▸ CLASSIFIED FILES // KNOWN THREAT ACTORS

THE WORLD'S MOST
NOTORIOUS HACKERS

From teenage bedroom hackers who broke into NASA, to nation-state operatives behind billion-dollar cyberattacks. These are the individuals and groups who defined the history of hacking — the legends, the criminals, and the ghosts.
[ BLACK HAT ] [ GREY HAT ] [ WHITE HAT ] [ STATE-SPONSORED ]
Kevin Mitnick
// THE WORLD'S MOST WANTED HACKER
GREY HAT → WHITE HAT 1980s — 2023 DECEASED 2023
Kevin Mitnick was once the most wanted computer criminal in United States history — a social engineer and hacker of extraordinary talent who broke into some of the world's most secure computer systems not primarily through technical wizardry, but through the art of human manipulation. He could talk his way past security guards, convince IT staff to hand over passwords, and impersonate executives convincingly enough to gain physical access to facilities. His story is the defining narrative of 1990s hacking culture.

What made Mitnick remarkable wasn't just his technical skill — it was his psychological acuity. He understood that the weakest link in any security system is always the human being operating it. A carefully crafted phone call, the right tone of voice, and the right set of pretexts could accomplish what months of technical work could not.
ORIGIN
Los Angeles, USA
PEAK ACTIVITY
1979 — 1995
PRISON TIME
5 years federal
SPECIALTY
Social engineering

▸ NOTABLE OPERATIONS

1979
Age 16 — broke into The Ark, Digital Equipment Corporation's computer network, and copied their proprietary operating system software.
1983
Infiltrated USC's ARPANET computers and gained unauthorized access to NORAD (North American Aerospace Defense Command) — an act so alarming it inspired the 1983 film WarGames.
1994
Hacked into Tsutomu Shimomura's personal computers — a renowned security expert — triggering a months-long manhunt that became a cultural phenomenon.
1995
Arrested by the FBI after Shimomura helped track him down. Had compromised systems at Nokia, Motorola, Sun Microsystems, and dozens of other corporations.
2000+
After release, became one of the world's most respected security consultants, running Mitnick Security Consulting until his death from pancreatic cancer in July 2023.
"The human side of computer security is easily exploited and constantly overlooked. Companies spend millions of dollars on firewalls, encryption, and secure access devices, and it's money wasted because none of these measures address the weakest link in the security chain: the people who use, administer, operate and account for computer systems." — Kevin Mitnick, The Art of Deception (2002)
Anonymous
// WE ARE LEGION. WE DO NOT FORGIVE. WE DO NOT FORGET.
HACKTIVIST COLLECTIVE 2003 — Present ACTIVE
Anonymous is not a person, an organization, or even a group in the traditional sense — it's an idea. Born from the anarchic culture of 4chan's /b/ board in the early 2000s, Anonymous evolved from internet trolls into one of the most recognizable hacktivist movements in history. Anyone can claim to be Anonymous; no one leads it; no one owns it. This decentralized structure makes it simultaneously powerful and chaotic.

Their signature — the Guy Fawkes mask from the comic V for Vendetta — became one of the most recognized symbols of internet activism globally. At their peak between 2008 and 2012, Anonymous conducted high-profile operations against the Church of Scientology, governments, intelligence agencies, and corporations they deemed corrupt or oppressive. Their primary weapon: Distributed Denial of Service (DDoS) attacks and website defacement, though skilled members also conducted sophisticated intrusions.
ORIGIN
4chan /b/, Internet
STRUCTURE
Decentralized / Leaderless
PRIMARY WEAPON
DDoS, Defacement, Leaks
MOTIVATION
Hacktivism / Chaos

▸ MAJOR OPERATIONS

2008
Project Chanology — Coordinated attack against the Church of Scientology following an attempt to censor a Tom Cruise video. DDoS attacks, prank calls, and worldwide protests involving thousands of real-world demonstrators wearing Guy Fawkes masks.
2010
Operation Payback — DDoS attacks against PayPal, Visa, Mastercard, and Amazon after they cut services to WikiLeaks following the release of classified US diplomatic cables.
2011
HBGary Federal breach — After CEO Aaron Barr claimed he had infiltrated Anonymous, members hacked HBGary Federal's servers, stole 70,000 emails, wiped their systems, and published the data online. Barr resigned.
2011
Operation Tunisia / Arab Spring — Provided technical assistance to protesters during the Arab Spring uprisings, helping circumvent government censorship and surveillance.
2022
Operation Russia — Following Russia's invasion of Ukraine, Anonymous declared "cyber war" on Russia, defacing state media websites, leaking government databases, and disrupting Russian TV broadcasts.
"We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us." — Anonymous, standard declaration
Adrian Lamo
// THE HOMELESS HACKER
GREY HAT 1999 — 2018 DECEASED 2018
Adrian Lamo earned the nickname "the homeless hacker" because he conducted his intrusions from coffee shops, libraries, and borrowed computers while living a nomadic existence across the United States. He had an unusual ethical code — he would hack into major corporations, then notify them of their security vulnerabilities rather than exploiting them for financial gain. This approach earned him a strange dual reputation: celebrated by some as a vigilante security researcher, condemned by others as a criminal who had no right to break in regardless of intent.

His most controversial act came in 2010, when he reported US Army intelligence analyst Chelsea Manning to federal authorities after Manning confided in him about leaking classified military documents to WikiLeaks. The decision made Lamo one of the most divisive figures in hacker culture — praised by some as a patriot, despised by others as an informant who betrayed a whistleblower.
ORIGIN
Boston, USA
TARGETS
NYT, Microsoft, Yahoo, AOL
SENTENCE
2 years probation
KNOWN FOR
Manning report / NYT hack

▸ NOTABLE INTRUSIONS

2002
Breached The New York Times' internal network, adding himself to their expert database alongside prominent Americans and accessing the personal information of contributors including social security numbers.
2001
Infiltrated Microsoft's corporate network and accessed their internal Hotmail systems. Notified the company rather than exploiting the access.
2010
After Chelsea Manning leaked classified military documents and diplomatic cables to WikiLeaks, Manning confided in Lamo via online chat. Lamo reported Manning to the Army's Criminal Investigation Command, leading to Manning's arrest.
Gary McKinnon
// SOLO // BIGGEST MILITARY HACK OF ALL TIME
BLACK HAT 2001 — 2002 FREE
Between February 2001 and March 2002, a Scottish systems administrator named Gary McKinnon — operating under the handle "Solo" — conducted what US authorities called the "biggest military computer hack of all time." Working from his girlfriend's aunt's house in London, McKinnon broke into 97 US military and NASA computers using nothing more than a basic Perl script that scanned for Windows machines with blank administrator passwords.

McKinnon claimed he was searching for evidence of UFOs and suppressed free energy technology — information he believed the US government was hiding from the public. Whether that motivation is taken at face value or not, what he found inside those systems was alarming: evidence of catastrophic security negligence at the highest levels of US military infrastructure. Entire networks of critical systems protected by no password whatsoever.
ORIGIN
Glasgow, Scotland
SYSTEMS BREACHED
97 US military / NASA
CLAIMED DAMAGE
$700,000 (US estimate)
OUTCOME
Extradition blocked by UK

▸ THE OPERATION

2001
Developed a simple Perl script that scanned Pentagon and NASA IP ranges for Windows machines with no administrator password. Found hundreds. Gained access to US Army, Navy, Air Force, Department of Defense, and NASA systems.
2001
Deleted critical files from US Army computers in the Washington DC area following the September 11 attacks, temporarily rendering the network of the Military District of Washington inoperable.
2002
Arrested by UK National Hi-Tech Crime Unit. The US government sought extradition and threatened up to 70 years in prison. After a decade-long legal battle, UK Home Secretary Theresa May blocked extradition in 2012, citing McKinnon's Asperger syndrome diagnosis.
"I found a spreadsheet of non-terrestrial officers and fleet-to-fleet transfers... I was absolutely gobsmacked." — Gary McKinnon, on what he claims to have found in NASA systems

NATION-STATE THREAT ACTORS

Beyond individual hackers, the most sophisticated and dangerous cyber operations are conducted by government-backed groups with virtually unlimited resources, political objectives, and legal protection from their own governments. These are not hackers in the traditional sense — they are intelligence agencies conducting warfare through digital means.

