British man indicted for hacking into military networks
The federal government Tuesday indicted an unemployed British computer administrator, alleging that he broke into nearly 100 government computer networks after the Sept. 11 terrorist attacks.
U.S. attorneys in New Jersey and Virginia said Gary McKinnon, 36, of London hacked into the network of the Earle Naval Weapons Station in Colts Neck, N.J., numerous times from April to September 2001 and stole computer passwords. The weapons station is responsible for replenishing munitions and supplies for the Atlantic fleet.
The station's network of 300 computers was shut down for a week, according to military officials. For three weeks after the attack, personnel were only able to send and receive e-mail internally. For a month after the final intrusion, employees were unable to access the Internet, officials said.
The Virginia indictment charged that McKinnon broke into 92 computer systems that belong to the Army, Navy, Air Force, Defense Department and NASA. The intrusions rendered the network for the Military District of Washington inoperable. McKinnon is also charged with hacking into two computers located at the Pentagon and breaking into six companies' networks. He caused $900,000 in damage to computers in 14 states, the indictment said.
According to authorities, McKinnon broke into the Earle network through a computer used to monitor Navy ships in and around the pier located there. Once inside the network, the indictment alleged that McKinnon installed a software program called RemotelyAnywhere, a commercially available product that allows someone to control a computer from any other computer connected to the Internet.
The indictment didn't specify how McKinnon was able to install the remote program. It did allege that after he installed the program, he used stolen passwords to access the computers on Sept. 23, 2001. Once inside, he deleted computer files needed to power some of the computers and erased logs that documented his intrusions, the indictment said.
A security expert said the alleged attack was significant because the perpetrator was able to control multiple computers from a distance. "He owned the machines," said Alan Paller, research director of the SANS Institute, a security research organization.
McKinnon will be tried separately in New Jersey and Virginia. He faces a maximum penalty of five years in federal prison and a $250,000 fine.
U.S. officials said Tuesday that efforts are under way to extradite McKinnon from the United Kingdom. British officials couldn't be reached for comment.