The teenager pleaded guilty last week to a series of hacking incidents, the theft of personal information and making bomb threats to high schools in Florida and Massachusetts, according to a statement from the U.S. attorney for the district of Massachusetts.
All crimes took place over a 15-month period, beginning in March 2004. Victims suffered a total of about $1 million in damages, according to the statement.
One of the crimes involves gaining unauthorized access to internal T-Mobile USA systems in January this year, a representative of the wireless carrier, a subsidiary of T-Mobile, said Wednesday.
The perpetrator's name is not being disclosed because he is a juvenile.
The young man was sentenced to 11 months of detention in a juvenile facility, to be followed by two years of supervised release. During the entire period, he is barred from owning or using a PC, cell phone or any other device that can access the Internet, according to the statement. (In the most famous example of a convicted hacker being kept away from computer technology,spent the better part of a decade offline.)
Investigations into possible accomplices of the teenager are ongoing, the statement said.
Having gained access to T-Mobile USA's systems, the teen found information Paris Hilton stored on her, a mobile device that lets users make calls, surf the Web, take pictures, and send e-mail and instant messages.
The unnamed teen subsequently, which included racy pictures and phone numbers of Hilton's celebrity contacts, on the Web. The numbers included those of rapper Eminem, actor Vin Diesel, singers Christina Aguilera and Ashlee Simpson, and tennis players Andy Roddick and Anna Kournikova.
Hilton could not be reached for comment on the case because she was traveling in a country where her cell phone does not work, her publicist Robert Zimmerman said Wednesday.
Besides nabbing the personal information of socialite-turned-reality show celebrity Hilton, the teenager used the T-Mobile access to create telephone accounts for himself and friends without paying for them, the T-Mobile representative said.
"We're pleased that he has been brought to justice," T-Mobile spokesman Peter Dobrow said. "We dedicated significant resources to help bring this criminal to justice." The carrier has made changes to ensure that such breaches don't happen again, he said.
In addition to the T-Mobile incident and making bomb threats at high schools, the teen admitted to hacking into the network of a major Internet service provider, a data broker and a second major telephone provider, according to the U.S. attorney statement.
In the case of the ISP, the teen was able in August 2004 to access computers on the company's internal network and obtain proprietary information by installing a rogue program on an employee's computer, according to the statement. The ISP was America Online, a source familiar with the matter said Wednesday.
In January, the minor gained access to the systems of a data broker, which he used to look up information on individuals, according to the U.S. Attorney's statement. The data broker is LexisNexis, WashingtonPost.com reported. LexisNexis earlier this year said anmay have compromised personal information of about 310,000 Americans.
In June, a second phone company became a victim to the juvenile's attack, according to the U.S. Attorney's statement. A phone that had been activated fraudulently was disabled, and the teen retaliated with a denial-of-service attack on the company's Web site when it refused to reactivate the phone.
"Computer hacking is not fun and games. Hackers cause real harm to real victims," U.S Attorney Michael Sullivan said in the statement. "Would-be hackers...should be put on notice that such criminal activity will not be tolerated."