The History of Hacking

Early 1960s <<...>> University facilities with huge mainframe computers, like MIT's artificial intelligence lab, become staging grounds for hackers. At first, "hacker" was a positive term that was used to describe a person with a mastery of computers who could push programs beyond what they were designed to do.

1983 <<...>> In one of the first arrests of hackers, the FBI busts six teen-age hackers from Milwaukee, known as the "414s" after the local area code. The hackers are accused of some 60 computer break-ins, including from the Memorial Sloan-Kettering Cancer Center to Los Alamos National Laboratory. One of the hackers gets immunity for his testimony; the other five get probation.

1984 <<...>> Eric Corley, who uses the hacking handle "Emmanuel Goldstein," starts 2600: The Hacker Quarterly in New York, which quickly becomes a clearinghouse for hacking information.

1985 <<...>> Underground journalists "Taran King" and "Knight Lightning" launch Phrack, an electronic magazine based in St. Louis that provides information about computer hacking.

1987 <<...>> A 17-year-old high school dropout named Herbert Zinn, known to authorities as "Shadow Hawk," admits he broke into AT&T computers at Bedminster, N.J. Federal authorities say the teen - who worked from a computer in the bedroom of his suburban Chicago home - was close to tapping into AT&T's internal operations and the company's central switching system. Zinn, becomes one of the first people prosecuted under the Computer Fraud and Abuse Act of 1986, which among other things makes it illegal to use another person's password. He is caught after bragging on an electronic bulletin board that he had attacked an AT&T computer.

1988 <<...>> Cornell University graduate student Robert Morris, 22, launches a "worm" program onto the Internet that he wrote to exploit security holes on UNIX systems. The worm, programmed to penetrate other computers on the network and replicate itself, quickly spreads to more than 6,000 systems - approximately 1/10 of the Internet at the time and virtually shuts down the network by hogging system resources. Morris, who is arrested soon afterward, says he didn't intend to cause the $15 million to $100 million in damage that experts say his creation wrought. He faces a maximum sentence of up to five years in prison and $250,000 in fines but receives three years of probation, 400 hours of community service and a $10,000 fine.

1988 <<...>> The Department of Defense severs the links between the unclassified Military Network, or Milnet, and the Arpanet - the early Internet - after it is discovered that a hacker has broken into at least one Milnet computer.

1989 <<...>> Five West German cyberspies are arrested on espionage charges as a result of detective work by Clifford Stoll, a University of California, Berkeley, systems administrator who detected and investigated their systematic intrusions into U.S. government and university computer systems. Three of the hackers, who were charged with selling the information and software they obtained to the Soviet KGB, were convicted and sentenced to prison terms, but none ever spent any time behind bars. Stoll later wrote the bestseller "The Cuckoo's Egg" about his pursuit of the hackers.

1989 <<...>> Kevin Mitnick is convicted of stealing software from DEC and long-distance codes from MCI, becoming the first person convicted under a new law against gaining access to an interstate computer network for criminal purposes. He serves a one-year prison term and upon his release on probation is ordered not to use computers or associate with other hackers.

1990 <<...>> Four members of the Legion of Doom, a band of Southern hackers, are arrested for stealing the technical specifications for BellSouth's 911 emergency telephone network, information that could be used to "potentially disrupt or halt 911 service in the United States," according to a subsequent indictment. The company says the hackers also have lifted log-ins, passwords and connect addresses for its computer network and says it has spent $3 million on increased security to combat the hackers. Three of the hackers are found guilty and handed sentences of ranging from 14 months to 21 months and ordered to pay restitution of $233,000 to BellSouth.

1990 <<...>> The Secret Service launches Operation Sundevil to hunt down hackers. Agents eventually seize computer equipment in 14 cities.

1991 <<...>> Police arrest Justin Tanner Petersen in Dallas for possession of a stolen car and find computer files that lead to charges that he broke into the TRW computer system. After his conviction, Petersen is approached by the FBI and the Secret Service to assist in computer investigations. He reportedly helps investigators with the Mitnick case, but in October 1993 he disappears and a short time later is declared a fugitive. He resurfaces in 1994, as a confederate of Kevin Poulsen in his radio-station contest-rigging scheme. (See 1993.)

1991 <<...>> The General Accounting Office reveals that Dutch teen-agers gained access to Defense Department computers during the Persian Gulf War, changing or copying unclassified sensitive information related to war operations, including data on military personnel, the amount of military equipment being moved to the gulf and the development of important weapons systems.

1992 <<...>> Five members of Masters of Deception, a band of teen-agers based in the New York City boroughs of Brooklyn and Queens, are indicted for breaking into the computer systems of AT&T, Bank of America, TRW, and the National Security Agency, among others. Investigators used the first wiretaps ever in a hacker case to apprehend the hackers. One, Mark ("Phiber Optik") Abene, receives a one-year sentence; the others get off with 6-month sentences.

1993 <<...>> Kevin Poulsen is charged with using computers to rig promotional contests at three Los Angeles radio stations, in a scheme that allegedly netted two Porsches, $20,000 in cash and at least two trips to

Hawaii. Poulsen, already a fugitive facing federal telecommunications and computer charges, is accused of conspiring with two other hackers, Ronald Mark Austin and Justin Tanner Peterson, to seize control of incoming phone lines at the radio stations. By making sure that only their calls got through, they were able to "win" the top prize.

