. Additionally, over 76,000 discrete passwords were found on Raymond’s personal computer.

[2000 Sep 6] Patrick W. Gregory (‘MostHateD’), age 20, pled guilty for his role as a founding member of a hacking ring called GlobalHell and is sentenced to 26 months imprisonment, three years supervised release, and was ordered to pay $154,529.86 in restitution. GlobalHell is said to have caused at least $1.5 million in damages to various U.S. corporations and government entities, including the White House and the U.S. Army. Gregory, a high school dropout who has said he wants to start his own computer security business, admits in a plea agreement to stealing telephone conferencing services from AT&T, MCI, and Latitude Communications and holding conference calls between 1997 and May 1999 with other hackers around the country.

[2000 Sep 26] Jason Diekman (‘Shadow Knight’, ‘Dark Lord’) arrested after Federal agents discovered evidence on Diekman’s computers indicating that he intercepted usernames and passwords from universities, including Harvard University. In a statement he made to investigators, Diekman admitted that he had hacked into “hundreds, maybe thousands” of computers, including systems at JPL, Stanford, Harvard, Cornell University, the California State University at Fullerton, and University of California campuses in Los Angeles and San Diego. On February 4, 2002, Diekman was sentenced to 21 months in federal prison, three years supervised release, restricted use of the computer and over $87,000 in restitution.

[2000 Oct] Microsoft admits that its corporate network has been hacked and source code for future Windows products has been seen. Hacker suspeted to be from St Petersburg.

[2000 Oct 10] FBI lure 2 Russian hackers to their arrest in Seattle, after it was determined that Alexei Ivanov, 20, and Vasily Gorshkov, 25, spent two years victimizing American businesses. The FBI established a bogus computer security firm that they named, fittingly enough, Invita. They leased office space in downtown Seattle and immediately called Ivanov in Russia about possible employment as a hacker. The FBI communicated with Gorshkov and Ivanov, by e-mail and telephone during the summer and fall of 2000. The men agreed to a face-to-face meeting and on Nov. 10, Gorshkov and Ivanov flew to Seattle and went directly to a two-hour “job interview” with undercover FBI agents who were posing as Invita staff. The Russians were asked to further demonstrate their hacking skills on an IBM Thinkpad provided by the agents. The hackers happily complied and communicated with their home server back in Chelyabinsk, unaware that the laptop they were using was running a “sniffer” program that recorded their every keystroke. The FBI agents’ descriptions of the meeting portray Ivanov and Gorshkov as not only blissfully ignorant of their impending arrest, but also somewhat cocky about their hacking skills. At one point in the meeting, as Gorshkov glibly detailed how he and Ivanov extorted money from a U.S. Internet service provider after hacking into its servers, he told the room of undercover agents that “the FBI could not get them in Russia.”

[2000 Oct 28] After 9 million hack attempts security web site AntiOnline is defaced by Australian hacker ‘ron1n’ (‘n1nor’). AntiOnline was deemed “unhackable” by the sites owner, John Vranesevich, but a poorly coded cgi script(s) written by Vranesevich led to the hack.

[2000 Nov 7] A 19-year-old Dutch hacker named ‘Dimitri’ broke in to Microsoft’s internal web servers with intentions to show the company its vulnerability due to not installing their own patches.

[2000 Dec 13] More than 55,000 numbers were stolen from Creditcards.com, which processes credit transactions for online companies. About 25,000 of them were posted online when an extortion payment was not made.

[2000 Dec 24] Exigent International, a U.S. government contractor, acknowledged that one or more cyberthieves broke into a restricted federal computer system and stole the company’s proprietary code for controlling satellite systems. The software, known as OS/COMET, allows ground-control personnel to communicate and send commands to satellites and rockets. The U.S. Air Force has plans to use the OS/COMET software to control the NAVSTAR Global Positioning System from its Colorado Springs Monitor Station, which is part of the Air Force Space Command.

[2001 Feb 1] Hackers invade World Economic Forum. The compromised data included credit card numbers, personal cell phone numbers and information concerning passports and travel arrangements for a number of government and business leaders. Among the notable victims whose personal information was pilfered were Microsoft chairman Bill Gates, Palestinian Authority chairman Yasser Arafat, U.N. Secretary-General Kofi Annan, former U.S. Secretary of State Madeline Albright and former Israeli Prime Minister Shimon Peres.

[2001 Feb 12] Anna Kournikova virus released by 20-year-old Dutchman Jan de Wit (‘OnTheFly’) who was later arrested and sentenced to 150 hours of community service.

[2001 Mar 1] FBI reports that 40 e-commerce sites located in 20 U.S. states were cracked by eastern Europe hackers, have stolen more than one million credit card numbers from U.S. e-commerce and banking websites.

