Massive hacking spree halted; man indicted

Federal prosecutors from Virginia and New Jersey Tuesday indicted a British citizen on eight counts of computer fraud related to hacking incidents that allegedly damaged 105 U.S. government, military and corporate networks.

At a news conference here Tuesday afternoon, Paul J. McNulty, U.S. Attorney for the Eastern District of Virginia, said the U.S. will formally request the extradition of Gary McKinnon, a 36-year-old unemployed computer systems administrator living in London. McKinnon remains free in London pending presentation of evidence to law enforcement officials in the U.K., said McNulty.

McKinnon, known by his hacker handle “Solo,” is charged with seven counts of computer fraud and related activity in Virginia and one count in New Jersey stemming from a year-long hacking spree. The indictment alleges that between March 2001 and March 2002 McKinnon broke into and damaged 92 computers belonging to the Pentagon, U.S. Army, Navy, Air Force and NASA, as well as six systems owned and operated by private U.S. companies.

Once inside a network, McKinnon is alleged to have installed remote administration and hacker tools, copied password files and other sensitive but unclassified files and deleted user accounts and other critical system files. In at least one instance, McKinnon’s hacking activity allegedly caused a major military network in Washington to shut down for three days in February. The estimated losses stemming from his hacking are estimated to be US$900,000, according to the indictment.

“The significance of this case is that [with] his access to these records, he was able to impair the integrity of the data on these systems,” said McNulty. McKinnon allegedly “scanned tens of thousands of systems” before taking advantage of known vulnerabilities in Microsoft Corp.’s Windows operating system installed on the targeted computers.

The indictment filed by the U.S. Attorney’s Office in New Jersey charges McKinnon with one count of intentional damage to a protected computer. The charge stems from his alleged hacking of a computer used by the Naval Weapons Station (NWS) Earle in Colts Neck, N.J. That computer was used by the Navy to monitor the identity, location, physical condition, staffing, battle readiness and resupply of Navy ships in the area of the complex. Between April and June 2001 McKinnon allegedly stole 950 passwords stored on seven servers connected to the NWS Earle network and used that access to damage and force the shutdown of the NWS system on Sept. 23, two weeks after the Sept. 11 terrorist attacks.

In addition to the military and NASA systems compromised by McKinnon, the indictment filed in Virginia also alleges that the hacker penetrated networks owned by Tobin International Ltd. in Houston; the University of Tennessee in Knoxville; Frontline Solutions Inc. in Wayne, Pa.; Louisiana Technical College in LaFourche, La.; and public libraries in Illinois and Pennsylvania.

“It was a very difficult thing to identify,” said McNulty, referring to the hacker’s careful use of tools that erased his tracks.

When asked by Computerworld if McKinnon could have been working on behalf of a foreign group or government, McNulty said there was no evidence to suggest that. However, he acknowledged that the suspect’s motivation in this case has been difficult to determine.

“I suppose he was hoping to gain access to classified information,” said McNulty.

U.S. Department of Defense officials declined to comment on the case. However, Mark Rasch, former head of the Computer Crime Unit at the U.S. Department of Justice and now senior vice president and chief security counsel at Omaha-based managed security services company Solutionary Inc., said the lack of widespread damage raises concerns that a foreign government could be behind the hacking spree.

“The big concern is that this guy is a professional hacker or information broker being paid by somebody to specifically go after U.S. military information networks,” said Rasch. The obvious list of suspects in that scenario include Iraq, North Korea, Libya and various other countries linked to terrorism, he said.