Industrial Cybersecurity Pulse
  • SUBSCRIBE
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
SUBSCRIBE
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
Industrial Cybersecurity Pulse
Subscribe
Industrial Cybersecurity Pulse
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Threats & Vulnerabilities

Throwback Attack: A Florida teen hacks the Department of Defense and NASA

  • Gary Cohen
  • April 8, 2021
Test 2 Alt Text
Courtesy: CFE Media and Technology
Total
32
Shares
0
32
0
0

When most people think of hackers, they picture grizzled, bearded adults sitting in darkened rooms spotlit by the glow of multiple monitors. Or perhaps hardened foreign operatives covertly working for government agencies. If the movie “Wargames” has taught us anything, it’s that hacking takes all kinds.

In 1999, a 15-year-old north Floridian penetrated into Department of Defense and NASA computers, earning himself a spot in the hacker hall of fame. Jonathan James, who operated under the internet name “c0mrade,” was a trailblazer in several respects. Not only was he recognized for his high-profile hack at such a tender age; he also became the first juvenile hacker sentenced to serve prison time.

The majority of James’ hacking exploits occurred between late August and October of 1999, when he breached various systems including telecommunications giant Bellsouth and the Miami-Dade school system.

But what really put James on the map was his invasion of computers used by the Defense Threat Reduction Agency (DTRA), a division of the U.S. Department of Defense tasked with monitoring threats from nuclear, biological, chemical, conventional and special weapons. James later told the Justice Department he installed a backdoor into a computer server in Dulles, Virginia, through which he was able to intercept more than 3,300 email messages from DTRA employees and at least 19 user names and passwords.

“The government didn’t take too many measures for security on most of their computers,” James later told PBS’ “Frontline.” “They lack some serious computer security, and the hard part is learning it. I know Unix and C like the back of my hand, because I studied all these books, and I was on the computer for so long. But the hard part isn’t getting in. It’s learning to know what it is that you’re doing.”

James was able to enter 13 computers at the Marshall Space Flight Center in Huntsville, Alabama. While there, he stole data and downloaded $1.7 million in NASA proprietary software used to support the International Space Station’s physical environment, including control of the temperature and humidity within the living quarters.

After the illegal entry was discovered, NASA was forced to shut down their computers for three weeks to check and repair the system at an estimated cost of $41,000.

Agents from the Department of Defense and NASA, in conjunction with local authorities, raided James’ house on Jan. 26, 2000, and he was ultimately sentenced to seven months of house arrest and probation until he turned 18. But when James violated his probation by testing positive for drugs, he was taken into custody by the U.S Marshals Service and served six months at a federal correctional facility in Alabama.

“Breaking into someone else’s property, whether it is a robbery or a computer intrusion, is a serious crime,” said then-U.S. Attorney General Janet Reno at the time. “We take computer intrusion seriously and are working with our law enforcement partners to aggressively fight this problem.”

Because he was a juvenile defendant, James likely would have remained anonymous, but his father, Robert, a computer-systems analyst, released his son’s name (with a hint of pride) after he pleaded guilty.

“I’ve been in computers for 20 years, and I can’t do what he was doing,” Robert said in an interview with The Miami Herald. “He didn’t do anything destructive.”

Discussing his arrest with “Frontline,” James said he could have easily gotten away with his crimes if he had bothered to cover his tracks, but he took no measures to hide himself because he didn’t think he was doing anything wrong. He said he was just “playing around” and didn’t do anything to harm Department of Defense and NASA systems. As for lessons learned:

“I certainly learned that there’s a serious lack of computer security,” James told “Frontline.” “If there’s a will, there’s a way, and if a computer enthusiast such as myself was determined to get into anywhere, be it the Pentagon or Microsoft, it’s been demonstrated that it’s possible and they will do it. And there’s next to nothing they can do about it, because there’s people with skill out there, and they’ll get what they want.”

James’ story came to a sad end in 2008, when he committed suicide after being accused of conspiring with other hackers to steal massive amounts of personal and credit card information from department store chain TJX and other prominent retailers. While he believed he would be prosecuted for this crime, he denied any involvement.

“I honestly, honestly had nothing to do with TJX,” James wrote in his suicide note. “I have no faith in the ‘justice’ system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.”

RELATED ARTICLES

Throwback Attack: Hackers steal 1 TB of data from beverage giant Brown-Forman
https://www.industrialcybersecuritypulse.com/throwback-attack-hackers-steal-1-tb-of-data-from-beverage-giant-brown-forman/

Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.

Gary Cohen

Gary Cohen is senior editor/product manager at CFE Media.

Related Topics
  • CFE Content
  • Featured
  • news
Previous Article
Smartphone apps may connect to vulnerable cloud servers
  • IIoT & Cloud

Smartphone apps may connect to vulnerable cloud servers

  • John Toon
  • April 8, 2021
Read More
Next Article
Bryan Bennett of ESD talks about the IT/OT divide.
  • IT/OT

Securing Facilities: Expert Interview Series, Bryan Bennett, ESD

  • Gary Cohen
  • April 8, 2021
Read More
You May Also Like
Read More

How a desert water utility helped protect critical infrastructure

A robot powered by OSARO’s machine learning system picks consumer goods. Courtesy: A3/OSARO
Read More

Industrial robot utilization requires cybersecurity strategy

Courtesy: Brett Sayles
Read More

Throwback attack: Russia launches its first cyberattack on the U.S. with Moonlight Maze

Read More

Throwback attack: Russia breaches Wolf Creek Nuclear Power facility

Courtesy: CFE Media and Technology
Read More

Lack of qualified cybersecurity personnel for critical infrastructure

Figure 1: PLCs, HMIs, and other Ethernet-capable automation devices used for modern automation systems can no longer rely on “cybersecurity by obscurity” and “air gaps.” They must progressively adopt advanced IT type security features. Courtesy: AutomationDirect
Read More

Cybersecurity-centered systems and fundamentals

Read More

Port and maritime cybersecurity vulnerabilities are getting more focus

Figure 1: For smaller organizations with limited network resources, it can be tempting to plug your machine directly into the business network. Courtesy: DMC
Read More

Securing your facility

SUBSCRIBE

GET ON THE BEAT

Keep your finger on the pulse of top industry news

SUBSCRIBE TODAY!
VULNERABILITY PULSE
  • Mitsubishi Electric - June 14, 2022
  • Meridian Cooperative - June 14, 2022
  • Johnson Controls - June 14, 2022
  • Microsoft - June 14, 2022
  • Citrix - June 14, 2022

RECENT NEWS

  • Protecting the power grid through cyber-physical threat response
  • How to secure Industry 4.0 in a highly connected world
  • Managing external connections to your operational technology (OT) environment
  • Webcast: Addressing Cybersecurity Challenges in Industry 4.0
  • How a desert water utility helped protect critical infrastructure

EDUCATION BEAT

Introduction to Cybersecurity within Cyber-Physical Systems

Cyber-physical systems serve as the foundation and the invention base of the modern society making them critical to both government and business.

REGISTER NOW!
HACKS & ATTACKS
  • Ron Brash Interview: Expert advice on finding the root of the ransomware problem
  • Throwback Attack: How the modest Bowman Avenue Dam became the target of Iranian hackers
  • Minimizing the REvil impact delivered via Kaseya servers
  • Key takeaways from 2020 ICS-CERT vulnerabilities
Industrial Cybersecurity Pulse

Copyright 2022 CFE Media and Technology.
All rights reserved.


BETA

Version 1.0

  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions

Input your search keywords and press Enter.

By using this website, you agree to our use of cookies. This may include personalization of content and ads, and traffic analytics. Review our Privacy Policy for more information. ACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT