First incident of cyber-espionage
Who
The KGB Hack
What
first first
Where
Germany (Hannover)
When

The first documented case of cyber espionage was carried out by a group of German computer hackers between September 1986 and June 1987. The group hacked into the networks of American defence contractors, universities and military bases, and sold the information they gathered to the Soviet KGB. The leading hacker in the group, Markus Hess, was arrested on 29 June 1987, and was convicted of espionage (along with two co-conspirators) on 15 Feb 1990.


The individuals involved in the scheme were loosely associated with a hacker collective called the Chaos Computer Club (founded in 1981), part of a "cyberpunk" counterculture in what was then West Germany. Prior to this project, the hackers that formed this scene mostly focused their energies on universities and telecoms infrastructure – searching not for monetary gain, but for access to the extremely expensive data networks (precursors to the modern internet) that allowed them to pursue more interesting targets and technical challenges.

The two most active hackers in the espionage ring, Markus Hess (aka "Urmel") and Karl Koch (aka "Hagbard"), had both gained access to the computers of American defense contractors while exploring international data networks. They had various methods of getting into these machines, but often they simply took advantage of a security vulnerability then present in the UNIX operating system. As installed, UNIX had several administrator accounts, each of which had a default password that was always the same. Many network administrators did not know to change all of these passwords, meaning that Hess and Koch could often get into these machines with just a generic set of credentials.

Once in, they would take over an inactive legitimate account and use that, allowing them to blend in with normal network traffic. Each time they successfully hacked into a computer system, they would scour its directories for passwords, network addresses and login credentials for other institutions, allowing them to jump from, for example, a university in Germany to a university in the United States, to a defence contractor, to a military base.

Initially they were motivated by curiosity, but they soon realised the value of what they had gained access to. Koch needed money to fund an expensive cocaine habit, and both he and Hess routinely racked up massive telephone bills while pursuing their international targets. In September 1986 they approached another group – Hans Huebner (aka "Pengo"), Dirk Brezinski (aka "DOB") and a former casino croupier called Peter Carl – who were known to have connections with the KGB. This group presented some of the files collected by Hess and Koch to his contacts and received 30,000 Deutschmarks (then around $10,000) in return.

Together the five co-conspirators subjected American computer networks to almost daily attack. While the members of the group were sophisticated hackers, they were not sophisticated spies – their intelligence gathering operations were often limited to searching computers for keywords such as "nuclear", "air force" or "classified". The most valuable intelligence gleaned from these hacks was information on embargoed Western technology, including the source code for the UNIX operating system, integrated circuit designs and industrial control software.

They were eventually brought down by Clifford Stoll – a young systems administrator at the University of California, Berkeley. He discovered their intrusion while trying to work out the origin of a tiny accounting discrepancy on one of the university's time-share mainframes, and ended up tracking the hackers all the way back to Germany.

Hess, Brezinski and Carl were all convicted for their role in the scheme, and given suspended sentences of between 14 months and two years. Koch had agreed to co-operate with prosecutors, but before the trial was found burned to death in some woodland near his home. His death was ruled a suicide. It is not clear what happened to Huebner.