It was the decade of the mega-heist, when stolen credit card magstripe tracks became the pork bellies of a new underground marketplace, Eastern European hackers turned malware writing into an art, and a nasty new crop of purpose-driven computer worms struck dread in the heart of America.

Now that the zero days are behind us, it's time to reflect on the most ingenious, destructive or groundbreaking cybercrimes of the first 10 years of the new millennium.

2000MafiaBoyOnce upon a time, "distributed denial of service attacks" were just a way for quarreling hackers to knock each other out of IRC. Then one day in February 2000, a 15-year-old Canadian named Michael "MafiaBoy" Calce experimentally programmed his botnet to hose down the highest traffic websites he could find. CNN, Yahoo, Amazon, eBay, Dell and eTrade all buckled under the deluge, leading to national headlines and an emergency meeting of security experts at the White House.

Compared to modern DDoS attacks, MafiaBoy's was trivial. But his was the cyberstrike that put the internet's security issues on a national stage, and inaugurated an era where any pissed off script kiddy could take down part of the web at will.

2002California Payroll Database BreachOn April 5, 2002, an unidentified hacker penetrated a California server housing the state government's payroll database, gaining access to names, Social Security numbers and salary information for 265,000 state workers from the governor on down. The breach itself was small potatoes, but when it emerged that the California Controller's Office had waited two weeks to warn the victims, angry lawmakers reacted by passing the nation's first breach disclosure law, SB1386.

The law requires hacked organizations to promptly warn potential identity theft victims. Its passage pulled the rock off the string of major corporate breaches that companies would have preferred to hush up. Today, 45 states have enacted similar laws.

2003SlammerIn 2003, fear came in 376 bytes. The lightning-fast Slammer worm targeted a hole in Microsoft's SQL server, and despite striking six months after a fix was released, the malware cracked an estimated 75,000 unpatched servers in the space of hours. Bank of America and Washington Mutual ATM networks ground to a halt. Continental Airlines delayed and canceled flights when its ticketing system got gummed up. Seattle lost its emergency 911 network, and a nuclear power plant in Ohio lost a safety monitoring system.

Slammer wasn't the biggest worm ever, but in its aggressive, relentless spread, it exposed the secret interconnections that corporations were foolishly allowing between important private networks and the public internet.

2004Foonet+++inset-left

Years before there was a Russian Business Network, a small ISP hosted in a suburban basement in Ohio gained the dubious reputation as the first black-hat hosting company. It was a safe spot for hackers and packet monkeys to attack an unsuspecting internet. Foonet's hosted clients included Carder Planet – the dedicated "carder forum" for credit card hackers – and its IRC servers were where legendary German hacker Axel "Ago" Gembe controlled his Agobot network of compromised Windows boxes. After two FBI raids, in 2004, Foonet's founder and some of the staff were indicted for a DDoS-for-hire scheme that collaterally slammed Amazon.com and the Department of Homeland Security. Foonet's owner, Saad Echouafni, skipped out on $750,000 to flee the country, and remains on the FBI's wanted list today. 2006The Los Angeles Traffic Signal AttackWhen Los Angeles traffic engineers went on strike in August 2006, the city decided not to take any chances: They temporarily blocked most access to the computer that controls 3,200 traffic signals throughout the City of Angels. Two of the striking engineers hacked in anyway. From a laptop, Kartik Patel and Gabriel Murillo picked four key intersections and changed the timing on the traffic signals so the most congested approach would hit long red lights. The timing tweaks wreaked havoc in a city already flirting with gridlock, according to the Los Angeles Times, snarling traffic at the Los Angeles International Airport, backing up the Glendale Freeway and paralyzing Little Tokyo and the streets of the downtown Civic Center. It evidently took several days for managers to figure out what was going on. In December 2009, the engineers were sentenced to probation. 2006Max Vision+++inset-left

In 2006, a former computer security researcher turned professional black hat weighed and measured the computer underground, and found it wanting. So in a two-night hackfest from his San Francisco safe house, Max Vision (aka Iceman) trained his guns on the online carder forums where hackers and fraudsters buy and sell stolen data, fake IDs and specialized underground services.

When he was done hacking in and wiping out their databases, he absorbed their content and membership into his own site, CardersMarket, turning it into the largest English-speaking criminal marketplace on the web – 6,000 members strong. The hostile takeover got the attention of the feds who'd thoroughly infiltrated some of the sites he hacked, and a year later FBI and Secret Service tracked Iceman to his hideout. He's now awaiting sentencing for stealing 2 million credit cards that rang up $86 million in fraudulent charges.

2008RBS Worldpay HeistThe first time we learned that the payment processor RBS Worldpay had been hacked, it sounded like no big deal: The company announced in December 2008 that it had seen fraud on only 100 of the 1.5 million payroll and gift card accounts compromised in the breach. But it turns out the hackers were able to raise the withdrawal limits on 44 of those cards to as high as $500,000. Then they dispatched a global army of cashers to slam the accounts with repeated rapid-fire withdrawals.

More than 130 ATMs in 49 cities from Moscow to Atlanta were hit simultaneously just after midnight Eastern Time on November 8, 2008, resulting in a one-day haul of $9.5 million in cold, hard cash. In November, the United States indicted four of the alleged ringleaders, who are in Estonia, Russia and Moldova. Good luck with that.

2005 - 2008Albert Gonzalez+++inset-left