The History of Computer Hacking

The United States is in dire need of more elite cybersecurity experts to foil the growing number of computer-hacking attempts on government entities and businesses, from the Department of Defense to Citibank. From the mildly malicious to the truly malevolent, here's a look back at major breaches that have already put our money and welfare at risk.

1986: Lawrence Berkeley National Laboratory systems manager Clifford Stoll discovers that someone is hacking into the lab's system when he tries to correct a 75-cent accounting error. With some help from law enforcement, Stoll concludes that the lead hacker is Markus Hess, who had been selling information stolen from hacked computers to the KGB. Hess and his accomplices, who were working out of West Germany, are arrested by German authorities and convicted of selling stolen information to the Soviet Union, but they only receive suspended jail terms. (Stoll, by the way, is the author of an infamous 1995 NEWSWEEK article that suggested the promise of the Internet was mostly hype. Ooops. Unfortunately, for Stoll, that 15-year-old article just won't die … thanks to the Internet!)

1987: Herbert Zinn, a 17-year-old hacker and high-school dropout who goes by the moniker Shadow Hawk breaks into the systems of Department of Defense, NATO, and AT&T from his Chicago bedroom. Among the software he allegedly steals is an artificial-intelligence program not yet on the market that AT&T estimated was worth $1 million. He's caught after bragging on online message boards. Although he is a juvenile at the time, he's convicted of software theft and destruction, as well as of publishing information on how to circumvent AT&T's security devices. His sentence: nine months in prison, probation, and a $10,000 fine.

1988: Robert Morris, a 23-year-old Cornell University graduate student, launches the first Internet worm. Morris later said it was an error in his code that allowed the worm to replicate itself and clog up more than 6,000 government and university computers, essentially shutting down a large part of the early Internet. He is the first person convicted by a jury under the Federal Computer Fraud and Abuse Act of 1986 and is sentenced to three years probation and a $10,000 fine. At the time, his father was a leading computer-security expert at the National Security Agency.

1991: Kevin Poulsen, nicknamed Dark Dante, is already on the run from the FBI for hacking into federal computers when he and two other men rig a Los Angeles radio station's phone lines to win its contest's prize: a Porsche. They use the same ploy to also win vacations and $20,000. Later in 1991, he's caught and sentenced to 51 months in prison, fined $56,000, and banned from using computers for three years after his release. At the time, it was the longest sentence a hacker had received.

1994: Russian student Vladimir Levin, and his gang hack into Citibank and steal more than $10 million, at the time the biggest computer heist ever. Levin and his accomplices use stolen access codes and passwords to transfer stolen funds across the United States, Europe, and Israel. Months after he's discovered, he's arrested by Interpol and extradited to the U.S. to stand trial, where he strikes a plea bargain. He is sentenced to three years in prison and ordered to pay Citibank $240,000 in restitution. The rest of the money—minus $400,000—was later recovered by the bank. Citibank upgraded all security procedures following the breach.

1990s: Kevin Mitnick hacks into the computer systems of top tech companies, including Nokia, Fujitsu, and Sun Microsystems. The federal government dubs him "the most wanted computer criminal in U.S. history." He evades authorities until the FBI catches up with him in North Carolina in 1995. Mitnick spends four and a half years in a pre-trial facility before a judge sentences him to 46 months in jail in addition to 22 months he got for an unrelated parole violation. Supporters who believe he is treated unfairly hold protests and call for his release to a halfway house. The judge doesn't budge and Mitnick serves a total of five years in prison before being released in January 2000.

1996: After being fired from his job at Omega Engineering in New Jersey, Timothy Lloyd plants malicious software code on a computer at his former company. Triggered when an employee turns on the terminal, the so-called computer bomb deletes critical manufacturing software and costs the company $10 million. At the time, it was the costliest act of worker-related computer sabotage. A federal judge sentences Lloyd to nearly three and a half years in prison and orders him to pay more than $2 million in restitution.

1999: David Smith unleashes the Melissa virus, the first mass-mailing virus to wreak damage on a global scale. Melissa spreads to more than 300 companies across the world, crashing their e-mail networks. Corporations like Lucent Technologies and Lockheed Martin are forced to turn off their systems in order to wipe out the virus. Smith is arrested and sentenced to 20 months in prison for causing more than $80 million in damages.

2000: Canadian Michael Calce, a 15-year-old who goes by the name Mafiaboy, hacks into eBay, Amazon, CNN, Yahoo, and other sites. His denial-of-service attacks cause some sites to slow or crash altogether. The result: roughly a billion dollars in damage in the span of about a week. He is arrested and sentenced to eight months in a youth-detention center.

2002: Englishman Gary McKinnon is arrested and charged with hacking into various U.S. military systems, including the Pentagon, in search of information on unidentified flying objects. His crimes are considered the biggest military hack in history, but because he committed them from the United Kingdom, the U.S. is still negotiating his extradition.

2006: The State Department's networks are hacked and unknown foreign intruders download several terabytes of information. It remains unclear who was responsible.

2009: Hacker Albert Gonzalez is indicted on charges that between 2006 and 2008, he and unidentified Russian or Ukrainian colleagues stole more than 130 million credit- and debit-card numbers by hacking into the computer systems of major companies, including TJX, Barnes & Noble, and OfficeMax. It is considered the largest hacking and identity-theft crime in U.S. history.

2010: Google announces that a sophisticated attack penetrated its networks, along with the networks of more than 30 other U.S. companies, including Adobe and Yahoo. The search-engine giant points the finger at China and claims the hack was meant to gain access to Gmail accounts of human-rights activists. As a result, Google threatens to shut down operations in that country. The Chinese government denies involvement.

2010: Three hackers are arrested in Spain and charged with infecting 13 million computers worldwide with a virus that steals credit-card numbers and personal data. The virus, called Mariposa, which means "butterfly" in Spanish, infected computers from more than half of the world's 1,000 largest companies, including 40 major financial institutions.