[2001 Mar 7] Jesus Oquendo (‘Sil’), age 27, of Queens, New York was convicted and sentenced to 27 months in Manhattan federal court on charges of computer hacking and electronic eavesdropping of victim company Five Partners Asset Management LLC (“Five Partners”), a venture capital company based in Manhattan. Oquendo left the victim a taunting message on its network: “Hello, I have just hacked into your system. Have a nice day.”

[2001 May 1] Chinese and U.S. hackers attack each other because of the U.S. spy plane that had to make an emergency landing in China after the U.S. plane collides with and kills Chinese fighter pilot Wang Wei.

[2001 May 4] Gibson Security Research Corp came under attack (DDOS) and taken off-line by a 13-year-old hacker, at first due to a mistaken belief that Steve Gibson had called him a name, then simply because it was fun.

[2001 May 11] Solaris/IIS worm infects Solaris boxes up to version 7, and then scans for IIS machines susceptible to the folder traversal vulnerability and then replaces the default web page.

[2001 May 15] Hackers attack University of Washington and put file sharing program on its computers.

[2001 May 17] ‘Fluffy Bunny’ hacker group hacks Apache.org and SourceForge.net.

[2002 May 21] Max Butler (‘Max Vision’ and ‘The Equalizer’) was sentenced to 18 months in prison for launching an Internet worm that crawled through hundreds of military and defense contractor computers over a few days in 1998. Max Butler also lived three lives for five years. As ‘Max Vision’, he was an incredibly skilled hacker and security expert who boasted that he’d never met a computer system he couldn’t crack. As ‘The Equalizer’, he was an FBI informant, reporting on the activities of other hackers. As Max Butler, he was a family man in Santa Clara, California who ran a Silicon Valley security firm. At Max Vision Network Security, he specialized in running “penetration tests,” attempting to break into corporate networks to prove that their security wasn’t as good as it could be.

[2001 Jun 9] Los Angeles Times newspaper reports that hackers attacked a computer system that controls much of the flow of electricity across California’s power grid for seventeen days or more during the state’s worse days of the power crisis. According to the Times, the discover was ade on Friday, May 11 and that it was determined that attackes began as early as Wednesday, April 25. The attack appears to have primarily by an individual associated to China’s Guangdong province and routed through China Telecom. The 17-day intrusion into the networks running California’s leading electric power grid has caused considerable concern among state and federal bureaucrats.

[2001 Jun 15] Christine Gunhus, the wife of an U.S. senator, pleads no contest to charges of using a pseudonym to send e-mail messages that disparaged her husband’s Democratic rival.

[2001 Jun 20] U.S. security company ZixIt reported that a database holding details of customers’ credit cards had been hacked.

[2001 Jul 12] Notorious hacker group World of Hell managed to deface 679 web sites in just one minute.

[2001 Jul 17] Code Red worm is released. The worm exploits vulnerabilities in the Microsoft Internet Information Server IIS. The worm got its name from “Code Red” Mountain Dew which was used to stay awake by the hackers that disassembled the exploit.

[2001 Jul 16] 27-year old Russian programmer Dmitry Sklyarov arrested at Def Con 9 for creating a program to copy Adobe electronic books. He was charged with violating the 1998 Digital Millennium Copyright Act. Demitry was later released, as part of the agreement, Sklyarov will testify for the government in the case that remains against ElcomSoft, the company that sells the copying software.

[2001 Aug 21] Washington-based Riggs bank has its Visa customer database stolen by hackers.

[2001 Sep 18] Nimda worm (admin backwards) starts to spread, infecting Microsoft IIS servers that are open to known software vulnerabilities.

[2001 Nov 20] Hackers access Playboy.com’s credit card data. The hacking group ‘ingreslock 1524’ claim responsibility.

[2001 Nov 20] 25 church web sites hacked by Hacking for Satan group.

[2001 Dec 8] Federal prosecutors accuse one time Los Alamos National Laboratory employee Jerome Heckenkamp of breaking into Qualcomm and other corporate computer systems while he was a student. Heckenkamp, they say called himself ‘MagicFX’. When school police asked for the password for his personal computer. Court records say Heckenkamp chuckled when he gave it up. “Hackme,” he told them. Jerome is also suspected of hacking into a half-dozen other companies, including eBay Inc. and E*Trade Inc., over a nine-month period.

[2001 Nov 26] 2 former Cisco accountants sentenced to 34 months for breaking into company computers and stealing stock.

[2002 Feb 25] A 17-year-old female hacker, from Belgium, calling herself ‘Gigabyte’ takes credit for writing the first-ever virus, called ‘Sharpei’, written in Microsoft’s newest programming language C# (C sharp).

