Robert Tappan Morris - The Pioneer
Morris was born in 1965. His father, Robert Morris, was a computer scientist at Bell Labs, where he helped design Multics and Unix. He later became the chief scientist at the National Computer Security Center, a division of the National Security Agency (NSA)
Morris Jr. attended Harvard University, and later went on to graduate school at Cornell. During his first year there, he designed a computer worm that disrupted many computers on what was then a fledgling internet. This landed him in court a year later.
Morris' worm was developed in 1988, while he was a graduate student at Cornell University. He said it was designed to gauge the size of the Internet. He released the worm from MIT, rather than from Cornell. The worm exploited several vulnerabilities to gain entry to targeted systems, including:
- a hole in the debug mode of the Unix sendmail program,
- a buffer overrun hole in the fingerd network service,
- the transitive trust enabled by people setting up rexec/rsh network logins without password requirements.
The worm was programmed to check each computer it found to determine if the infection was already present. However, Morris believed that some administrators might try to defeat his worm by instructing the computer to report a false positive. To compensate for this possibility, Morris directed the worm to copy itself anyway, 14% of the time, no matter what the response to the infection-status interrogation.
This level of persistence was a design flaw: it created system loads that not only brought it to the attention of system administrators, but also disrupted the target computers. During the ensuing trial, it was estimated that the cost in "potential loss in productivity" caused by the worm and efforts to remove it from different systems ranged from $200 to $53,000.
Morris' stated motive during the trial was "to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects [he] had discovered." He completed his sentence as of 1994.
Kevin David Mitnick - The Star
Mitnick was born in 1963 and grew up in Los Angeles and attended James Monroe High School. He was enrolled at Los Angeles Pierce College and USC. For a time, he worked as a receptionist for Stephen S. Wise Temple.
At age 15, Mitnick used social engineering and dumpster diving to bypass the punch card system used in the Los Angeles bus system. After a friendly bus driver told him where he could buy his own ticket punch, he could ride any bus in the greater LA area using unused transfer slips he found in the trash. Social engineering later became his primary method of obtaining information, including user-names and passwords and modem phone numbers.
Mitnick first gained unauthorized access to a computer network in 1979, at 16, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DEC's computer network and copied their software, a crime he was charged with and convicted of in 1988. He was sentenced to 12 months in prison followed by three years of supervised release. Near the end of his supervised release, Mitnick hacked into Pacific Bell voice mail computers. After a warrant was issued for his arrest, Mitnick fled, becoming a fugitive for two and a half years.
According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He used cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country's largest cellular telephone and computer companies. Mitnick also intercepted and stole computer passwords, altered computer networks, and broke into and read private e-mail. Mitnick was apprehended on February 15, 1995, in Raleigh, North Carolina. He was found with cloned cellular phones, more than 100 clone cellular phone codes, and multiple pieces of false identification.
In 1999, Mitnick pleaded guilty to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication, as part of a plea agreement before the United States District Court for the Central District of California in Los Angeles. He was sentenced to 46 months in prison plus 22 months for violating the terms of his 1989 supervised release sentence for computer fraud. He admitted to violating the terms of supervised release by hacking into PacBell voicemail and other systems and to associating with known computer hackers, in this case co-defendant Lewis De Payne.
Mitnick served five years in prison—four and a half years pre-trial and eight months in solitary confinement—because, according to Mitnick, law enforcement officials convinced a judge that he had the ability to "...start a nuclear war by whistling into a pay phone", meaning that law enforcement told the judge that he could somehow dial into the NORAD modem via a payphone from prison and communicate with the modem by whistling to launch nuclear missiles. He was released on January 21, 2000. During his supervised release, which ended on January 21, 2003, he was initially forbidden to use any communications technology other than a landline telephone. Mitnick fought this decision in court, eventually winning a ruling in his favor, allowing him to access the Internet.
Since 2000, Kevin has been a professional security consultant, public speaker and author. He does security consulting for Fortune 500 companies, performs penetration testing services for the world’s largest companies and teaches Social Engineering classes to dozens of companies and government agencies. He is the author of a dozen books that have been translated into many languages, including "The art of deception" and "The Art of Intrusion".
