Gary McKinnon, 36, of London was indicted in federal courts in Virginia and New Jersey on Tuesday on eight counts of computer-related crimes. They included break-ins over 12 months at 92 separate U.S. military and National Aeronautics and Space Administration networks across 14 states, including two at the Pentagon.
McKinnon also was accused of cracking the networks of six private companies and organizations.
McKinnon, known on the Internet as "SOLO," remains free although he was briefly held by British authorities, U.S. Attorney Paul McNulty said. He said the Justice Department will seek to extradite McKinnon, a rare move in international hacking cases.
Solicitor Karen Todner accused U.S. prosecutors of a "political" motivation in seeking extradition, saying in a statement that it was "proposed to make an example of Mr. McKinnon." Todner said British authorities have the opportunity to charge McKinnon and try him in England.
Her statement stopped short of professing McKinnon's innocence, although she added: "We also wish to emphasize on behalf of Mr. McKinnon that he has no terrorist links whatsoever."
McKinnon was charged in "the biggest hack of military computers ever, at least ever detected," McNulty said. He estimated the damage, including the cost to reinstall software on the affected computers, at $900,000.
Officials said they intend to prosecute McKinnon separately in Virginia and New Jersey. McKinnon faces up to 10 years in prison plus fines of $250,000 on each of eight counts, McNulty said.
Using automated software available on the Internet, McKinnon used his home computer to scan tens of thousands of computers on U.S. military networks, looking for ones that might suffer from flaws in Microsoft's Windows NT operating system software, McNulty said. Many of the computers he broke into were protected by easy-to-guess passwords, investigators said.
McKinnon downloaded sensitive, but not classified, information about subjects that included Navy shipbuilding and munitions, investigators said. But there was no evidence that he offered the information to foreign governments or terrorist organizations, McNulty said.
"I suppose he was hoping to gain access to classified information," McNulty said, acknowledging that authorities weren't certain of a motive for the break-ins.
U.S. officials sought to reassure the public that only about 100 of the military's networks were apparently vulnerable to break-ins out of tens of thousands that McKinnon allegedly probed.
"If this guy was scanning tens of thousand of military networks, that signals to me the military does a pretty good job of protecting its systems," said John Frazzini, a former supervisor for the U.S. Secret Service on its Electronic Crimes Task Force.
But some civilian experts expressed astonishment that this many U.S. military systems were so vulnerable to techniques derided by many hackers as simplistic.
"I don't see this as a big win for the government," said Marc Maiffret, co-founder of eEye Digital Security, which sells security software. Maiffret said measures the military should have taken to prevent such break-ins were a "lesson 101-type thing."
McKinnon also was accused of disrupting military networks in Washington and New Jersey. Prosecutors said he deleted important files, including 1,300 user accounts, and caused the failure of computers controlling the network for the military district in Washington. That resulted in the loss of e-mail and Internet access in March for 2,000 users for three days.
Authorities said a separate break-in, just after the Sept. 11 terror attacks, at the Earle Naval Weapons Station in Colts Neck, N.J., effectively shut down its network of about 300 computers for a week. That station replenishes munitions and supplies for the Atlantic fleet.
The military hacking took place over 12 months, starting in March 2001, and investigators said they detected the intrusions as early as June. But they did not issue warnings internally about these hacking methods until March 2002, when a Navy memo urgently instructed computer experts to search their systems for the specific hacker tools McKinnon allegedly used.
Copyright 2002. Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
