Operation Sundevil: The Secret Service Declares War on Hackers

On May 8, 1990, the United States Secret Service launched a coordinated assault on the American hacker underground. It was not called a war. The language was more clinical: Operation Sundevil, a criminal investigation into computer fraud and illegal telecommunications access. But what it looked like, felt like, and functioned as was a declaration of war on an entire subculture.

Agents raided homes and businesses across 14 cities simultaneously: Los Angeles, San Francisco, Chicago, New York, Boston, and nine others. They seized 42 computers, 23,000 floppy disks, and thousands of pages of documents. They arrested hackers. They shut down bulletin board systems. They sent a message that echoed through the hacker underground: your activity, your networks, your culture is now a federal priority.

What the Secret Service did not anticipate was that Operation Sundevil would trigger the birth of organized hacker defense. The Electronic Frontier Foundation would be founded within months, partly in direct response to the raids. Hackers would start organizing legally. The underground would go partly legitimate. And the narrative of who the "computer criminal" actually was would splinter into a thousand different stories.

The Rationale

Operation Sundevil was ostensibly targeted at serious criminal activity: credit card fraud, theft of long-distance codes, and unauthorized access to sensitive networks. The Secret Service, responsible for investigating federal crimes involving computers and telecommunications, had been building cases against various hacker groups for months.

But the operation's actual scope was far broader than any single criminal enterprise. The Secret Service was not just investigating specific crimes. They were surveilling and disrupting the entire ecosystem of computer enthusiasts, phreaks, BBS operators, and hackers. This was law enforcement as cultural purge.

One of the primary targets was the Legion of Doom, an infamous hacker group known for technical sophistication and, allegedly, for theft of proprietary information. Another was unauthorized access to telephone networks and cellular systems. The justification was legitimate: some hackers had stolen credit card numbers, some had exploited telecom infrastructure, some had accessed military systems.

But the indiscriminate sweep, the mass seizure of equipment belonging to people not directly charged with crimes, and the targeting of bulletin board systems (which were often operated by people tangentially involved with the hacker community but not engaged in serious criminal activity) suggested something larger: an attempt to decapitate the entire underground by removing its technical infrastructure.

The Raids

The raids were coordinated, synchronized across multiple time zones to prevent people from tipping off others. Federal agents arrived at homes and businesses with search warrants, seized computers and storage media, and arrested individuals suspected of computer crimes. The treatment was often aggressive. People's homes were torn apart. Equipment that had nothing to do with alleged crimes was confiscated.

The targets included people who were genuinely involved in criminal activity and people who were simply BBS operators, computer enthusiasts, or writers covering the hacker scene. This indiscrimination became crucial to what followed.

Steve Jackson Games, a tabletop game company with no connection to hacking or telecommunications fraud, had their offices raided. Agents confiscated computers, equipment, and intellectual property. No charges were filed. No evidence of wrongdoing was found. But the company lost thousands of dollars in equipment and suffered months of disruption. (Jackson would later file a lawsuit, which would become a landmark case in digital rights.)

Craig Neidorf, a 19-year-old computer enthusiast who published an electronic magazine called Phrack (a publication devoted to technical writing about hacking and phreaking), was arrested and charged with crimes related to allegedly stolen Bell South proprietary information that had been published in his magazine. He had not stolen the information. He had published it as part of his editorial practice. Yet he faced serious federal charges that could have resulted in significant prison time.

Hackers and BBS operators across the country found their homes raided, their equipment seized, and their lives disrupted, often without clear evidence of serious criminal activity.

The Surveillance Strategy

What became clear after Operation Sundevil was that the Secret Service and FBI had been conducting extensive surveillance of the hacker community for months. They had infiltrated bulletin boards. They had cooperated with computer companies to gather information about hackers accessing their systems. They had been building detailed profiles of who knew who, who talked to whom, and what technologies they were using.

This was not law enforcement responding to specific crimes. This was counterinsurgency against a cultural movement. The government was not just arresting specific criminals. It was attempting to suppress the entire underground infrastructure.

For many hackers, Operation Sundevil was a shock. The idea that federal law enforcement would go to this length to disrupt computer exploration felt like overkill. But it also clarified something important: the era of hacking as a loosely organized, barely noticed subculture was over. The authorities had decided it was a threat.

The Response and the EFF

The raids triggered a backlash that changed everything. Civil liberties organizations, tech industry figures, and hackers themselves recognized that Operation Sundevil represented a dangerous overreach. The seizure of equipment belonging to innocent people, the targeting of publications and bulletin boards, the aggressive prosecution of people whose activities were often more curious than criminal, all suggested that the government was using criminal law as a pretext for cultural suppression.

In response, the Electronic Frontier Foundation was founded in July 1990, just two months after Operation Sundevil. The EFF was established to defend civil liberties in digital space. Mitch Kapor, the founder of Lotus Software, and John Perry Barlow, a rancher and lyricist for the Grateful Dead, were among the founders. The EFF's first major action was to provide legal support to people prosecuted as a result of Operation Sundevil, most notably Craig Neidorf.

The EFF effectively created a new category: the hacker as civil liberties issue. Instead of treating all computer crime as serious federal felony, the EFF argued that some computer exploration was protected behavior, that overly aggressive prosecution was a threat to innovation and freedom, and that the legal system needed to distinguish between serious crimes and technical curiosity.

The Trials and Outcomes

Many of the Operation Sundevil prosecutions fell apart. Craig Neidorf was acquitted. Steve Jackson Games won a major lawsuit against the Secret Service for wrongful seizure of equipment and intellectual property. Some of the more serious prosecutions succeeded, but the indiscriminate nature of the initial raids meant that many people who were arrested and had their equipment seized were never charged, or were charged but acquitted.

The message to the hacker community was mixed but ultimately clarifying: law enforcement was serious about prosecuting computer crimes, but there were now legal resources available to defend people, and the courts were willing to question whether the government's approach was proportionate.

The Legacy

Operation Sundevil marked a turning point. Before it, hacking was a largely underground, loosely organized culture that the law barely acknowledged. After it, hacking became a defined criminal category. Law enforcement had developed tactics, policies, and infrastructure to identify and prosecute hackers. Intelligence agencies had started monitoring the computer underground.

But Operation Sundevil also created something else: organized legal defense. The EFF became the institutionalized voice of digital rights. Hackers started organizing defense funds and legal strategies. Some of the underground moved partially legit, working as security consultants, researchers, and technical experts while maintaining underground connections. The community learned that it needed lawyers as much as it needed modems.

For anyone interested in how the government responds to new technologies and how communities adapt to repression, Operation Sundevil is a masterclass. It shows the initial aggressive response, the collateral damage, the pushback, and the eventual (partial) accommodation.

The hacker underground did not disappear. But after Operation Sundevil, it was never the same. It became organized. It became legal. It became professional.

And it became impossible to ignore.