[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Hacker Arrested in San Diego
From: InfoSec News <isn () c4i ! org>
Date: 2003-09-30 10:19:43
[Download RAW message or body]
Forwarded from: William Knowles <wk@c4i.org>
http://www.latimes.com/technology/la-me-hack30sep30,1,2684627.story
By Tony Perry
Times Staff Writer
September 30, 2003
SAN DIEGO - A computer security specialist who claimed he hacked into
top-secret military computers to show how vulnerable they were to
snooping by terrorists was arrested and charged Monday with six felony
counts that could bring a 30-year prison sentence.
Brett Edward O'Keefe, 36, president of ForensicTec Solutions, a
start-up company here, is accused of hacking into computers of the
Navy, the Army, the Department of Energy, the National Aeronautics and
Space Administration and several private companies.
Before his arrest, O'Keefe told reporters that he had hacked into the
computers to drum up business for his fledgling company and to show
that the nation's top military secrets are not safe, despite
pronouncements that security has been tightened since the terrorist
attacks of Sept. 11, 2001.
"All I wanted to do was to show America how weak our computer defenses
are," O'Keefe said. "My hope was that, if I embarrassed the
government, they would tighten up their precautions."
But Assistant U.S. Atty. John Parmley said O'Keefe could have
indicated that the computers were vulnerable to hacking without going
in and downloading information.
"It's like going down the street and jiggling doors to see if they're
open," Parmley said. "That's one thing. But if you go and start taking
things, that's different."
O'Keefe is charged with conspiring with two employees to gain
unauthorized access to the computers of government agencies, the
military and private companies and to obtaining information from those
computers for financial gain. The two employees of his company pleaded
guilty in federal court last week and agreed to assist the
prosecutors.
Bruce Schneier, chief technical officer of Counterpane Internet
Security Inc., based in Cupertino in Northern California, said the
ease with which military computers can be hacked into is not a secret.
"The military uses the technology that everybody else does," said
Schneier, author of the book "Beyond Fear: Thinking Sensibly About
Security in an Uncertain World." Schneier called O'Keefe's explanation
"the classic defense" of the hacker: that he was hacking into
computers only to show how easy it is.
"While it's a kind of a defense, it doesn't make a lot of sense,"
Schneier said. "Nobody asked these guys to do this."
O'Keefe said he and his employees had stumbled across the easy entry
into military computers while working for a private client. Among
other things, the three allegedly downloaded encryption information
used by the military to keep its computer transmissions from being
intercepted by hostile forces.
Parmley noted that the ForensicTec case is different from other hacker
cases because commonly the government has to investigate to find the
identity and location of the hacker. In this case, O'Keefe made his
exploits known through media interviews.
After being arrested, O'Keefe was taken to the Metropolitan
Correctional Center to await arraignment today in U.S. District Court.
O'Keefe's two co-defendants, Aljosa Medvesek and Margaret Ann Lauffer,
pleaded guilty to a single count each of unauthorized access to
governmental and military computers. A single count carries a possible
maximum sentence of five years; O'Keefe faces six counts.
Schneier noted that the San Diego case comes amid a crackdown on
hackers by federal authorities.
"The federal government is not amused by these cases and they
shouldn't be," Schneier said. "It's like coming home and finding that
a burglar has left a note on your refrigerator. You feel violated."
*==============================================================*
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic