U.S. cracks case of British hacker who broke into military networks

<br>WASHINGTON (AP) _ Federal authorities on Tuesday accused a British computer administrator of hacking into 92 computer networks operated by the U.S. military and NASA, including one break-in that shut

Tuesday, November 12th 2002, 12:00 am

By: News On 6

WASHINGTON (AP) _ Federal authorities on Tuesday accused a British computer administrator of hacking into 92 computer networks operated by the U.S. military and NASA, including one break-in that shut down systems at a Navy facility in New Jersey immediately after the Sept. 11, 2001 attacks.

Authorities said two of the computer systems were at the Pentagon. The intrusions also made inoperable the network that serves the military district for Washington, officials said.

Authorities disclosed indictments in northern Virginia and New Jersey against Gary McKinnon, 36, of the Hornsey section of London. He was indicted on eight counts of computer-related crimes, including break-ins at six private companies.

Court records in Virginia said McKinnon caused $900,000 in damage to computers in 14 states.

In New Jersey, McKinnon was accused of hacking into a network of 300 computers at the Earle Naval Weapons Station in Colts Neck, N.J., and stealing 950 passwords. Because of the break-in, which occurred immediately after the terrorist attacks, the whole system was effectively shut down for one week, officials said. That station replenishes munitions and supplies for the Atlantic fleet.

``This was a grave intrusion into a vital military computer system at a time when we, as a nation, had to summon all of our defenses against further attack,'' said U.S. Attorney Christopher J. Christie.

McKinnon, if found guilty, faces a maximum penalty of five years in federal prison and a $250,000 fine, Christie said.

U.S. officials said earlier they were weighing whether to seek McKinnon's extradition from England, a move that would be exceedingly rare among international computer crime investigations. Christie confirmed that in a statement Tuesday.

A civilian Internet security expert, Chris Wysopal, said that a less-skilled, recreational hacker might be able to break into a single military network, but it would be unlikely that same person could mount attacks against dozens of separate networks.

``Whenever it's a multistage attack, it's definitely a more sophisticated attacker,'' said Wysopal, a founding member of AtStake Inc., a security firm in Cambridge, Mass. ``That's a huge investigation.''

The security of U.S. military networks is considered fair, compared to other parts of government and many private companies and organizations. But until heightened security concerns after last year's terrorist attacks, the Defense Department operated thousands of publicly accessible Web sites. Each represented possible entry-points from the Internet into military systems unless they were kept secured and monitored regularly.

It would be very unusual for U.S. officials to seek extradition. In previous major cyber crimes, such as the release of the ``Love Bug'' virus in May 2000 by a Filipino computer student and attacks in February 2000 by a Canadian youth against major American e-commerce Web sites, U.S. authorities have waived interest in extraditing hacker suspects to stand trial here.

But the Bush administration has toughened anti-hacking laws since Sept. 11, 2001 and increasingly lobbied foreign governments to cooperate in international computer-crime investigations. The United States and England were among 26 nations that last year signed the Council of Europe Convention on Cybercrime, an international treaty that provides for hacker extradition even among countries without other formal extradition agreements.