BARNABY JACK

Barnaby Jack

Barnaby Jack, born November 22 1977, died July 25 2013

Barnaby Jack, who has died aged 35, was a “white hat” hacker, a computer security expert who seeks to preserve the integrity of information systems; in 2010 he came to widespread notice when he demonstrated live on a conference stage how he could drain an ATM (automated teller machine) of its entire reservoir of cash.

In 2008 Jack bought two ATMs, of the kind seen in bars and shops, over the internet for $2,000 each, and had them delivered to his apartment in San Jose, California. The New Zealand-born computer engineer later recalled: “So the guy, he wheels in this ATM, and he’s like, 'Why on earth do you need an ATM in your house?’ And I’m like, 'Oh, I just don’t like the transaction fees, mate.’”
For the next two years he analysed their software codes, believing that there were inherent weaknesses that would allow the machines to be controlled through the internet.
Eventually Jack succeeded in bypassing the demands for passwords and serial numbers, and was able to access his ATMs remotely. He could then withdraw all their cash – a process that became known as “Jackpotting”. He could also access information about bank accounts from the magnetic strips on bank and credit cards, and steal ATM users’ passwords.
At the Black Hat computer security conference in Las Vegas in July 2010, Jack demonstrated all this live on stage, showing how he could connect to an ATM via a telephone modem and, without using a password, withdraw all the machine’s cash.
As director of security testing at the Seattle-based computer security consultants IOActive, Jack’s purpose was to alert the manufacturers to potential failures in their systems. In an interview with CNN after the conference he said: “We were really careful when we gave this demonstration to make sure that the vendors had mitigation remediation in place before we went up and did it. I mean, the goal at Black Hat was certainly not to give a cookbook recipe for everyone out there to be able to go and loot ATMs. So we made sure the vendors had fixes in place.
“I demonstrated two different attacks. One was a walk-up attack, where I would literally walk up to an ATM, [and] within about two minutes it would just start spitting out its entire dispenser. Of course you had to be at the ATM for that one to work. The other attack was completely remote, so I could do it from a laptop in a hotel room or your bedroom... But I also had it harvesting people’s credit cards and pin numbers, which I could then retrieve remotely as well. It was 100 per cent anonymous, and bypassing all authentication.”
Jack was concerned that, when it came to ATMs, too much emphasis was placed on the “physical” defences, such as whether the machine was bolted down, or whether there was CCTV. “This is the first time anyone had actually looked at the underlying software,” he claimed. “And once I sort of dug in, ripped the software apart, I was really surprised at the amount of flaws that are hiding underneath there.” He added: “I am not naive enough to think I am the only one who can do it.”
Barnaby Michael Douglas Jack was born in Auckland, New Zealand, on November 22 1977, the son of Michael and Sammi Jack, and was fascinated by computers from boyhood.
Jack made his career in the United States, and from the age of 21 worked as a research engineer in the computer security software business, at Network Associates, Foundstone and eEye Digital Security. In 2006 he moved to Juniper Networks, and in June 2010 joined IOActive as director of research. At the time of his death he was director of embedded device security.
He died only a week before he was due to demonstrate at a conference how an assassin might kill his victim by disabling an implanted pacemaker or defibrillator from 30ft away – an idea used in the television series Homeland, starring Damian Lewis and Claire Danes.
In June this year Jack said: “Malware will often slow down a computer, and when you slow down a medical device it no longer gives the integrity needed to perform as it should.” He considered the Homeland scenario “fairly realistic” – although “they required a serial number, my demonstration does not”.
At a recent conference in Melbourne, Jack had delivered an 830-volt jolt to a pacemaker by logging into it remotely. Many medical devices use wireless technology, and authorisation that requires only a user name and password that can be remotely extracted from them. Jack said these were designed to be easy to crack by a doctor needing to give treatment in an emergency.
Jack even suggested that it would be possible to write a “worm” for a particular brand of pacemaker or defibrillator, then spread it to other devices within range, from one person to another.
Barnaby Jack was found dead at his apartment in San Francisco; the cause of death is unknown.
He is survived by his mother, his sister, Amberleigh, and by his girlfriend, Layne Cross.

Security researcher demonstrates ATM hacking

Security researcher demonstrates ATM hacking

IOActive's Barnaby Jack reveals at Black Hat how he found ways to remotely log into ATMs without a password and force them to spit out cash.

LAS VEGAS--Hacking into an ATM isn't impossible, a security researcher showed Wednesday. With the right software, it's actually pretty easy.

Barnaby Jack, director of security testing at Seattle-based IOActive, hauled two ATMs onto the Black Hat conference stage and demonstrated to a rapt audience the fond daydream of teenage hackers everywhere: pressing a button and having an automated teller machine spew out its cash until a pile of paper lay on the ground.

"I hope to change the way people look at devices that from the outside are seemingly impenetrable," said Jack, a New Zealand native who lives in the San Jose area. One vulnerability he demonstrated even allows a hacker to connect to the ATM through a telephone modem and, without knowing a password, instantly force it to disgorge its entire supply of cash.

Jack said he bought the pair of standalone ATMs--one manufactured by Tranax Technologies and the other by Triton--over the Internet and then spent years poring over the code. The vulnerabilities and programming errors he unearthed during that process, Jack said, let him gain complete access to those machines and learn techniques that can be used to open the built-in safes of many others made by the same companies.

"Every ATM I've looked at, I've found a game-over vulnerability that allows an attacker to get cash from the machine," Jack said. "I've looked at four ATMs. I'm four for four." (He said he has not evaluated built-in ATMs like those used by banks and credit unions.)

He said both Tranax and Triton had patched the security vulnerabilities since he brought them to the companies' attention a year ago. If a customer with an ATM such as a convenience store or a restaurant doesn't apply the fix, though, the machines remain vulnerable.

Hacking into ATMs is not exactly a new idea : It was immortalized by a young John Connor in the "Terminator 2" movie, and techniques like "card skimming" and "card trapping" are well-known by police.

Some enterprising thieves have even seized on ways to use a little-known configuration menu to trick ATMs into thinking that they're dispensing $1 bills instead of $20 ones. (Traditional methods of stealing an ATM, ramming it, cutting into its safe, or blowing it up still work too.)

But those other electronic cash-extraction techniques were limited because they didn't rely on a deep analysis of an ATM's code. Many run Windows CE with an ARM processor and an Internet connection or a dialup modem, all of which controls access to the armored safe through a serial port connection. Jack said he used standard debugging techniques to interrupt the normal boot process and instead start Internet Explorer, giving him access to the file system and allowing him to copy off the files for analysis.

In the case of Tranax, a Hayward, Calif.-based company, Jack said he found a remote access vulnerability that allows full access to an unpatched machine without a password needed. He wrote two pieces of software to exploit that programming error: a utility called Dillinger, which attacks an ATM remotely, and one called Scrooge, a rootkit that inserts a backdoor and then conceals itself from discovery.

Scrooge "hides itself from the process list, hides itself from the operating system," Jack said. "There's a hidden pop-up menu that can be activated by a special key sequence or a custom card."

Triton's ATMs didn't have an obvious remote access vulnerability. And the built-in vaults were well-armored. But the PC motherboard that dispenses cash from the vault was protected only by a standard (not unique) key that could be purchased over the Internet for about $10. So Jack did, and found he could force the machine to accept his backdoor-enabled software as a legitimate update.

Bob Douglas, Triton's vice president of engineering, showed up at the conference to stress to reporters that the vulnerability has been fixed. "We have developed a defense against that attack," he said. "We released it in November of last year."

In addition, Douglas said: "We have an optional kit available to replace the lock with a unique key. It's a high-security lock as well. I think it's a Medeco lock." But he said because some companies that service ATM machines might own 3,000 of them and visit dozens or hundreds a day, not all customers choose to upgrade.
Jack was scheduled to present a similar talk at Black Hat last year, but it was pulled at the last minute after an ATM vendor complained to Juniper Networks, his then-employer.

The difficult part in hacking the ATMs was evaluating the software for vulnerabilities--but the Dilligner and Scrooge utilities Jack created as a result are easy enough for a child to use.

JULIAN ASSANGE

JULIAN ASSANGE 

NAME                                 JULIAN ASSANGE

OCCUPATION                  COMPUTER PROGRAMMER. ACTIVIST, JOURNALIST

BIRTH DATE                      JULY 3.1971 

EDUCATION                     UNIVERSITY OF MELBOURNE

PLACE OF BIRTH             TOWNSVILLE, QUEENSLAND, AUSTRALIA

NICKNAME                      MENDAX

ZODIAC SIGN                  CANCER

Julian Paul Assange (born July 3, 1971) --is an Australian activist and computer hacker best known as the founder of WikiLeaks. Julian Assange is currently (as of 12.04.10) wanted on an international arrest warrant for sex crimes allegedly committed in Sweden.

Julian Assange was born in Townsville, Queensland, Australia in 1971. parents ran a touring theatre company. In 1979, his mother, Christine, remarried; her new husband was a musician who belonged to a controversial New Age group led by Anne Hamilton-Byrne.

In 1987, at the age of 16, Assange began his career as a computer hacker, hacking under the name "Mendax" (derived from a phrase of Horace: "splendide mendax," or "nobly untruthful"). Assange and two other hackers formed a group called International Subversives.

As a result of his hacking, in 1991, the Australian Federal Police raided Julian Assange's home in Melbourne. He was charged with hacking into computers belonging to an Australian university, the Canadian telecommunications company Nortel, and other organizations. In 1992, he pleaded guilty to 24 charges of hacking into computer systems. After the 1991 raid and his arrest, his girlfriend left him, taking his son, Daniel.

He worked on several open-source, and free software projects before founding WikiLeaks in 2006. Assange wrote two essays in 2006 establishing the philosophy behind WikiLeaks:

"To radically shift regime behavior we must think clearly and boldly for if we have learned anything, it is that regimes do not want to be changed. We must think beyond those who have gone before us and discover technological changes that embolden us with ways to act in which our forebears could not."

In his personal blog he also wrote,

"the more secretive or unjust an organisation is, the more leaks induce fear and paranoia in its leadership and planning coterie. ... Since unjust systems, by their nature induce opponents, and in many places barely have the upper hand, mass leaking leaves them exquisitely vulnerable to those who seek to replace them with more open forms of governance."

Since 2006, WikiLeaks publicly released material documenting extra-judicial killings in Kenya, a report of toxic waste dumping on the African coast, Church of Scientology manuals, Guantánamo Bay procedures, the July 12, 2007 Baghdad airstrikes video, (also, see below). and material involving large banks such as Kaupthing and Julius Baer among other documents.

On November 28, 2010, WikiLeaks began releasing more than 251,000 American diplomatic cables, mostly unclassified but including many labelled "classified" or "secret." The release of information that was never intended for public viewing generated some embarrassing moments for the U.S. Government and created some problems for American allies. For example, some diplomatic documents indicated that many Arab governments secretly agreed with the Israeli position that Iran is a significant threat, and that the United States needed to take strong action to prevent an Iranian nuclear weapons capability from developing.

