- The Washington Times - Wednesday, November 13, 2002

Federal authorities yesterday accused a British computer administrator of hacking into 92 networks operated by the U.S. military and NASA, including one break-in that shut down systems at a Navy facility in New Jersey immediately after the September 11 terrorist attacks.
Authorities said two of the computer systems were at the Pentagon. The intrusions also made inoperable the network that serves the military district for Washington, officials said.
Authorities disclosed indictments in Northern Virginia and New Jersey against Gary McKinnon, 36, of the Hornsey section of London. He was indicted on eight counts of computer-related crimes, including break-ins at six private companies.
Court records in Virginia said Mr. McKinnon caused $900,000 in damage to computers in 14 states.
In New Jersey, Mr. McKinnon was accused of hacking into a network of 300 computers at the Earle Naval Weapons Station in Colts Neck and stealing 950 passwords. Because of the break-in, which occurred immediately after the terrorist attacks, the whole system was effectively shut down for one week, officials said. That station replenishes munitions and supplies for the Atlantic Fleet.
"This was a grave intrusion into a vital military computer system at a time when we, as a nation, had to summon all of our defenses against further attack," said U.S. Attorney Christopher J. Christie.
Mr. McKinnon, if found guilty, faces a maximum penalty of five years in federal prison and a $250,000 fine, Mr. Christie said.
U.S. officials said earlier they were weighing whether to seek Mr. McKinnon's extradition from England, a move that would be exceedingly rare among international computer crime investigations. Mr. Christie confirmed that in a statement yesterday.
A civilian Internet security expert, Chris Wysopal, said that a less-skilled, recreational hacker might be able to break into a single military network, but it would be unlikely that same person could mount attacks against dozens of separate networks.
"Whenever it's a multistage attack, it's definitely a more sophisticated attacker," said Mr. Wysopal, a founding member of AtStake, a security firm in Cambridge, Mass. "That's a huge investigation."
The security of U.S. military networks is considered fair compared with other parts of government and many private companies and organizations. But until heightened security concerns after last year's terrorist attacks, the Defense Department operated thousands of publicly accessible Web sites. Each represented possible entry points from the Internet into military systems unless they were kept secured and monitored regularly.
It would be unusual for U.S. officials to seek extradition. In previous major cyber-crimes, such as the release of the Love Bug virus in May 2000 by a Philippines computer student and attacks in February 2000 by a Canadian youth against major American commercial Web sites, U.S. authorities have waived interest in extraditing hacker suspects to stand trial here.
But the Bush administration has toughened hacking laws since September 11 and increasingly lobbied foreign governments to cooperate in international computer-crime investigations. The United States and England were among 26 nations that last year signed the Council of Europe Convention on Cybercrime, an international treaty that provides for hacker extradition even among countries without formal extradition agreements.

Sign up for Daily Newsletters

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide