A 15-year-old computer hacker caused a 21-day shutdown of NASA computers
that support the international space station, and invaded a Pentagon
weapons computer system to intercept 3,300 e-mails, steal passwords and
cruise around like an employee.
The boy, known on the Internet as “c0mrade,” pleaded guilty today to juvenile delinquency in a sealed federal case.
Six Months in Jail
He became the first young hacker to be incarcerated for computer crimes, the Justice Department in Washington said in a summary.
He will serve six months in a state detention facility.
“Breaking into someone else’s property, whether it’s a robbery or a
computer intrusion, is a serious crime,” said Attorney General Janet
Reno. The prosecution “shows that we take computer intrusion seriously
and are working with our law enforcement agencies to aggressively fight
this problem.”
Chris Rouland, who monitors computer attacks for Internet Security
Systems Inc. in Atlanta, said the unusual part of the case was that the
boy was caught, not that he got where he did.
The boy’s identity was withheld because he’s a juvenile.
Stole Software, E-Mails
Now 16, he admitted accessing 13 computers at the Marshall Space Flight
Center in Huntsville, Ala., for two days in June 1999 and downloading
$1.7 million worth of NASA proprietary software that supports the space
station’s environment, including temperature and humidity.
NASA responded by shutting down the computers for 21 days to determine
the extent of the attack at a cost of $41,000 in contractor labor and
replaced equipment.
In August and October 1999, c0mrade entered the computer network run by
the Defense Threat Reduction Agency, whose mission is to reduce the
threat from nuclear, biological, chemical, conventional and special
weapons to the United States.
By entering through a router in Dulles, Va., and installing a back door
for access, he intercepted DTRA e-mail, 19 user names and passwords of
employees, including 10 on military computers.
The criminal case and plea bargain have been in the works for about six months, said a source familiar with the case.
If prosecuted as an adult, he would have been charged with wiretapping and computer abuse violations.
As part of his sentence, the boy must write letters of apology to the secretary of defense and the NASA administrator.
“The charges do not necessarily denote the actual threat to national
security,” said Russ Cooper of ICSA.net, a Reston, Va.-based network
security provider. He believes the NASA computer shutdown was time spent
determining whether the intruder left anything behind that could harm
the system.
Gov’t Computer Scares Common?
But Cooper also believes that kind of shutdown is more common than federal agencies acknowledge.
“I would suspect that that type of delay is occurring very, very
regularly,” he said. “It’s quite likely that companies and government
agencies, et cetera are scared into thinking that they might have been
compromised.”
The case reflects growing technical sophistication among hackers, who
found 10 new ways to break into computers in 1996 but now invade at the
rate of 100 a month, Rouland said. He rates government security at a D
in terms of school grades.
“This is a great bellwether as to the state of security where juveniles
can traipse across computer systems with little or no fear” of being
caught, he said.A 15-year-old computer hacker caused a 21-day shutdown
of NASA computers that support the international space station, and
invaded a Pentagon weapons computer system to intercept 3,300 e-mails,
steal passwords and cruise around like an employee.
The boy, known on the Internet as “c0mrade,” pleaded guilty today to juvenile delinquency in a sealed federal case.
Six Months in Jail
He became the first young hacker to be incarcerated for computer crimes, the Justice Department in Washington said in a summary.
He will serve six months in a state detention facility.
“Breaking into someone else’s property, whether it’s a robbery or a
computer intrusion, is a serious crime,” said Attorney General Janet
Reno. The prosecution “shows that we take computer intrusion seriously
and are working with our law enforcement agencies to aggressively fight
this problem.”
Chris Rouland, who monitors computer attacks for Internet Security
Systems Inc. in Atlanta, said the unusual part of the case was that the
boy was caught, not that he got where he did.
The boy’s identity was withheld because he’s a juvenile.
Stole Software, E-Mails
Now 16, he admitted accessing 13 computers at the Marshall Space Flight
Center in Huntsville, Ala., for two days in June 1999 and downloading
$1.7 million worth of NASA proprietary software that supports the space
station’s environment, including temperature and humidity.
NASA responded by shutting down the computers for 21 days to determine
the extent of the attack at a cost of $41,000 in contractor labor and
replaced equipment.
In August and October 1999, c0mrade entered the computer network run by
the Defense Threat Reduction Agency, whose mission is to reduce the
threat from nuclear, biological, chemical, conventional and special
weapons to the United States.
By entering through a router in Dulles, Va., and installing a back door
for access, he intercepted DTRA e-mail, 19 user names and passwords of
employees, including 10 on military computers.
The criminal case and plea bargain have been in the works for about six months, said a source familiar with the case.
If prosecuted as an adult, he would have been charged with wiretapping and computer abuse violations.
As part of his sentence, the boy must write letters of apology to the secretary of defense and the NASA administrator.
“The charges do not necessarily denote the actual threat to national
security,” said Russ Cooper of ICSA.net, a Reston, Va.-based network
security provider. He believes the NASA computer shutdown was time spent
determining whether the intruder left anything behind that could harm
the system.
Gov’t Computer Scares Common?
But Cooper also believes that kind of shutdown is more common than federal agencies acknowledge.
“I would suspect that that type of delay is occurring very, very
regularly,” he said. “It’s quite likely that companies and government
agencies, et cetera are scared into thinking that they might have been
compromised.”
The case reflects growing technical sophistication among hackers, who
found 10 new ways to break into computers in 1996 but now invade at the
rate of 100 a month, Rouland said. He rates government security at a D
in terms of school grades.
“This is a great bellwether as to the state of security where juveniles
can traipse across computer systems with little or no fear” of being
caught, he said.