DOJ indicts alleged British hacker

A former systems administrator from London is indicted on charges of hacking and shutting down military systems just after the Sept. 11 terrorist attacks.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
3 min read
The U.S. Department of Justice indicted Tuesday a British man who allegedly hacked into military computer systems and shut them down in the wake of the Sept. 11, 2001 terrorist attacks.

Gary McKinnon, a 36-year-old former systems administrator from London, was charged by a grand jury in New Jersey with intentionally damaging a federal computer system, according to a statement released by the U.S. Attorney's Office in the Eastern District of Virginia.

McKinnon is believed to have attacked the Earle Naval Weapons Station, a U.S. Navy command center responsible for supplying munitions to the Atlantic fleet, three times between April 2001 and September 2001.

During the final attack on Sept. 23, 2001, the DOJ alleges McKinnon deleted key files necessary to power some computers on the network.

"This was a grave intrusion into a vital military system computer system at a time when we, as a nation, had to summon all of our defenses against further attack," Assistant U.S. Attorney Scott S. Christie said in the statement. Representatives from U.S. Navy would not comment on the indictment.

The U.S. Attorney's office also indicted McKinnon on seven counts of unauthorized access and damage to computer systems for his hack of nearly 100 computers, mainly military systems. The second indictment charged McKinnon with breaking into systems belonging to the U.S. Army, U.S. Navy, the U.S. Air Force, the U.S. Department of Defense and NASA, as well as six corporate computers. Altogether, McKinnon allegedly caused approximately $900,000 in damage.

Both indictments were handed down Tuesday morning. The U.S. Attorney's office in Virginia will be taking lead on the case, a representative from that office said.

After McKinnon was charged with the network break-in, the DOJ worked to try McKinnon in the United States, said Judy Prue, a spokeswoman for Britain's National High-Tech Crime Unit.

"It was decided that he would be extradited to the U.S.," Prue said. "Technically, we had de-arrest this guy."

The DOJ announced plans to extradite McKinnon Tuesday afternoon. The Associated Press reported some details of the investigation on Monday.

Online vandals have often used military systems as hacking targets. The Pentagon, for example, has cited as many as 250,000 attacks in a single year. The attacks do succeed, on occasion.

In May of last year, government contractor Exigent International acknowledged that one or more hackers broke into a government server that contained satellite software and stole code. Evidence led investigators to an e-mail service in Sweden, where the hackers apparently stashed the code. The culprits were never apprehended.

In 1997, two California teenagers and a trio of Israeli hackers were arrested for hacking into Pentagon servers. Israeli hacker Ehud Tenenbaum, then 18 years old, and his two teenage accomplices weren't extradited yet were prosecuted by local authorities.

The United States rarely extradites cybercriminals; the process has proven to be extremely slow in the cases that do call for extradition.

In May, two citizens of Kazakhstan were extradited from Britain more than 20 months after their arrest in a London hotel room on charges of unauthorized computer access and extortion.

Oleg Zezov and Igor Yarimaka allegedly sent several e-mail messages to the founder of financial information company Bloomberg and now mayor of New York City, Michael Bloomberg, demanding that he pay $200,000 in exchange for information on how the duo infiltrated the Bloomberg system.

Law enforcement officials have also tried other methods to snatch foreign hackers suspected of cybercrimes.

In November 2000, two alleged Russian hackers were lured to Seattle in a sting operation after FBI agents grabbed evidence from a server in Chelyabinsk, Russia. Authorities from that province filed charges against the FBI for the "hack" earlier this year.

News.com's Margaret Kane contributed to this report. ZDNet UK's Matt Loney contributed from London.