Sign up to our newsletter
There have been some notorious cybercriminals over the years, but only a select few hackers have swapped ‘black’ hats for ‘white’.
In hacking terms, ‘black’ hats are usually used for the bad guys. They hack the innocent victims, pilfer personal and sensitive data for financial gain and remain largely in the shadows of enterprise IT networks. They’re forever chased by law enforcement.
‘White’ hats, by contrast, are the good guys. They are security researchers, who spend their time hacking to find vulnerabilities, and then inform enterprises and web developers of the changes that need to be made.
There has been a clear distinction between both and there are enough of them around.
He was 15 when he learned how to bypass the punch card system for Los Angeles city busesOnce described by the US Department of Justice as the “most wanted computer criminal in the United States history”, Mitnick allegedly hacked into the computer networks of some of the world’s top technology and telco companies, including Pacific Bell, Fujitsu, IBM, Motorola and Nokia during the 1990s.
His career all started from a simple case of social engineering; it is reported that he was 15 when he learned how to bypass the punch card system for Los Angeles city buses by finding tickets, and by getting a bus driver to tell him where he could buy his own ticket punch.
Following a highly-publicised pursuit by the FBI, Mitnick was finally arrested in 1995 and confessed to numerous charges as part of a plea-bargain agreement. He subsequently served a prison sentence (12 months in prison, three years of supervised parole) and was released on parole in 2000.
It is even said that he was kept in solitary confinement for eight months because law enforcement were convinced he could launch nuclear missiles by whistling down a payphone.
Today, he works in his own computer security consultancy, Mitnick Security Consulting, which tests out company defences. He is also a public speaker and has published three books.
A spate of hacks once led to him being called the “Hannibal Lecter of computer crime”Kevin Poulsen, known online as “Dark Dante”, was also pretty notorious in the 1990s for a spate of hacks that once led to him being called the “Hannibal Lecter of computer crime”.
Poulsen’s most notorious hack was when he took over all the telephone lines of Los Angeles radio station, KIIS-FM, so that he himself would be the 102nd caller and win the price of a Porsche 944 S2.
He later progressed onto compromising federal networks, where he stole wiretapped information, and this led to him topping the FBI’s most wanted hacker list for a time.
After eventually being caught, Poulsen was sentenced to 51 months in prison and had to pay $56,000.
He has since built out a successful career as an investigative security journalist. He is now senior editor for Wired News and has helped law enforcement with some notable cybercriminal investigations, including one that resulted in the identification and arrest of 744 sex offenders on social networking platform MySpace. Poulsen and Aaron Swartz co-developed SecureDrop, the open-source software for secure communications between journalists and sources.
He became the first person to have ever been convicted due to his violation of the Computer Fraud Abuse Act of the United States.Computer scientist Robert Tappan Morris was a student at Cornell when he released one of the first computer worms, the Morris Worm, onto the internet in 1988.
He was caught, arrested and sentenced to three years’ probation, 400 hours of community service, and ordered to pay a fine of $10,000. He became the first person to have ever been convicted due to his violation of the Computer Fraud Abuse Act of the United States.
However, since his release in 1994, Morris has gone on to use his expertise for good, co-founding online store Viaweb (bought by Yahoo! for $45 million in 1998) and seed fund Y Combinator.
He later joined the faculty in the Department of Electrical Engineering and Computer Science at the Massachusetts Institute of Technology and became technical advisor for Meraki Networks, before the company was acquired by Cisco in 2012.
Sven Jaschan was found guilty of writing the Netsky and Sasser computer worms back in 2004, when he was still just a teenager. These viruses were big news, and were said to be responsible for around 70 percent of malware spreading across the internet at the time.
Jaschan received a suspended sentence – he was a few days before his 18th birthday when arrested – and later three years jail time for his crimes. He was then hired by German security company SecurePoint in 2004, a move which caused much commotion at the time, even causing the firm to lose business.
Bloomberg described it at the time as “the largest-ever crackdown on computer crime”Leonard Rose was convicted of wire fraud of 1991, after he was found guilty of stealing Unix source codes from AT&T as well as distributing two Trojan Horse malware programs which enabled him to gain access to numerous computer systems at companies across the US.
Rose was also accused of being the ringleader of the Legion of Doom hacking group, which stole log-in information and other personal details from a number of websites in the 1980s and 1990s. The FBI finally caught up with the group but only after the “Operation Sundevil” take-down in 1991 which reportedly involved “50 gun-toting Secret Service agents” raiding hacker homes in 14 different states. Bloomberg described it at the time as “the largest-ever crackdown on computer crime”.
In more recent years, Rose founded and created the Full Disclosure mailing list, used by many companies to disclose and detail security vulnerabilities, and now appears to work as a security expert for a company based in New Mexico.
Author Karl Thomas, ESET