Hacker Arrested in San Diego

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.latimes.com/technology/la-me-hack30sep30,1,2684627.story

By Tony Perry
Times Staff Writer
September 30, 2003 

SAN DIEGO - A computer security specialist who claimed he hacked into 
top-secret military computers to show how vulnerable they were to 
snooping by terrorists was arrested and charged Monday with six felony 
counts that could bring a 30-year prison sentence.

Brett Edward O'Keefe, 36, president of ForensicTec Solutions, a 
start-up company here, is accused of hacking into computers of the 
Navy, the Army, the Department of Energy, the National Aeronautics and 
Space Administration and several private companies.

Before his arrest, O'Keefe told reporters that he had hacked into the 
computers to drum up business for his fledgling company and to show 
that the nation's top military secrets are not safe, despite 
pronouncements that security has been tightened since the terrorist 
attacks of Sept. 11, 2001.

"All I wanted to do was to show America how weak our computer defenses 
are," O'Keefe said. "My hope was that, if I embarrassed the 
government, they would tighten up their precautions." 

But Assistant U.S. Atty. John Parmley said O'Keefe could have 
indicated that the computers were vulnerable to hacking without going 
in and downloading information.

"It's like going down the street and jiggling doors to see if they're 
open," Parmley said. "That's one thing. But if you go and start taking 
things, that's different." 

O'Keefe is charged with conspiring with two employees to gain 
unauthorized access to the computers of government agencies, the 
military and private companies and to obtaining information from those 
computers for financial gain. The two employees of his company pleaded 
guilty in federal court last week and agreed to assist the 
prosecutors.

Bruce Schneier, chief technical officer of Counterpane Internet 
Security Inc., based in Cupertino in Northern California, said the 
ease with which military computers can be hacked into is not a secret.

"The military uses the technology that everybody else does," said 
Schneier, author of the book "Beyond Fear: Thinking Sensibly About 
Security in an Uncertain World." Schneier called O'Keefe's explanation 
"the classic defense" of the hacker: that he was hacking into 
computers only to show how easy it is.

"While it's a kind of a defense, it doesn't make a lot of sense," 
Schneier said. "Nobody asked these guys to do this." 

O'Keefe said he and his employees had stumbled across the easy entry 
into military computers while working for a private client. Among 
other things, the three allegedly downloaded encryption information 
used by the military to keep its computer transmissions from being 
intercepted by hostile forces.

Parmley noted that the ForensicTec case is different from other hacker 
cases because commonly the government has to investigate to find the 
identity and location of the hacker. In this case, O'Keefe made his 
exploits known through media interviews.

After being arrested, O'Keefe was taken to the Metropolitan 
Correctional Center to await arraignment today in U.S. District Court.

O'Keefe's two co-defendants, Aljosa Medvesek and Margaret Ann Lauffer, 
pleaded guilty to a single count each of unauthorized access to 
governmental and military computers. A single count carries a possible 
maximum sentence of five years; O'Keefe faces six counts.

Schneier noted that the San Diego case comes amid a crackdown on 
hackers by federal authorities.

"The federal government is not amused by these cases and they 
shouldn't be," Schneier said. "It's like coming home and finding that 
a burglar has left a note on your refrigerator. You feel violated." 


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.