Feds collar hacker who breached military network
November 12 2002
Washington: US federal authorities have cracked the case of an
international hacker who broke into roughly 100 unclassified US military
networks over the past year, officials said today.
Officials declined to identify the hacker, a British citizen, but said he
could be indicted tomorrow in federal courts in northern Virginia and New
Jersey.
Those courts have jurisdiction over the Pentagon in Virginia and Picatiny
Arsenal in New Jersey, one of the Army's premier research facilities.
The officials declined to say whether the suspect was in custody.
But one official, speaking on condition of anonymity, said investigators
considered the break-ins the work of a professional rather than a
recreational hacker.
Authorities planned to announce details of the investigation tomorrow
afternoon.
Officials said US authorities were weighing whether to seek the hacker's
extradition from England, a move that would be exceedingly rare among
international computer crime investigations.
They said this case has been a priority among Army and Navy investigators
for at least a year. One person familiar with the investigation said the
hacker broke into roughly 100 US military networks, none of them classified.
In England, officials from the Crown Prosecution Service, Scotland Yard and
the Home Office have declined to comment.
A civilian Internet security expert, Chris Wysopal, said a less-skilled,
recreational hacker might be able to break into a single military network,
but it would be unlikely that same person could mount attacks against
dozens of separate networks.
"Whenever it's a multistage attack, it's definitely a more sophisticated
attacker," said Wysopal, a founding member of AtStake Inc., a security firm
in Cambridge, Massachusetts.
"That's a huge investigation."
The cyber-security of US military networks is considered fair, compared to
other parts of government and many private companies and organisations.
But until heightened security concerns after last year's September 11
terrorist attacks on the United States, the Defence Department operated
thousands of publicly accessible Web sites.
Each represented possible entry-points from the Internet into military
systems unless they were kept secured and monitored regularly.
It would be very unusual for US officials to seek extradition. In previous
major cyber-crimes, such as the release of the "Love Bug" virus in May 2000
by a Filipino computer student and attacks in February 2000 by a Canadian
youth against major American e-commerce Web sites, US authorities have
waived interest in extraditing hacker suspects.
Once, the FBI tricked two Russian computer experts, Vasily Gorshkov and
Alexey Ivanov, into travelling to the United States so they could be
arrested rather than extradited. The Russians were charged with hacking
into dozens of US banks and e-commerce sites, and then demanding money for
not publicising the break-ins.
Gorshkov was sentenced to three years in prison; Ivanov has pleaded guilty
but hasn't been sentenced.
But the administration of President George W Bush has toughened
anti-hacking laws since the September 11 attacks and increasingly lobbied
foreign governments to cooperate in international computer-crime
investigations.
The United States and England were among 26 nations that last year signed
the Council of Europe Convention on Cybercrime, an international treaty
that provides for hacker extraditions even among countries without other
formal extradition agreements.
There have been other, high-profile hacker intrusions into US military
systems.
In one long-running operation, from 1998 to 2001, the subject of a US spy
investigations dubbed "Storm Cloud" and "Moonlight Maze", hackers traced
back to Russia were found to have been quietly downloading millions of
pages of sensitive data, including one colonel's e-mail inbox.
http://smh.com.au/articles/2002/11/12/1036308685702.html
My shrink claims he proposed opressive treatment for me to save me from an
FBI extradition attempt.
