[ISN] Hacker Arrested in San Diego

From: InfoSec News (isn@private)
Date: Tue Sep 30 2003 - 03:19:43 PDT

  • Next message: InfoSec News: "Re: [ISN] Technology Firm With Ties to Microsoft Fires Executive Over Criticism"

    Forwarded from: William Knowles <wk@private>
    By Tony Perry
    Times Staff Writer
    September 30, 2003 
    SAN DIEGO - A computer security specialist who claimed he hacked into 
    top-secret military computers to show how vulnerable they were to 
    snooping by terrorists was arrested and charged Monday with six felony 
    counts that could bring a 30-year prison sentence.
    Brett Edward O'Keefe, 36, president of ForensicTec Solutions, a 
    start-up company here, is accused of hacking into computers of the 
    Navy, the Army, the Department of Energy, the National Aeronautics and 
    Space Administration and several private companies.
    Before his arrest, O'Keefe told reporters that he had hacked into the 
    computers to drum up business for his fledgling company and to show 
    that the nation's top military secrets are not safe, despite 
    pronouncements that security has been tightened since the terrorist 
    attacks of Sept. 11, 2001.
    "All I wanted to do was to show America how weak our computer defenses 
    are," O'Keefe said. "My hope was that, if I embarrassed the 
    government, they would tighten up their precautions." 
    But Assistant U.S. Atty. John Parmley said O'Keefe could have 
    indicated that the computers were vulnerable to hacking without going 
    in and downloading information.
    "It's like going down the street and jiggling doors to see if they're 
    open," Parmley said. "That's one thing. But if you go and start taking 
    things, that's different." 
    O'Keefe is charged with conspiring with two employees to gain 
    unauthorized access to the computers of government agencies, the 
    military and private companies and to obtaining information from those 
    computers for financial gain. The two employees of his company pleaded 
    guilty in federal court last week and agreed to assist the 
    Bruce Schneier, chief technical officer of Counterpane Internet 
    Security Inc., based in Cupertino in Northern California, said the 
    ease with which military computers can be hacked into is not a secret.
    "The military uses the technology that everybody else does," said 
    Schneier, author of the book "Beyond Fear: Thinking Sensibly About 
    Security in an Uncertain World." Schneier called O'Keefe's explanation 
    "the classic defense" of the hacker: that he was hacking into 
    computers only to show how easy it is.
    "While it's a kind of a defense, it doesn't make a lot of sense," 
    Schneier said. "Nobody asked these guys to do this." 
    O'Keefe said he and his employees had stumbled across the easy entry 
    into military computers while working for a private client. Among 
    other things, the three allegedly downloaded encryption information 
    used by the military to keep its computer transmissions from being 
    intercepted by hostile forces.
    Parmley noted that the ForensicTec case is different from other hacker 
    cases because commonly the government has to investigate to find the 
    identity and location of the hacker. In this case, O'Keefe made his 
    exploits known through media interviews.
    After being arrested, O'Keefe was taken to the Metropolitan 
    Correctional Center to await arraignment today in U.S. District Court.
    O'Keefe's two co-defendants, Aljosa Medvesek and Margaret Ann Lauffer, 
    pleaded guilty to a single count each of unauthorized access to 
    governmental and military computers. A single count carries a possible 
    maximum sentence of five years; O'Keefe faces six counts.
    Schneier noted that the San Diego case comes amid a crackdown on 
    hackers by federal authorities.
    "The federal government is not amused by these cases and they 
    shouldn't be," Schneier said. "It's like coming home and finding that 
    a burglar has left a note on your refrigerator. You feel violated." 
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 30 2003 - 06:12:46 PDT