SecurityTrails Blog · Feb 16 · by Sara Jelen

Who Are Cybercriminals? The 10 Most Infamous Cybercriminals

Reading time: 13 minutes
Listen to this article

Throughout human history, crime has been ever-present. Whether it's burglary, theft, fraud, extortion, vandalism, or more serious offenses, it always followed us. But as technology progresses, criminals find more ways to conduct their illegal activities.

Today, crime has entered a new realm: the cyber realm. And now, besides "traditional" criminal activity, we have cybercrime and cybercriminals to worry about, too.

They have been long on the scene—so long that we can see cybercrime intertwined with the beginnings of the internet. Yet there are still a few misconceptions and misrepresentations of who cybercriminals really are.

Are they the individuals sitting in their dark rooms, hoodies on their heads, mischief on their mind? This representation of cybercriminals is as far from the whole truth as possible. Yes, the black-hoodie-on-head individuals do exist, but there is a much vaster network and so many types of cybercriminals out there that grouping them all under one umbrella just wouldn't be helpful. In order to protect our systems and our data and to keep ourselves secure, we need to understand who we're fighting against.

We've written about different types of cybercrime extensively, but today we'll tackle the people behind those acts. We're looking into who cybercriminals actually are.

Definition of a cybercriminal

Cybercriminals are individuals or groups who use computer systems and technology to commit illegal activities. Along with the advancement of technology, the methods and tools that cybercriminals use have also advanced. From brute force attacks, social engineering and ransomware to advanced persistent threats and zero day exploits, cybercriminals are constantly finding new ways to further existing methods of attack.

They can also have many different objectives. These include monetary gain via extortion and collecting information, such as personally identifiable information (PII) to commit further identity fraud, financial information to be sold on the darkweb, and information about new product development. It's not even uncommon to see individuals committing cybercrime just for the sake of it—to prove their technical expertise.

Types of cybercriminals

With most organizations now operating at least part of their businesses and storing their private and sensitive data online, and us as individuals conducting many of our daily activities on the internet, the target pool for cybercriminals is larger than ever. This has resulted in the growth of cybercriminal networks and greater incentives for cybercriminals to attack.

Based on their goals and objectives, we're able to recognize different types of cybercriminals.

Types of cybercriminals


Hacktivists are perhaps the only type of cybercriminals that doesn't place monetary gain anywhere near their goals. Instead, these individuals or groups commit cybercrime with the goal of furthering their political or social activism. They have been known throughout history to protest mainly against censorship, anti-piracy groups, and organizations and governments they believe to be unethical, and they are always in favor of the freedom of information.

Much discussion about hacktivism revolve around the distinction of whether they are or aren't cybercriminals. While it's true that they don't perform their activities for personal or monetary gain but for a bigger goal, they still perform illegal activities. And the most notable example of a hacktivist group is, of course, the one known as Anonymous.

State actors

Nation states have always been one of the main perpetrators of cyber attacks, mostly in the form of cyber espionage. They typically sponsor cybercrime groups or individuals in their cybercrime campaigns against other states and governments. A common goal for this type of criminal is obtaining strategic military advancements or taking action against a target's commercial interest.

Script kiddies

Script kiddies are individuals who lack serious technical knowledge and rely on simple and readily available tools that are able to attack weakly protected systems. While many cybercriminals craft their own tools, malware and exploits, script kiddies use off-the-shelf programs to attack their targets.

Inexperienced, maybe—but script kiddies aren't to be taken lightly: there is still a high number of networks with many vulnerabilities and very weak protection in place, making them the perfect targets for script kiddies.


You know them. Your inbox is full of them. That endless supply of scam emails that offer you a deal that's too good to be true, or inform you of a small fortune you've inherited, or perhaps take a more sophisticated approach by appearing to be an important notice from your bank telling you to verify your identity. All of these scams and phishing emails have one thing in common: the goal of getting a hold of sensitive information.

One way to do this is by mimicking an already existing website all the way to the login, where victims input their information. When that information falls into the hands of these cybercriminals—scammers, phishers, social engineers—they can use it for further identity fraud scams, or sell it on the dark web for monetary gain.

Insider threats

Did you know that 57% of all data breaches are carried out by insider threats within the target organization? So however dangerous outside threats and attacks by cybercriminals may be, they can often come from within, too—making them that much more dangerous.

When an individual already has access to sensitive parts of a system, it can be hard to distinguish whether their intention is simply to do their job or something more malicious. This is what makes insider threats and this type of cybercriminal particularly menacing, as they can go undetected for a long time. Disgruntled former or even current employees, strategically placed corporate espionage actors—whatever the motivation behind these cybercriminals, they are among the most dangerous around.

Cybercrime groups

Organized crime groups are moving from traditional ways of performing their illegal activities to the overall less risky methods that take place in cyberspace. Some organized crime groups elicit the help of cybercriminals who are already there.

In the past decade we've seen more and more criminal groups operating solely in the cyber realm. Cybercrime groups typically consist of skilled individuals who can operate for any goal: monetary gain, hacktivism, cyberterrorism, state-sponsored attacks, and more.

Top 10 most notorious cybercriminals

Some cybercriminals went on to switch their side and now work on the white hat side of security. Some remained set in their old ways. And their motivations were different: some were after the money, some after fame and some even after proving conspiracy theories. We have compiled this list based on the most notorious cybercriminals throughout history.

While you may notice famous cybercriminals like Kevin Mitnick, Kevin Poulsen and Robert Morris missing from this list, they do appear on our list of Top 10 Cybersecurity Legends You Should Know About, so feel free to read more about them there. The cybercriminals on this list are ranked by the years in which they committed their criminal acts.

Top 10 most notorious cybercriminals

John Draper

John Draper, aka Captain Crunch, is one of the most prominent figures in the history of cybercrime. A computer programmer, Draper is one of the most legendary phone phreakers of the '70s. The nickname "Captain Crunch" came to be when Draper discovered that a toy found in a Captain Crunch cereal box mimicked the frequency recognized by AT&T as the signal that a trunk line is ready for a new call.

A symbol of counterculture at the time, John was featured in an Esquire story about phone phreaking. After that, he was sentenced to five years of probation. The publicity did help him get hired at Apple as an independent contractor by Stephen Wozniak, who in his early days was involved in some illicit activities himself, making blue box devices, used for free long-distance phone calls and in early cases of phone phreaking.

Vladimir Levin

Another one of the early cybercriminals, Vladimir Levin's illegal activity took place in 1995, when he broke into Citibank's computers and stole nearly $10 million. What makes Levin's case even more interesting than the fact that this was one of the first digital bank robberies is the fact that he didn't use the internet to get into the bank's system. Instead, he listened to talks between the bank's representatives and customers to obtain account credentials. Then, he simply used the information to reroute funds to anywhere in the world. He and his accomplices were arrested shortly afterward, and he was sentenced to three years in prison.

One interesting bit of information that has come out in recent years is that Levin wasn't actually the one behind the attack—he merely bought the credentials of another Russian, the true cybercriminal behind this attack, and made the transfers. Whether that is the truth or not, we will probably never know for sure.

David L. Smith

In 1999, a version of one of the most widespread computer viruses in history was released: the Melissa virus. Melissa is a macro virus that doesn't have destructivity on its side, but the ability to spread quickly. It was distributed via an email attachment that, when opened, disabled protections in Word 97 or Word 2000 and re-sent the virus to the first 50 people in users' Microsoft Outlook address books.

David L. Smith, known as Kwyjibo, was the creator of the Melissa worm virus and that makes him a worthy entry on this list. What sets Smith apart from other notorious cyber criminals is the fact that there was no monetary goal behind his releasing the virus—it was merely an act of mischief, to prove that he can.

He was found guilty. To reduce his sentence, he agreed to work with the FBI and served only 20 months in jail.

Jonathan James

Jonathan James is remembered as the first minor ever convicted of cybercrime in the United States. During 1999, when he was 15, James committed a series of attacks on BellSouth, the Miami-Dade school system and even the Defense Threat Reduction Agency under the U.S. Department of Defense. He admitted to installing a backdoor in a computer server which he then used to install a sniffer to intercept messages between DTRA employees, and managed to obtain information about the source code for the International Space Station.

He was, allegedly, also an associate of Albert Gonzales and participated in carrying out cybercrime against Office Max, Boston Market and the TJX corporation, but he has always denied any ties with those attacks.

Michael Calce

Just like Jonathan James, Michael Calce, known as Mafiaboy, was also 15 years old when he discovered the thrill and power behind breaking into computer systems. In 2000, Calce launched a series of high-profile DoS attacks against Yahoo!, Fifa, Amazon, Dell, eBay and CNN. Combined, these attacks cost companies over $1 billion. Interestingly, Calce also tried to launch simultaneous attacks against nine of the 13 root servers—unsuccessfully.

He was caught when he claimed, in IRC chatrooms, to be behind the Dell attack that had not yet been publicized at the time. Mafiaboy was sentenced to eight months of "open custody", one year of probation and a small fine, due to being a minor when the cybercrime occured. Today, he works as a security consultant, helping companies improve their security and resilience to cybercrime.

Max Ray Butler

While some cybercriminals turn their leaf and join the light side by becoming security consultants and experts who help companies battle cyber threats, some move in the opposite direction for their cybercrime career.

Max Ray Butler, better known as Iceman, was a computer security superstar, acting as a security consultant, providing the FBI with information on security and piracy threats; he even curated an open source library of attack signatures. But in 2001, Iceman was sent to prison for launching an attack on Pentagon systems with which he left backdoors for himself to use for later attacks. He also ran a forum called CardersMarket, where stolen credit card data was sold and was caught with 1.8 million stolen credit card numbers with fraudulent charges on them, amounting to over $85 million.

Butler, formerly Vision (he changed his name after being caught), was sentenced to 13 years in prison, at that time the longest cybercrime sentence in U.S. history.

Adrian Lamo

Known as "The Homeless Hacker" for his reportedly transient lifestyle, Adrian Lamo started his cybercrime career as a grey hat hacker. He was breaking into corporate systems without causing damage but finding security vulnerabilities that he would offer, for free, to the targeted organizations. If they wouldn't fix the vulnerability, Lamo would notify the media.

Lamo came to the limelight after his high-profile breaches on Yahoo!, WorldCom, Microsoft and the one that got him sentenced for cybercrime—The New York Times attack in 2002. He gained access to The New York Times intranet, added himself to the list of experts and conducted research on high-profile figures. Most recently, Lamo again found himself in the news when he reported Chelsea Manning, who leaked confidential information to the public.

Gary McKinnon

Gary McKinnon, the man behind "the greatest military hack of all time", was accused in 2002 of infiltrating 97 U.S. and NASA computers, stating himself that he was looking for evidence of free energy suppression and UFO coverups. To this day, McKinnon claims he has found evidence of UFO existence on NASA's systems.

While his motivations behind cybercrime might sound less malicious than others on this list, maybe even more naive, he did manage to delete critical files that resulted in the shutting down of Army's Washington D.C. networks and the deletion of weapon logs at Earle Naval Weapons station in the wake of the September 11 attacks.

A UK citizen, McKinnon was never extradited to the U.S. where he was wanted for extradition on charges of terrorism. He remains free to this day.

Albert Gonzales

Known by his online name "soupnazi", Albert Gonzales began his career with the criminal commerce site and organization Shadowcrew, known for stealing and selling credit card details online. Gonzales himself was arrested for debit card fraud related to stealing millions of credit cards' data. In order to avoid a prison sentence, he became an informant for the Secret Service and betrayed Shadowcrew's members with that move.

But once a criminal, always a criminal, right? Well, not always—but it was true for Gonzales. During his time as an informant, he collaborated with a group of other cybercriminals and continued with his criminal activities. Using an SQL injection to deploy backdoors on corporate systems allowed Gonzales and his crew to steal more than 180 million payment card accounts, coming from attacks on Office Max, Boston Market and Dave and Buster's, to name a few. There were also reports of Gonzales throwing himself lavish birthday parties and staying at high-end hotels, which didn't help him look innocent.

Ultimately, it was his attack on the retailer TJX in 2005, which resulted in a theft of around $256 million and is considered the first serial data breach of credit information, that got him caught and sentenced to 20 years in prison.


The only cybercriminal on this list whose identity wasn't released to the public, ASTRA is believed to be a 58-year-old Greek mathematician who gained notoriety after breaking into the Dassault Group, a French aviation company, and was able to remain there for five years. In those five years, ASTRA stole weapons information and later sold it to different companies for only $1,000 each. The Dassault Group, on the other hand, lost more than $360 million. ASTRA was sentenced in 2008 to six years in prison.

Final words

Now we have a better understanding of different types of cybercriminals and what drives them to commit malicious acts against individuals, organizations and governments. Once, we only had to fight crime in the "physical realm" but with the addition of crime carried out against computer systems and networks, we now have to equip ourselves for battle on two fronts.

Knowing who our attackers are and understanding their motivations will help us immensely in crafting better defenses in the continuous fight to remain secure on the internet.

Sara Jelen Blog Author

Sara believes the human element is often at the core of all cybersecurity issues. It’s this perspective that brings a refreshing voice to the SecurityTrails team. Her ability to bridge cognitive/social motivators and how they impact the cybersecurity industry is always enlightening.

Subscribe to the SecurityTrails newsletter
Sign up for our newsletter today!

Get the best cybersec research, news, tools,
and interviews with industry leaders