APT28 — Fancy Bear
// RUSSIA — GRU (Military Intelligence)
One of Russia's most active cyber espionage groups, attributed to the GRU's 85th Main Special Service Center. Responsible for election interference operations across multiple countries, the 2016 DNC hack, and attacks on NATO members. Uses sophisticated spear-phishing and zero-day exploits. Has been active since at least 2004.
Known for: DNC hack, Macron campaign breach, German Bundestag attack
APT29 — Cozy Bear
// RUSSIA — SVR (Foreign Intelligence)
Russia's SVR foreign intelligence service cyber arm, known for extremely patient, stealthy long-term espionage operations. Unlike the noisier Fancy Bear, Cozy Bear prefers to stay silent and collect intelligence over months or years. Responsible for the SolarWinds supply chain attack — their most sophisticated operation to date.
Known for: SolarWinds Orion, 2016 DNC breach (alongside APT28), COVID-19 vaccine research theft
Lazarus Group
// NORTH KOREA — RGB (Reconnaissance General Bureau)
North Korea's primary cyber warfare unit, unique among nation-state actors because their operations are financially motivated as much as politically. North Korea uses Lazarus Group to generate revenue for the regime through cryptocurrency theft, bank heists, and ransomware — having stolen an estimated $3 billion in crypto between 2017-2023.
Known for: Sony Pictures hack, WannaCry, $81M Bangladesh Bank heist, $625M Ronin Network theft
APT41 — Double Dragon
// CHINA — MSS (Ministry of State Security)
Unusual among state-sponsored groups because they conduct both espionage on behalf of the Chinese government and financially motivated cybercrime for personal gain — sometimes simultaneously. Targets span healthcare, telecoms, technology, and gaming. Known for supply chain attacks and exploiting public-facing applications within hours of CVE disclosure.
Known for: CCleaner supply chain attack, COVID research theft, gaming industry fraud
Equation Group
// USA — NSA (Tailored Access Operations)
Believed to be the NSA's elite Tailored Access Operations unit — the most technically sophisticated threat actor ever documented. Their toolkit, partially leaked by the Shadow Brokers in 2016-2017, included zero-days for virtually every major platform, firmware-level implants that survive disk wipes, and the EternalBlue exploit later weaponized in WannaCry and NotPetya.
Known for: Stuxnet (with Unit 8200), EternalBlue development, firmware-level implants
Sandworm
// RUSSIA — GRU Unit 74455
Russia's most destructive cyber unit, responsible for attacks that caused real-world physical damage and civilian harm. They took down Ukraine's power grid twice, deployed NotPetya (the most destructive cyberattack in history), and targeted the 2018 Winter Olympics. Unlike espionage-focused groups, Sandworm's goal is disruption and destruction.
Known for: Ukraine power grid attacks, NotPetya, Olympic Destroyer, Viasat hack (2022)

THE OTHER SIDE — LEGENDARY WHITE HATS

Not all great hackers chose the criminal path. Some of the most skilled minds in the field built careers defending systems, disclosing vulnerabilities responsibly, and shaping the security industry. These individuals prove that hacking skill and ethical conduct are not mutually exclusive.

