Massive Hacking Spree Halted; UK Man Indicted

US Federal prosecutors from Virginia and New Jersey Tuesday indicted a British citizen on eight counts of computer fraud related to hacking incidents that allegedly damaged 105 US government, military and corporate networks.

At a news conference here Tuesday afternoon, Paul J McNulty, US Attorney for the Eastern District of Virginia, said the US will formally request the extradition of Gary McKinnon, a 36-year-old unemployed computer systems administrator living in London. McKinnon remains free in London pending presentation of evidence to law enforcement officials in the UK, said McNulty.

McKinnon, known by his hacker handle "Solo," is charged with seven counts of computer fraud and related activity in Virginia and one count in New Jersey stemming from a year-long hacking spree. The indictment alleges that between March 2001 and March 2002 McKinnon broke into and damaged 92 computers belonging to the Pentagon, US Army, Navy, Air Force and NASA, as well as six systems owned and operated by private US companies.

Once inside a network, McKinnon is alleged to have installed remote administration and hacker tools, copied password files and other sensitive but unclassified files and deleted user accounts and other critical system files. In at least one instance, McKinnon's hacking activity allegedly caused a major military network in Washington to shut down for three days in February. The estimated losses stemming from his hacking are estimated to be US$900,000, according to the indictment.

"The significance of this case is that [with] his access to these records, he was able to impair the integrity of the data on these systems," said McNulty. McKinnon allegedly "scanned tens of thousands of systems" before taking advantage of known vulnerabilities in Microsoft's Windows operating system installed on the targeted computers.

The indictment filed by the US Attorney's Office in New Jersey charges McKinnon with one count of intentional damage to a protected computer. The charge stems from his alleged hacking of a computer used by the Naval Weapons Station (NWS) Earle in Colts Neck, NJ. That computer was used by the Navy to monitor the identity, location, physical condition, staffing, battle readiness and resupply of Navy ships in the area of the complex. Between April and June 2001 McKinnon allegedly stole 950 passwords stored on seven servers connected to the NWS Earle network and used that access to damage and force the shutdown of the NWS system on September 23, two weeks after the September 11 terrorist attacks.

In addition to the military and NASA systems compromised by McKinnon, the indictment filed in Virginia also alleges that the hacker penetrated networks owned by Tobin International in Houston; the University of Tennessee in Knoxville; Frontline Solutions in Wayne, Pennsylvania.; Louisiana Technical College in LaFourche, Louisiana.; and public libraries in Illinois and Pennsylvania.

"It was a very difficult thing to identify," said McNulty, referring to the hacker's careful use of tools that erased his tracks.

When asked by Computerworld if McKinnon could have been working on behalf of a foreign group or government, McNulty said there was no evidence to suggest that. However, he acknowledged that the suspect's motivation in this case has been difficult to determine.

"I suppose he was hoping to gain access to classified information," said McNulty.

US Department of Defense officials declined to comment on the case. However, Mark Rasch, former head of the Computer Crime Unit at the US Department of Justice and now senior vice president and chief security counsel at Omaha-based managed security services company Solutionary, said the lack of widespread damage raises concerns that a foreign government could be behind the hacking spree.

"The big concern is that this guy is a professional hacker or information broker being paid by somebody to specifically go after US military information networks," said Rasch. The obvious list of suspects in that scenario include Iraq, North Korea, Libya and various other countries linked to terrorism, he said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Dan Verton

Latest Videos

More videos

Blog Posts