15-Year-Old Admits Hacking NASA Computers

M I A M I, Sept. 22, 2000 -- A 15-year-old computer hacker caused a 21-day shutdown of NASA computers that support the international space station, and invaded a Pentagon weapons computer system to intercept 3,300 e-mails, steal passwords and cruise around like an employee.

The boy, known on the Internet as “c0mrade,” pleaded guilty today to juvenile delinquency in a sealed federal case.

Six Months in Jail

He became the first young hacker to be incarcerated for computer crimes, the Justice Department in Washington said in a summary.

He will serve six months in a state detention facility.

“Breaking into someone else’s property, whether it’s a robbery or a computer intrusion, is a serious crime,” said Attorney General Janet Reno. The prosecution “shows that we take computer intrusion seriously and are working with our law enforcement agencies to aggressively fight this problem.”

Chris Rouland, who monitors computer attacks for Internet Security Systems Inc. in Atlanta, said the unusual part of the case was that the boy was caught, not that he got where he did.

The boy’s identity was withheld because he’s a juvenile.

Stole Software, E-Mails

Now 16, he admitted accessing 13 computers at the Marshall Space Flight Center in Huntsville, Ala., for two days in June 1999 and downloading $1.7 million worth of NASA proprietary software that supports the space station’s environment, including temperature and humidity.

NASA responded by shutting down the computers for 21 days to determine the extent of the attack at a cost of $41,000 in contractor labor and replaced equipment.

In August and October 1999, c0mrade entered the computer network run by the Defense Threat Reduction Agency, whose mission is to reduce the threat from nuclear, biological, chemical, conventional and special weapons to the United States.

By entering through a router in Dulles, Va., and installing a back door for access, he intercepted DTRA e-mail, 19 user names and passwords of employees, including 10 on military computers.

The criminal case and plea bargain have been in the works for about six months, said a source familiar with the case.

If prosecuted as an adult, he would have been charged with wiretapping and computer abuse violations.

As part of his sentence, the boy must write letters of apology to the secretary of defense and the NASA administrator.

“The charges do not necessarily denote the actual threat to national security,” said Russ Cooper of ICSA.net, a Reston, Va.-based network security provider. He believes the NASA computer shutdown was time spent determining whether the intruder left anything behind that could harm the system.

Gov’t Computer Scares Common?

But Cooper also believes that kind of shutdown is more common than federal agencies acknowledge.

“I would suspect that that type of delay is occurring very, very regularly,” he said. “It’s quite likely that companies and government agencies, et cetera are scared into thinking that they might have been compromised.”

The case reflects growing technical sophistication among hackers, who found 10 new ways to break into computers in 1996 but now invade at the rate of 100 a month, Rouland said. He rates government security at a D in terms of school grades.

“This is a great bellwether as to the state of security where juveniles can traipse across computer systems with little or no fear” of being caught, he said.