When most people think of hackers, they picture grizzled, bearded adults sitting in darkened rooms spotlit by the glow of multiple monitors. Or perhaps hardened foreign operatives covertly working for government agencies. If the movie “Wargames” has taught us anything, it’s that hacking takes all kinds.
In 1999, a 15-year-old north Floridian penetrated into Department of Defense and NASA computers, earning himself a spot in the hacker hall of fame. Jonathan James, who operated under the internet name “c0mrade,” was a trailblazer in several respects. Not only was he recognized for his high-profile hack at such a tender age; he also became the first juvenile hacker sentenced to serve prison time.
The majority of James’ hacking exploits occurred between late August and October of 1999, when he breached various systems including telecommunications giant Bellsouth and the Miami-Dade school system.
But what really put James on the map was his invasion of computers used by the Defense Threat Reduction Agency (DTRA), a division of the U.S. Department of Defense tasked with monitoring threats from nuclear, biological, chemical, conventional and special weapons. James later told the Justice Department he installed a backdoor into a computer server in Dulles, Virginia, through which he was able to intercept more than 3,300 email messages from DTRA employees and at least 19 user names and passwords.
“The government didn’t take too many measures for security on most of their computers,” James later told PBS’ “Frontline.” “They lack some serious computer security, and the hard part is learning it. I know Unix and C like the back of my hand, because I studied all these books, and I was on the computer for so long. But the hard part isn’t getting in. It’s learning to know what it is that you’re doing.”
James was able to enter 13 computers at the Marshall Space Flight Center in Huntsville, Alabama. While there, he stole data and downloaded $1.7 million in NASA proprietary software used to support the International Space Station’s physical environment, including control of the temperature and humidity within the living quarters.
After the illegal entry was discovered, NASA was forced to shut down their computers for three weeks to check and repair the system at an estimated cost of $41,000.
Agents from the Department of Defense and NASA, in conjunction with local authorities, raided James’ house on Jan. 26, 2000, and he was ultimately sentenced to seven months of house arrest and probation until he turned 18. But when James violated his probation by testing positive for drugs, he was taken into custody by the U.S Marshals Service and served six months at a federal correctional facility in Alabama.
“Breaking into someone else’s property, whether it is a robbery or a computer intrusion, is a serious crime,” said then-U.S. Attorney General Janet Reno at the time. “We take computer intrusion seriously and are working with our law enforcement partners to aggressively fight this problem.”
Because he was a juvenile defendant, James likely would have remained anonymous, but his father, Robert, a computer-systems analyst, released his son’s name (with a hint of pride) after he pleaded guilty.
“I’ve been in computers for 20 years, and I can’t do what he was doing,” Robert said in an interview with The Miami Herald. “He didn’t do anything destructive.”
Discussing his arrest with “Frontline,” James said he could have easily gotten away with his crimes if he had bothered to cover his tracks, but he took no measures to hide himself because he didn’t think he was doing anything wrong. He said he was just “playing around” and didn’t do anything to harm Department of Defense and NASA systems. As for lessons learned:
“I certainly learned that there’s a serious lack of computer security,” James told “Frontline.” “If there’s a will, there’s a way, and if a computer enthusiast such as myself was determined to get into anywhere, be it the Pentagon or Microsoft, it’s been demonstrated that it’s possible and they will do it. And there’s next to nothing they can do about it, because there’s people with skill out there, and they’ll get what they want.”
James’ story came to a sad end in 2008, when he committed suicide after being accused of conspiring with other hackers to steal massive amounts of personal and credit card information from department store chain TJX and other prominent retailers. While he believed he would be prosecuted for this crime, he denied any involvement.
“I honestly, honestly had nothing to do with TJX,” James wrote in his suicide note. “I have no faith in the ‘justice’ system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.”
Throwback Attack: Hackers steal 1 TB of data from beverage giant Brown-Forman