Adrian Lamo - The Snitch
Lamo was born in Boston, Massachusetts in 1981. He does not have a high school diploma. According to Jennifer
Kahn of Wired, Lamo was known as the "Homeless Hacker" for his supposedly transient lifestyle. Lamo has claimed that he has spent much of his travels couch-surfing, squatting in abandoned buildings and traveling to Internet cafes, libraries and universities to investigate networks, and sometimes exploiting security holes. Despite performing authorized and unauthorized vulnerability assessments for several large, high-profile entities, Lamo has claimed he refused to accept payment for his services.
As of March 2011, Lamo was allegedly "in hiding," claiming that his "life was under threat" after turning in Manning.
In December 2001, Lamo was praised by Worldcom for helping to fortify their corporate security. In February 2002 he broke into the internal computer network of The New York Times, adding his name to the internal database of expert sources, and using the paper's LexisNexis account to conduct research on high-profile subjects. The New York Times filed a complaint, and a warrant for Lamo's arrest was issued in August 2003 following a 15-month investigation by federal prosecutors in New York. At 10:15 am on September 9, after spending a few days in hiding, he surrendered to the local authorities of California. He re-surrendered to the FBI in New York City on September 11, and pled guilty to one felony count of computer crimes against Microsoft, LexisNexis and The New York Times on January 8, 2004.
Later in 2004, Lamo was sentenced to six months detention at his parents' home plus two years probation, and was ordered to pay roughly $65,000 in restitution. He was convicted of compromising security at The New York Times and Microsoft, Yahoo! and WorldCom.
At his sentencing, Lamo expressed remorse for harm he had caused through his intrusions, with the court record quoting him as adding "I want to answer for what I have done and do better with my life."
In February 2009, a partial list of the anonymous donors to the WikiLeaks not-for-profit website was leaked and published on the WikiLeaks website. Some media sources indicated at the time that Lamo was among the donors on the list.
In May 2010, Lamo reported to U.S. Army authorities that Manning had claimed to have leaked a large body of classified documents, including 260,000 classified United States diplomatic cables. Lamo stated that Manning also "took credit for leaking" the controversial video footage of the July 12, 2007 Baghdad airstrike, which has since come to be known as the "Collateral Murder" video.
Lamo has stated that he would not have turned Manning in "if lives weren't in danger... [Manning] was in a war zone and basically trying to vacuum up as much classified information as he could, and just throwing it up into the air." WikiLeaks responded by denouncing Lamo and Wired Magazine reporter Kevin Poulsen as "notorious felons, informers & manipulators" and said that "journalists should take care."
Lamo has been criticized by fellow hackers such as those at the Hackers on Planet Earth conference in 2010, who called him a "snitch". Another commented to Lamo following his speech during a panel discussion saying: "From my perspective, I see what you have done as treason."
WikiLeaks founder Julian Assange calls Lamo "a very disreputable character", and says that Lamo's monetary support for WikiLeaks amounted to only 20 U.S. dollars on one occasion. Assange says that it is "not right to call [Lamo] a contributor to WikiLeaks", and questions the electronic record associated with the Manning–Lamo chats, because, according to Assange, Lamo has "strange motivations" and "had been in a mental hospital three weeks beforehand".
Lamo has been critical of media coverage of the hacker collective Anonymous, claiming that media outlets have over-hyped and mythologised the group. He also said that Anonymous is not the 'invulnerable' group it is claimed to be, and can see "no rational point in what they're doing."
Gary McKinnon - The Autistic Hacker
Gary McKinnon, born in 1966, is a Scottish systems administrator and hacker who was accused in 2002 of perpetrating the biggest military computer hack of all time, has been diagnosed of Asperger's Syndrome .
McKinnon is accused of hacking into 97 United States military and NASA computers over a 13-month period between February 2001 and March 2002, at his girlfriend's aunt's house in London, using the name 'Solo'.
The US authorities claim he deleted critical files from operating systems, which shut down the United States Army’s Military District of Washington network of 2,000 computers for 24 hours. McKinnon also posted a notice on the military's website: "Your security is crap". After the September 11 attacks in 2001, he deleted weapons logs at the Earle Naval Weapons Station, rendering its network of 300 computers inoperable and paralyzing munitions supply deliveries for the US Navy's Atlantic Fleet. McKinnon is also accused of copying data, account files and passwords onto his own computer. US authorities claim the cost of tracking and correcting the problems he caused was over $700,000.
Raphael Gray - The 'Saint'
Raphael Gray, born in 1982, is a computer hacker who, at the age of 19, hacked computer systems around the world over a period of six weeks between January and February 1999 as part of a multi-million pound credit card mission. He then proceeded to publish credit card details of over 6,500 cards as an example of weak security in the growing number of consumer websites.
Gray was able to break into the secure systems using an $500 computer he bought in his home town Clynderwen, Pembrokeshire, Wales. After publishing the credit card info on his websites, Gray posted a personal message saying law enforcers would never find him "because they never catch anyone. The police can't hack their way out of a paper bag." He was dubbed the "Bill Gates Hacker", when he sent Viagra tablets to Gates' address and then published what he claimed to be the billionaire's own number.
He was tracked down by ex-hacker Chris Davis who was insulted by Gray's "arrogance". It took Davis under a day to find Gray's information, which he then forwarded to the FBI. "The FBI was actually quite easy to deal with, although technically, they didn't really understand what it was I was explaining to them. The local police were also very polite, but they didn't understand it," said Davis. Gray was arrested when FBI agents and officers from the local Dyfed Powys Police turned up at the door of his home, which he shared with his mother and two sisters, in March 2000.
Aaron Hillel Swartz - The Legend
Aaron Swartz was an American computer programmer, writer, political organizer and Internet Hacktivist. Swartz was born in Chicago, Illinois, in 1986. The eldest son of Jewish parents Susan and Robert Swartz. His father had founded the software firm Mark Williams Company. Swartz immersed himself in the study of computers, programming, the Internet, and Internet culture.
Swartz was involved in the development of the web feed format RSS and the Markdown publishing format, the organization Creative Commons, the website framework web.py and the social news site, Reddit, in which he became a partner after its merger with his company, Infogami.
At age 14, he became a member of the working group that authored the RSS 1.0 web syndication specification. In 2001, Swartz joined the RDFCore working group at the World Wide Web Consortium (W3C), where he authored RFC 3870, Application/RDF+XML Media Type Registration. The document described a new media type, "RDF/XML", designed to support the Semantic Web. Swartz was co-creator, with John Gruber, of Markdown, a simplified markup standard derived from HTML, and author of its html2text translator. Markdown remains in widespread use.
Swartz's work also focused on sociology, civic awareness and activism. He helped launch the Progressive Change Campaign Committee in 2009 to learn more about effective online activism. In 2010 he became a research fellow at Harvard University's Safra Research Lab on Institutional Corruption, directed by Lawrence Lessig. He founded the online group Demand Progress, known for its campaign against the Stop Online Piracy Act. On December 27, 2010, Swartz filed a Freedom of Information Act (FOIA) request to learn about the treatment of Chelsea Manning, alleged source for Wikileaks.
On January 6, 2011, Swartz was arrested by MIT police on state breaking-and-entering charges, after systematically downloading academic journal articles from JSTOR. Federal prosecutors later charged him with two counts of wire fraud and 11 violations of the Computer Fraud and Abuse Act, carrying a cumulative maximum penalty of $1 million in fines, 35 years in prison, asset forfeiture, restitution and supervised release.
Swartz declined a plea bargain under which he would serve six months in federal prison. Two days after the prosecution rejected a counter-offer by Swartz, he was found dead in his Brooklyn, New York apartment, where he had hanged himself. No suicide note was found.
In June 2013, Swartz was posthumously inducted into the Internet Hall of Fame.