4 Famous Hackers Who Got Caught

iStock
iStock

Just recently we were reminded how delicate our online ecosystem really is when the mysterious group Anonymous took down big websites like Visa, Mastercard, and PayPal because they refused to support WikiLeaks. Anonymous is the latest in the fascinating history of hackers who have had their way with supposedly secure computer systems. The big difference – most of the other guys got caught.

1. KEVIN POULSEN

In 1988, at the age of 23, Kevin Poulsen, known online as Dark Dante, hacked into a federal computer network and started poking around in files for the investigation of Filipino President Ferdinand Marcos. It wasn't his first hack, but it was the first time the feds had noticed him. When he found out they were on to him, he went on the run. But like so many hackers, that didn't mean he went offline.

During the 17 months he was underground, Poulsen hacked FBI files, revealing wiretap details for mobsters, foreign politicians, and the American Civil Liberties Union. He and some hacker friends also took over the phone lines for an L.A. radio station, ensuring they were the winning caller in contests, netting themselves two Porsche sports cars, a couple Hawaiian vacations, and $20,000 in cash. When the TV show Unsolved Mysteries picked up on Poulsen's story and broadcast a segment about him, mysteriously, as soon as the screen displayed the toll-free number viewers could use to report tips on the case, all the show's phone lines went dead. Still, the episode proved to be his downfall, as Poulsen was apprehended shortly after when the employees of a supermarket recognized him from the show.

During their prosecution, the FBI called Poulsen "The Hannibal Lecter of Computer Crime," scaring the courts enough to warrant holding him without bail for five years in a federal prison while the government put their case together. However, when all was said and done, they could only charge him with lesser crimes like money laundering and wire fraud, dropping some of the more serious hacking charges altogether. He was sentenced to "time served" and released, but was barred from touching a computer for three years.

Since then, Poulsen has become a respected journalist, writing about computer security for Wired Magazine, as well as a few books on the subject, like Kingpin, which comes out in February. He has also used his hacking skills for the forces of good, famously finding 744 registered sex offenders who were using MySpace to troll for underage victims.

2. ALBERT GONZALEZ

Albert Gonzalez, known online as CumbaJohnny, was the mastermind behind shadowcrew.com, a black market website for hackers to sell stolen credit card numbers, Social Security Numbers, passports, and just about any other type of information imaginable. But when he got arrested for credit card fraud in 2003, he switched sides and became the key informant for the government in "Operation: Firewall," a massive program designed to take down hackers. Thanks to Gonzalez's assistance, 28 hackers, scattered across eight states and six foreign countries, were indicted on charges of selling around 1.7 million credit card numbers. For his assistance, Gonzalez was immune from all charges and was offered a job at the Secret Service.

With the Secret Service looking over his shoulder, Gonzalez developed a new online persona known as "soupnazi" to help snare hackers for the U.S. Government. But once he left the office for the day, soupnazi partnered with hacker Maksym Yastremski (aka Maksik), a Ukrainian whose sales of stolen credit card information were said to have reached $11 million between 2004 and 2006 alone.

To get credit card numbers for Maksik to sell, soupnazi and his hacker friends began "wardriving" – driving around town with a laptop hooked up to a powerful antenna, looking for wireless network signals they could breach. From the parking lots of major stores like TJMaxx, Target, Barnes & Noble, and many others, they installed "packet sniffers," software that can sit on the server undetected and grab data, like every credit or debit card transaction, from the store's vulnerable computer network. The sniffer then sent the credit card information over the internet to one of Yastremski's PCs in Turkey, allowing them to collect thousands of valid credit card numbers. Meanwhile, two European cohorts hacked Heartland Payment Systems, one of the largest credit card payment processing companies in the world, and stole card information from an astonishing 130 million transactions. With the two operations combined, Gonzalez and Yastremski were sitting on a virtual goldmine.

With an influx of cash, Gonzalez bought a brand new BMW, and blew thousands of dollars every weekend with his hacker friends on drinks, drugs, women, and swanky hotel suites. That year, he also threw himself a $75,000 birthday party. By this time, Gonzalez was no longer working for the Secret Service, who suspected he was up to no good but couldn't find any evidence. Gonzalez had taught the feds much of what they knew about hacking, so he also knew how to cover his tracks. Their suspicions were confirmed when Ukrainian authorities caught up with Gonzalez's partner, Yastremski. After searching through the files on Yastremski's seized computers, investigators found records of over 600 instant message conversations about acquiring stolen card numbers for sale. The IM name Yastremski was talking to was registered to the email address soupnazi@efnet.ru.

Gonzalez and 10 others were indicted in federal court in August 2008. Gonzalez pleaded guilty to all charges and, in March 2010, was sentenced to 20 years in prison. It's been estimated that the companies hit by soupnazi and his crew have spent more than $400 million to cover the damages done by these 11 men and their 11 computers.

3. KEVIN MITNICK

Using the alias "Condor," Kevin Mitnick's first big hack was a Department of Defense computer, which he gained access to when he was only 16 years old. His most famous crime in his younger days was stealing $1 million worth of software from computer company Digital Equipment Corporation (DEC). So when the FBI began investigating him in connection with a hack of the California Department of Motor Vehicles in 1992, he was determined not to get caught again and made a run for it. While a fugitive from the law, Mitnick continued to use a laptop and cell phone to break into computer networks and telephone systems across the country, stealing software, files, access codes, and anything else he could get his hands on, including some 20,000 credit card numbers.

For some hackers, like Mitnick, hacking isn't about the money; it's about being better than the other guy. Mitnick was barely challenged by the FBI on his tail, but on Christmas Day 1994, he found the perfect nemesis when he broke into the home computer of network security expert Tsutomu Shimomura (at left). Shimomura took the breach personally and began a year-long crusade to bring Mitnick down. Like a true cat and mouse game, the two were pretty well matched – for every move Mitnick made, Shimomura had a counter move. For example, thanks to internet monitoring stations set up by Shimomura, he was able to track the online movements of Mitnick. But that didn't matter, because Mitnick used his knowledge of telephone and computer networking systems to disguise his real-world location. In the end, though, the resources of the FBI and the skills of Shimomura were too much for one man. After evading capture for over two years, the FBI tracked Mitnick to an apartment in Raleigh, North Carolina, where he was arrested on February 15, 1995.

Thanks to a plea agreement, Mitnick spent five and a half years in prison. However, eight months of that time was in solitary confinement after federal prosecutors convinced the judge of the ridiculous notion that Mitnick could launch nuclear warheads by simply whistling the proper tones into a telephone receiver. Since his release, Mitnick has become a well known speaker at hacking and security conferences, as well as the head of his own company, Mitnick Security Consulting.

4. JEANSON JAMES ANCHETA

Just because you're using the mouse and typing on the keyboard doesn't mean you have complete control over your computer. If you're connected to the internet, your PC could be a "zombie," an unwilling member of a "botnet." A botnet is a large network of computers that have been infected with the same virus that will force them to perform some function for the "bot herder," the person who created and controls this illegal network of PCs. Usually, the herder will have your PC send out a few spam emails without your knowledge, or it could become part of an army of computers repeatedly contacting a website, forcing the site to shut down, in what is known as a "Denial-of-Service" (DoS) attack. Because DoS attacks are automated, they can often go on as long as the hacker controlling it would like, opening up the perfect opportunity for extortion (Pay up or the DoS will continue).

For 20-year-old high school dropout Jeanson James Ancheta, creating botnets became easy thanks to software he discovered online. As he continually expanded his army, he set up a website where he rented his zombies to spammers or hackers, complete with price ranges and recommendations for the number of zombies needed to complete the dirty job at hand. At one time during the course of his 14 month crime spree, it's estimated that Ancheta had over 500,000 computers at his disposal, some of which were owned by the U.S. Navy and the Department of Defense. Business was good, as Ancheta was able to buy a used BMW, spent about $600 a week on clothes and car parts, and had around $60,000 in cash at his disposal.

But the fun ended when Ancheta became the first person to be indicted for creating a botnet after getting caught as part of the FBI's "Operation: Bot Roast," a nationwide push to bring down bot herders. In 2006, he pleaded guilty to four felony charges and was sentenced to 57 months in prison, forced to give up his car and the $60,000 in cash, and to pay restitution of $15,000 for infecting federally owned computers.

Looking to Downsize? You Can Buy a 5-Room DIY Cabin on Amazon for Less Than $33,000

Five rooms of one's own.
Five rooms of one's own.
Allwood/Amazon

If you’ve already mastered DIY houses for birds and dogs, maybe it’s time you built one for yourself.

As Simplemost reports, there are a number of house kits that you can order on Amazon, and the Allwood Avalon Cabin Kit is one of the quaintest—and, at $32,990, most affordable—options. The 540-square-foot structure has enough space for a kitchen, a bathroom, a bedroom, and a sitting room—and there’s an additional 218-square-foot loft with the potential to be the coziest reading nook of all time.

You can opt for three larger rooms if you're willing to skip the kitchen and bathroom.Allwood/Amazon

The construction process might not be a great idea for someone who’s never picked up a hammer, but you don’t need an architectural degree to tackle it. Step-by-step instructions and all materials are included, so it’s a little like a high-level IKEA project. According to the Amazon listing, it takes two adults about a week to complete. Since the Nordic wood walls are reinforced with steel rods, the house can withstand winds up to 120 mph, and you can pay an extra $1000 to upgrade from double-glass windows and doors to triple-glass for added fortification.

Sadly, the cool ceiling lamp is not included.Allwood/Amazon

Though everything you need for the shell of the house comes in the kit, you will need to purchase whatever goes inside it: toilet, shower, sink, stove, insulation, and all other furnishings. You can also customize the blueprint to fit your own plans for the space; maybe, for example, you’re going to use the house as a small event venue, and you’d rather have two or three large, airy rooms and no kitchen or bedroom.

Intrigued? Find out more here.

[h/t Simplemost]

This article contains affiliate links to products selected by our editors. Mental Floss may receive a commission for purchases made through these links.

Is It Illegal to Falsely Shout 'Fire' in a Crowded Theater?

Fortunately, nobody incited a stampede at New York's Metropolitan Opera House on this night in 1937.
Fortunately, nobody incited a stampede at New York's Metropolitan Opera House on this night in 1937.
National Archives and Records Administration, Wikimedia Commons // Public Domain

If you asked a few random people to name a situation that wouldn’t be protected under the First Amendment’s “freedom of speech” clause, there’s a pretty good chance at least one of them would mention the example of someone shouting “Fire!” in a crowded theater (when there’s no fire). Over the last century, the scene has been used far and wide to illustrate that if your “free speech” harms people, you can still end up in the defendant’s chair. But, as is so often the case when it comes to interpreting the law, it’s really not that simple.

Panic Room

The aftermath of the Iroquois Theatre fire.Fire-Truck.Ru, Wikimedia Commons // CC BY-SA 4.0

When people first started discussing human fire alarms at packed gatherings, it was less about constitutional debate and more about societal menace. During the late 18th and early 19th centuries, there were dozens of tragedies [PDF]—mainly in the U.S., but also abroad—where false shouts of “Fire!” provoked panic that resulted in multiple innocent, and avoidable, deaths. In 1913, for example, residents of Calumet, Michigan, held a Christmas party for the children of copper miners on strike. Hundreds of people gathered on the second floor of Italian Hall, and when an unidentified perpetrator (possibly motivated by anti-union sentiments) yelled “Fire!” they all rushed to the stairs. The stampede claimed 73 victims, most of whom were children.

The fear of fire wasn’t unfounded. Since not all buildings had sprinkler systems, neon exit signs, and capacity limits, plenty of fatal blazes occurred. More than 600 people died in Chicago’s Iroquois Theater fire in 1903, event though (ironically) that building was actually thought to be fireproof.

In short, shouting “Fire!” in a crowded theater was an idea firmly entrenched in the public consciousness by the time judges co-opted the phrase for legal arguments on First Amendment rights.

Discussing Fire in a Crowded Courtroom

We mustache Oliver Wendell Holmes Jr. a question about First Amendment rights.National Photo Company, Library of Congress Prints and Photographs Division, Wikimedia Commons // No Known Restrictions on Publication

The axiom became popular in legal spheres after Supreme Court Justice Oliver Wendell Holmes Jr. mentioned it during Schenck v. United States in 1919, but he wasn’t the first person to use it in court. As Carlton F.W. Lawson pointed out in a 2015 article in the William & Mary Bill of Rights Journal, U.S. attorney Edwin Wertz had uttered a lengthier version of it the previous year while prosecuting activist Eugene Debs. In fact, since Holmes ruled on Debs’s appeal the very week after the Schenck case, he may have even gotten the idea from Wertz.

Each case involved a violation of the Espionage Act of 1917, which essentially made it punishable to do anything that interfered with U.S. military operations—including speaking out against the draft. Debs, a pacifist who opposed World War I, was under fire for a speech he had given in Ohio; and Charles T. Schenck, the U.S. Socialist Party’s general secretary, landed in front of the Supreme Court for passing out pamphlets that encouraged men to refuse the draft.

Both defendants were convicted, and Holmes justified his ruling on the Schenck case with the explanation that “the most stringent protection of free speech would not protect a man in falsely shouting ‘fire’ in a theater and causing a panic.” But while his analogy struck an emotional chord, it really had nothing to do with constitutional law.

“The ‘crowded theater’ statement in Schenck never amounted to any kind of binding standard or doctrine,” Nashwa Gewaily, a media and First Amendment lawyer, tells Mental Floss. “It was basically a bit of emotionally charged extra flair from Justice Holmes, outside the official legal determination of that case; a powerful image that endured outside its context ... It was not a high point in American jurisprudence.”

“Revengeance” Is Fine

What Holmes said after it, however, did become a standard for future free speech arguments. “The question in every case,” he said, “is whether the words are used in such circumstances and are of such a nature as to create a clear and present danger that they will bring about the substantive evils that Congress has a right to prevent.”

For the next 50 years, clear and present danger was the accepted—and slightly vague—metric for discerning if spoken or printed material was protected speech. Then, in 1969, the Supreme Court replaced it with something clearer. The case, Brandenburg v. Ohio, concerned a Ku Klux Klan leader named Clarence Brandenburg who had broken Ohio’s law against advocating “crime, sabotage, or unlawful methods of terrorism” for political purposes. (In his offending speech, he had mentioned the possibility of “revengeance” [sic] if the federal government didn’t stop “[suppressing] the white, Caucasian race.”)

Brandenburg appealed his guilty verdict all the way up to the Supreme Court, which overturned the ruling on the grounds that his threats were too ambiguous to “[incite] or [produce] imminent lawless action.” In order for something to qualify as imminent lawless action, it must: expressly advocate violence, advocate immediate violence, and relate to violence likely to occur.

As Gewaily explains, judges interpret this standard “far more narrowly than many would presume.” While individual institutions may condemn hate speech, for example, it’s technically protected under the law unless there’s “immediate violence” involved.

When Free Speech Is the Least of Your Worries

So, does falsely shouting “Fire!” in a crowded theater fall outside the conditions of imminent lawless action, and therefore fall under First Amendment protection? The short answer is that it depends on the circumstances. But here’s the long answer: If you get arrested for doing that, the charges brought against you might make the question of free speech totally irrelevant.

“The falsely shouted warning, while technically speech, could potentially violate a state's criminal laws against disturbing the peace or disorderly conduct, whether or not it provokes a stampede, for instance,” Gewaily says. And if there is a stampede in which somebody dies, you could be charged with involuntary manslaughter. In other words, there’s no law that explicitly prohibits you from crying “Fire” in a theater. It’s the other laws you’d have to worry about.

Shouting “Bomb!” or “Gun!” in public would put you in a similar situation. In May 2018, for example, officials had to evacuate part of Daytona Beach International Airport after a man ran naked through the building screaming about a bomb in the women’s bathroom. There was no bomb, but he was charged with “false report of a bomb,” “criminal mischief,” and “exposure of sexual organs,” among other things. In that case, no self-respecting lawyer would advise him to claim his actions were protected by the First Amendment.

That said, there’s good news for anyone whose panicked cry is an honest mistake. “Someone who shouts a warning in genuine error, with an intent to galvanize movement to safety, would not be properly punished for that speech,” Gewaily says.

And if Oliver Wendell Holmes Jr. has taught us anything, it’s that not every word a Supreme Court Justice says automatically counts as constitutional doctrine.

Have you got a Big Question you'd like us to answer? If so, let us know by emailing us at bigquestions@mentalfloss.com.