Hackers Who Got Caught: 50 Years of Prosecutions, Verdicts, and Doctrine
This module catalogs the most significant cybercriminal prosecutions from 1988 to 2025, with emphasis on the last decade. Each entry extracts the controlling le…
Hacker Hall of Fame
50 Years of Prosecutions, Verdicts & Doctrine
Every major hacker prosecution from the Morris Worm (1988) through LockBit (2024) — what they did technically, what they were charged with, what the jury decided, and what doctrine it produced.
0
Convicted
0
At Large
0
Extradition Blocked
50+
Years Covered
Foundational Era 1988–2002
| Name / Alias | Conduct | Sentence | Status | Key Doctrine | |
|---|---|---|---|---|---|
| Robert Tappan Morris | Morris Worm — first federal conviction | 3 yrs probation | convicted | United States v. Morris (2d Cir. 1991) | Full details → |
| Kevin Mitnick (Condor) | Serial intrusions — DEC, Motorola, Nokia, Sun | 5 yrs prison | convicted | Wire fraud + CFAA | Full details → |
| Kevin Poulsen (Dark Dante) | Radio station phone line hijacking + FBI DB access | 51 months | convicted | Wire fraud + computer fraud | Full details → |
| Jonathan James (c0mrade) | NASA ($1.7M code) + DTRA — first juvenile imprisoned | 6 months detention | convicted | CFAA § 1030 | Full details → |
| Adrian Lamo | NYT, Microsoft, Yahoo!, MCI via open proxies | 6 mos house arrest | convicted | CFAA § 1030 | Full details → |
| Albert Gonzalez (soupnazi) | TJX, Heartland — 170M+ cards via SQL injection | 20 yrs prison | convicted | CFAA + § 1028A | Full details → |
Organized Crime Online 2003–2012
| Name / Alias | Conduct | Sentence | Status | Key Doctrine | |
|---|---|---|---|---|---|
| Hector Monsegur (Sabu) | LulzSec — Sony, Fox, Senate.gov, CIA.gov | Time served | convicted | Cooperation → near-zero sentence | Full details → |
| Jeremy Hammond (sup_g) | Stratfor hack, 5M emails dumped to WikiLeaks | 10 yrs prison | convicted | CFAA § 1030 | Full details → |
| Andrew Auernheimer (weev) | AT&T iPad email harvest via sequential API | Reversed on appeal | acquitted | Venue error — not CFAA merits | Full details → |
| Gary McKinnon (Solo) | NASA + Pentagon — extradition blocked by UK | Never prosecuted | extradition | Asperger's / suicide risk blocked extradition | Full details → |
Nation-State & Mass Theft 2013–2018
| Name / Alias | Conduct | Sentence | Status | Key Doctrine | |
|---|---|---|---|---|---|
| Evgeniy Bogachev | GameOver Zeus botnet + Cryptolocker — $100M+ | AT LARGE ($3M reward) | at large | Indicted 2014, FSB-protected | Full details → |
| Andrei Tyurin | JPMorgan hack — 83M accounts | 12 yrs prison | convicted | CFAA + securities fraud | Full details → |
| Lauri Love | NASA, FBI, Fed Reserve via SQL injection — extradition blocked | Never prosecuted | extradition | UK forum bar + ECHR Article 3 | Full details → |
| Ardit Ferizi | Hacked PII for ISIS kill list | 20 yrs prison | convicted | CFAA + 18 U.S.C. § 2339B material support | Full details → |
| Marcus Hutchins | Kronos trojan (2014) / WannaCry kill-switch (2017) | Time served | convicted | Heroism factored in sentencing | Full details → |
2019–2025: Ransomware, SIM Swaps, Nation-State
| Name / Alias | Conduct | Sentence | Status | Key Doctrine | |
|---|---|---|---|---|---|
| Paige Thompson (erratic) | Capital One SSRF via AWS IMDS — 106M records | 5 yrs probation | convicted | Former AWS engineer; no prison (no monetization) | Full details → |
| Joseph J. O'Connor (PlugwalkJoe) | Twitter hack + SIM swaps + cyberstalking | 5 yrs prison | convicted | Extradited from Spain 2023 | Full details → |
| Graham Ivan Clark | Twitter hack mastermind — hijacked Obama, Musk, Gates | 3 yrs juvenile | convicted | Charged as juvenile in Florida (age 17) | Full details → |
| Arion Kurtaj (Lapsus$) | Microsoft, Okta, Nvidia, Rockstar GTA6 leak | Indefinite hospital order | acquitted | Not criminally responsible — mental disorder | Full details → |
| Yaroslav Vasinskyi (REvil) | Kaseya supply chain attack — 1,500+ businesses | 13 yrs + $16M restitution | convicted | Extradited from Poland | Full details → |
| Vladislav Klyushin | Hacked filing agents for insider trading — $93M profit | 9 yrs prison | convicted | Longest sentence for insider trading via intrusion | Full details → |
| Mikhail Matveev (Wazawaka) | LockBit, Babuk, Hive ransomware operator | AT LARGE ($10M reward) | at large | Indicted 2023, Russia-protected | Full details → |
| Dmitry Khoroshev (LockBitSupp) | LockBit admin — $500M+ ransom globally | AT LARGE ($10M reward) | at large | Indicted 2024, Operation Cronos seized infrastructure | Full details → |
| Joseph Sullivan | Uber CISO — paid $100K ransom, concealed from FTC | 3 yrs probation | convicted | First CISO convicted for breach response decisions | Full details → |
Deep-Dive Modules
Foundational Criminal Prosecutions: Morris Worm to Marcus Hutchins
Six prosecutions shaped every legal rule that applies to hackers and security researchers today. They established what "damage" means under the CFAA, whether op…
Nation-State Indictments: Charging Foreign Hackers the U.S. Cannot Extradite
The U.S. government regularly charges Russian military intelligence officers, Chinese MSS operatives, Iranian IRGC-linked hackers, and North Korean state progra…
Ransomware Group Prosecutions: DOJ Disruption Operations and Criminal Charges
The U.S. government no longer just charges ransomware actors — it runs multi-agency "disruption operations" combining indictments, server seizures, cryptocurren…