5 of the World’s Dumbest Cyber Criminals

5 of the World’s Dumbest Cyber Criminals

Just because you can use a computer, it doesn’t mean you’re smart. Movies portray hackers as criminal masterminds who can take down corporations — or even the national electrical grid — with the a few keystrokes.

It may be true that the average hacker is astute with coding and programming language, but that doesn’t mean all have common sense. There are master thieves and then there run-of-the-mill dummies trying to make an illicit buck online.

Here are some of the dumbest attempts at cyber crime to date.

1. Tweeting About Your Cyber Attack

Scott Arciszewski was a 21-year-old student at the University of Central Florida when he hacked a company that had FBI ties. This attack, which hit Tampa Bay Infraguard, a firm that helped protect the FBI critical infrastructure, was an impressive feat. But Arciszewski wasn’t satisfied to carry it out anonymously, instead bragging about his exploits on Twitter. The police found him soon after in his dorm room.

2. Hacking Call of Duty

A 17-year-old in the United Kingdom wanted to boost his gamer cred. So he hacked the popular video game Call of Duty, rigging up a denial-of-service attack with a program called Phenom Booter that prevented other online players from logging in and killing his character. He reportedly tried to increase more than his score, looking to improve his bank account by selling the program to other users who wanted to reap its rewards. This helped the police track the attack back to him, and law enforcement detained the juvenile at his home.

3. Border(line) Stupid ID Theft

Two Mexicans almost became beneficiaries of one of the world’s largest data breaches. They acquired some of the records exposed when hackers stole more than 100 million people’s personal information and began to profit from identity theft, which victimizes at least 7 percent of the population. Unfortunately, they went overboard — bulk buying a ton of goods in one weekend — then they tried to go over the border. Authorities nabbed them in McAllen, Texas, with about 90 fraudulent credit cards. “It’s not that we find criminals like this through cyber-forensics,” cyber security expert Bruce Schneier told the Los Angeles Times. “We get them in the real world when they do something stupid… It’s invariably how it works: Getting credit cards is easy. Turning it into cash is hard.”

4. Stealing Miley Cyrus’ Password

Josh Holly was one cyber criminal who knew how to exploit people’s desire to connect with celebrities in order to bilk them out of money. He hacked into MySpace and unveiled the passwords of the rich and famous, then sent spam messages from their accounts to unsuspecting fans. In return, he got enough credit card and financial information to make about $100,000. He may have gotten away with it, too, but he also used the password he found for Miley Cyrus to hack into her email account, where he found compromising photos of the then-underage pop star. He shared those online and, of course, bragged about it online, too. In addition to the notoriety he desired, this brought to cops to his home.

5. Forgetting to Renew

Even the most sophisticated hackers make dumb mistakes. The Equation Group, which was known to pull off “superhuman technical feats,” perplexed security experts for years and were considered to employ some of the world’s best cyber criminals. But the organization made a rookie mistake by failing to renew several domain names it had used for illicit activity. The URLs had been registered through GoDaddy.com, so they went back into the pool of publicly available web addresses that anyone could buy after the group failed to re-register them. “Usually, [hackers] clean up all the affected machines,” one involved party told Fusion.net, but this time nobody did. So those on the case seized this opportunity and acquired the domains, which later helped lead them back to the source.

  • “Tweeting about your cyber attack” is a rather dumb way to mischaracterize what actually happened: In a moment of youthful stupidity, I could think of no better way to alert them that their IT company (Sylint Corporation) hadn’t updated their software in years. That their IT company had the domain name usinfosec dot com just made it seem more urgent.