DOJ charges youth in hack attacks
In what the Justice Department calls a first, the federal government charges a juvenile with computer crimes.
The youth, who was not identified, quickly accepted a plea bargain negotiated with the U.S. Attorney for the District of Massachusetts. The charges and plea bargain were unsealed this morning.
He pleaded guilty to disabling a Worcester, Massachusetts, airport control tower and other airport facilities for six hours and disrupting telephone service in Rutland, Massachusetts, on March 10, 1997.
He also broke into a Worcester pharmacy computer, according to the government, but the Justice Department is not charging him in that incident because the computer is not a government-protected system and the hacker did not cross state lines.
"Computer and telephone networks are at the heart of vital services provided by the government, private industry, and our critical infrastructure," said U.S. attorney Donald Stern in a statement. "Hacking a computer or telephone network can create a tremendous risk to the public and we will prosecute juvenile hackers in appropriate cases, such as this one."
In the airport and telephone service attacks, the youth temporarily disabled a loop carrier system, which combines multiple phone lines for transmission over a single fiber-optic cable.
By targeting the loop carrier system, the confessed hacker wiped out telephone access to the airport's control tower, fire department, airport security, and weather service, as well as private airfreight firms for six hours. The attack also downed the airport's main radio transmitter and the circuit that lets incoming aircraft switch on runway lights.
"This case, with the associated national security ramifications, is one of the most significant computer fraud investigations conducted by the Secret Service," said agent Michael Johnston. The Secret Service was the investigating agency in the case.
The hacker launched a separate attack the same day on the loop carrier system serving telephone customers in Rutland. In that attack, which disrupted service, the hacker left behind a calling card by changing the system identification name to "Jester."
The attack on the branch of an unidentified major pharmacy chain occurred on four separate occasions from January through March of last year. The hacker acquired the names, contact information, and prescriptions for the pharmacy's customers, but neither altered nor distributed that information, according to the government.
In each of these cases, the hacked computers were left accessible through the Internet so that system administrators could work remotely, according to the DOJ statement. But a DOJ spokeswoman would not specify what vulnerability was exploited by the hacker.
In the statement, U.S. attorney Stern said the case had alerted phone companies nationwide to a serious security risk.
"Technology is never going to create perfect security," he added. "As a result of Bell Atlantic's quick reaction and invaluable assistance, the Secret Service was able to identify a vulnerability that affected not only the two telephone company computers hacked in this case, but also hundreds of identical computers used by Bell Atlantic around New England and thousands used by telephone companies around the country."
Bell Atlantic released a statement saying it has "taken additional security measures at multiple levels in our network to prevent this breach from happening again."
Under terms of the plea bargain, the juvenile will serve probation for two years, during which time he will be forbidden access to computer networks except to conduct academic research as part of his studies, which are mandated in the plea agreement. He is barred from employment at a computer company and must complete 250 hours of community service.
He also must pay $5,000 to Bell Atlantic in restitution and must forfeit to the government the computer hardware and software used in the attack.
Today's announcement marks the first time the government has brought charges against a juvenile defendant for computer crimes, but it likely will not be the last. Two California teenagers are under investigation for allegedly hacking computers at the Pentagon to access nonclassified information.