A 19-year-old from Uppsala, Sweden, has been found guilty on seven counts of unauthorised access to Swedish university servers and research computers. He is also suspected by the US Federal Bureau of Investigation of breaking into servers at Cisco Systems and stealing classified source code.
The man, who was no older than 16 when the crimes were committed, was found guilty by the court of appeals on Monday. He will have to pay more than 200,000 Swedish Kronor, or about NZ$42,000, to three Swedish universities and to the national supercomputer centre in Linköping. The man, who had no previous record, was also given a suspended prison sentence.
In a separate investigation being carried out by the FBI, the same man is suspected of breaking into Cisco servers in May 2004 and stealing source code for networking equipment, which was later posted online. The FBI has made a formal request for the Swedish authorities to investigate the Cisco incident.
Prosecutor Chatrine Rudström said she welcomed the verdict. She is now deciding whether the charges requested by the FBI can be pressed against the "Uppsala hacker," as he has become known. "We are about to finish the investigation and will then make a decision," she told Computer Sweden.
The US has not submitted an extradition request, according to Rudström.
The 19-year-old said immediately after his conviction that he will take the verdict to the Supreme Court. He contends that the Court of Appeals did not fully understand the advanced technical evidence presented to them, and called the verdict ”a tragedy.”
"They have destroyed my life before I'm even a grown-up," he said.
The man was arrested after Swedish police raided his home in Uppsala, about an hour's drive north of Sweden, in 2004, seizing computers and other equipment. The raid was prompted by a wave of intrusions into the university computers, and the intrusions stopped after the raid, according to expert witnesses.
The man has subsequently admitted to creating some of the tools used in the crimes, but he claims that other people who had access to the tools and to his personal server were probably responsible.