1994 <<...>> Two hackers identified as "Data Stream" and "Kuji" break into Griffith Air Force base and hundreds of other systems, including computers at NASA and the Korean Atomic Research Institute. After a cyber-manhunt, Scotland Yard detectives arrest "Data Stream," a 16-year-old British teen-ager who curls up in the fetal position and cries when seized. "Kuji" is never found.

1994 <<...>> The Independent newspaper reports that a temporary worker at British Telecom used easily obtained passwords to find the secret phone numbers of the queen, Prime Minister John Major and several top-secret M15 installations, all of which were then posted on the Internet. Steve Fleming, the reporter who wrote the story, later admits that he had worked for the phone company and purloined the numbers.

1994 <<...>> Hackers launch full-bore attack on security expert Tsutomu Shimomura's computer at the San Diego Supercomputer Center, which stores sophisticated computer security software. Shimomura joins effort to track convicted hacker Kevin Mitnick, who is suspected in the break-in.

1995 <<...>> Kevin Mitnick is arrested in Raleigh, N.C. Physicist and computer security expert Tsutomu Shimomura assists federal authorities in tracking Mitnick down after Mitnick allegedly invaded Shimomura's computer during an assault on San Diego Supercomputer Center systems. Mitnick is charged with breaking into a string of computer networks and stealing 20,000 credit card numbers and copying software programs. Mitnick was in prison awaiting trial until March 1999, when he pleaded guilty to seven felonies. He served another 10 months and was realeased in January 2000 on parole. He cannot use computer equipment until 2003 without permission from his probation officer.

1995 <<...>> Russian hacker Vladimir Levin, 30, is arrested in Britain on charges he used his laptop computer to illegally transfer at least $3.7 million from New York's Citibank to accounts around the world controlled by him and his accomplices. Levin is later extradited to the United States, where he is sentenced to three years in prison and ordered to pay Citibank $240,000 in restitution.

1995 <<...>> Satan, a software program designed to find the weaknesses of Unix computers connected to the Internet, is released. Its authors, including security expert Dan Farmer, say they wrote Satan to help operators of computers linked together on network systems to find and fix the flaws in their own systems before the weaknesses are ferreted out by pranksters or hackers.

1996 <<...>> A hacker who goes by the handle Johnny [Xchaotic] mail bombs about 40 politicians, business leaders and other individuals and institutions by subscribing them to Internet mailing lists, generating as many as 20,000 messages in one weekend. [Xchaotic] also publishes a manifesto explaining why he selected each target. He is never caught.

1997 <<...>> The InterNIC domain registry operated by Network Solutions is hacked by a business rival. Eugene Kashpureff, operator of AlterNIC, eventually pleads guilty to designing a corrupted version of InterNIC's software that quickly spread around the world to other DNS servers and prevented tens of thousands of Internet users from being able to reach many Web sites in many ".com" and ".net" domains. The software also "hijacked" visitors to InterNIC's Web site, rerouting them to the AlterNIC home page.

1998 <<...>> Deputy Defense Secretary John Hamre announces that hackers have carried out "the most organized and systematic attack the Pentagon has seen to date," breaking into the unclassified computer networks of numerous government agencies to examine and possibly alter payroll and personnel data. Shortly afterward, two teen-agers from Cloverdale, Calif., are detained in connection with the break-ins. Three weeks later, authorities announce the arrest of an Israeli teen-ager known as "the Analyzer," the alleged mastermind of the intrusion.

1998 <<...>> Sending a warning to young computer hackers, federal prosecutors for the first time charge a juvenile on hacking charges for shutting down an airport communications system in Worcester, Mass., during an intrusion into Bell Atlantic's computer system a year earlier. The boy's attack interrupted communication between the control tower and aircraft at Worcester Airport for six hours, authorities said. No accidents occurred. Under a plea agreement, the boy, whose name and exact age were not released, pleads guilty and is sentenced to two years probation, ordered to repay the phone company $5,000 and ordered to perform 250 hours of community service.

1998 <<...>> Hackers who say they are members of a group known as Masters of Downloading claim to have broken into a Pentagon network and stolen classified software that allows them to control a military satellite system. They threaten to sell the software to terrorists. The Pentagon later denies that that the software is classified or would allow the hackers to control its satellites, but acknowledge that a less-secure network containing sensitive information had been compromised.

May-June 1999 <<...>> The U.S. Senate, White House and U.S. Army Web sites, along with dozens of other government and consumer sites, fall victim to cyber vandals. In each case, the hackers scrawl messages that are quickly erased. The most notable message reads "Crystal, I love you" on the U.S. Information Agency's Web site, signed "Zyklon".

November 1999 <<...>> Norwegian group Masters of Reverse Engineering (MoRE) cracks a key to decoding DVD copy protection. The group creates a DVD decoder program for distribution on the Web, a move that spurs a flurry of lawsuits from the entertainment industry.

February 2000 <<...>> In a three-day period, hackers brought down leading Web sites including Yahoo!,,, eBay and using "Denial of Service" attacks that overloaded the sites' servers with an inordinate number of data requests.


Return to the Article Index