The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

Historic Hacks of the 1990s, Part 1

One early famous hacker was a buttefly guy.

The disks also contained malware, the so-called “AIDS Trojan,” which would be triggered after a computer was rebooted 90 times. User files would be encrypted, and a screen pop up would tell users to turn on their printers. Once the printer was activated, a message would print out instructing the user to mail a $189 “licensing fee” to a Panamanian P.O. box in order to receive decryption software.


AIDS researchers panicked and furiously tried to protect their data. The break in solving the case came when Popp began acting strange at Amsterdam’s Schiphol airport. He scribbled “DR. POPP HAS BEEN POISONED” on another passenger’s suitcase, and the police were soon involved.


Upon searching Popp’s bags, they discovered a seal labeled “PC Cyborg Corporation.” He was arrested and extradited to the United Kingdom to stand trial.


While awaiting his day in court, Popp’s erratic behavior continued to the point that the judge released him, declaring him “unfit to stand trial.” Popp soon returned to the United States where he opened the Joseph L. Popp Jr. Butterfly Conservatory in upstate New York.


Aftermath — Fortunately for the course of AIDS research, Popp had used symmetric cryptography, an easily reversable form of encryption. Experts analyzed the code and developed decryption tools which were disseminated free of charge.


Lesson Learned — The takeaway here, besides seeing butterflies in a whole new light, was that software could be easily weaponized. That, and don’t go sticking strange disks into your drive.


Citibank 1994


Vladmir Levin, an unassuming programmer in St. Petersburg, Russia used his office computer and Citibank’s customer dial-up wire transfer service to snag a list of codes and passwords for accounts held by corporate customers. Levin used the information to wire money to accounts held by accomplices in Finland, the United States, Germany, Israel, and the Netherlands. All told, he siphoned off $10.7 million before anyone noticed.


Authorities nabbed several of his partners as they were in the process of withdrawing cash. Faced with jail, and proving there is no honor among thieves, his buddies immediately fingered him as the head of the operation.


Fortunately for Levin, Russia prohibited extradition to foreign countries. Unfortunately for Levin, he didn’t stay in Russia. He was later pinched by Scotland Yard when his connecting flight landed at London’s Stansted Airport.


For two years, Levin fought attempts to extradite him to the United States., but eventually the United Kingdom’s House of Lords rejected his appeal and he was soon on his way across the pond.


Standing trial in New York, Levin copped a plea admitting to one count of conspiracy to defraud and to stealing $3.7 million. He was sentenced to three years in jail and ordered to pay restitution of $240,015 — an odd amount for someone who stole more than $10 million. The judge probably figured he was only ripping off a few faceless corporations.


Aftermath — Citibank realized, security wise, that they had been caught with their pants down and were soon spending millions to update their electronic security and implement encryption for accounts and passwords.


Lessons Learned — The financial industry realized the vulnerability of electronic transfers and would spend billions upping their cyber defenses. Prior to this, data breaches of financial institutions were hushed up. Levin’s hack only made the news because of his fight to avoid extradition.




Calvin Harper is a writer, editor, and publisher who has covered a variety of topics across more than two decades in media. Calvin is a former GoCertify associate editor.