In 1988, a 23-year-old graduate student at Cornell University, Robert Morris, released the internet's first worm. Morris, the son of a National Security Agency (NSA) computer security expert, wrote 99 lines of code and released them into the internet as an experiment. Quickly, Morris discovered that the program was replicating and infecting machines at a much faster rate than he had anticipated. Invisible tasks were overloading machines around the country and preventing users from using the machines effectively, if at all. Computers were crashing or becoming unresponsive to commands. To curtail the spread of the infection, many system administrators were forced to cut off their machines from the internet entirely.

In 1990, a federal judge sentenced Morris to 400 hours of community service and a $10,000 fine. While Morris maintained that he did not intend to cause harm to the networks, he conceded that he did intend to gain access to the affected computer systems. Under the Computer Fraud & Abuse Act of 1986, Morris was found guilty of unauthorized access to a "federal interest computer," which the law defines as a computer that is used exclusively by the federal government or by financial institutions.

An international group, dubbed the "Phonemasters" by the FBI, hacked into the networks of a number of companies including MCI WorldCom, Sprint, AT&T, and Equifax credit reporters. The FBI estimates that the gang accounted for approximately $1.85 million in business losses.

"They had a menu of activities they could perform," says Richard Power, author of Tangled Web, a book chronicling tales of digital crime. "They had Madonna's home phone number, they could hack into the FBI's national crime database."

The Phonemasters reportedly forwarded an FBI phone line to a sex-chat line, racking up $200,000 in bills. They snooped in confidential databases to see whose phones the FBI and federal Drug Enforcement Agency were tapping. They hacked into the computer systems of several companies and downloaded calling card numbers and personal information about customers and created telephone numbers for their own use.

The FBI was first tipped off to the Phonemasters' actions in 1994. A federal court granted the FBI permission to use the first ever "data tap" to monitor the hackers' activities. Through the tap, the FBI was able to capture the Phonemasters keystrokes as they exchanged stolen credit card numbers. After an extensive investigation that involved Texas, Pennsylvania, Ohio, Colorado, California, Oregon, New York, Florida, Canada, Switzerland, and Italy, the case was finally laid to rest.

In September 1999, the members of the group were convicted of theft, possession of unauthorized access devices and unauthorized access to a federal computer. Corey Lindsly in Philadelphia, regarded as the mastermind, was sentenced to over 41 months in prison, one of the longest sentences for a hacker in U.S. history. Calvin Cantrell of Dallas was sentenced to 24 months. John Bosanac got 18 months.

The Phonemasters case is the first time that Title III of the Omnibus Crime Control and Safe Streets Act of 1968--originally passed to allow law enforcement to intercept wire and oral communications--was interpreted to allow a datatap over a computer network.

The Citibank case marks the hacker community's first foray into big-money banking. In 1994, Russian hacker Vladimir Levin engineered a heist from Citibank, tricking the company's computers into distributing an estimated $10 million to him and his accomplices in several countries. When Levin pled guilty in January 1998, he admitted using passwords and codes stolen from Citibank customers to make transfers to his accounts. While Citibank spokespeople have indicated that Levin gained access to the company's cash management system through valid accounts that weren't protected by encryption, there has been speculation that someone inside Citibank served as Levin's accomplice. Citibank denies such claims and evidence to the contrary has never surfaced.

According to published reports, Citibank's security system flagged two transfers in August 1994, one for $26,800 and another for $304,000. Bank officials then contacted the FBI, who tracked Levin as he trespassed on Citibank's system and made more illegal transfers. After determining where the transactions originated, telecommunications employees in Russia helped U.S. officials track the illegal fund transfers to St. Petersburg and finally to Levin. He was apprehended in London at Heathrow Airport in March 1995.

When Levin was extradited to the U.S. in 1997, he was described in the newspapers as the mastermind behind the internet's first-ever bank raid. Some security experts dispute that claim, however. Levin, they say, used telecommunications systems, not the internet, to break into Citibank. He was able to intercept Citibank customers' phone calls and, as the customers authenticated their accounts by punching in their account numbers and PINs, obtain the information he needed to commit the fraudulent transactions.

Citibank was able to recover all but $400,000 of the $10 million that was siphoned from its accounts. In January 1998, Levin pled guilty in federal court to charges of conspiracy to commit bank, wire, and computer fraud. Finally, in February 1998 a U.S. judge sentenced Levin to three years in prison, and ordered him to pay Citibank $240,000.

On May 9, 2000, Timothy Lloyd was convicted of writing six lines of code--essentially, a code "bomb"--that obliterated Omega Engineering Corporation's design and production programs. Since Omega makes components for clients such as NASA and the U.S. Navy, those systems were the company's rainmakers. Lloyd knew Omega's systems well. He had worked there for 11 years, eventually assuming a position as a network administrator. According to published reports, Lloyd was fired in 1996 because he was unable to get along with his co-workers.

Three weeks after Lloyd was fired, a worker at Omega's manufacturing plant in Bridgeport, New Jersey, logged on to a computer terminal. It was July 31, 1996, the date that the bomb was set to detonate. By logging in, the worker unleashed the aberrant code that instructed the system to delete the software running Omega's manufacturing operations. The Secret Service said that Lloyd had committed the largest ever act of worker-related computer sabotage, causing Omega nearly $10 million in lost sales.

A jury convicted Lloyd of computer sabotage in May 2000. However, the conviction was short-lived. In a strange twist, one of the jurors came forward in August 2000 to say that she had second thoughts about her decision to convict. According to Grady O'Malley of the U.S. Attorney's Office, the juror had seen a news story about the "Love Letter" worm and its attendant havoc and couldn't decide whether the story had had an effect on her decision to convict Lloyd. The U.S. District Court judge who tried the case overturned the conviction. The U.S. Attorney's Office in Newark filed an appeal. A decision is expected by late March 2001.

One researcher traced the rise of "hacktivism"--the use of technology and hacking skills to achieve social or political ends--to the Zapatista rebels in southern Mexico. The group has been credited with revolutionizing modern political interaction through its use of the internet.

On New Year's Eve in 1993, the day before the North American Free Trade Agreement went into effect, the Zapatista National Liberation Army declared the southernmost state in Mexico an autonomous region for the indigenous Mayan Indian population. This secession sparked a rebellion that is still being waged in the region today. According to the Journal of International Affairs, the insurgency in Mexico and its use of modern technology has led to what one researcher dubbed "The Zapatista Effect," which suggests that the very nature of political interaction is being rewritten, thanks in part to the internet.

Though the rebels are under constant surveillance by the authorities, they use hastily laid phone lines, laptops, modems, and other gear to disseminate information about their uprising to the public. First, the communications are transmitted to support agencies and other sympathisers in the region. And then the communications go worldwide to a network of peasants, church groups, and activists.

One such group of activists labeled themselves the Electronic Disturbance Theater (EDT). In what was supposed to be a show of solidarity with the Zapatista rebels, the EDT launched a web attack on the Frankfurt Stock Exchange, the Pentagon, and the web site for Mexican President Ernest Zedillo in September 1998. According to the communiqué distributed in newsgroups and on EDT's web site, participants in the online "sit-in" were instructed to use FloodNet, a tool the group developed enabling users to overload web servers. The Pentagon, which had been alerted to EDT's plans, fought back. All of the requests from EDT activists were redirected to a Java applet programmed to issue a counteroffensive. The activists' browsers were flooded with graphics and messages, and their computers crashed. The web site for Mexican President Ernesto Zedillo, however, reportedly buckled and crashed under the pressure of the 18,000 protestors who launched FloodNet.

From the time the Morris worm struck the internet until the onset of the Melissa virus, the internet was relatively free from swift-moving, highly destructive "malware." The Melissa virus, however, was rapacious; damages have been estimated at nearly $400 million. It marked a turning point, too: Melissa was the first incident of its kind to affect the newly commercial internet.

According to news reports, the earliest evidence of Melissa was in a posting to the alt.sex newsgroup from an America Online (AOL) email account. One of AOL's servers had served as a conduit for the virus, which was contained in a file named "list.zip." The victims, who had expected list.zip to contain a list of sexually oriented web sites along with user ID and password combinations, downloaded the file and ran the program it contained. In doing so, they served as propagators of the virus.

The Melissa virus spread like a cancerous chain letter, exploiting a hole in Microsoft Outlook, a popular email software. Once the virus penetrated a computer, it gained access to the Outlook email system and started self-replicating, sending email to as many as 50 correspondents in the user's email address book. Since the virus acted so quickly, many email systems were overwhelmed by the traffic. Experts said that email infected by Melissa incapacitated computer networks at about 300 corporations.

Luckily, AOL "tagged" the newsgroup postings on its servers, including the messages on alt.sex. The tag provided investigators with information on the message itself and the equipment used to post the message. These tags helped pinpoint the New Jersey internet service provider (ISP) used to post the original message to alt.sex. The ISP was able to provide investigators with information to determine the actual telephone that made the call, which led them to the suspect's house.

David L. Smith, 30 years old at the time, said he named the virus after an exotic dancer he met in Florida. While his lawyer likened Smith to a "graffiti artist" rather than a cyberterrorist, Smith was ultimately charged under both state and federal laws. In December 1999, Smith pleaded guilty to federal and state charges that he authored and circulated a destructive and costly virus and agreed to causing nearly $80 million in damages. He was later sentenced to five years in prison.

Though the Melissa virus reportedly caused nearly $400 million in damages, federal sentencing guidelines allow for a maximum of $80 million in damages. In his book Tangled Web, author Richard Power writes, "The Melissa case had reached the outer limits of what was even conceived of in the federal sentencing guidelines."

In February 2000, some of the internet's most reliable sites were rendered nearly unreachable by distributed denial-of-service (DDoS) attacks. Yahoo took the first hit on February 7, 2000. In the next few days, Buy.com, eBay, CNN, Amazon.com, ZDNet.com, E*Trade, and Excite were taken down by DDoS attacks. Though damage estimates vary widely, the FBI estimates that the companies suffered $1.7 billion in lost business and other damages.

In a denial-of-service attack, the target system is rendered inoperable. Some attacks aim to crash the system while other denial-of-service attacks make the targeted system so busy that it can't handle its normal workload. The attacks on Yahoo and the other companies were distributed denial-of-service attacks, where one attacker can control tens or even hundreds of servers. After installing the denial-of-service script on several computers, a coordinated attack can be orchestrated from a remote location.

The attacks may have been avoidable. On November 18, 1999, Carnegie Mellon's Computer Emergency Response Team (CERT) issued an alert that two distributed denial-of-service tools had already been installed on unwitting hosts. Six weeks later the FBI's National Infrastructure Protection Center (NIPC) issued a similar warning and offered free software that system administrators could use to scan for evidence of DDoS tools.

On April 18, 2000, a juvenile in Canada, known online as "mafiaboy," was arrested and charged in connection with the DDoS attacks. Prosecutors alleged he broke into several computers, mostly at U.S. universities, and used them to launch the attack against the web sites. According to police, mafiaboy boasted in internet chat rooms about the attacks and was tracked through traces he left of his computer activity. On January 18, 2001, the 16-year-old computer hacker pled guilty to 56 charges, including mischief and illegal use of a computer service. He will be sentenced in April 2001, and could spend up to two years in a juvenile detention center.

For more accounts of notorious hacks, see the Discovery Channel's "Hackers Hall of Fame" and Wired.com's recent "The Greatest Hacks of All Time."