Hackers in chains: 13 of the biggest US prison sentences for electronic crime

Tools
 
 
Last week  David Camez gained the dubious distinction of having the longest U.S. prison sentence ever for electronic crime--tied only with one other, perhaps better-known individual, Albert Gonzalez. 
 
Camez, a participant in the carders forum carders.su, had his original sentence lengthened after being found guilty of additional charges under the RICO anti-racketeering act, originally created to bust up mafia activity.
 
FierceITSecurity has gathered stats and crime details on Camez, Gonzalez and 11 other owners of the longest sentences on record for illegal digital activities. Check out our list below. 
 
Kevin Poulson
Jail sentence: 4 years, 3 months
Date sentenced: April 1995
Crime: Accused of hacking the Pacific Bell phone company, a classified military computer and phone numbers for the Soviet consulate in San Francisco. Poulson also hacked the phone lines at a radio station during a call-in competition, blocked all other inbound calls and won a Porsche, according to this LA Times article from 1993. He was brought in by a federal grand jury in 1989 and pleaded guilty, but his prison sentence wasn't handed down until 1995--even though he'd been arrested in 1991 for espionage-related charges. On top of his punishments, he had to pay $58,000 in restitution for the prizes he'd stolen from the radio station, according to another LA Times article written in 1995. Today Poulson is a contributing editor for Wired magazine and author of the book Kingpin: How One Hacker Took over the Billion-Dollar Cybercrime Underground.
 
Jeanson James Ancheta
Jail sentence: 4 years, 9 months
Date sentenced: May 2006
Crime: Ancheta used malware to create botnets and install adware, infiltrating more than 400,000 systems, reported  Ars Technica.  He also received payments totaling $107,000 from several advertising companies. Ancheta was busted as a part of the FBI's Operation Bot Roast for "conspiracy to violate the Computer Fraud Abuse Act, conspiracy to violate the CANSPAM Act, damaging computer systems used for national defense and unauthorized computer access with intent to commit fraud," according to the same article. The government took his computer hardware and his BMW following the bust.
 
Christopher Scott
Jail Sentence: 7 years
Date sentenced: March 2010
Crime: Accomplice in TJX case with Albert Gonzalez (who you'll meet further down in our list). Scott hacked wireless access points of major retailers and passed along credit card credentials to Gonzalez, according to this Wired article. Scott used the information he obtained to get cash from ATMs and began living an extravagant lifestyle full of limousine rides and a brand new house.
 
Brian Salcedo
Jail sentence: 9 years
Date sentenced: 2006
Crime: In 2003, Salcedo used unsecured Wi-Fi in the parking lot of a Lowe's Hardware store in Michigan to gain access to the system. He and his roommate began storing credit card information from Lowes' customers on a processing server in North Carolina, according to this article on Wired. The interesting bit of Salcedo's story is that a week before he was busted, he wanted to quit the operation. However, a buyer allegedly became pushy with him and insisted he continue. That buyer? Federal informant Albert Gonzalez. According to Wired, Salcedo's release date was October 2011.
 
Jeremy Hammond
Jail sentence: 10 years
Date sentenced: November 2013
Crime: Part of the "Anonymous" hacking group, Hammond made his way into the computer systems of a geopolitical analysis firm--Stratfor. His work was closely tied to the WikiLeaks operation, and the emails he released to the public were eventually published on the WikiLeaks site, according to an interview with The Guardian. Jeremy told reporters he knew that his freedom would eventually be taken from him. He also said that he believes his hacking days are over once he is released.
 
Christopher Chaney
Jail sentence: 10 years
Date sentenced: December 2012
Crime: Perhaps the most unique hacker on this list, Christopher Chaney hacked into the personal online accounts of movie star Scarlett Johansson and pop singer Christina Aguilera, and posted nude photos of Johansson and actress Renee Olstead. CBC News reported that Johansson and Olstead became key witnesses in the trial, expressing sadness and humiliation due to Chaney's crimes. Chaney not only exploited celebrities, but co-workers as well. He allegedly stole personal photos of some of his female co-workers and sent them to their family members. Judge S. James Otero considered Chaney's actions to be "as pernicious and serious as physical stalking," according to the CBC article.
 
Kenneth Lucas II and Nichole Michelle Merzi
Jail sentence: 11 years and 5 plus years, respectively
Date sentenced: 2011
Crime: This cyber criminal couple led "Operation Phish Phry"--an international phishing ring that yielded over $1 million thanks to intercepted bank account information from Wells Fargo and Bank of America. Merzi is considered the ringleader of this operation, according to SC Magazine. The laundry list of her crimes include "wire fraud conspiracy, aggravated identity theft, computer fraud conspiracy and money laundering." Her boyfriend, Kenneth Lucas II, was found guilty of the same charges and was handed an 11-year sentence.
 
Max Ray Vision, aka Max Butler
Jail sentence: 13 years
Date sentenced: February 2010
Crime: Founded and ran the website CardersMarket, where he helped identity thieves steal credit information. He stole 1.8 million credit card numbers from banks, businesses and other hackers, according to--you guessed it--Kevin Poulsen from Wired. At the time, this was the lengthiest sentence issued for cybercrime. (Max officially changed his last name to Butler not long before his arrest.)
 
Adrian-Tiberiu Oprea and Iulian Dolan
Jail sentence: 15 years and 7 years, respectively
Date sentenced: September 2013
Crime: Between 2009 and 2012, Romanian hackers Oprea and Dolan hacked into hundreds of U.S. franchise POS systems--including those of 250 Subway restaurants, according to eCommerce Times. In total, they captured credit information from more than 100,000 customers. Reports from the U.S. Department of Justice indicate these criminals used keystroke loggers to steal information remotely. They were brought to the U.S. and convicted in a New Hampshire District court.
 
Albert Gonzalez
Jail sentence: 20 years
Date sentenced: March 2010
Crime: Ringleader of the TJX retail hack. He and his accomplices made off with information from more than 90 million credit and debit card accounts used at TJ Maxx and other retailers, according to Wired. His illicit activities are famously called "Operation Get Rich Or Die Tryin'." He had the lengthiest U.S. jail sentence passed on to a hacker--until last week....
 
David Ray Camez
Jail sentence: 20 years
Date sentenced: May 15, 2014
Crime: According to BBC News, Camez's first sentence was handed down as seven years for being a "key member of the carder.su website that was shut down in 2010 by U.S. law enforcement authorities." This site trafficked stolen credit and identity information. Camez now faces a longer sentence due to his violation of the Racketeer Influenced and Corruption Organizations Act, or RICO. Camez is 22 years old.
 
More about hackers and electronic crime: