The new muggers: People who committed shocking cybercrimes

In July 2013, the Center for Strategic and International Studies released a report called "The Economic Impact of Cybercrime and Cyber Espionage." It said that this activity costs the global economy between $300 billion and $1 trillion. Why is an exact figure so hard to pin down?

"Companies conceal their losses and some are not aware of what has been taken," the report said. "Intellectual property is hard to value. Some estimates relied on surveys, which provide very imprecise results unless carefully constructed. ... These problems leave many estimates open to question."

While cybercrime represents billions of dollars in losses to businesses and consumers, committing it requires very little overhead. Some who stole millions were able to do so from the parking lot of a big box store. And it doesn't require years of experience to cause damage either—some notorious hackers committed their crimes when they were not even old enough to buy beer.

Read ahead to see CNBC.com's list of cybercriminals who stole millions of dollars and hacked their way into systems that even the experts thought were secure.

By Daniel Bukszpan
Posted 23 Oct. 2013

CNBC follows the money trail in search of the most wanted white-collar fugitives."American Greed: The Fugitives," Thursdays at 10 p.m. ET.

For those not in the know, a botnet is a group of programs that communicate with one another over the Internet to perform coordinated tasks, such as operating an instant chat network. In 2006, a 20-year-old high school dropout named Jeanson James Ancheta became the first person ever convicted of hijacking them. His motive was to rent them to other cybercriminals.

According to an Associated Press report, Ancheta pleaded guilty in a federal court in Los Angeles to four felony charges, including hijacking computers at U.S. military sites. He was sentenced to 57 months in federal prison, which at the time was the longest sentence ever handed down for spreading computer viruses. Somewhat amusingly, he was captured as part of an FBI initiative known as "Operation: Bot Roast."

Max Butler was a hacker who had previously worked as a computer security consultant for the FBI. In 2006, he infiltrated "carder sites," which are online marketplaces for stolen credit card numbers, Social Security numbers and other sensitive data. He went on to steal from financial institutions and even from other hackers, according to Wired.

Law enforcement officials finally caught up to him, and he pleaded guilty to two counts of wire fraud in 2009. He is currently incarcerated at the Federal Correctional Institution in Fort Dix, N.J., and is scheduled to be released in 2019.

If you've ever been stumped by a seemingly unresolvable computer problem, only to have it fixed within minutes by your adolescent nephew, then you are familiar with the viselike grasp of technology possessed by most teenagers. But while this is normally applied to such innocent pursuits as playing "Minecraft" and downloading the latest Lil Wayne single, Michael Demon Calce took his skills much further.

In 2000, the 16-year-old high school student used a botnet to conduct what was then the largest ever denial-of-service attack, targeting such major websites as Amazon.com and eBay. According to Wired, he was arrested and pleaded guilty to all but 10 of the 65 charges against him. However, due to his age, he was sentenced to eight months in a youth detention center and fined less than $200, despite costing the sites he attacked an estimated $1.8 billion in damages.

Albert Gonzalez was arrested in 2003 by a plainclothes officer who caught him in the act of "cashing out," a hacker term for programming blank debit cards with stolen account numbers and using them to withdraw cash from ATMs. He not only cooperated with authorities but became an informant. However, he never gave up on his life of crime.

He started "wardriving," which involves sitting in a store's parking lot and accessing customer data through its Wi-Fi signal. He stole approximately 140 million credit and debit card numbers from shoppers at Barnes & Noble, Sports Authority and many more big box stores. He was captured in 2008 when authorities found an instant chat message between him and Ukrainian accomplice Maksym Yastremskiy.

Upon his arrest, former U.S. Attorney General Michael Mukasey called it "the single largest and most complex identity-theft case ever charged in this country." Gonzalez pleaded guilty and received two concurrent 20-year prison sentences, according to The New York Times. He is currently incarcerated at the Federal Correctional Institution in Milan, Mich., and has a projected release date of October 2025.

James Jeffery was a British member of the international "hacktivist" group Anonymous. In 2012 he was jailed for hacking into the website of the British Pregnancy Advisory Service (BPAS), the largest abortion provider in Great Britain. Jeffery was arrested just days later and admitted to accessing BPAS' records.

According to U.K. newspaper The Guardian, he had committed the crime because he objected to the decision of two separate women to terminate their pregnancies using the service. He was sentenced to 32 months imprisonment by Judge Michael Gledhill QC.

"Those who find abortion repugnant do not use it as an excuse to justify deliberately committing offenses," Gledhill said. Jeffery was sentenced to two years and eight months in prison for the crime.

In 2005, the cellular phone of socialite Paris Hilton was hacked. The crime was committed by a group of five men between the ages of 19 and 24, who had also hacked into LexisNexis, according to The Washington Post.

The group also included Cameron "cam0" LaCroix, who was a minor at the time the crime was committed. He pleaded guilty and was sentenced to 11 months in a juvenile detention facility.

Boston native Adrian Lamo was known as "The Homeless Hacker." He spent much of his adult life residing on friends' couches, and he used Internet cafes and libraries to exploit weaknesses in the security of AOL, Microsoft and WorldCom. According to Wired, he had found sensitive data for approximately 86,000 employees in the WorldCom hack, including direct deposit information and Social Security numbers.

In 2002, he accessed the servers of The New York Times. The newspaper caught wind of it and informed the U.S. attorney's office, which found that he had conducted more than 3,000 Lexis-Nexis searches with The Times' access code. The FBI estimated that this activity was worth a cumulative $300,000.

The newspaper pressed charges, and in January 2004 Lamo pleaded guilty. He was sentenced to six months of home detention and fined $64,900, according to IDG News Service.

On Aug. 21, 2006, Los Angeles traffic engineers Gabriel Murillo and Kartik Patel hacked into the city's signal system and extended the duration of red lights at major intersections. Authorities said that the men chose the locations that would cause as much gridlock as possible, and by that metric they were very successful.

The men took this action as part of a labor protest, and while it caused infuriating traffic jams for several days, there were no accidents and miraculously no one was hurt. The two men pleaded guilty and were required to pay $6,250 in restitution and perform 240 hours of community service, according to The Los Angeles Times.

The year was 2003. The U.S. invasion of Iraq was in full swing. The Republic of Estonia agreed to join the European Union. Britney Spears' infectious "Toxic" single was climbing the charts. And the "Blaster worm" malware program was infecting computers running the Microsoft operating system. That August, 18-year-old Minnesota native Jeffrey Lee Parson was arrested for creating the B variant of the malware, a sort of "Blaster worm 2.0."

According to the Department of Justice, Parson admitted to modifying the worm by adding a component that gave him access to infected computers, which would in turn hijack others and direct them to attack Microsoft websites. It was estimated that his malware infected more than 48,000 computers. He was sentenced to 18 months in prison, three years' probation and 100 hours of community service.

A new spinoff series that focuses on active cases of alleged white-collar criminals, accused of orchestrating elaborate scams to dupe investors and to ultimately evade capture. Each episode features interviews with law enforcement, prosecutors and victims, all sharing the goal of bringing these fugitives to justice.