Tsutomu Shimomura
The security researcher who helped the FBI track down Kevin Mitnick after Mitnick hacked his personal computers. His account of the manhunt, co-written with journalist John Markoff, became the book Takedown. Shimomura's work on digital forensics and network security shaped an entire generation of defenders.
Bruce Schneier
Cryptographer, security technologist, and author of the foundational text Applied Cryptography. Schneier has spent decades making security concepts accessible to the public and policymakers. His concept of "security theater" — visible but ineffective security measures — changed how the industry evaluates real-world risk.
Charlie Miller
Former NSA analyst turned security researcher who became famous for repeatedly winning the Pwn2Own competition by finding zero-days in Safari and iOS. Most notably, he and Chris Valasek remotely hacked a Jeep Cherokee while a journalist drove it on a highway — forcing Fiat Chrysler to recall 1.4 million vehicles.
Katie Moussouris
Created Microsoft's first bug bounty program and helped establish the concept of coordinated vulnerability disclosure as an industry standard. Her work transformed how companies receive and respond to security vulnerability reports from external researchers, creating a framework now adopted worldwide.
Troy Hunt
Australian security researcher who created Have I Been Pwned — a free service that allows anyone to check whether their email address has appeared in known data breaches. The site has catalogued over 12 billion compromised accounts and is used by governments and enterprises worldwide for breach notification.

A HISTORY OF HACKING — KEY MOMENTS

The history of hacking spans more than five decades, evolving from curious teenagers exploring phone networks to nation-states conducting billion-dollar cyber operations. Here are the moments that defined each era.

1971
Phone Phreaking Begins. John Draper (Cap'n Crunch) discovers that a toy whistle from a Cap'n Crunch cereal box generates a 2600 Hz tone that grants free access to AT&T's long-distance network. The phone phreaking era begins, inspiring a generation of hackers including Steve Wozniak and Steve Jobs.
1983
WarGames Effect. The film WarGames introduces the concept of computer hacking to mainstream audiences and directly influences US government policy. The same year, the 414s hacker group breaks into 60 institutions including Los Alamos National Laboratory, prompting the first US computer crime legislation.
1988
The Morris Worm. Cornell graduate student Robert Morris releases what many consider the first major internet worm. It infects roughly 6,000 Unix machines (10% of the entire internet at the time), causing $10-100 million in damage. Morris becomes the first person convicted under the Computer Fraud and Abuse Act.
1995
Kevin Mitnick Arrested. After years as a fugitive, America's most wanted hacker is captured in Raleigh, North Carolina. His arrest marks the end of the "cowboy hacker" era — the age of individual genius hackers operating without consequence.
2000
MafiaBoy DDoS. 15-year-old Michael Calce (MafiaBoy) takes down Yahoo, Amazon, Dell, eBay, and CNN simultaneously using DDoS attacks, causing an estimated $1.2 billion in damages. Demonstrates for the first time the catastrophic potential of coordinated denial-of-service attacks against major internet infrastructure.
2010
Stuxnet Discovered. The world's first cyberweapon designed to cause physical destruction is discovered. Stuxnet targets Iranian nuclear centrifuges and represents the moment cyber warfare officially entered the domain of kinetic military operations. The world changes permanently.
2013
Snowden Revelations. Edward Snowden leaks classified NSA documents revealing global mass surveillance programs. While not a traditional hack, Snowden's actions — exfiltrating terabytes of classified data from one of the world's most secure agencies — represent one of the most consequential insider threat incidents in history.
2016
Shadow Brokers. A mysterious group calling themselves the Shadow Brokers leaks NSA hacking tools online, including EternalBlue. These tools are later weaponized in WannaCry and NotPetya — two of the most destructive cyberattacks in history. The leak fundamentally changes the offensive security landscape.
2020
SolarWinds. The most sophisticated supply chain attack ever discovered. Russian intelligence spends months inside US government networks — including Treasury, State Department, and DHS — completely undetected. The operation redefines what nation-state cyber espionage looks like at scale.
2023+
The AI Era Begins. Artificial intelligence begins appearing in both offensive and defensive security tools. AI-generated phishing emails become indistinguishable from legitimate communications. Automated vulnerability discovery accelerates. The next chapter of hacking history is still being written.