On 20 August 2010, Swedish authorities began an investigation of allegations that Julian Assange had raped a woman in Enköping on the weekend of August 14, 2010 after a seminar, and two days later had sexually harassed a second woman he had been staying with in Stockholm.

On November 24, 2010, Assange lost a legal in Sweden, and is under arrest in absentia and has an arrest warrant out in his name. On November 30, 2010, the international police agency Interpol issued a "red notice" against Assange on behalf of Sweden for questioning on allegations of "sex crimes."

Swedish prosecutor Marianne Ny filed charges of rape, sexual molestation and unlawful coercion against Julain Assange.

 

Notorious Hackers Of 2013

Notorious Hackers Of 2013

This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.

Who should make the list of the world's most notorious hackers in 2013?

If recent years are any guide, crime-committing hacktivists should loom large. In 2011, LulzSec stormed on to the scene, pulling off 50 days of hacks that mixed technical savvy with PR acumen. But by 2012, the leaders of LulzSec had been arrested, as had many participants in high-profile Anonymous operations, thanks to a concerted effort by the FBI and its counterparts overseas. By the end of 2013, some of the best-known domestic hackers with political aims either were in jail or, in the case of some people arrested in Britain, had already served time and were on parole.

Policing hacks launched from non-allied countries has always been a different story, given the Department of Justice's inability to arrest, extradite, or sometimes even identify suspects operating from certain countries. For example, many crimeware toolkit-driven campaigns that use bots to steal personal financial details and then remove millions of dollars from banks are run from Russia or former Soviet satellites that have no extradition treaty with the United States.

Foreign attackers who hold a political grudge against the United States likewise remain tough to stop. Last year, a group of foreign attackers -- backed by the Iranian government, US government officials have alleged -- launched Operation Ababil, a series of distributed denial-of-service (DDoS) attacks against US banks. Those attacks continued into their fourth wave in 2013, making them the longest-running series of online attacks in history. Despite the timing and the targets being revealed in advance, targeted banks often had difficulty blunting the DDoS attacks.

Also on the overseas tip, US officials increased their denunciation of state-sponsored Chinese hackers in 2013. Though China had long been suspected of hacking businesses and government agencies, government officials began publicly pointing the hack-attack finger after the security firm Mandiant published evidence of what it said was an elite PLA military online hacking team, which it had linked to the theft of intellectual property from US businesses, as well as the theft of US military secrets.

Hacking has long been defined -- loosely, anyway -- in terms of white, black, and gray hats, referring to hackers who pursue ethical computer security research (white hats), people who hack solely for their own gain or at the expense of others (black hats), and people who fall somewhere in the middle (gray hats). Clearly, Chinese APT attacks, crimeware toolkits, bank DDoS exploits, and other leading hack attacks were evidence of black-hat behavior.

But the world turned a lot more gray beginning in the middle of 2013, after Edward Snowden, a National Security Agency contractor, fled to China and began leaking 1.7 million secret NSA documents. Those disclosures, which are ongoing, have begun to pull back the curtain on America's massive online surveillance apparatus. For example, we've learned that the agency hacked into tens of thousands of PCs abroad, as well as hacking into Internet backbone communications or technology giants' datacenters directly, to allow the agency to eavesdrop on foreign and domestic communications.

Who are the good guys and bad guys now? Click the image above for this year's list of the most notorious hackers



This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.

Anonymous hacking collective

Is there any group of hackers more outspoken online than Anonymous? The group started the year with a legal bang by backing a White House "We the People" petition arguing that DDoS attacks should be protected as a form of free speech, so that they could be used to protest injustice. However, that attempt to hack the Constitution failed to garner the number of signatures required for a White House response.

But that didn't stop the collective from protesting perceived injustices. Its Operation Last Resort included hacking the US Sentencing Commission website -- which establishes sentencing policies and practices for the federal courts -- to include a game of Asteroids, to protest federal prosecutors having threatened Reddit co-founder Aaron Swartz with a 35-year prison sentence for downloading millions of documents from the JSTOR archive, which helped drive Swartz to commit suicide. The group also defaced a Massachusetts Institute of Technology website to denounce the institution's failure to protest Swartz's prosecution.

As the year progressed, the campaigns continued, with Anonymous channeling mass anger over the 2008 economic crash -- as well as the fact that no Wall Street executives were ever charged with crimes related to it -- by leaking what it said were passwords for 4,000 financial executives. Rebranded as Operation Wall Street, the effort continued, with the hacktivist collective calling on the public to dox (release sensitive documents on) bank executives.

Anonymous continued with attacks against North Korean websites after the country's leadership threatened to restart a nuclear reactor; OpIsrae" attacks against Israeli websites -- taking sides in the Israeli-Palestinian conflict -- that reportedly fizzled; an OpUSA attack against banks and government agencies that likewise fizzled; and a threatened Guantanamo Bay Naval Base attack that led authorities there to deactivate WiFi and social media.

Meanwhile, Anonymous earned widespread praise in October when its members launched Operation Maryville to highlight the case of two Missouri girls, ages 13 and 14, who were both allegedly raped last year, only to see prosecutors drop charges against one of the girl's alleged attackers. The outcry helped draw attention to the case, leading the state's lieutenant governor to demand that a grand jury investigate.

    This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.

Stratfor hacker Jeremy Hammond

Anonymous-allied Jeremy Hammond hacked into the private intelligence contractor Strategic Forecasting (known as Stratfor) in late 2011 and then posted the stolen files to a server that now appears to have been owned by the FBI. He also distributed the stolen information to WikiLeaks, which published it as part of its Global Intelligence Files program.

Hammond was indicted in 2012. In May 2013, he pleaded guilty to one count of conspiracy to engage in computer hacking. He admitted to masterminding the Stratfor hack, compromising account information for approximately 860,000 Stratfor users, and publishing stolen data pertaining to 60,000 credit cards. Anonymous later used the cards to make $700,000 in unauthorized donations to nonprofit groups. In addition, Hammond admitted to hacking numerous other organizations, ranging from the FBI's Virtual Academy and the Arizona Department of Public Safety to the Jefferson County Sheriff's Office in Alabama and the Boston Police Patrolmen's Association. Thanks to the hacking count, Hammond faced up to 10 years in prison and up to $2.5 million in restitution.

After Hammond pleaded guilty, but before Judge Loretta Preska sentenced him in November, Hammond's supporters launched a letter-writing campaign in pursuit of leniency, arguing in part that Hammond had been entrapped by the former LulzSec leader Sabu, who'd become an FBI informant six months before Hammond hacked Stratfor, and who was being monitored around the clock by handlers at the bureau.

At the sentencing hearing, Hammond read a statement saying that Sabu had provided him with passwords and root access information for 2,000 different websites. "These intrusions, all of which were suggested by Sabu while cooperating with the FBI, affected thousands of domain names and consisted largely of foreign government websites, including those of Turkey, Iran..." Hammond said, before being cut off by the judge, who told him that the list of target names was to be redacted.


Preska sentenced Hammond to 10 years in prison, to be followed by three years of supervised release.

{{{{ source : http://www.darkreading.com))

Famous Hackers and Hacks

 Famous Hackers and Hacks

While widely used, the term hacker is not always applied as it should be. In the hacking community in particular, there can be stark divisions between hackers -- people immensely skilled at navigating computer systems and diagnosing security flaws -- and crackers -- those who use their hacking knowledge for malicious gain. This same dichotomy is sometimes represented by the terms white hat and black hat. A white hat hacker, for example, may be someone hired by a company to break into its computer network in order to find vulnerabilities. A black hat hacker is someone on the outside who would break into a system in order to cause damage or for financial gain.

Although these various definitions exist, the term hacker is now largely a stand-in for anyone who breaks into computer networks, and it often carries a negative connotation. Some have broken the law in their careers, but many have also gone on to have productive (and legal) roles in the computer industry. Those that have broken the law have complex legal cases, and their motives are not necessarily malicious. In this article, we'll look at 10 famous hackers of all stripes.
The term hacker commonly refers to anyone who unlawfully breaks into computer networks, and it often carries a negative connotation.

Kevin Mitnick

Not all hackers break the law and even fewer become the targets of FBI manhunts. But Kevin Mitnick was jailed twice -- first in 1988, and then, after a plea bargain, from 1995 until 2000. For three years, he wasn't allowed to the use the Internet. He managed to send and receive e-mail by having his girlfriend do all the clicking and typing; Mitnick just watched the screen [source: Thompson].

Mitnick often trumpeted himself more as a "social engineer" than a hacker. He said he preferred to use "persuasion, influence and manipulation" in order to solicit information from influential people -- e.g. someone with access to a tech firm's computer network, which didn't require writing new software or otherwise breaking codes to get into a network [source: Thompson].

Mitnick has been the subject of several books, including "Takedown," which was made into a movie, and he even appeared in an episode of the TV show "Alias." Since regaining his computer privileges, he has started his own security-consulting firm, in addition to making rounds on the public speaking circuit.

 Hacker Kevin Mitnick was jailed twice for his crimes, once in 1988, and then again from 1995 to 2000.

Kevin Poulsen

Like Kevin Mitnick, Kevin Poulsen was hunted by the FBI and was the subject of a book "The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen" chronicling his hacking exploits. And like Mitnick, Poulsen eventually went straight, giving up hacking.

But before Poulsen rediscovered the right side of the law, he accrued a litany of hacking exploits, some of them illegal. While still a child, he learned how to whistle into a payphone in order to get free calls (he channeled the sound through his braces). He hacked a radio station's phone lines in order to win a call-in contest whose prize was a Porsche. He eventually earned the distinction of being the first hacker charged with espionage after he allegedly stole classified information from the Air Force [source: Markoff]. Other charges against him include hacking into Pacific Bell. Eventually he was sentenced to 51 months for his crimes.

Since giving up hacking, Poulsen has become a journalist, working as a senior editor at Wired magazine, where he often writes about hackers.

Call Sign

It may be a cliché, but many hackers do go by nicknames. Poulsen's was Dark Dante.

Adrian Lamo

Earlier on in his hacking career, Adrian Lamo was something of a good Samaritan, known by the moniker "the homeless hacker" because he sometimes took up residence in abandoned buildings. As a hacker, Lamo broke into the networks of a number of major companies -- Excite@Home, MCI WorldCom, Yahoo, Microsoft and Google -- but he often contacted the companies and told them about the security holes. In some cases, he also helped them fix these holes without accepting any compensation [source: TheWeek].

He finally got into trouble when he hacked into The New York Times -- from a computer at a Kinko's -- in 2003. He found a trove of information there, including personal details on thousands of people who had written for the paper, including celebrities and ex-presidents. To avoid jail time, he negotiated a plea bargain that included six months of house arrest [source: TheWeek].

In recent years, Lamo has been in the news for reporting Bradley Manning to police. Manning, a U.S. Army private first class, allegedly funneled thousands of classified documents to the whistleblower organization WikiLeaks and then contacted Lamo, who said that Manning boasted about his actions. Lamo's role in the affair, in which he presented himself as a journalist, has attracted some controversy [source: Greenwald].

Hackers' Diagnosed

In April 2010, Lamo was diagnosed with Asperger's, an autism-spectrum disorder commonly associated with people of high intelligence who have difficulty socializing [source: Poulsen].

Like Adrian Lamo, Gary McKinnon has been diagnosed with Asperger's syndrome. This Scottish hacker's supporters have protested plans for the U.K. government to extradite him to the United States to face trial for allegedly hacking into U.S. government computers. Those working on McKinnon's behalf worry that he is "too psychologically fragile" and may commit suicide [source: Kennedy]. His case has contributed to a serious debate about the U.K.'s extradition policies.

McKinnon is under suspicion for hacking into U.S. government computer networks in late 2001 and early 2002, in what's been called a historic breach of security [source: Bingham]. A British court judgment accuses McKinnon of infiltrating 97 computers, installing hacking software, deleting important files and stealing information [source: England and Wales High Court]. He confessed that he left a threatening note on one Army computer, in which he identified himself by the name "SOLO."

McKinnon has admitted to the hacks and said he thought he could find evidence that United States was covering up the existence of UFOs. His case remains ongoing.Gary McKinnon is accused of hacking into U.S. government computer networks in late 2001 and early 2002.

Robert Tappan Morris

Robert Tappan Morris is now a tenured professor at MIT Computer Science and Artificial Intelligence Laboratory, but he has a colorful history as one of the computer world's most renowned hackers. In 1988, while still an undergraduate at Cornell, Morris released into the wild what may have been the first computer "worm," a virus that went on to infect 6,000 Unix-based computers. Many of these machines suffered serious damage.

Although Morris claimed that he was only trying to measure the "size" of the then-embryonic Internet, the government eventually decided to prosecute him. He became the first person convicted under the 1986 Federal Computer Fraud and Abuse Act [source: Markoff]. Because of the novelty of the case and Morris' claim that he didn't intend to cause any damage, a debate ensued about whether he deserved prison time. Eventually a judge sentenced Morris to three years probation and ordered him to pay a fine and perform 400 hours of community service.

A Hacking Convention

Since 1993, the DEFCON conference has been one of the world's largest gatherings of hackers. The event features lectures, hacking contests and other events, and is attended by many well-known hackers and computer-security specialists.

John Draper

While many hackers go mainstream and open consulting firms or become university professors, some never quite get there, and wind up in prison or somewhere else on society's margins. John Draper is one such person. After serving as a radar technician in the Air Force in the mid-1960s, Draper began tinkering with the phone system, learning its intricacies, its internal codes (including, allegedly, a code that allowed him to get President Nixon on the phone) and how to hack the system for free calls.

For his exploits, he became known as a "phone freak," adopting the name after finding a toy whistle in a cereal box and learning that the whistle could be used to imitate telephone tones. Later, Draper linked up with Steve Wozniak, co-founder of Apple, and also wrote one of the first word processing programs eventually picked up by Apple and IBM. But his eccentric behavior, poor business sense and bad luck hampered his ability to make money and to stay in a job for long. In the late 1970s, he served two stints in prison for phone fraud.

Over the years, some of Draper's more successful Silicon Valley friends, like Wozniak, have tried to help him, but his record and behavior make him difficult to employ. A 2007 newspaper article described Draper as living in a decrepit, one-room apartment, having almost no teeth, and getting by either on the kindness of friends or occasional programming gigs.

The Masters of Deception

The Masters of Deception (MOD) was a group of hackers based in New York who, in the late 1980s, went on a hacking spree, taking particular advantage of the country's phone system in order to hack into various corporate and government networks.

Although members of the MOD were top-notch hackers, their big mistake likely came when they engaged in a rivalry with the Legion of Doom (LOD). The battle between the two came to be known as the Great Hacker War, although the conflict allegedly started when one LOD member used a disparaging racial epithet in reference to an MOD member. What followed was a back-and-forth battle between the hacking groups, which also involved LOD members providing security advice to corporations that MOD had targeted.

Eventually, five members of MOD pled guilty to various crimes, and four spent brief periods in jail. The groups' members dispersed, and many found work for technology and security firms. Their story has been chronicled in many articles and books, including one whose title says it all: "Masters of Deception: The Gang That Ruled Cyberspace."

Matthew Bevan and Richard Pryce

Some hackers steal information or money, or damage or hijack systems, but few hackers can claim to have nearly started a war. But in 1996, Matthew Bevan and Richard Pryce were accused of just that by the U.S. government. Bevan and Pryce, who are both British, were arrested separately, several months apart, for trying to break into U.S. military systems.

Bevan was a 21-year-old IT worker at the time and went by the hacker alias "Kuji," while Pryce was only 17 and known as "Datastream Cowboy" [source: Knight]. According to a U.S. government report, the two allegedly worked together for several months, first establishing an electronic beachhead on a computer system located at Griffiss Air Force Base, in New York. They then installed password-collecting programs and began hacking their way into other government systems. After discovering the intrusions, U.S. officials became especially alarmed when they found that the duo may have infiltrated a North Korean system during an especially tenuous time of negotiations with that country over its nuclear-weapons program. Because the intrusion came via a hijacked U.S. government computer, it could've been construed as an act of war. Ultimately it was discovered that the hack in question had targeted a South Korean government agency [source: U.S. Department of Agriculture].

Phone Phreaks

Among "phone phreaks" -- hackers who manipulated the pre-Internet phone system -- none were better than Joybubbles (aka Joe Engressia), a blind man with a genius-level IQ who used his perfect pitch to whistle for free phone calls.

Jonathan James

By age 16, Jonathan James had already achieved renowned hacker status by becoming the first juvenile hacker to be sentenced to juvenile detention for 6 months in 2000 [source: Stout]. Going by the alias "cOmrade," James was charged with hacking into computer systems belonging to NASA and the Department of Defense. His hacks were harmless, but he stole information and the security breaches required extensive downtime in order to secure the systems, which cost tens of thousands of dollars.

James' father supported his son, saying that he hadn't caused any damage and had exposed security flaws [source: Stout]. Unfortunately, after leaving the juvenile institution, James' troubles continued when he tested positive for drugs. And when his mother died when he was 18, that left him alone with her house and little motivation to work, a recipe for hacking.

In 2008, government agents raided his house as part of an investigation into what was then called the largest identity theft case in U.S. history [source: Poulsen]. James and others were suspected of hacking into the systems of many large businesses and stealing information as part of an identity and credit-card theft ring that had netted millions of dollars. Two weeks after the raid, James committed suicide. He left a suicide note explaining that, while he considered himself innocent, he believed that because of his past notoriety, federal authorities would pin the blame on him rather than other guilty parties.

Albert "segvec" Gonzalez

In 2009, Albert Gonzalez pleaded guilty to hacking into numerous companies' computer systems in connection with the so-called TJX identity theft ring -- the same series of crimes that led to the raid on Jonathan James' house. The group that Gonzalez was a part of stole 36 million credit card numbers from TJX, which owns TJ Maxx and other large stores, although 70 percent or so of these cards were expired [source: Zetter]. Still, the costs to the companies responding to the attacks were immense; TJX alone spent more than $170 million [source: Zetter].

What's particularly strange about Gonzalez's case is that for years he worked as an informant for the secret service, providing information on other credit card thieves. However, by continuing and even expanding his criminal behavior, he left himself open to prosecution and was eventually sentenced to 20 years in prison [source: Zetter]. Several other men also were sentenced to prison time for their participation in the ring, although Gonzalez's sentence remains the longest ever handed down to a hacker in the United States.

The TJX Ringleader

Albert Gonzalez sent the data he stole to the TJX ring's mastermind, Maksym "Maksik" Yastremskiy. He was sentenced to 30 years in prison by Turkish authorities in 2009.

 @@##$%$^$%^%()(()__$%W%@#%^$H#^%^%%^#$^%^*#$%^@^@#

The History of Hacking and Viruses

The History of Hacking and

Viruses 

INTRODUCTION

 Imagine this scenario: you’ve just sat down at your computer. You boot it up, and as it 
finally loads up, you realize that a lot of your files are missing. Then, your computer crashes. 
You try and try again to restart it but nothing seems to be working. You bring your desktop in to 
a computer repair shop and learn that you’ve been the victim of a malicious attack. In this day 
and age, this exact situation isn’t all too uncommon. Like a normal virus, a computer virus can 
spread from computer to computer in the blink of an eye, preying on all of the files hidden or 
visible in the hard drive. As a PC user, I became more and more intrigued as to computer 
viruses and the hackers (or as the computer community calls them, “crackers”) that create them. 
In this report, I hope to explore the history of computer viruses, how and why they are made, as 
well as research hackers and what their malicious attacks have done. 

How does a computer virus work 

 So just how exactly does a computer virus work? Well, just like there are many 
different strands of viruses that can attack a human body, there are different kinds of computer viruses that can attack and potentially harm your computer. The four most common computer 
infections are viruses, e-mail viruses, Trojans, and worms. A virus is a small piece of code that 
is attached to a program, such as a popular game or word processor. When a user runs the 
program, the virus then loads itself onto the memory and searches for another program that it can 
attach itself to. Once it does, it modifies the code to add the virus’s code in, and then starts the 
original program. Every time the user runs any infected program, a new program is infected. 
Then if that program is sent to another user, their computer will become infected. This is how a 
virus will spread from one user to another. 
 While spreading a virus will inevitably cause damage, the part of the virus that actually 
harms a computer is its attack phase. Usually some kind of trigger will start the attack phase, 
and then the virus will execute its attack. This attack could be anything from a message on the 
screen to a destroyed hard drive. 

History of Hacking 

 According to the Washington Post, in 1979 engineers at Xerox Palo Alto Research 
Center discover the computer "worm," a short program that scours a network for idle processors. 
This worm just so happens to be the descendant of the modern day worm. As I read more of the 
article, I read about the “414s”, a group of computer hackers who hacked their way into many 
computer systems, including (according to the Detroit Free Press) the Los Alamos National 
Laboratory, Sloan-Kettering Cancer Center and Security Pacific Bank. One of the young men, 
17-year-old Neal Patrick, said that the only reason he did it was the challenge of getting into places he knew he shouldn’t be, and staying in there unseen. Unfortunately for him and his 
group, they were discovered by the FBI in 1983. Although many saw the 414s as harmless, they 
did cause $1,500 worth of damage at Sloan-Kettering by deleting files. All of this had happened 
prior to any known viruses were spread. It wasn’t until 1986 that the first “computer virus” was 
ever created. Invented in Pakistan by Basit and Amjad Farooq Alvi, the virus would slow down 
the floppy disk drive. The virus was originally created to protect the brothers’ medical software, 
but it had spread all over the world. 
 In 1988, a programmer named Robert Morris created a worm that disabled roughly 
6,000 computers on the ARPANET network by flooding their memory banks with copies of the 
worm. After confessing to creating to the worm, he was charged under the Computer Fraud and 
Abuse Act, and was sentenced to 3 years probation, 400 hours of community service, and a 
$10,000 fine. This man was the originator of the computer worm, and it all happened only 20 
years ago. After reading all of these interesting articles on the origin of the computer worm, I 
decided to look into other viruses and the damage that was caused by them. 

Computer Viruses 

 After researching computer viruses from the first one in 1988 till the present, I’ve come 
to notice that the bigger-named viruses didn’t really happen until the late 1990’s. In 1999, the 
“Melissa” virus spread causing roughly $80,000 worth of damage. The virus would send copies 
of itself to the first 50 names listed in the victim’s Outlook e-mail address book. It also infects 
Microsoft Word documents on the user's hard drive, and mails them out through Outlook to the same 50 addresses. Other known viruses include the “I Love You” virus in 2000, the “Anna 
Kournikova” virus and “Code Red” worm in 2001, the “Klez” worm in 2002, and the “Slammer” 
worm in 2003. 
 The “I Love You” virus took what made the Melissa virus spread and brought it to an 
entirely new level. Upon opening the attachment (Love-Letter-For-You.txt.vbs), the computer 
became infected, and the virus began its work. It would start by scanning the computer for any 
passwords which were sent back to a website, which was obviously made by the creator of the 
virus and since then has been shut down. Instead of just sending a copy of itself to the first 50 
names listed in an e-mail address book, this virus would send a copy of itself to a person’s entire 
address book. It also would overwrite files with the .vbs, .vbe, .js, .css, .wsh, .sct, .hta, .jpg, 
.jpeg, .mp2, or .mp3 extension, which was very damaging for companies that worked heavily 
with multimedia files. McAfee.com said that 60 to 80 percent of its Fortune 100 clients were 
infected by the virus. 
 In 2001, a new virus was spread out to more than 225,000 computer systems globally, 
shutting down many websites with the message “Hacked By Chinese”. The Code Red virus was 
the perpetrator, but also had a hidden agenda. The virus planned to shut down a web address that 
represents the White House website via a Denial of Service attack. However, the White House 
switched to another address to avoid the attack. 
 Of all the viruses I’ve studied, the most interesting one has to be the Klez virus. The 
reason I find it most interesting is by the way it sends itself to other machines. It spreads itself 
around just like the Melissa virus or the ILOVEYOU virus, except it finds both a new sender and a new victim from the infected machine. For example, Computer A gets infected with the Klez 
virus. It then finds two e-mail addresses (Computer B and Computer C) and sends out the virus. 
Computer C receives the e-mail from Computer B, making it very hard to trace. On top of all 
this, the virus will also destroy files within the infected machine. Later strands of the virus even 
corrupted the system beyond repair, forcing users to reformat their entire system and reinstall 
Windows. 
 The latest virus mentioned, the Slammer virus, was a shockwave that attacked 
vulnerability within the Microsoft SQL Server Desktop Engine, infecting roughly 22,000 victims 
globally. Sites that monitor the traffic of the Internet (such as the Internet Storm Center) 
reported global slowdowns. Yonhap news in South Korea reported that Internet services had 
been shut down on Saturday January 25 2003. 

Hackers- The “Black Hats” 

 But with all of these worms and viruses are the hackers that create them. Hacking has 
been around since the 1950’s, when young MIT students first got their hands on a computer. 
Hackers of this group included Peter Deutsch, Bill Gosper, Richard Greenblatt, Tom Knight, and 
Jerry Sussman. In the 1970’s, John Draper figured out that by using the toy whistle found in 
Captain Crunch cereal, he could make long distance phone call for free. This whistle generates a 
2600-hertz signal, the same high-pitched tone that accesses AT&T's long-distance switching 
system. Draper (aka: Cap’n Crunch) started creating “blue boxes”, and he and other “phreaks” 
(or phone hackers) were able to commit wire fraud.  One of the most noted phone phreaks was Ian Murphy, or as the hacking community 
referred to him, “Captain Zap”. Murphy was the first hacker to be tried and convicted as a felon. 
He broke into AT&T’s computers in 1981, and changed the internal clocks that measured the 
rates of calls. For his crimes, he was sentenced to 1000 hours community service and 2 ½ years 
of probation. 

Hacking – 1970-1989
  
As the years passed and technology became more advanced, so did the hacking 
community. Many of the phone phreaks of the 70’s had moved their skills into computer 
hacking in the 80’s, and with that came electronic bulletin board system, or BBS. With these 
BBS’s, hackers could trade tips, share information and stolen passwords, and talk about new and 
improved hacking techniques. It is notable to point out that this is during the same time that 
many hacking groups began to form, such as the previously mentioned 414 group, the Legion of 
Doom, and the Chaos Computer Club. While the first two are groups found in the United States, 
the CCC was a group that formed in Germany. These groups were the most influential hacking 
groups of their time. While most of their ambitions were for exploration, some hackers wanted 
nothing more than personal gain. They began hacking computers to steal passwords, credit card 
information, and remote access to unauthorized computers. Because of the high amount of 
criminal acts the US government decided to create the Computer Fraud and Abuse Act in 1986. 
This act was made to help reduce the criminal computer acts being committed during that time. 
In 1989, a group of hackers who were loosely affiliated with the CCC were arrested for selling United States operating system source code to the Soviet KGB. All were sentenced to probation 
and fined, but nothing serious was done because the information that was stolen wasn’t 
classified. 

Hacking- 1990-Present 

 It was during the 90’s that some of the most heinous hacking took place. To some, this 
decade produced the hacking “Hall of Fame”. That list of hackers included Kevin Poulsen, 
Vladimir Levin, Robert Morris, Ian Murphy, Kevin Mitnick, and Mark Abene. Each of them are 
brilliant with computers and each has their own story to put them in the Hall of Fame. Kevin 
Poulsen, or “Dark Dante” as he was known online, is known as one of America’s best-known 
cyber-criminal. In 1990, he took over all telephone lines going into Los Angeles area radio 
station KIIS-FM, assuring that he would be the 102nd caller, and become the winner of a Porsche 
944 S2. The FBI began to track Poulsen, and he was finally arrested in 1991. He pleaded to 
seven counts of mail, wire and computer fraud, money laundering, and obstruction of justice, and 
was sentenced to 51 months in prison and ordered to pay $56,000 in restitution. Since his 
release, he has become the senior editor for Wired News. 
 While Ian Murphy was breaking into phone lines and Robert Morris was making the 
Morris worm, the other mentioned hackers were breaking into the spotlight. Vladimir Levin 
made his claim to fame in 1994 when he accessed the accounts of several corporate customers of 
Citibank. He then transferred funds to accounts set up by different accomplices in Finland, the 
US, the Netherlands, Israel, and Germany. When his accomplices were arrested for trying to withdraw funds, all fingers pointed to Levin, and he was arrested March of 1995. It wasn’t until 
1998 that he was convicted and sentenced to three years in prison, and a fine of over $200,000. 
Since then, Citibank has begun using the Dynamic Encryption Card, a security system that no 
other financial institution in the world has. 
 Of all the hackers of this era, one man made himself a worldwide computer celebrity. 
Kevin Mitnick, or “Condor” online, was also nicknamed the “Lost Boy of Cyberspace” for his 
repeated offenses in computer crimes. His first attempt at any kind of hacking was when he was 
a young boy. He realized that by buying his own punch for his bus card, he could bypass the 
punch card system used in the LA buses and get free rides to anywhere within the greater area. 
However, it was his computer cracking that made him a fugitive of the law. He was wanted by 
the FBI for stealing over 20,000 credit-card numbers, and was finally taken down in February of 
1995. He was sentenced to four years in prison, and afterwards was not allowed to come in 
contact with a computer or phone line. Since his release, he now works in computer security 
consulting. 
 The last hacker on this list of fame is Mark Abene, or as he was known in cyberspace, 
“Phiber Optik”. Abene and a group of brilliant hackers had formed a group known as the Legion 
of Doom. After an argument with Chris Goggans (aka Erik Bloodaxe), he was removed from the 
group, and he then started his own group, the Masters of Deception. The feud between these 
groups ended up resulting in the Great Hacker War. The War started when an invite-only 
bulletin board called “Fifth Amendment” was closed down. The closing had been blamed by MOD member John Lee (aka “Corrupt”), who was apparently distributing information that was 
discussed on the board. After some prank phone calls and threats issued out by MOD, Goggans 
and his team began a campaign to expose MOD. The War only lasted a few days, but during 
that time it was clear that hacking was serious business. 

How to prevent a user from a virus 

 Since then, hacking has only gotten worse. Programs such as Back Orifice, which allow 
hackers unauthorized remote access into a computer running Windows 95 or 98, were being 
created all around the world. It was just before the new millennium that security software 
vendors began distributing anti-hacking software for home-computer use. While programs like 
Norton Anti-Virus and McAfee antivirus software can put a damper on most viruses, they can 
only do so much to help out a computer user. Computer users of today are not like the computer 
users of the 80’s: back then, people knew how to use a computer inside and out, and knew how 
to manipulate it to do whatever they wanted. Now, most homes have 2 or 3 computers, and 
users only know how to send an email, or open a web browser, or play the latest video game. It 
has become obvious that the common person needs to be more informed about hacking and 
viruses. 
 So how do you prevent yourself from becoming infected? For starters, using a more 
secure operating system such as UNIX can keep viruses and unwanted human visitors from 
accessing your hard drive. If a user is more comfortable using Windows, anti-virus protection is a must. A user should avoid all kinds of programs from unknown sources, and that includes the 
internet. A program posted up by a “credible source” can still contain a virus. The best way to 
install software to your computer is to install it via CD drive, and to make sure it was bought 
straight from the manufacturer. Finally, a user should never open an e-mail attachment that 
contains an executable file. Any kind of “.exe” “.vbs” or “.com” file could potentially contain a 
virus, and once you open it, you allow the virus to do whatever it wants on your machine. 
 The world of computers has vastly changed, and with it the world of hacking. What 
started out as simply an exploration turned into greed and self-profit. However, there are still 
those who take hacking as an exploration; a way of making technology better for the future. 
Hackers such as Steve Wozniak (co-founder of the Apple computer) and Linus Torvalds 
(initiated the development of the Linux kernel) are those hackers, known in the community as 
“White Hats”. In the end, the computer is simply a machine. What you do with it, however; is 
what makes this simple machine so powerful. 

 ,,,,,,,,,,,,,,###@@@@^**^((^%^%$^$%^$#%^%^^(^(^()%$%^#$.............................