[2002 Jul 11] Hackers broke into USA Today’s web site and replaced several of the newspaper’s legitimate news stories with phony articles. Israeli hackers were suspeted.

[2002 Jul 25] Princeton University admissions officials gained unauthorized access to a web site at rival Yale University containing personal information about applicants to the Ivy League school, according to officials at both institutions.

[2002 Jul 30] Copies of OpenSSH are trojaned. OpenSSH is a popular, free version of the SSH (Secure Shell) communications suite and is used as a secure replacement for protocols such as Telnet, Rlogin, Rsh, and Ftp. The main openBSD (ftp.openbsd.org) mirror was compromised, after developers noticed that the checksum of the package had changed.

[2002 Aug 2] Italian police arrest 14 suspected hackers who are accused of thousands of computer intrusions, including attacks on the U.S. Army and Navy and the National Aeronautics and Space Administration. They were all members of two hacking groups, called Mentor and Reservoir Dogs.

[2002 Aug 17] Federal law enforcement authorities searched the computers of a San Diego security firm that used the Internet to access government and military computers without authorization over the summer. Investigators from the FBI, the Army and NASA visited the offices of ForensicTec Solutions Inc. seeking details about how the company gained access to computers at Fort Hood in Texas and at the Energy Department, NASA and other government facilities. The searches began hours after it was reported that ForensicTec consultants used free software to identify vulnerable computers and then peruse hundreds of confidential files containing military procedures, e-mail, Social Security numbers and financial data, according to records maintained by the company. While ForensicTec officials said they wanted to help the government and “get some positive exposure for themselves,” authorities are pursuing the matter as a criminal case.

[2002 Aug 28] The Recording Industry Association of America’s (RIAA) web site is defaced, and copyrighted mp3s are uploaded to the server. The RIAA along with the Motion Picture Association of America (MPAA), has won many critics online in its quest to shut down popular file-trading networks such as Napster.

[2002 Sep 20] Samir Rana (‘Torner’) a 21 year-old London hacker is arrested following a year-long investigation into the creation of the Linux rootkit program called Tornkit and on suspicion of being a member of the infamous hacker group Fluffy Bunny. It was later reporter that Rana owned the pink stuffed toy depicted in website defacements by Fluffy Bunny.

[2002 Sep 23] A UK hacker received an 18-month prison sentence for corporate sabotage. Stephen Carey, a 28-year-old computer engineer from Eastbourne, Sussex, is sentenced to 18 months for hacking into a firm’s database and modifying information.

[2002 Oct 4] Hacker Vasily Gorshkov, 27, of Chelyabinsk, Russia, is sentenced to three years in prison for convictions on 20 counts of conspiracy, fraud and related computer crimes. Gorshkov is also ordered to pay restitution of nearly $700,000 for losses he caused to Speakeasy Network of Seattle, and the online credit card payment company PayPal.

[2002 Oct 8] CERT (Computer Emergency Response Team) advisory is released detailing the discovery of a back door (trojan horse) found in the source code files of Sendmail 8.12.6.

[2002 Oct 16] Microsoft admits to being hacked. The security breach took place on a server that hosts Microsoft’s Windows beta community, which allows more than 20,000 Windows users a chance to test software that is still in development.

[2002 Oct 21] A distributed denial-of-service (Dee-Dos) attack, lasting one hour, sent a barrage of data at the 13 domain-name service root servers. The attack was in the form of an ICMP flood, which was blocked by many of the root servers, preventing any real loss of network performance.

[2002 Nov 12] Gary McKinnon (‘Solo’), 36, of London, an unemployed British sysadmin was indicted for what US authorities describe as the “biggest hack of military computers ever detected”. From February 2001 until March 2002, McKinnon allegedly exploited poorly-secured Windows systems to attack 92 networks run by NASA, the Pentagon and 12 other military installation scattered over 14 states. Private sector businesses were also affected by the alleged attacks, which caused an estimated $900,000 in damage overall. Prosecutors said that McKinnon “stole passwords, deleted files, monitored traffic and shut down computer networks on military bases from Pearl Harbour to Connecticut”.

[2002 Nov 22] Lisa Chen, a 52-year-old Taiwanese woman who pleaded no contest in one of the largest software piracy cases in the U.S. was sentenced to nine years in prison, one of the longest sentences ever for a case involving software piracy. Chen was arrested along with three associates in November 2001 after local sheriffs seized hundreds of thousands of copies of pirated software worth more than $75 million, software that Chen smuggled from Taiwan.

One Response to “The Complete History of Hacking”

  1. April says:

    excelkent submit, very informative. I wonder why thee ooposite secialists of tis sector do not understand this.

    You should continue your writing. I am sure, you have a huge readers’ base already!
    April´s last blog post ..April

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge